Feb 6: SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Advisory:
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:
SSCHADV2014-003
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.7.5
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 06.02.2014 19:59

Jan 25: [Video] - ssl.bing.com - Cross-site Scripting vulnerability

 

 

Geschrieben von Stefan Schurtz in IT-Security Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , ,
Zuletzt bearbeitet am 25.01.2014 13:08

Jan 25: SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability

Advisory:
ssl.bing.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-012
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ssl.bing.com
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
 

lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackback: (1)
Tags für diesen Artikel: , , ,
Zuletzt bearbeitet am 25.01.2014 13:24

Jan 17: MARKPLAATS.nl Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
 
And here it is … my ‘ebay classifieds whitehat’ :-)
 
 
 
 
 
Really nice, isnt’t it :-) ?
 
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
 
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , ,
Zuletzt bearbeitet am 10.02.2014 12:07

Jan 11: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues,  so I wrote a new message to them (this time via email).
 
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
 
So here is my advisory for this issue:
 
 
lesen Sie mehr
Geschrieben von in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , ,
Zuletzt bearbeitet am 25.01.2014 12:29

Jan 8: SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 16.01.2014 01:33
« vorherige Seite   (Seite 2 von 26, insgesamt 152 Einträge)   nächste Seite »