Artikel mit Tag security

Verwandte Tags

May 26: SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability

Advisory:
reg.ebay.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2014-004
Author:
Stefan Schurtz
Affected Software:
Successfully tested on reg.ebay.com
Vendor URL:
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
The website reg.ebay.com is prone to a cross-site Scripting vulnerability
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , ,
Zuletzt bearbeitet am 26.05.2014 23:54

May 24: SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect

Advisory:
ocsnext.ebay.com – Open Redirect
Advisory ID:
SSCHADV2014-005
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ocsnext.ebay.com
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website "ocsnext.ebay.com" is prone to open redirect with a special provided url
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , ,
Zuletzt bearbeitet am 24.05.2014 10:59

Mar 8: Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities

In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)
 
Screenshots:
 
XSS on ‘celebrity.yahoo.com
XSS on ‘movies.yahoo.com
XSS on ‘music.yahoo.com’
 
Here is the advisory:
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 08.03.2014 11:29

Mar 8: Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com

In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback,  so I wrote a message to them via email this time and so on … blah blah :)
 
To cut a long story short, for all my reports the communication with Yahoo was really bad and of course: No bounty! 
 
 
It seems this XSS is fixed, so here is my advisory:
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 08.03.2014 11:31

Feb 18: My experiences with the GiftCards.com Bug Bounty Program

Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
 
But, what I really don’t understand: Why do they still work until today?
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 18.02.2014 07:05

Feb 6: SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Advisory:
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:
SSCHADV2014-003
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.7.5
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
 
 
lesen Sie mehr
Geschrieben von Stefan Schurtz in Security Advisories Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: , , , , ,
Zuletzt bearbeitet am 06.02.2014 19:59
« vorherige Seite   (Seite 1 von 20, insgesamt 115 Einträge)   nächste Seite »