Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

101 messages starting Feb 02 15 and ending Feb 04 15
Date index | Thread index | Author index

Adam Caudill

[Call For Papers] BSides Knoxville, TN - May 15th 2015 Adam Caudill (Feb 02)

Advisories

MSA-2015-02: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Advisories (Feb 03)

agoraagoraagora

Agora Marketplace CSRF to Steal Bitcoins (agorahooawayyfoe.onion) agoraagoraagora (Feb 18)

Alex Haynes

CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability Alex Haynes (Feb 02)

Alfie John

Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Alfie John (Feb 12)

A. W.

HumHub .htaccess file upload vulnerability and remote code execution A. W. (Feb 13)

Barkley, Peter

Re: Major Internet Explorer Vulnerability - NOT Patched Barkley, Peter (Feb 07)

Ben Lincoln (F7EFC8C9 - FD)

Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD) (Feb 04)
Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD) (Feb 07)

Brandon Perry

eTouch SamePage v4.4.0.0.239 multiple vulnerabilities Brandon Perry (Feb 12)

Christoph Gruber

Re: Suspicious URL:Re: Major Internet Explorer Vulnerability - NOT Patched Christoph Gruber (Feb 11)

Dan Ballance

Re: Major Internet Explorer Vulnerability - NOT Patched Dan Ballance (Feb 12)

David Leo

Re: Major Internet Explorer Vulnerability - NOT Patched David Leo (Feb 07)
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" David Leo (Feb 07)
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo (Feb 07)
Major Internet Explorer Vulnerability - NOT Patched David Leo (Jan 31)
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo (Feb 04)

Dimitris Strevinas

Re: Major Internet Explorer Vulnerability - NOT Patched Dimitris Strevinas (Feb 07)

Douglas Held

Fwd: Apple OS X: Don't trust, and don't prompt to trust certificates Douglas Held (Feb 22)

Eric Flokstra

WooCommerce WordPress plugin 2.2.10 Reflected XSS Eric Flokstra (Feb 21)
Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF Eric Flokstra (Feb 21)

Hazel Ann

CFP: Extended submission deadline:: ISSRMET2015 Dubai Hazel Ann (Feb 04)

Hector Marco

CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four Hector Marco (Feb 13)
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service Hector Marco (Feb 13)

Imre Rad

LG On Screen Phone authentication bypass (CVE-2014-8757) Imre Rad (Feb 07)

ITAS TEAM

Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities ITAS TEAM (Feb 02)
Radexscript CMS 2.2.0 - SQL Injection vulnerability ITAS Team (Feb 11)

Jing Wang

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Feb 12)
DLGuard SQL Injection Security Vulnerabilities Jing Wang (Feb 18)
DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities Jing Wang (Feb 18)
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Jan 31)
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Feb 18)
About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities Jing Wang (Feb 02)
My Little Forum Multiple XSS Security Vulnerabilities Jing Wang (Feb 03)
CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Feb 12)
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Feb 02)
DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Feb 18)

Joey Fowler

Re: Major Internet Explorer Vulnerability - NOT Patched Joey Fowler (Feb 02)

Jonathan Brossard

Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) Jonathan Brossard (Feb 12)

Juan Martinez

Bug in TradeWinds Juan Martinez (Feb 18)

Julius Kivimäki

Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Julius Kivimäki (Feb 12)

Justin Steven

Re: Major Internet Explorer Vulnerability - NOT Patched Justin Steven (Feb 07)

Larry W. Cashdollar

xaviershay-dm-rails v0.10.3.8 mysql credential exposure Larry W. Cashdollar (Feb 21)

laurent gaffie

Responder Windows Version laurent gaffie (Feb 07)

Levon Kayan

New version of Hyperion PE runtime encrypter Levon Kayan (Feb 21)

Nguyen Anh Quynh

Capstone disassembly engine 3.0.1 released! Nguyen Anh Quynh (Feb 03)

Onapsis Research Labs

[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA Onapsis Research Labs (Feb 25)
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA Onapsis Research Labs (Feb 25)

Onur Yilmaz

Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 Onur Yilmaz (Jan 31)

Paul McMillan

Re: CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Paul McMillan (Feb 12)

Paweł

VLC for Android beta crash Paweł (Feb 21)

Peter Adkins

NetGear WNDR Authentication Bypass / Information Disclosure Peter Adkins (Feb 12)

Praveen D

WESP SDK multiple Remote Code Execution Vulnerabilities Praveen D (Feb 23)
Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities Praveen D (Feb 21)

Rahul Sasi

Maldrone for drones. Rahul Sasi (Feb 03)

RedTeam Pentesting GmbH

[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page RedTeam Pentesting GmbH (Feb 10)
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite RedTeam Pentesting GmbH (Feb 18)

Rehan Ahmed

Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities Rehan Ahmed (Feb 18)

Ricardo Iramar dos Santos

Reflected File Download in AOL Search Website Ricardo Iramar dos Santos (Feb 18)

Samandeep Singh

MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Samandeep Singh (Feb 11)

SCADA StrangeLove

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes SCADA StrangeLove (Feb 16)

Scott Arciszewski

Followup on CVE-2014-6412 Scott Arciszewski (Feb 12)
CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Scott Arciszewski (Feb 11)
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Scott Arciszewski (Feb 11)

SEC Consult Vulnerability Lab

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home SEC Consult Vulnerability Lab (Feb 27)

Sijmen Ruwhof

Re: Major Internet Explorer Vulnerability - NOT Patched Sijmen Ruwhof (Feb 11)

Stefan Kanthak

iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Feb 21)
iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Jan 31)
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Feb 02)
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation Stefan Kanthak (Feb 21)
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Feb 02)
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) Stefan Kanthak (Feb 21)
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you Stefan Kanthak (Jan 31)
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) Stefan Kanthak (Feb 11)

Steffen Rösemann

Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3 Steffen Rösemann (Feb 18)
ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann (Feb 22)
SQL injection vulnerability in Pragyan CMS v.3.0 Steffen Rösemann (Feb 03)
Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3 Steffen Rösemann (Feb 21)
Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Steffen Rösemann (Feb 12)
SQL injection vulnerabilities in zerocms <= v.1.3.3 Steffen Rösemann (Jan 31)
Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE) Steffen Rösemann (Feb 07)
Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0 Steffen Rösemann (Feb 21)

Stiehl

[CVE-REQUEST] Multiple vulnerabilities on GLPI Stiehl (Feb 18)

Taoguang Chen

Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen (Feb 21)
Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen (Feb 21)

Timo Schmid

PHP Code Execution in jui_filter_rules Parsing Library Timo Schmid (Feb 18)

Vulnerability Lab

Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability Vulnerability Lab (Feb 11)
Barracuda Cloud Series - Filter Bypass Vulnerability (ID 731) Vulnerability Lab (Feb 11)
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities Vulnerability Lab (Feb 26)
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability Vulnerability Lab (Feb 17)
DSS TFTP 1.0 Server - Path Traversal Vulnerability Vulnerability Lab (Feb 26)
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) Vulnerability Lab (Feb 11)
Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Vulnerability Lab (Feb 11)
Swiss File Knife v1.7.4 HTTP - Buffer Overflow Vulnerability Vulnerability Lab (Feb 28)
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability Vulnerability Lab (Feb 11)
Data Source: Scopus CMS - SQL Injection Web Vulnerability Vulnerability Lab (Feb 26)

W S

Vanilla forum Stored XSS on any private message / thread post W S (Feb 12)

Zaakiy Siddiqui

Re: Major Internet Explorer Vulnerability - NOT Patched Zaakiy Siddiqui (Feb 04)

Previous period

Next period