The Adobe PDF XSS Vulnerability
Wednesday, January 10th, 2007YouTube Fixes Security Vulnerability
Thursday, December 21st, 2006Until recently, YouTube has been vulnerable to cross-domain Ajax attacks due to their open crossdomain.xml policy. I notified them as soon as I discovered the vulnerability, and although I have yet to receive a reply, it appears they have fixed the pro...
Another Google XSS Vulnerability
Thursday, March 2nd, 2006I don't want to provide any links or details before it is fixed, but Google has another cross-site scripting (XSS) vulnerability. It is more serious than the previous one, because: It works with any character encoding. (You can be a victim even ...
Google’s Cross-Site Scripting Vulnerability
Wednesday, December 21st, 2005I'm sure this will be getting some attention, because everything Google does gets attention. :-) The recent cross-site scripting (XSS) vulnerability discovered in Google perfectly illustrates why character encoding matters. This example demonstrates h...
PEAR XML_RPC Vulnerability and PHP 4.4.0RC2 release
Tuesday, August 16th, 2005An easily exploitable security issue was discovered in PEAR XML_RPC <= 1.3.0. We recommend that users of this PEAR class immediately upgrade to the latest version with: pear upgrade XML_RPC The same security problem exists in many other XML RPC implementations, please check if the installed applications that you use ...
