[FD] libarchive - Out of bounds read using malformed cpio archive

== Background == libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. == Affected software == bsdtar == Version == All tests were performed using commit 296efb3db188fa4bf7b0e7b5c61d

[FD] Stored XSS in ebay messages

http://jaanuskp.blogspot.com/2015/04/stored-xss-in-ebay-messages-filenames.html There is vulnerability in ebay that allows XSS attacks to be sent over the messages. Ebay has not managed to fix it in more then a year! ___ Sent through the Full Disclosure

Re: [FD] WordPress 4.2 stored XSS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Curiously we had the same problem when we tried to communicate to Wordpress the vulnerability CVE-2014-9034 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034). We tried, repeatedly, to contact WP through HackerOne and email, but did not r

[FD] Wing FTP Server Admin 4.4.5 CSRF & XSS Vulnerabilties

Document Title: === Wing FTP Server Admin 4.4.5 - CSRF & Cross Site Scripting Vulnerabilities Release Date: = 2015-04-28 apparitionsec ID (AS-ID): AS-WFTP0328 Common Vulnerability Scoring System:

[FD] PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability

Document Title: === PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1474 Video: http://www.vulnerability-lab.com/get_content.php?id=1474 Vulnerability Magazine: http:

[FD] SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability

Document Title: === SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1359 Release Date: = 2015-04-23 Vulnerability Laboratory ID (VL-ID): ===