AVG and ESET have fixed their respective XSS vulnerabilities, and it is good !
Full disclosure - We believe in it !
Cheers!
Showing posts with label ESET. Show all posts
Showing posts with label ESET. Show all posts
Friday, March 27, 2009
Wednesday, March 11, 2009
Advisory updates: Q1 2009 and a few more ...
Advisory updates, First Quarter, 2009, and a few from 2008.
DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...
The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.
HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)
The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...
Cheers :)
Kish
DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...
The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.
HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)
The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...
Cheers :)
Kish
Wednesday, March 4, 2009
XSS in ESET website
#########################################
# Website: http://www.eset.com
# Bug: XSS
# Date: 04.03.09
########################################
Vulnerable URL: hxxp://kb.eset.com
Click here for the demo
Fix input validation in the page, antivirus vendors are supposed to be careful, atleast, I thought so !
This is a special advisory, Dedicated to Digi (Crimemachine,Founder), my very good friend, and fellow hacker, who is an ardent supporter of ESET products, the antivirus especially, for the heur et al.
Cheers :)
Kish
# Website: http://www.eset.com
# Bug: XSS
# Date: 04.03.09
########################################
Vulnerable URL: hxxp://kb.eset.com
Click here for the demo
Fix input validation in the page, antivirus vendors are supposed to be careful, atleast, I thought so !
This is a special advisory, Dedicated to Digi (Crimemachine,Founder), my very good friend, and fellow hacker, who is an ardent supporter of ESET products, the antivirus especially, for the heur et al.
Cheers :)
Kish
Subscribe to:
Posts (Atom)