Dusty patch paid out
By Darren Pauli, 21 Nov 2014 Paypal has closed a remote code execution vulnerability in its service some 18 months after it was reported.The flaws reported earlier this month rated critical by Vulnerability Lab affected a core Paypal profile application.
"A system specific arbitrary code execution vulnerability has been discovered in the official in the official PayPal Inc Web-Application and API," founder and researcher Benjamin Kunz Mejr wrote in a disclosure.
Full Article and Video