Archives » Neal Poole

Archives

Thu 25 August 2011: Lessons from Facebook’s Security Bug Bounty Program
Wed 24 August 2011: Possible Arbitrary Code Execution with Null Bytes, PHP, and Old Versions of nginx
Thu 18 August 2011: Cross-Site Scripting via Error Reporting Notices in PHP
Mon 15 August 2011: Safari for Windows handles text/plain content improperly (CVE-2010-1420)

About Me

My name is Neal Poole. I'm interested in web application security. I'm a Security Engineer on the Product Security team at Facebook. My posts are my own and do not necessarily reflect the views and opinions of my employer.
Categories
Tags

0x000006bb Facebook Flash HP Officejet MySQL Oracle Oracle October 2011 CPU PHP Plupload SVN USB Wordpress addons.mozilla.org arbitrary code execution arbitrary precision clickjacking code execution coinbase csrf directory traversal ebay file upload firefox google google apps google code google ejabat google visualization google vulnerability reward program hackathon iconv java java applet jsonp nginx node programming reddit security ssh textpattern web application security xss yaml yandex
Archives
- July 2013 (3)
- June 2013 (3)
- April 2013 (2)
- March 2013 (3)
- January 2013 (1)
- May 2012 (1)
- April 2012 (1)
- March 2012 (1)
- October 2011 (3)
- August 2011 (4)
- May 2011 (1)
- April 2011 (4)
- March 2011 (3)
- February 2011 (5)
- January 2011 (3)
- December 2010 (6)
- November 2010 (4)
- August 2010 (5)
- July 2010 (6)
- June 2010 (4)