Thank you Brandon Perry for finding this vulnerability.
We would like to make a correction to the disclosure - this issue
affects only the Mule Enterprise Management Console (MMC) used by some
customer administrators to manage Mule ESB runtimes, and not the Mule
ESB runtime itself. MMC is
Hi @ll,
the just released iTunes 12.0.1 for Windows still (cf.
http://seclists.org/fulldisclosure/2014/Jul/30) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):
* libeay32.dll and ssleay32.dll 0.9.8d
are more than SEVEN years old
--
NoSuchCon 2014 - the bullshit-free conference
November 19-21 2014
Espace Niemeyer, Paris (France)
www.nosuchcon.org
Schedule: http://www.nosuchcon.org/#schedule
Registration: http://www.nosuchcon.org/#registration
NoSuchCon 2014
Hello, I found a xss stored vulnerability in Yourls 1.7 script (latest
version).
The attacker can steal the admin's cookies and login in the admin panel.
Note: Only the admin can see this.
Steps to perform the vulnerability:
1. Create a new url to shorten -- In the inputs you need write this