by Julien Ahrens | Friday, May 18, 2012 | Advisory
In April, I stumbled over a Cross-Site Scripting vulnerability on the Mozilla Developer Network! Due to improper input validation mechanisms an attacker could temporarily inject own code into user browser sessions with required user interaction using manipulated URLs:...
by Julien Ahrens | Monday, April 30, 2012 | Advisory
Some days ago…I have found a Cross-Site Scripting Vulnerability on www.suse.com – the home of the famous Linux distribution. Using this bug, an attacker could temporarily inject arbitrary code with required user interaction into the context of the website...
by Julien Ahrens | Sunday, April 29, 2012 | General
Hello readers, There are good and there are bad “webmasters”. I suppose that everyone who has ever reported (or better: tried to report) a security issue on a website to the responsible webmaster, faces at least one time in his or her life the problem of...
by Julien Ahrens | Saturday, April 21, 2012 | Uncategorized
Just a short notice as an addendum to IA2: A new version (1.6) of the “Free WMA MP3 Converter” by eusing.com has been released which is still vulnerable to the same issue like all versions before. The interesting part here ? Well I’ve noticed the...
by Julien Ahrens | Wednesday, April 11, 2012 | Advisory
This time I have found a non-persistent xss vulnerability on one of Germany’s country-government websites. Immediatley after the finding (on 2012-03-11), I have noticed the webmaster about the vulnerability, but….no reaction. I noticed them 2 further times...