lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Feb 23 05:25:39 2006
From: nodialtone at comcast.net (nodialtone)
Subject: Reported Google Vuln

Google funzies.

[Snip]

I. DESCRIPTION

Google Reader (http://www.google.com/reader/) helps organise the
contents of those rss or atom feeds for which the user is interested in
or subscribed to. The user instead of continuously checking his/her
favorite sites or discussion groups for updates, (s)he can let Google
Reader do it for them.

>From news sites to your friends' blogs, Google Reader helps stay
up-to-date with all the online information that matters most to the
user.


II. VULNERABILITY DETAILS

Google reader is supposed to display only those contents which the user
has subscribed to however two vulnerabilities has been identified which
may allow an attacker to entice it's victim (using google reader
service) to view unwanted web contents carrying malicious payloads.

[snip]

Reference:

http://seclists.org/lists/fulldisclosure/2006/Feb/0553.html

-- 
-nodialtone

http://www.iatechconsultng.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