[FD] Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability

Document Title: === Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1280 Video: http://www.vulnerability-lab.com/get_content.php?id=1281 Vulnerability Magazine: http://vul

[FD] XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side

XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001: XSS Reflected JQuery 1.4.2 LEVEL: MEDIUM In our tests authorized by the customer, we can

[FD] Wordpress Plugin Vulnerability Dump - Part 1

Multiple vulnerabilities in multiple plugins: Easy Media Gallery v1.2.59 - CSRF (leading to XSS) WP RSS Multi Importer v3.11 - CSRF Ready! Ecommerce v0.5.0 - CSRF, XSS Ready! Google Maps v1.1.5 - CSRF (leading to XSS) Ready! Coming Soon v0.5.0 - CSRF, XSS Contact Form v3.82 - (minor) CSRF WP Photo

[FD] Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames

Hi @ll, Microsoft Office 2010 registers the following command lines with unquoted pathnames containing spaces for various supported file types: | C:\> FType | FIND.EXE "=%ProgramFiles%\Microsoft " | | access=C:\Program Files\Microsoft Office\Office14\protocolhandler.exe "%1" | Access.ACCDAExtensi

[FD] Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook Messenger and Facebook App for iOS.

I. VULNERABILITY - Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook Messenger and Facebook App for iOS. II. BACKGROUND - Facebook is a social networks III. DESCRIPTION - Has been detected a Reflected XSS v

Re: [FD] SSH host key fingerprint - through HTTPS

Good to hear from you! "marginally better" We never said this is perfect. checkssh.com stops LOCAL bad boys. That's all. "both myself and that site are BOTH falling victim" Ah, here is the source code... https://checkssh.com/result/indexdotphp.txt It's extremely short and easy to read. You can s

Re: [FD] SSH host key fingerprint - through HTTPS

"source code" It's here: https://checkssh.com/result/indexdotphp.txt Extremely short and easy to read. "trust the service operators" Hey, trust your own eyes. :-) Feel free to audit/use our code. "a better solution is to use Monkeysphere" Professional "certificate authority" vs "OpenPGP web of t

[FD] [CORE-2014-0005] - Advantech WebAccess Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Vulnerabilities 1. *Advisory Information* Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabi

[FD] Syslog LogAnalyzer persistent XSS injection CVE-2014-6070

Author: Dolev Farhi @dolevff Application: LogAnalyzer Date: 8.2.2014 Tested on: Red Hat Enterprise Linux 6.4 Relevant CVEs: CVE-2014-6070 1. About the application LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis

[FD] Uninit memory disclosure via truncated images in Firefox

Yello, The recent release of Firefox 32 fixes another interesting image parsing issue found by afl [1]: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with