On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote:
The thread read Google vulnerabilities with PoC. From my understanding
it was a RFI vulnerability on YouTube, and I voiced my support that this
is a vulnerability.
I also explained a JSON Hijacking case as a follow up, and you
/?l=full-disclosurem=139076233105401w=2
2014-03-17 10:24 GMT+01:00 Pedro Ribeiro ped...@gmail.com:
On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote:
The thread read Google vulnerabilities with PoC. From my understanding
it
was a RFI vulnerability on YouTube, and I voiced
On 13 Mar 2014 14:30, Nicholas Lemonias. lem.niko...@googlemail.com
wrote:
I suggest you to read on Content Delivery Network Architectures .
YouTube.com populates and distributes stored files to multiple servers
through a CDN (Content Delivery Architecture), where each video uses more
than
Keep in mind that YouTube allows files to be uploaded by definition. What
you have achieved is upload a file for an extension type that is not
allowed.
It is definitely a vulnerability but a low risk one since you haven't
demonstrated if it has any ill effects.
Can you somehow find the URL to
out there that have a decent attitude towards
security. Steer well clear of this one.
Regards
Pedro Ribeiro
Agile Information Security
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Hi
Egroupware = 1.8.005 contains a PHP object insertion vulnerability
via unsafe use of the unserialize() function.
There are lots of classes with magic methods which appear to be
exploitable, some of them possibly for remote code execution. The
advisory linked below contains an example of an
for being so responsive.
The full report can be found at my repo in
https://github.com/pedrib/PoC/blob/master/contao-3.2.4.txt
Regards,
Pedro Ribeiro
Agile Information Security
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
.
The full report can be seen at my repo
https://github.com/pedrib/PoC/blob/master/impresscms-1.3.5.txt
Thanks in advance, and thanks to the ImpressCMS team for being so responsive.
Regards,
Pedro Ribeiro
Agile Information Security
___
Full-Disclosure - We
be obtain from my repository at
https://github.com/pedrib/PoC in the folder mw6.
Regards,
Pedro Ribeiro
Director of Research
Agile Information Security
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
/pedrib/PoC/lorexActivex/lorex-testcase.html
Regards,
Pedro Ribeiro (ped...@gmail.com)
Agile Information Security
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
Can't seem to get github links to work, just go to the PoC repo and
navigate from there if you are interested in seeing the files.
On 9 Jan 2014 16:55, Pedro Ribeiro ped...@gmail.com wrote:
Hi,
I have discovered a buffer overflow vulnerability that allows remote code
execution in an ActiveX
11 matches
Mail list logo