Monday, 27 September 2010

Two days after the report of the PayPal Sandbox XSS which was finally corrected within a very short time, "d3v1l" from Security-Sh3ll has notified us about a new XSS affecting the PayPal mobile SSL site...

Saturday, 25 September 2010

Security researcher "Nemessis" from Romanian teams Hackersblog and RSTcenter has discovered a critical XSS vulnerability affecting PayPal Sandbox. The PayPal Sandbox is a self-contained testing environment within which users can prototype and test PayPal features and APIs.The enviroment is a duplicate of the live PayPal site, except that no real money changes hands...

Saturday, 25 September 2010

The webmail service of the NASDAQ listed company Sohu.com Inc. suffered from a serious cross-site scripting vulnerability (corrected yesterday). Sohu.com currently ranks 46th overall in Alexa and is one of the largest Chinese search engine companies which also offers advertising, online multiplayer gaming and other services.  

Monday, 6 September 2010

A non-persistent Twitter XSS was submitted by "cbr" on July 29, 2010 and has not been corrected since then. During the summer period, another three possible XSS attacks on Twitter have been reported...

Friday, 3 September 2010

We suggest that you read a late July 2010 post by Robert Abela from Acunetix, regarding a discovered XSS on Facebook which could lead to account hijacks. During the same period, another critical Facebook XSS also came to light... It was submitted to our archive by web security researcher nicknamed "AKABEY" and still appears to be working...

Monday, 19 July 2010

*UPDATED 20 Jul 2010 : 10:39pm* - A mirror of the now corrected vulnerability has been published. Also, read on an excellent technical blog post by Billy (BK) Rios about another Twitter XSS bug... Romanian security researcher "d3v1l" from Security-Sh3ll, has notified us just a few minutes ago about a persistent XSS that he discovered on Twitter's help center...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18