I was looking for a NoScript detector, something that could tell me if the user has JS disabled in the Firefox preferences or by the NoScript plugin written by Maone, and found nothing. To repair this i wrote this trivial POC that is able to accomplish the task, it performs fingerprinting based on the behavior of the browser under the different possible conditions and is really reliable from the measurements done until now.
Few moments ago i was reading the Skype 1.4.118 for Linux changelog and noticed a new feature named "Auto-accept file transfers". Damn i thought, if it's by default an issue found accidentally some time ago is now fully weaponized: Skype 1.4.0.74 (probably also others) happily overwrites files without asking!
Today on the ml one of our pupils, remix, posted about GreenSQL, "an Open Source database firewall used to protect databases from SQL injection attacks". In other words something that stands to SQL as mod_security stands to HTTP.
We found a severe vulnerability in the Original script, a photo gallery software. Remote command (directly into an exec()) execution is possible with register globals on regardless the PHP version.