[FD] SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/

Re: [FD] Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied

All - it is probably bad form to respond to my own post, but I've seen some folk dismiss this out of hand on social media so I wanted to provide two VERY QUICK proof of concept examples. These were just put together in 10 minutes. http://owned.lab6.com/~gossi/research/public/packager/ There's

[FD] ipTIME n104r3 vulnerable to CSRF and XSS attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ## Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:

Re: [FD] Google Chrome Address Spoofing (Request For Comment)

Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69) with Safari. DW Sent from my iPad On Jul 2, 2015, at 9:33 AM, Mustafa Al-Bassam m...@musalbas.com wrote: That's pretty neat. Played around with this and made a few discoveries. 1. It shows a valid certificate

Re: [FD] [oss-security] Re: Google Chrome Address Spoofing (Request For Comment)

I played around with the code to see if can change it to avoid using the fork bomb. Here's what I came up with https://gist.github.com/ptantiku/d37c364cd13bb31a1ee6 It seems to need at least 500 threads to update the URL at 5ms for this to work (tested on Chrome x64 43.0.2357.130, Linux, locally).

[FD] Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Vendor -- https://www.snorby.org/ Version --- 2.6.2 Description --- During my research and testing of