Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Full Disclosure of Security Vulnerabilities

from [jfvanmeter] Network Security [Permanent Link]
Subject: Full Disclosure of Security Vulnerabilities
Date: Wed, 31 Oct 2007 17:00:22 +0000 

 Hello Everyone, I would llike to get your thoughts on Full Disclosure of 
Security Vulnerabilities . About 3 weeks ago during a per-test of a software 
suite for a client of myine, I found a directory traversal in a software suite 
that my client has installed on thousands of workstation. 

I send screen shots and a packet capture to the vendor and they were able to to 
recreate the exploit.

my cleint doesn't want to go public with it because of the thousands of 
workstations and servers that its installed on. I also don't believe the vendor 
will go public with it, what would you all do? 

Best Regards --John

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Full Disclosure of Security Vulnerabilities, jfvanmeter <=
Previous by Date:  Re: Re: Pentesting Webserver, cwright
Previous by Thread:  Medusa 1.4 Release, jmk
Indexes:  [Date] [Thread] [Top] [All Lists]