[FD] CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)

Details Software: Contact Form DB Version: 2.8.29 Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/ Advisory report: https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/ CVE: CVE-2015-1874 CV

[FD] Partial pointer leaks

Hi everyone, I am posting this message in the hope to gather suggestions about potential past vulnerabilities of a specific kind (described below), or ideas about applications, libraries or APIs that might potentially be subject to it. As part of an academic project, I am looking for examples of

[FD] WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

*WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Wordpress "Max Banner Ads" Plugin /info.php &zone_id Parameter XSS Security Vulnerabilities Product: Wordpress "Max Banner Ads" Plugin Vendor: MaxBlogPress Vulnerable Versions: 1.9 1.8 1.4

[FD] Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities

*Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04, 2015

[FD] Java 8u40 released: why?

I notice that Java (JDK, JRE) update 8u40 has been released. Though http://www.oracle.com/technetwork/java/javase/downloads/index.html says "this release includes important security fixes", the release notes http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.html says the "secu