70 matches found
Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting
Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting =============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script...
Aruba ClearPass Policy Manager 6.4 Cross Site Scripting
=============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script severity: Medium found: 2014-11-24 by: Cristiano Maruti @cmaruti...
Dropbox Launches Bounty Program on HackerOne
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...
HTTPS Opens Door to Paid Pinterest Bug Bounty
Pinterest’s journey toward becoming a fully HTTPS website opened a lot of doors, including a potentially profitable one for hackers. The social networking site this week announced that it would begin paying cash rewards through its bug bounty program, upping the stakes from the T-shirt it...
GitHub Doubles Maximum Bug Bounty Payouts
Almost a year to the day since Github announced its bug bounty program, the Git repository said yesterday that it will double its maximum payout to $10,000. Ben Toews, a GitHub staffer, said yesterday that since the launch of the GitHub Security Bug Bounty, 73 previously unknown vulnerabilities...
Vimeo: APIs for channels allow HTML entities that may cause XSS issue
Hello, I found Vimeo's bug bounty program on 1. Please find below details of a security issue I found. First, APIs for channels 2 allow you to put HTML and javascript to name or description of a channel. For example, an attacker can use a Python script like the following to put javascript to an...
Blackphone Bug Bounty Program Launches on Bugcrowd
During DEF CON in August, Twitter became the preferred medium for submitting bugs found in secure smartphone Blackphone, including one high-profile claim on the social network that the phone had been rooted. That wasn’t the final straw that led to today’s announcement of a bug bounty, rather it w...
Drupal Mollom Module Cross-Site Scripting Patch
Drupal today released an update that patches a cross-site scripting vulnerability in a popular spam and content moderation module used by websites built on the open source CMS. The vulnerability was in a feature of the Mollom module that is installed on at least 60,000 sites, said Drupal security...
Bugcrowd Releases Open Source Vulnerability Disclosure Framework
The problems that come from doing security research on modern Web applications and other software aren’t just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult...
Pinterest Launches Bug Bounty Program
Pinterest has become the latest major Web property to start a bug bounty program, joining the Bugcrowd platform and offering researchers rewards of up to…a shirt. The site, which enables users to post photos, recipes and other information, announced the new reward program Tuesday. Company officia...