Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

115 messages starting Apr 01 15 and ending Apr 30 15
Date index | Thread index | Author index

Wednesday, 01 April

Vulnerability in site leads to source code dump Johnny Five
Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Larry W. Cashdollar
Re: [Tool] SPARTA 1.0 BETA Antonio Quina
Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936) Tod Beardsley

Thursday, 02 April

NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE VMware Security Response Center

Saturday, 04 April

Wordpress plugin Simple Ads Manager - SQL Injection ITAS Team
Multiple SQL Injection ITAS Team
Wordpress plugin Simple Ads Manager - Arbitrary File Upload ITAS Team
Wordpress plugin Simple Ads Manager - Information Disclosure ITAS Team
ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
6kbbs v8.0 SQL Injection Security Vulnerabilities Jing Wang
6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities Jing Wang
6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar
phpSFP - Schedule Facebook Posts 1.5.6 Pre-auth SQL Injection (0-day) Pichaya Morimoto

Tuesday, 07 April

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation Securify B.V.
HotExBilling Manager – Cross-site scripting (XSS) vulnerability Bhadresh Patel
Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server Gsunde Orangen
New tool: smalisca - Static Code Analysis tool for Smali files Levon Kayan
[CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution Pedro Ribeiro

Wednesday, 08 April

AST-2015-003: TLS Certificate Common name NULL byte exploit Asterisk Security Team

Thursday, 09 April

SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows SEC Consult Vulnerability Lab
Network Solutions Webmail - A tale about chained web vulnerabilities Cristiano Maruti
[Tool] nsec3map v0.3 - DNSSEC Zone Enumerator An Onion

Friday, 10 April

SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) SEC Consult Vulnerability Lab
Fusion Engage v1.0.5 (WordPress Plugin) Local File Disclosure Why Know
Hidden backdoor API to root privileges in Apple OS X Jeffrey Walton

Saturday, 11 April

OrangeHRM Blind SQL Injection & XSS Vulnerabilities Rehan Ahmed

Monday, 13 April

Safari iOS/OS X/Windows cookie access vulnerability Jouko Pynnonen

Tuesday, 14 April

several issues in SQLite (+ catching up on several other bugs) Michal Zalewski
Re: several issues in SQLite (+ catching up on several other bugs) Paul Vixie
whitepaper: Identifier based XSSI attacks Takeshi Terada
Problems in automatic crash analysis frameworks Tavis Ormandy
Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities Jing Wang
NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities Jing Wang
NetCat CMS 3.12 HTML Injection Security Vulnerabilities Jing Wang
Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang

Wednesday, 15 April

Arbitary Code Execution in Apache Spark Cluster Akhil Das
[Tool/API] desenmascara.me - Fingerprinting and assessing the web security awareness of websites Emilio Casbas
Huawei SEQ Analyst - XML External Entity Injection (XXE) Uğur Cihan KOÇ
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS) Uğur Cihan KOÇ

Thursday, 16 April

CSRF and stored XSS in WordPress Content Slide allow an attacker to have full admin privileges (WordPress plugin) dxw Security
Reflected XSS in Citizen Space allows attackers to view sensitive information of the attacker’s choosing (WordPress plugin) dxw Security
Open Litespeed Use After Free Vulnerability Denis Andzakovic
Re: several issues in SQLite (+ catching up on several other bugs) Hanno Böck
SQL Injection, XSS and FPD vulnerabilities Nodes Studio CMS MustLive

Friday, 17 April

CVE-2014-5370 - Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet Portcullis Advisories
CVE-2014-7954 MTP path traversal vulnerability in Android Imre RAD
CVE-2014-7951 adb backup archive path traversal file overwrite Imre RAD
CVE-2014-7953 Android backup agent code execution Imre RAD

