Pornhub: SSRF & XSS (W3 Total Cache)

The researcher discovered a vulnerable WordPress plugin. The plugin suffers from a server-side request forgery vulnerability that can be exploited in several ways. The researcher was successful in doing the following: Accessing a private server-status URL exposing a monitoring tool. Running a Fla...

Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298

The vulnerability allows a malicious Flash app on a website to read and write Local Shared Objects belonging to any website. As a special case, LSO's of macromedia.com contain global Flash settings. Overwriting them allows e.g. unlimited access to camera and microphone of the target user. Other...

Microsoft Internet Explorer 5 - Address Bar Spoofing

Microsoft Internet Explorer 5 - Address Bar Spoofing source: https://www.securityfocus.com/bid/17404/info Internet Explorer is prone to address-bar spoofing. An attacker can exploit this issue to display the URI of a trusted and known site in the address bar, while running an attacker-supplied...