Document Title:
===
BlinkSale Bug Bounty #1 - Encode Validation Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1416
Release Date:
=
2015-02-06
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Facebook Bug Bounty #23 - Session ID CSRF Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1432
Facebook Security ID: 10202805822321483
Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ
Vulnerability
Document Title:
===
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability
References (Source):
http://vulnerability-lab.com/get_content.php?id=1355
Release Date:
=
2015-02-09
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll)
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1427
Release Date:
=
2015-01-29
Vulnerability Laboratory ID (VL-ID):
I love Suspicious URL.
It reminds me the microsoft KB article speaking of Malicious Hyperlink
The most effective step that you can take to help protect yourself from
malicious hyperlinks is not to click them.
in http://support.microsoft.com/kb/833786/en-us
--
Christoph Gruber
Am 09.02.2015
#Vulnerability title: Radexscript CMS 2.2.0 - SQL Injection vulnerability
#Vendor: http://redaxscript.com/
#Product: Radexscript CMS
#Software link: http://redaxscript.com/download/releases
#Affected version: Redaxscript 2.2.0
#Fixed version: Redaxscript 2.3.0
#CVE ID: CVE-2015-1518
#Author: Pham
MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC
#!/usr/bin/env python
##
# Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC
# Date Discovered: 09-02-2015
# Exploit Author: Samandeep Singh
Security Risk:
==
The security risk of the security vulnerability in the facebook framework
is estimated as critical. (CVSS 9.1)
Care to run that calculation by us?
On Wed, Feb 11, 2015 at 9:53 AM, Vulnerability Lab
resea...@vulnerability-lab.com wrote:
Document Title:
Ticket opened: 2014-06-25
Affected Versions: ALL
Problem: No CSPRNG
Patch available, collecting dust because of negligent (and questionably
competent) WP maintainers
On June 25, 2014 I opened a ticked on WordPress's issue tracker to expose a
cryptographically secure pseudorandom number generator,
Hi Joey,
In my research I found out that the 'x-frame-options' solution doesn't
protect against session hijacking via session cookie theft. It is very
important that you also need to add 'HttpOnly' flags on all cookies.
I've published an overview of my research, additional mitigations and
Hi @ll,
yesterday Microsoft published the security advisory 3004375
https://technet.microsoft.com/en-us/library/security/3004375
announcing an update which enables Windows 7 and newer to log
the command lines used to start processes to the event log.
If you want to have this functionality on
11 matches
Mail list logo