PayPal Bug Bounty: PayPaltech.com XSS
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the d...
Recent posts
Bezirk-Niederbayern.de Fixes Critical SQL-Injection Flaw After 8 Months - Are We Ready For CyberWar?
That’s amazing bad. Where should I start? In July 2012 I’ve reported a critical SQL - Injection flaw on the official website of Lower Bavaria alongside anoth...
Photodex ProShow Producer Vulnerability #6: ScsiAccess Local Privilege Escalation
OK…honestly… I promise (!)… this is the last advisory about the ProShow Producer application, but also the most dangerous one with a CVSS Score of 7,2 and ex...
TÜV-Nord Fixes Multiple XSS Flaws after Consulting the Data Security Officer of Niedersachsen
Hello readers!
HP Intelligent Management Center v5.1: Bypassing javax.faces.ViewState CSRF Protection
Have you read my last advisory about the HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting Vulnerability ? You ...