Full Disclosure: by author
86 messages
starting Aug 06 15 and
ending Aug 11 15
Date index |
Thread index |
Author index
antonio
Security Advisory - "Cross-VM ASL INtrospection (CAIN)" antonio (Aug 06)
Apple Product Security
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-3 iOS 8.4.1 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-4 OS X Server v4.1.5 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Apple Product Security (Aug 13)
Black Arch
New BlackArch Linux ISOs (version 2015.07.31) Black Arch (Aug 02)
Blue Frost Security Research Lab
BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability Blue Frost Security Research Lab (Aug 12)
BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities Blue Frost Security Research Lab (Aug 13)
Brandon Perry
Re: Symantec Endpoint Protection Brandon Perry (Aug 01)
Curesec Research Team
BigTree CMS 4.2.3 Multiple Sql Injections Curesec Research Team (Aug 11)
CodoForum 3.3.1 Multiple Cross Site Scriptings Curesec Research Team (Aug 11)
CodoForum 3.3.1 Multiple SQL Injections Curesec Research Team (Aug 11)
BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities Curesec Research Team (Aug 11)
Curesec Research Team (CRT)
ModX Revolution 2.3.5 - Reflected XSS Curesec Research Team (CRT) (Aug 18)
Phorum 5.2.19 - Reflected XSS and Open Redirect Curesec Research Team (CRT) (Aug 18)
Bolt 2.2.4 - Code Execution Curesec Research Team (CRT) (Aug 18)
Dave Horsfall
Re: Mozilla extensions: a security nightmare Dave Horsfall (Aug 07)
David Leo
Open source tool for applying Google Chrome security updates David Leo (Aug 12)
Dawid Golunski
Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM Dawid Golunski (Aug 12)
dxw Security
CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Aug 27)
Re: Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin) dxw Security (Aug 12)
The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) dxw Security (Aug 12)
Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin) dxw Security (Aug 27)
Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security (Aug 11)
Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin) dxw Security (Aug 11)
Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin) dxw Security (Aug 11)
Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin) dxw Security (Aug 11)
Re: The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) dxw Security (Aug 17)
Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments dxw Security (Aug 05)
Electric Mind
Pineapple autopwn script 2.3.0 or lower versions. Electric Mind (Aug 08)
ERPScan inc
ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow ERPScan inc (Aug 14)
SAP Security Notes August 2015 ERPScan inc (Aug 13)
[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE ERPScan inc (Aug 17)
Etnies
Thomson Reuters FATCA - Arbitrary File Upload Etnies (Aug 11)
Thomson Reuters FATCA - Local File Inclusion Etnies (Aug 11)
Gregory Pickett
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation Gregory Pickett (Aug 11)
Jing Wang
Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)
PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug Jing Wang (Jul 31)
KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)
John Smith
Severe weakness in checkout provider Borderfree allows users to easily control the prices they pay on ecommerce websites John Smith (Aug 17)
Joshua Rogers
vBulletin x.x.x rce "0day" Joshua Rogers (Aug 15)
Kana Shinoda
CODEBLUE.JP - Security Conference in Tokyo Calling for Papers by Sep.10 Kana Shinoda (Aug 02)
Lukasz Miedzinski
UNIT4TETA TETA WEB - Authorization Bypass vulnerability Lukasz Miedzinski (Aug 18)
Mario Vilas
Re: Mozilla extensions: a security nightmare Mario Vilas (Aug 05)
Markus Wulftange
Symantec Endpoint Protection Markus Wulftange (Jul 31)
Re: Symantec Endpoint Protection Markus Wulftange (Aug 03)
MustLive
Vulnerability in VirtueMart for Joomla MustLive (Aug 01)
nullcon
nullcon se7en CFP is open nullcon (Aug 27)
Onapsis Research Labs
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage Onapsis Research Labs (Aug 12)
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values Onapsis Research Labs (Aug 12)
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery Onapsis Research Labs (Aug 12)
Pierre Kim
Update: Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Aug 12)
Poyo VL
NetRipper - Smart traffic sniffing for penetration testers Poyo VL (Aug 13)
SCADA StrangeLove
SCADA with antenna SCADA StrangeLove (Aug 06)
Scott Arciszewski
AnchorCMS - PHP Object Injection (CVE-2015-5687) and More Scott Arciszewski (Aug 27)
Re: The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) Scott Arciszewski (Aug 12)
Re: AnchorCMS - PHP Object Injection (CVE-2015-5687) and More Scott Arciszewski (Aug 29)
SEC Consult Vulnerability Lab
SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network SEC Consult Vulnerability Lab (Aug 05)
Securify B.V.
Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal Securify B.V. (Aug 17)
Insufficient certificate validation in EMC Secure Remote Services Virtual Edition Securify B.V. (Aug 17)
Security Explorations
Oracle CSO numbers, security hygiene and fixes at the same time Security Explorations (Aug 16)
Stefan Kanthak
Mozilla extensions: a security nightmare Stefan Kanthak (Aug 05)
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows Stefan Kanthak (Aug 06)
Taoguang Chen
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen (Aug 07)
Use After Free Vulnerability in unserialize() with SPL ArrayObject Taoguang Chen (Aug 07)
Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen (Aug 07)
Thomas D.
Re: Mozilla extensions: a security nightmare Thomas D. (Aug 11)
Vahagn Vardanyan
Sandbox bypass through Google Admin WebView Vahagn Vardanyan (Aug 14)
Vantage Point Security
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001) Vantage Point Security (Aug 12)
Vulnerability Lab
T Mobile Business - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Aug 10)
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) Vulnerability Lab (Aug 20)
UBNT Bug Bounty #3 - Persistent Filename Vulnerability Vulnerability Lab (Aug 20)
PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability Vulnerability Lab (Aug 20)
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability Vulnerability Lab (Aug 28)
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability Vulnerability Lab (Aug 28)
ChiefPDF Software v2.x - Buffer Overflow Vulnerability Vulnerability Lab (Aug 20)
Device Inspector v1.5 iOS - Command Inject Vulnerabilities Vulnerability Lab (Aug 07)
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability Vulnerability Lab (Aug 07)
Photo Transfer (2) v1.0 iOS - Denial of Service Vulnerability Vulnerability Lab (Aug 28)
WebSolutions India Design CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 20)
Dogma India dogmaindia CMS - Auth Bypass Session Vulnerability Vulnerability Lab (Aug 28)
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability Vulnerability Lab (Aug 12)
UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Aug 20)
xin . wang
[CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid xin . wang (Aug 13)
Артур Истомин
Re: Security Advisory - "Cross-VM ASL INtrospection (CAIN)" Артур Истомин (Aug 06)
牛保龙
php 7 use after free bug 牛保龙 (Aug 11)