Mail.ru: Full Path Disclosure

crisis.mail.ru revealed non-sensitive information, such as application installation path via error messages. crisis.mail.ru is a domain name delegated to partner service...

Mail.ru: XXE крит

XXE injection in partner service with delegated my.com subdomain...

Mail.ru: Shell upload in partner service

Shell code upload RCE vulnerability in partner service provided as an additional functionality withing mail.ru branded service. On the moment of reporting, partner services are not covered by bug bounty program, the bounty was awarded due to potential problem criticality...

Microsoft Partner Service - Persistent Web Vulnerability

Document Title: =============== Microsoft Partner Service - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=433 http://www.vulnerability-lab.com/getcontent.php?id=439 MSRC ID: 12209nj Release Date: ============= 2012-04-13...

Microsoft Partner Service - Persistent Web Vulnerability

Document Title: =============== Microsoft Partner Service - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=433 http://www.vulnerability-lab.com/getcontent.php?id=439 MSRC ID: 12209nj Release Date: ============= 2012-04-13...