Artikel mit Tag security

  • Home
  • References
  • Wiki
  • About me
  • Imprint

Artikel mit Tag security

Verwandte Tags

abra artikel check point adobe advisory omniture open redirection sicherheit apple.com buffer overflow bug bounty cheat sheet cross site request forgery cross site scripting denial of service directory traversal dos heise html5 icinga infoserve lfi metasploit nagios nessus saarland sql injection store.apple.com xss HTTPS Intrusion Prevention owasp backdoor openbsd openssh markplaats.nl bypass Cisco ACL OpenBSD OpenSSH RIPv2 Sicherheit SNMP full path disclosure coding http IPv6 polipo proxy saar sven challenges reverse engineering steganographie

May 26: SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability

Advisory:
reg.ebay.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2014-004
Author:
Stefan Schurtz
Affected Software:
Successfully tested on reg.ebay.com
Vendor URL:
http://www.ebay.com/
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
The website reg.ebay.com is prone to a cross-site Scripting vulnerability
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 26.05.2014 23:54

May 24: SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect

Advisory:
ocsnext.ebay.com – Open Redirect
Advisory ID:
SSCHADV2014-005
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ocsnext.ebay.com
Vendor URL:
http://www.ebay.com/
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website "ocsnext.ebay.com" is prone to open redirect with a special provided url
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, open redirection, security, sicherheit
Zuletzt bearbeitet am 24.05.2014 10:59

Mar 8: Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities

In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)
 
Screenshots:
 
XSS on ‘celebrity.yahoo.com‘
XSS on ‘movies.yahoo.com‘
XSS on ‘music.yahoo.com’
 
Here is the advisory:
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, bug bounty, cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 08.03.2014 11:29

Mar 8: Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com

In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback,  so I wrote a message to them via email this time and so on … blah blah :)
 
To cut a long story short, for all my reports the communication with Yahoo was really bad and of course: No bounty! 
 
 
It seems this XSS is fixed, so here is my advisory:
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, bug bounty, cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 08.03.2014 11:31

Feb 18: My experiences with the GiftCards.com Bug Bounty Program

Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
 
But, what I really don’t understand: Why do they still work until today?
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, bug bounty, cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 18.02.2014 07:05

Feb 6: SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Advisory:
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:
SSCHADV2014-003
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.7.5
Vendor URL:
http://www.s9y.org/
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, cross site scripting, security, sicherheit, sql injection, xss
Zuletzt bearbeitet am 06.02.2014 19:59
« vorherige Seite   (Seite 1 von 20, insgesamt 115 Einträge)   nächste Seite »

Kalender

Zurück February '19
Mo Tu We Th Fr Sa Su
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28      

Suche

Categories

  • XML Allgemein
  • XML Bug Bounty
  • XML Cisco
  • XML Coding
  • XML Fachartikel
  • XML Forensics
  • XML Hacking Challenge
  • XML IT-Security
  • XML Kryptographie
  • XML Network Monitoring
  • XML OpenBSD
  • XML Reverse Engineering
  • XML Security Advisories
  • XML Steganographie


Alle Kategorien

taggs

xml ACL xml advisory xml apple.com xml artikel xml backdoor xml buffer overflow xml bug bounty xml bypass xml challenges xml cheat sheet xml check point xml Cisco xml coding xml cross site request forgery xml cross site scripting xml dcfldd xml dd xml denial of service xml diskinternals xml forensics xml full path disclosure xml heise xml html5 xml http xml HTTPS xml icinga xml infoserve xml Intrusion Prevention xml IPv6 xml lfi xml metasploit xml nagios xml nessus xml omniture xml OpenBSD xml open redirection xml OpenSSH xml owasp xml polipo xml reverse engineering xml RIPv2 xml saar xml saarland xml security xml Sicherheit xml sql injection xml steganographie xml store.apple.com xml sven xml xss

Exploit-DB updates by Offensive Security

[remote] Belkin Wemo UPnP - Remote Code Execution (Metasploit)

Wednesday, February 20. 2019
[dos] MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

Wednesday, February 20. 2019
[dos] Android Kernel < 4.8 - ptrace seccomp Filter Bypass

Wednesday, February 20. 2019
[dos] FaceTime - Texture Processing Memory Corruption

Wednesday, February 20. 2019
[dos] WinRAR 5.61 - '.lng' Denial of Service

Wednesday, February 20. 2019

OpenBSD Journal

Faster vlan(4) forwarding? - blog post by mpi@

Tuesday, February 19. 2019
openrsync imported into the tree

Monday, February 11. 2019
Florian Obser on unwind(8)

Monday, January 28. 2019
Security Vulnerability Mitigations

Saturday, January 26. 2019
Support for 2TB of memory added

Monday, January 21. 2019
join-ing any open wifi network is now possible

Sunday, January 20. 2019
vmm(4) for i386 deleted from -current

Sunday, January 20. 2019
OpenBSD on the Acer Aspire One, At Ten

Sunday, January 20. 2019
New console font Spleen made default

Thursday, January 10. 2019

Archives

  • February 2019
  • January 2019
  • December 2018
  • Das Neueste ...
  • Älteres ...

Verwaltung des Blogs

Login

Syndicate This Blog

  • XML RSS 0.91 feed
  • XML RSS 1.0 feed
  • XML RSS 2.0 feed
  • ATOM/XML ATOM 1.0 feed
  • XML RSS 2.0 Kommentare
 

Layout by Andreas Viklund | Serendipity template by Carl