Vulnerability Research

First, Happy Thanksgiving to anyone that celebrates this holiday. In reality, I hope that we’re all thankful every day. Yes, I know- I’m working on a blog post on turkey day. It’s alright because I already helped cook a few items for the dinner table later this evening, and I have some free time, so why not? I’ll keep this one short. If you follow Microsoft Patch Tuesday’s like I do, then you probably know that Microsoft provided a patch for Microsoft Security Bulletin MS14-064, which was rated as critical....

Earlier this year, I discovered multiple cross-site scripting (XSS) vulnerabilities in The Bug Genie, an open source issue tracking and project management application. The Vulnerabilities For reference, the vulnerabilities were assigned CVE-2013-1760. Proper and timely disclosure practices were coordinated through the Trustwave SpiderLabs’ security advisory team. The Bug Genie version 3.2.4 and earlier, suffer from multiple persistent, and reflected XSS vulnerabilities in different areas of the application. I will not dive into details for each finding, as they are mentioned in the references below....