[FD] [CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

b.com/Schine/MW-OAuth2Client/commit/7188d6c8d359d41c6974c19b2c0907653bab8f6e [5]: https://github.com/Schine/MW-OAuth2Client/commit/6a4fe4500ddd72ad4e826d9d63b2d69512bd10d1 [6]: https://github.com/Schine/MW-OAuth2Client/releases/tag/v0.4 -- Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745

[FD] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper

Good morning everyone, A security bulletin for all of you. Software: Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: -- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --- 4.2.0 - 4.3.2 5.0.0.rc1 Fixed Versions

Re: [FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

On Wed, Feb 21, 2018 at 5:17 PM Justin Bull wrote: > > Solution: > - > Upgrade to Doorkeeper v4.2.6 or later > > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work

[FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

/doorkeeper/pull/970 [2]: https://blog.justinbull.ca/cve-2018-188-stored-xss-in-doorkeeper/ -- Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C ___ Sent through the Full Disclosure mailing list http

[FD] [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

Good evening everyone, A security bulletin for all of you. Software: Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: -- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --- 1.2.0 - 4.1.0 (all versions but latest

Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point

soon). Any C/C+ coders out there willing to give a hand? This is > for OS X and Linux only. > > Cheers! > > pr3d > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web A

Re: [FD] TrueCrypt?

eople to spend 24x7 auditing it? I wouldn't > trust the big corporations again because of their influence and possible > ties to the g-men and/or willingness to roll-over when the legal paperwork > starts to fly. > > OCAP plans to extend their work to OpenSSL and

Re: [FD] TrueCrypt?

- > From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On > Behalf Of Justin Bull > Sent: Thursday, May 29, 2014 17:18 > To: secuip > Cc: fulldisclosure@seclists.org > Subject: Re: [FD] TrueCrypt? > > But why go out in that style? Why not be frank? Why be so careless as to &g

Re: [FD] TrueCrypt?

But why go out in that style? Why not be frank? Why be so careless as to recommend BitLocker? The diff was meticulous but the website and comms were not. It doesn't add up. Sent from mobile. On May 29, 2014 5:13 PM, "secuip" wrote: > http://krebsonsecurity.com/2014/05/true-goodbye-using- > true

[FD] OAuth 2.0 and OpenID vulnerable to Covert Redirect

aw-in-oauth-and-openid-discovered/ Happy Friday. - -- Best Regards, Justin Bull E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJTY8IfAAoJEESFZfv8+htYfOcP/27D+Sy1kQOF+Id6I/P1F2qA 228myh0yvnvKa+VfHnLtCaoFsxvc9Jp1418P7A/Rly32dCgyVsqEnLBoLSRD2Zgj mAwNyAfM

[FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)

, Justin Bull E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

Re: [FD] heartbleed OpenSSL bug CVE-2014-0160

4kB of memory to a connected client or server. > > 1.0.1[ abcdef] affected. > > > P.S. Happy Monday! > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS