[FD] Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability

Document Title: === Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1050 PayPal Security UID: Pq115cey Release Date: = 20

[FD] PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability

Document Title: === PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1278 PayPal Inc Security UID: cDc49dT Release Date: = 2014-06-04 Vulnerability Laborator

[FD] Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability

Document Title: === Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1132 Release Date: = 2014-07-06 Vulnerability Laboratory ID (VL-ID): ==

[FD] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability

Document Title: === Photo Org WonderApplications v8.3 iOS - File Include Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1277 Release Date: = 2014-07-04 Vulnerability Laboratory ID (VL-ID): ===

[FD] Resubmission of exploits

resubmit to exploit-db, or should i send it to m1lw0rm, hack.co.za? Sun/Oracle GlassFish Server Authenticated Code Execution - metasploit port / Standalone exploit Horde Framework Unserialize PHP Code Execution - metasploit port / standalone exploit horde.pl Description: Binary data exploit.pl

Re: [FD] Iron Mountain doesn't take physical security seriously

Just this week at $CLIENT, we were considering making use of Iron Mountain. I hadn't really thought about it, as others were to do the leg-work. But thank goodness, for this email thread. I can't think of a better validation of the benefits of full disclosure than this. Todd On Sat, Jul 5, 20

Re: [FD] new pen-test tool!

This looks like a valuable tool. But I would suggest to rethink some of the question of trust metrics, most importantly the first one. Size of the vendor have nothing to do with the level of trust you should have in it. If you have ever worked in a shop which is not at the bottom of the food chain

Re: [FD] new pen-test tool!

Nice idea. Has there been any test to see if the scores are actually meaningful? Perhaps, running this question test on an org and then doing a normal pentest to see if there is some correlation between (at least) the severity of the results? On Thu, Jul 3, 2014, at 04:44 AM, Pete Herzog wrote: >

Re: [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796)

Did you find the vuln first and then see the older CVEs or the other way around, bringing the CVEs back to life? On Thu, Jul 3, 2014, at 03:49 AM, Michail Strokin wrote: > Feed2JS is a tool for user-friendly(developer-wise) embedding the RSS > feeds on the pages without messing with XML. > > P.P.

[FD] iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries

Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libraries (as part of AppleApplicationSupport.msi): * libeay32.dll and ssleay32.dll 0.9.8d are more than SEVEN years old and have at least 27 unfixed CVEs! the current versi