Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

86 messages starting Aug 06 15 and ending Aug 11 15
Date index | Thread index | Author index

antonio

Security Advisory - "Cross-VM ASL INtrospection (CAIN)" antonio (Aug 06)

Apple Product Security

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-3 iOS 8.4.1 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-4 OS X Server v4.1.5 Apple Product Security (Aug 13)
APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Apple Product Security (Aug 13)

Black Arch

New BlackArch Linux ISOs (version 2015.07.31) Black Arch (Aug 02)

Blue Frost Security Research Lab

BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability Blue Frost Security Research Lab (Aug 12)
BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities Blue Frost Security Research Lab (Aug 13)

Brandon Perry

Re: Symantec Endpoint Protection Brandon Perry (Aug 01)

Curesec Research Team

BigTree CMS 4.2.3 Multiple Sql Injections Curesec Research Team (Aug 11)
CodoForum 3.3.1 Multiple Cross Site Scriptings Curesec Research Team (Aug 11)
CodoForum 3.3.1 Multiple SQL Injections Curesec Research Team (Aug 11)
BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities Curesec Research Team (Aug 11)

Curesec Research Team (CRT)

ModX Revolution 2.3.5 - Reflected XSS Curesec Research Team (CRT) (Aug 18)
Phorum 5.2.19 - Reflected XSS and Open Redirect Curesec Research Team (CRT) (Aug 18)
Bolt 2.2.4 - Code Execution Curesec Research Team (CRT) (Aug 18)

Dave Horsfall

Re: Mozilla extensions: a security nightmare Dave Horsfall (Aug 07)

David Leo

Open source tool for applying Google Chrome security updates David Leo (Aug 12)

Dawid Golunski

Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM Dawid Golunski (Aug 12)

dxw Security

CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Aug 27)
Re: Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin) dxw Security (Aug 12)
The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) dxw Security (Aug 12)
Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin) dxw Security (Aug 27)
Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security (Aug 11)
Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin) dxw Security (Aug 11)
Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin) dxw Security (Aug 11)
Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin) dxw Security (Aug 11)
Re: The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) dxw Security (Aug 17)
Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments dxw Security (Aug 05)

Electric Mind

Pineapple autopwn script 2.3.0 or lower versions. Electric Mind (Aug 08)

ERPScan inc

ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow ERPScan inc (Aug 14)
SAP Security Notes August 2015 ERPScan inc (Aug 13)
[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE ERPScan inc (Aug 17)

Etnies

Thomson Reuters FATCA - Arbitrary File Upload Etnies (Aug 11)
Thomson Reuters FATCA - Local File Inclusion Etnies (Aug 11)

Gregory Pickett

CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation Gregory Pickett (Aug 11)

Jing Wang

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)
PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug Jing Wang (Jul 31)
KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)

John Smith

Severe weakness in checkout provider Borderfree allows users to easily control the prices they pay on ecommerce websites John Smith (Aug 17)

Joshua Rogers

vBulletin x.x.x rce "0day" Joshua Rogers (Aug 15)

Kana Shinoda

CODEBLUE.JP - Security Conference in Tokyo Calling for Papers by Sep.10 Kana Shinoda (Aug 02)

Lukasz Miedzinski

UNIT4TETA TETA WEB - Authorization Bypass vulnerability Lukasz Miedzinski (Aug 18)

Mario Vilas

Re: Mozilla extensions: a security nightmare Mario Vilas (Aug 05)

Markus Wulftange

Symantec Endpoint Protection Markus Wulftange (Jul 31)
Re: Symantec Endpoint Protection Markus Wulftange (Aug 03)

MustLive

Vulnerability in VirtueMart for Joomla MustLive (Aug 01)

nullcon

nullcon se7en CFP is open nullcon (Aug 27)

Onapsis Research Labs

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage Onapsis Research Labs (Aug 12)
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values Onapsis Research Labs (Aug 12)
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery Onapsis Research Labs (Aug 12)

Pierre Kim

Update: Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Aug 12)

Poyo VL

NetRipper - Smart traffic sniffing for penetration testers Poyo VL (Aug 13)

SCADA StrangeLove

SCADA with antenna SCADA StrangeLove (Aug 06)

Scott Arciszewski

AnchorCMS - PHP Object Injection (CVE-2015-5687) and More Scott Arciszewski (Aug 27)
Re: The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin) Scott Arciszewski (Aug 12)
Re: AnchorCMS - PHP Object Injection (CVE-2015-5687) and More Scott Arciszewski (Aug 29)

SEC Consult Vulnerability Lab

SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network SEC Consult Vulnerability Lab (Aug 05)

Securify B.V.

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal Securify B.V. (Aug 17)
Insufficient certificate validation in EMC Secure Remote Services Virtual Edition Securify B.V. (Aug 17)

Security Explorations

Oracle CSO numbers, security hygiene and fixes at the same time Security Explorations (Aug 16)

Stefan Kanthak

Mozilla extensions: a security nightmare Stefan Kanthak (Aug 05)
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows Stefan Kanthak (Aug 06)

Taoguang Chen

Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen (Aug 07)
Use After Free Vulnerability in unserialize() with SPL ArrayObject Taoguang Chen (Aug 07)
Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen (Aug 07)

Thomas D.

Re: Mozilla extensions: a security nightmare Thomas D. (Aug 11)

Vahagn Vardanyan

Sandbox bypass through Google Admin WebView Vahagn Vardanyan (Aug 14)

Vantage Point Security

Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001) Vantage Point Security (Aug 12)

Vulnerability Lab

T Mobile Business - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Aug 10)
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) Vulnerability Lab (Aug 20)
UBNT Bug Bounty #3 - Persistent Filename Vulnerability Vulnerability Lab (Aug 20)
PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability Vulnerability Lab (Aug 20)
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability Vulnerability Lab (Aug 28)
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability Vulnerability Lab (Aug 28)
ChiefPDF Software v2.x - Buffer Overflow Vulnerability Vulnerability Lab (Aug 20)
Device Inspector v1.5 iOS - Command Inject Vulnerabilities Vulnerability Lab (Aug 07)
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability Vulnerability Lab (Aug 07)
Photo Transfer (2) v1.0 iOS - Denial of Service Vulnerability Vulnerability Lab (Aug 28)
WebSolutions India Design CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 20)
Dogma India dogmaindia CMS - Auth Bypass Session Vulnerability Vulnerability Lab (Aug 28)
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability Vulnerability Lab (Aug 12)
UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Aug 20)

xin . wang

[CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid xin . wang (Aug 13)

Артур Истомин

Re: Security Advisory - "Cross-VM ASL INtrospection (CAIN)" Артур Истомин (Aug 06)

牛保龙

php 7 use after free bug 牛保龙 (Aug 11)

Previous period

Next period