Re: [FD] Outlook XML Bomb? (Melchior Limacher)

Nice find. It's working in outlook 2013 and 2010. It's a textbook xml bomb, it is surprising Outlook isn't protected against that. Btw, if the preview pane is open in the default view, outlook cannot start anymore :P -Original Message- From: Fulldisclosure [mailto:fulldisclosure-boun...@se

[FD] VISA USA VULNERABILITY

    VISA USA OPEN REDIRECT VULNERABILITY ORIGINAL PAPER IN SPANISH BUT I CAN TRANSLATE IF U WANT   http://blog.0xlabs.com/2014/open-redirect-vulnerability-visa/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulld

[FD] Hilariously Bad SQRL Implementation

If any of you are familiar with Stephen Gibson's SQRL protocol for user authentication (really neat idea), you might have come across this PHP implementation before: https://github.com/geir54/php-sqrl Unfortunately, this library is actually pretty terrible. Not only does it pass all of the data of

[FD] CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents (pri