Full Disclosure: by date

PreviousPrevious period
Next periodNext

135 messages starting Sep 30 14 and ending Oct 31 14
Date index | Thread index | Author index

Tuesday, 30 September

FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities VMware Security Response Center
Command-injection vulnerability in windows cmd scripts Ben Perry
Epicor Enterprise vulnerabilities Fara Rustein fararustein () ultusecurity com
Multiple vulnerabilities in Refraction theme for WordPress MustLive
FreePBX (All Versions) RCE Rob Thomas
CVE-2014-2717 SCADA Privilege Escalation in Honeywell Falcon XLWEB Martin Jartelius
Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product kvnjs

Wednesday, 01 October

CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS Portcullis Advisories
Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin) dxw Security
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Paul Vixie
CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink Portcullis Advisories
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski
Re: CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink Brandon Perry
CarolinaCon-11 call for papers/presenters Vic Vandal

Thursday, 02 October

CVE-2014-3110 SCADA XSS and patch review of Honeywell Falcon XLWEB Martin Jartelius

Friday, 03 October

BulletProof Security Wordpress v50.8 - POST Inject Vulnerability Vulnerability Lab
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability Vulnerability Lab
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway Mirko Casadei
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway Mirko Casadei

Saturday, 04 October

CVE-2014-4313 Epicor Procurement SQL Injection Martins, Luciano (LATCO - Buenos Aires)
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michael Bazzinotti

Monday, 06 October

Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities Vulnerability Lab
CA20141001-01: Security Notice for Bash Shellshock Vulnerability Williams, James K

Tuesday, 07 October

Nessus Web UI 2.3.3: Stored XSS The Security Factory
Adobe Acrobat XI on Uniguest Secured Advantage 7 privacy issue at Marriott et al Constantine A. Murenin
CVE-2014-4502 (Updated) : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow Mick Ayzenberg
CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work Mick Ayzenberg
Yahoo! hacked on October 5, 2014... Jonathan Hall
Re: Yahoo! hacked on October 5, 2014... Pål Nilsen
BlackArch Linux: New ISOs released Black Arch
Exploit for CVE-2014-5207 Andrew Lutomirski
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! Pedro Ribeiro
OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux Jann Horn

Wednesday, 08 October

[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection Onapsis Research Labs
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities Onapsis Research Labs
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check Onapsis Research Labs
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure Onapsis Research Labs
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting Onapsis Research Labs
Re: Yahoo! hacked on October 5, 2014... illwill

Thursday, 09 October

TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Peter Thoeny
TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server Peter Thoeny
Re: TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Michael Stroucken
CSNC-2014-004 neuroML - Multiple Vulnerabilities Alexandre Herzog
SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer Alexandre Herzog
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer Alexandre Herzog
SAP Security Note 1908531 - XXE in BusinessObjects Explorer Alexandre Herzog

Saturday, 11 October

CSP Bypass on Android prior to 4.4 E Boogie

Monday, 13 October

PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability Vulnerability Lab
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik
Re: CSP Bypass on Android prior to 4.4 E Boogie
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public)
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) oststrom (public)
CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth) oststrom (public)
OWASP OWTF 1.0 "Lionheart" released! Abraham Aranguren
Re: CSP Bypass on Android prior to 4.4 E Boogie
Rooted CON 2015 - Call For Papers omarbv

Tuesday, 14 October

Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik
Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Florian Weimer
Re: CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) Henri Salo
Re: CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public)
Fwd: Re: CSP Bypass on Android prior to 4.4 Vitor Ventura
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) Michal Zalewski
[SE-2014-01] Breaking Oracle Database through Java exploits (details) Security Explorations
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability Vulnerability Lab
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Vulnerability Lab
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability Vulnerability Lab

Wednesday, 15 October

SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces SEC Consult Vulnerability Lab
CVE-2014-2230 - OpenX Open Redirect Vulnerability Jing Wang
New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected) Jing Wang
Bypassing blacklists based on IPy Nicolas Grégoire
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst

Thursday, 16 October

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team

Friday, 17 October

XSS vulnerabilities in Megapolis.Portal Manager MustLive
Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 yoloswag
Fonality trixbox CE remote root exploit Simo Ben youssef

Saturday, 18 October

Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington
Cyanogenmod: multiple flaws in dependencies, including RCE Lord Tuskington

Sunday, 19 October

Re: Cyanogenmod: multiple flaws in dependencies, including RCE Артур Истомин
CVE request: remote code execution in Android CTS Lord Tuskington
Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington
Re: CVE request: remote code execution in Android CTS Lord Tuskington
Re: [oss-security] CVE request: remote code execution in Android CTS Nick Kralevich
Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Jeffrey Walton
Re: [oss-security] CVE request: remote code execution in Android CTS Grond
Re: [oss-security] CVE request: remote code execution in Android CTS David Daynard
Re: CVE request: remote code execution in Android CTS Jann Horn
CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability Jing Wang
Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains) Jing Wang

Monday, 20 October

AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team

Tuesday, 21 October

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab

Wednesday, 22 October

iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab
Mulesoft ESB Authenticated Privilege Escalation Brandon Perry
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar
Re: [oss-security] CVE request: remote code execution in Android CTS Mario Vilas
Incredible PBX remote command execution exploit Simo Ben youssef

Thursday, 23 October

Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab
CVE-2014-7180 - ElectricCommander Local Privilege Escalation Sean Wright
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano

Friday, 24 October

Re: Mulesoft ESB Authenticated Privilege Escalation Barak Engel
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1 Stefan Kanthak
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries Stefan Kanthak
NoSuchCon 2014 - Schedule NoSuchCon
Yourls XSS Stored Alvaro Diaz

Sunday, 26 October

vulnerabilities in libbfd (CVE-2014-beats-me) Michal Zalewski

Monday, 27 October

iFileExplorer v6.51 iOS - File Include Web Vulnerability Vulnerability Lab
WebDisk+ v2.1 iOS - Code Execution Vulnerability Vulnerability Lab
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability Vulnerability Lab
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability Vulnerability Lab
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab

Tuesday, 28 October

CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Portcullis Advisories
CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap Portcullis Advisories
CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap Portcullis Advisories
CVE-2014-7178 - Remote Command Execution in Enalean Tuleap Portcullis Advisories
CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack David Longenecker
DAVOSET v.1.2.1 MustLive
Go Home WP-API, You're Drunk... Scott Arciszewski

Wednesday, 29 October

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab
SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab
MS08-067 strikes again. Now ATM SCADA StrangeLove

Thursday, 30 October

CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories
CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories
Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Jeff Costlow
Re: Go Home WP-API, You're Drunk... Nahuel Grisolía
Re: Go Home WP-API, You're Drunk... Scott Arciszewski

Friday, 31 October

SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access SEC Consult Vulnerability Lab
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU Security Explorations
PreviousPrevious period
Next periodNext