• Home
  • References
  • Wiki
  • About me
  • Imprint

Feb 6: SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Advisory:
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:
SSCHADV2014-003
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.7.5
Vendor URL:
http://www.s9y.org/
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, cross site scripting, security, sicherheit, sql injection, xss
Zuletzt bearbeitet am 06.02.2014 19:59

Jan 25: [Video] - ssl.bing.com - Cross-site Scripting vulnerability

Short video about my advisory SSCHADV2013-012 – ssl.bing.com – Cross-site Scripting vulnerability
 

 

Geschrieben von Stefan Schurtz in IT-Security Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 25.01.2014 13:08

Jan 25: SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability

Advisory:
ssl.bing.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-012
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ssl.bing.com
Vendor URL:
http://microsoft.com
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
 

lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackback: (1)
Tags für diesen Artikel: cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 25.01.2014 13:24

Jan 17: MARKPLAATS.nl Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
 
And here it is … my ‘ebay classifieds whitehat’ :-)
 
 
 
 
 
Really nice, isnt’t it :-) ?
 
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
 
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: bug bounty, markplaats.nl, security, sicherheit
Zuletzt bearbeitet am 10.02.2014 12:07

Jan 11: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues,  so I wrote a new message to them (this time via email).
 
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
 
So here is my advisory for this issue:
 
 
lesen Sie mehr
Geschrieben von in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, bug bounty, open redirection, security, sicherheit
Zuletzt bearbeitet am 25.01.2014 12:29

Jan 8: SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL:
http://wordpress.org/plugins/wp-members/
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, cross site scripting, saarland, security, sicherheit, xss
Zuletzt bearbeitet am 16.01.2014 01:33
« vorherige Seite   (Seite 2 von 26, insgesamt 152 Einträge)   nächste Seite »

Kalender

Zurück February '19
Mo Tu We Th Fr Sa Su
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28      

Suche

Categories

  • XML Allgemein
  • XML Bug Bounty
  • XML Cisco
  • XML Coding
  • XML Fachartikel
  • XML Forensics
  • XML Hacking Challenge
  • XML IT-Security
  • XML Kryptographie
  • XML Network Monitoring
  • XML OpenBSD
  • XML Reverse Engineering
  • XML Security Advisories
  • XML Steganographie


Alle Kategorien

taggs

xml ACL xml advisory xml apple.com xml artikel xml backdoor xml buffer overflow xml bug bounty xml bypass xml challenges xml cheat sheet xml check point xml Cisco xml coding xml cross site request forgery xml cross site scripting xml dcfldd xml directory traversal xml diskinternals xml dos xml forensics xml full path disclosure xml heise xml html5 xml http xml HTTPS xml infoserve xml IPv6 xml lfi xml linux reader xml markplaats.nl xml metasploit xml nagios xml nessus xml omniture xml OpenBSD xml open redirection xml OpenSSH xml owasp xml reverse engineering xml RIPv2 xml saar xml saarland xml security xml Sicherheit xml SNMP xml sql injection xml steganographie xml store.apple.com xml sven xml xss

Exploit-DB updates by Offensive Security

[remote] Belkin Wemo UPnP - Remote Code Execution (Metasploit)

Wednesday, February 20. 2019
[dos] MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

Wednesday, February 20. 2019
[dos] Android Kernel < 4.8 - ptrace seccomp Filter Bypass

Wednesday, February 20. 2019
[dos] FaceTime - Texture Processing Memory Corruption

Wednesday, February 20. 2019
[dos] WinRAR 5.61 - '.lng' Denial of Service

Wednesday, February 20. 2019

OpenBSD Journal

Faster vlan(4) forwarding? - blog post by mpi@

Tuesday, February 19. 2019
openrsync imported into the tree

Monday, February 11. 2019
Florian Obser on unwind(8)

Monday, January 28. 2019
Security Vulnerability Mitigations

Saturday, January 26. 2019
Support for 2TB of memory added

Monday, January 21. 2019
join-ing any open wifi network is now possible

Sunday, January 20. 2019
vmm(4) for i386 deleted from -current

Sunday, January 20. 2019
OpenBSD on the Acer Aspire One, At Ten

Sunday, January 20. 2019
New console font Spleen made default

Thursday, January 10. 2019

Archives

  • February 2019
  • January 2019
  • December 2018
  • Das Neueste ...
  • Älteres ...

Verwaltung des Blogs

Login

Syndicate This Blog

  • XML RSS 0.91 feed
  • XML RSS 1.0 feed
  • XML RSS 2.0 feed
  • ATOM/XML ATOM 1.0 feed
  • XML RSS 2.0 Kommentare
 

Layout by Andreas Viklund | Serendipity template by Carl