| | Setting up PHP-FastCGI and nginx? Don’t trust the tutorials. (nealpoole.com) |
|
1 point by WhiteDawn on Jan 28, 2014 | past
|
| | XSS Filter Bypass in validator Node.js Module (nealpoole.com) |
|
2 points by _vvdf on July 5, 2013 | past
|
| | CSRF Token Disclosure in Coinbase (nealpoole.com) |
|
2 points by wglb on June 4, 2013 | past
|
| | (Unpatched) Reflected XSS in JW Player 5 (nealpoole.com) |
|
1 point by wglb on April 16, 2013 | past
|
| | Bad Changes to eBay’s Responsible Disclosure Policy (nealpoole.com) |
|
1 point by tshtf on March 18, 2013 | past
|
| | How Hard Is It To Blacklist A Java Applet? (nealpoole.com) |
|
2 points by wglb on Jan 24, 2013 | past
|
| | Preventing CSRF Attacks with AJAX and HTTP Headers (nealpoole.com) |
|
39 points by swah on Aug 25, 2012 | past | 4 comments
|
| | CSRF, Clickjacking, and the Role of X-Frame-Options (nealpoole.com) |
|
1 point by tshtf on July 25, 2012 | past
|
| | Security Vulnerabilities in Popular Flash Applets (SWFUpload, Plupload) (nealpoole.com) |
|
2 points by nbpoole on May 17, 2012 | past
|
| | Twitter White Hat Vulnerabilities (nealpoole.com) |
|
1 point by wglb on April 14, 2012 | past
|
| | CSRF, Clickjacking, and the Role of X-Frame-Options (nealpoole.com) |
|
1 point by wglb on March 31, 2012 | past
|
| | Directory Traversal via PHP Multi-File Uploads (nealpoole.com) |
|
1 point by dominis on March 9, 2012 | past
|
| | Java Deployment Toolkit Plugin Does Not Validate Installer Executable (nealpoole.com) |
|
1 point by wglb on Oct 27, 2011 | past
|
| | Java Deployment Toolkit Plugin Does Not Validate Installer Executable (nealpoole.com) |
|
2 points by wglb on Oct 18, 2011 | past | 1 comment
|
| | Java Applet Same-Origin Policy Bypass via HTTP Redirect (nealpoole.com) |
|
1 point by wglb on Oct 18, 2011 | past
|
| | Directory Traversal via PHP Multi-File Uploads (nealpoole.com) |
|
8 points by wglb on Oct 3, 2011 | past | 1 comment
|
| | XSS Filters can be used to bypass clickjacking (scroll down to point 3) (nealpoole.com) |
|
8 points by simonw on Aug 26, 2011 | past | 2 comments
|
| | Lessons from Facebook's Security Bug Bounty Program (nealpoole.com) |
|
3 points by nbpoole on Aug 25, 2011 | past
|
| | Arbitrary Code Execution with Null Bytes, PHP, and Old Versions of nginx (nealpoole.com) |
|
5 points by nbpoole on Aug 24, 2011 | past
|
| | Safari for Windows handles text/plain content improperly (CVE-2010-1420) (nealpoole.com) |
|
2 points by wglb on Aug 22, 2011 | past
|
| | Cross-Site Scripting? In PHP Notices? It's more likely than you think (nealpoole.com) |
|
43 points by nbpoole on Aug 18, 2011 | past | 14 comments
|
| | File uploads allow for cross-site scripting in Wordpress (nealpoole.com) |
|
1 point by nbpoole on April 27, 2011 | past | 1 comment
|
| | Avoiding Arbitrary Code Execution with nginx and php-fastcgi (nealpoole.com) |
|
61 points by nbpoole on April 8, 2011 | past | 15 comments
|
| | Directory Traversal / Local File Inclusion on addons.mozilla.org (nealpoole.com) |
|
2 points by nbpoole on Feb 10, 2011 | past | 1 comment
|
| | How Does Cross-Site Scripting Become Arbitrary Code Execution? (nealpoole.com) |
|
3 points by nbpoole on Jan 31, 2011 | past
|
| | Preventing CSRF Attacks with AJAX and HTTP Headers (nealpoole.com) |
|
6 points by wglb on Jan 22, 2011 | past | 2 comments
|
| | HTTP Response Splitting Vulnerability on reddit.com (nealpoole.com) |
|
80 points by there on Jan 15, 2011 | past | 26 comments
|
| | Reports from Google’s Vulnerability Reward Program (nealpoole.com) |
|
10 points by nbpoole on Dec 18, 2010 | past
|
| | Hacking Google Calendar (nealpoole.com) |
|
25 points by dfield on Dec 1, 2010 | past | 5 comments
|