[FD] BlinkSale Bug Bounty #1 - Encode Validation Vulnerability

Document Title: === BlinkSale Bug Bounty #1 - Encode Validation Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1416 Release Date: = 2015-02-06 Vulnerability Laboratory ID (VL-ID):

[FD] Facebook Bug Bounty #23 - Session ID CSRF Vulnerability

Document Title: === Facebook Bug Bounty #23 - Session ID CSRF Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1432 Facebook Security ID: 10202805822321483 Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ Vulnerability

[FD] Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability

Document Title: === Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References (Source): http://vulnerability-lab.com/get_content.php?id=1355 Release Date: = 2015-02-09 Vulnerability Laboratory ID (VL-ID):

[FD] T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll)

Document Title: === T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) References (Source): http://www.vulnerability-lab.com/get_content.php?id=1427 Release Date: = 2015-01-29 Vulnerability Laboratory ID (VL-ID):

Re: [FD] Suspicious URL:Re: Major Internet Explorer Vulnerability - NOT Patched

I love Suspicious URL. It reminds me the microsoft KB article speaking of Malicious Hyperlink The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. in http://support.microsoft.com/kb/833786/en-us -- Christoph Gruber Am 09.02.2015

[FD] Radexscript CMS 2.2.0 - SQL Injection vulnerability

#Vulnerability title: Radexscript CMS 2.2.0 - SQL Injection vulnerability #Vendor: http://redaxscript.com/ #Product: Radexscript CMS #Software link: http://redaxscript.com/download/releases #Affected version: Redaxscript 2.2.0 #Fixed version: Redaxscript 2.3.0 #CVE ID: CVE-2015-1518 #Author: Pham

[FD] MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC

MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC #!/usr/bin/env python ## # Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC # Date Discovered: 09-02-2015 # Exploit Author: Samandeep Singh

Re: [FD] Facebook Bug Bounty #23 - Session ID CSRF Vulnerability

Security Risk: == The security risk of the security vulnerability in the facebook framework is estimated as critical. (CVSS 9.1) Care to run that calculation by us? On Wed, Feb 11, 2015 at 9:53 AM, Vulnerability Lab resea...@vulnerability-lab.com wrote: Document Title:

[FD] CVE-2014-6412 - WordPress (all versions) lacks CSPRNG

Ticket opened: 2014-06-25 Affected Versions: ALL Problem: No CSPRNG Patch available, collecting dust because of negligent (and questionably competent) WP maintainers On June 25, 2014 I opened a ticked on WordPress's issue tracker to expose a cryptographically secure pseudorandom number generator,

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched

Hi Joey, In my research I found out that the 'x-frame-options' solution doesn't protect against session hijacking via session cookie theft. It is very important that you also need to add 'HttpOnly' flags on all cookies. I've published an overview of my research, additional mitigations and

[FD] [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)

Hi @ll, yesterday Microsoft published the security advisory 3004375 https://technet.microsoft.com/en-us/library/security/3004375 announcing an update which enables Windows 7 and newer to log the command lines used to start processes to the event log. If you want to have this functionality on