IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.
>From my tests IE11 is not following CORS specifications for local
files as supposed to be.
In order to prove I've created a malici
Hi Fernando,
Do you have a timeline for this issue?
Additionally do you have any contact details for the w3tc team you could
share? All my attempts to contact them have fallen short.
On 21/09/16 13:56, Fernando A. Lagos Berardi wrote:
> [+] Description: Cross-Site Scripting vulnerability was fo
Thanks for your explanation. It is a very good discovery to be sure.
Yet I still think that a 'remote root' is something different - Google
gives me this for example:
https://tools.cisco.com/security/center/viewAlert.x?alertId=4061 which
is a way to directly become root from the internet throu
I think the term is 'remote privilege escalation' (as opposed to local
privilege escalation). As a headline I'd suggest 'remote privilege
escalation from any mysql user to root'.
Mark
On 23-09-16 19:20, Dawid Golunski wrote:
Hi Mark,
Thanks for that. I guess it depends which RCE definition
[+]
|
| Title: Adobe Flash local-with-filesystem sandbox bypass via
navigateToURL() and UI redressing
| Author:Leone Pontorieri
|
|https://www.truel.it
| Pr
Hi,
There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.
Here is the vulnerability details:
--
Skype installer in Windows is open to DLL hijacking.
Skype looks for a specific DLL by dynamically going through a set of
predef
Hi Simon,
I have found this vulnerability 1 year ago (july 2015). I've tried to
contact them many times but no answers.
cheers,
Fernando
2016-09-22 5:28 GMT-03:00 Simon Rawet :
> Hi Fernando,
>
> Do you have a timeline for this issue?
>
> Additionally do you have any contact details for the w
After a long sprint we are proud to present Faraday v2.1:
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the im
Vulnerability Note VU#667480
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/667480
Overview:
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
Hi Mark,
Thanks for the feedback.
I'll answer your questions and throw in a few other comments on here
using the occasion that will
hopefully clarify some of the other misconceptions I've seen around or
be otherwise useful to someone.
As for SUPER priv requirement.
The short answer is: yes, you a
**
*** 0x7E0 hack4@berlin ***
**
-> Preamble:
Dear audience,
the 3rd row of hack4 the two days security conference in berlin
asks yours kindly to send in papers and workshops for the crowd.
-> Where is the con?
As every yea
`. R E C O N * B R U S S E L S .
. .C F P ' .
' https://recon.cx
. 27 - 29 January 2017 ..
. 'Brussels, Belgium .
12 matches
Mail list logo
