[Full-disclosure] Shopify (Bug Bounty) - XML External Entity Vulnerability

Shopify suffered from an XXE attack within their online stores domain - *.myshopify.com They were extremely quick in confirming and fixing the issue (even though it was a Sunday). Full details with the usual screen shots can be found at http://www.securatary.com -- All the best Mark

[Full-disclosure] [SECURITY] [DSA 2862-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2862-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014

[Full-disclosure] SQL Injection i-doit Pro (CVE-2014-1597)

# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # # # # CVE ID : CVE-2014-1597 # CSNC ID: CSNC-2014-003 # Product: i-doit # Vendor: synetics Gesellschaft für

Re: [Full-disclosure] DoS via tables corruption in WordPress

Hi MustLive, I have read both of those carefully (the websecurity one, via Google Translate) and watched the video. I agree that someone who came across a WordPress site with crashed tables might get an installer screen. That would be bad. But it is also very unlikely to occur often. The

[Full-disclosure] [ MDVSA-2014:035 ] libpng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:035 http://www.mandriva.com/en/support/security/

[Full-disclosure] My PDF Creator DE DM v1.4 iOS - Multiple Vulnerabilities

Document Title: === My PDF Creator DE DM v1.4 iOS - Multiple Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1201 Release Date: = 2014-02-16 Vulnerability Laboratory ID (VL-ID):

[Full-disclosure] Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec

CHRISTMAS ISLANDS PATENT APPLICATION20142329 RECON 2014 February 17th, 2014 BACKGROUND [FIELD OF INVENTION] - REcon 2014 is a computer security conference for reverse engineers, hackers, and

[Full-disclosure] [ MDVSA-2014:036 ] varnish

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:036 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2014:037 ] ffmpeg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:037 http://www.mandriva.com/en/support/security/

[Full-disclosure] [ MDVSA-2014:038 ] kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:038 http://www.mandriva.com/en/support/security/

Re: [Full-disclosure] CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger

VDBs, please note that the referenced CVE ID is wrong. CVE-2014-1643 was actually assigned to this issue by Symantec. Tim -- Tim Brown mailto:t...@65535.com signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We

[Full-disclosure] My experiences with the GiftCards.com Bug Bounty Program

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn't a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities. But what I