Sunday, 19 April

Re: several issues in SQLite (+ catching up on several other bugs) Michal Zalewski
Re: several issues in SQLite (+ catching up on several other bugs) Michal Zalewski
Re: several issues in SQLite (+ catching up on several other bugs) jungle Boogie
Re: several issues in SQLite (+ catching up on several other bugs) jungle Boogie
Laravel - PHP Object Injection - 4.1, 4.2, 5.0, master Scott Arciszewski
Re: several issues in SQLite (+ catching up on several other bugs) Jeffrey Walton
Re: several issues in SQLite (+ catching up on several other bugs) Jeffrey Walton

Monday, 20 April

Re: several issues in SQLite (+ catching up on several other bugs) Reed Loden

Tuesday, 21 April

Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability Vulnerability Lab
Mobile Drive HD v1.8 - File Include Web Vulnerability Vulnerability Lab
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability Vulnerability Lab
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability Vulnerability Lab
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability Vulnerability Lab
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability Vulnerability Lab
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities Vulnerability Lab
Linux ASLR mmap weakness: Reducing entropy by half Hector Marco-Gisbert
AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% Hector Marco-Gisbert
Netgear WNR2000v4 Multiple Vulnerabilities endeavor
Google Analytics by Yoast stored XSS #2 Jouko Pynnonen
Re: Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability Mario Vilas

Wednesday, 22 April

Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability Vulnerability Lab
iPassword Manager v2.6 iOS - Persistent Vulnerabilities Vulnerability Lab
Android 0-day vulnerability - Drive by download ma sh
HomeAdvisor Bug Bounty #1 - Filter Bypass & Client Side Exception Handling Vulnerability Vulnerability Lab
CVE-2015-0984 SCADA - Gaining remote shell on Honeywell Falcon XLWEB Martin Jartelius
Magento Unauthenticated RCE Shahar Tal

Thursday, 23 April

Socrata Bug Bounty #1 - Persistent Encoding Vulnerability Vulnerability Lab
[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow 朱东海

Sunday, 26 April

Surveillance system used for censorship in Europe - Censorship attack combines packet injection and Heartbleed Doug
WordPress 4.2 stored XSS Jouko Pynnonen
#WorldPenguinDay or this cant be right, can it? PIN
XSS and CSRF vulnerabilities in ASUS RT-G32 MustLive
Re: WordPress 4.2 stored XSS Scott Arciszewski

Monday, 27 April

[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities CORE Advisories Team
Re: WordPress 4.2 stored XSS Hanno Böck
Re: WordPress 4.2 stored XSS Anthony Ferrara
Re: WordPress 4.2 stored XSS Fyodor
Re: WordPress 4.2 stored XSS Scott Arciszewski
Re: WordPress 4.2 stored XSS Winni Neessen
Re: WordPress 4.2 stored XSS Ryan Dewhurst
Re: WordPress 4.2 stored XSS Scott Arciszewski
[Additional vectors] Multiple vulnerabilities in Untangle NGFW 9-11 Calum Hutton

Tuesday, 28 April

SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability Vulnerability Lab
Wing FTP Server Admin 4.4.5 CSRF & XSS Vulnerabilties John Page
Re: WordPress 4.2 stored XSS C0r3dump3d
Stored XSS in ebay messages Jaanus
libarchive - Out of bounds read using malformed cpio archive Paris Zoumpouloglou

Wednesday, 29 April

CVE-ID 2015-1188: Swisscom DSL Router Centro Grande (ADB) csirt
Type Confusion Infoleak Vulnerability in unserialize() with SoapFault Taoguang Chen
Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception Taoguang Chen
TestDisk 6.14 Check_OS2MB Stack Buffer Overflow Denis Andzakovic

Thursday, 30 April

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability Vulnerability Lab
Mysterious CVE-2008-568 (Solaris) Mark Felder
Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) Hanno Böck
IKE Aggressive Mode Downgrade Attack? Melchior Limacher
OS X 0day - works on latest verz 魏诺德
Re: #WorldPenguinDay or this cant be right, can it? PIN
Re: Mysterious CVE-2008-568 (Solaris) Ian Neal
Re: Mysterious CVE-2008-568 (Solaris) Michal Zalewski

Previous period

Next period