Full Disclosure: by date

PreviousPrevious period
Next periodNext

101 messages starting Jan 31 15 and ending Feb 28 15
Date index | Thread index | Author index

Saturday, 31 January

Major Internet Explorer Vulnerability - NOT Patched David Leo
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 Onur Yilmaz
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you Stefan Kanthak
SQL injection vulnerabilities in zerocms <= v.1.3.3 Steffen Rösemann
iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak

Monday, 02 February

CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability Alex Haynes
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities ITAS TEAM
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities Jing Wang
Re: Major Internet Explorer Vulnerability - NOT Patched Joey Fowler
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
[Call For Papers] BSides Knoxville, TN - May 15th 2015 Adam Caudill

Tuesday, 03 February

Maldrone for drones. Rahul Sasi
My Little Forum Multiple XSS Security Vulnerabilities Jing Wang
MSA-2015-02: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Advisories
Capstone disassembly engine 3.0.1 released! Nguyen Anh Quynh
SQL injection vulnerability in Pragyan CMS v.3.0 Steffen Rösemann

Wednesday, 04 February

Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD)
Re: Major Internet Explorer Vulnerability - NOT Patched Zaakiy Siddiqui
CFP: Extended submission deadline:: ISSRMET2015 Dubai Hazel Ann

Saturday, 07 February

Re: Major Internet Explorer Vulnerability - NOT Patched Dimitris Strevinas
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" David Leo
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
LG On Screen Phone authentication bypass (CVE-2014-8757) Imre Rad
Responder Windows Version laurent gaffie
Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE) Steffen Rösemann
Re: Major Internet Explorer Vulnerability - NOT Patched Barkley, Peter
Re: Major Internet Explorer Vulnerability - NOT Patched Justin Steven
Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD)

Tuesday, 10 February

[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page RedTeam Pentesting GmbH

Wednesday, 11 February

Barracuda Cloud Series - Filter Bypass Vulnerability (ID 731) Vulnerability Lab
Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Vulnerability Lab
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability Vulnerability Lab
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability Vulnerability Lab
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) Vulnerability Lab
Radexscript CMS 2.2.0 - SQL Injection vulnerability ITAS Team
Re: Suspicious URL:Re: Major Internet Explorer Vulnerability - NOT Patched Christoph Gruber
MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Samandeep Singh
CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Scott Arciszewski
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Scott Arciszewski
Re: Major Internet Explorer Vulnerability - NOT Patched Sijmen Ruwhof
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) Stefan Kanthak

Thursday, 12 February

Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) Jonathan Brossard
eTouch SamePage v4.4.0.0.239 multiple vulnerabilities Brandon Perry
CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Followup on CVE-2014-6412 Scott Arciszewski
Re: CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Paul McMillan
Vanilla forum Stored XSS on any private message / thread post W S
NetGear WNDR Authentication Bypass / Information Disclosure Peter Adkins
Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Steffen Rösemann
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Alfie John
Re: Major Internet Explorer Vulnerability - NOT Patched Dan Ballance
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Julius Kivimäki

Friday, 13 February

CVE-2015-1574 - Google Email App 4.2.2 remote denial of service Hector Marco
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four Hector Marco
HumHub .htaccess file upload vulnerability and remote code execution A. W.

Monday, 16 February

Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes SCADA StrangeLove

Tuesday, 17 February

Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability Vulnerability Lab

Wednesday, 18 February

[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite RedTeam Pentesting GmbH
Agora Marketplace CSRF to Steal Bitcoins (agorahooawayyfoe.onion) agoraagoraagora
Bug in TradeWinds Juan Martinez
DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities Jing Wang
DLGuard SQL Injection Security Vulnerabilities Jing Wang
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities Rehan Ahmed
[CVE-REQUEST] Multiple vulnerabilities on GLPI Stiehl
PHP Code Execution in jui_filter_rules Parsing Library Timo Schmid
Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3 Steffen Rösemann
Reflected File Download in AOL Search Website Ricardo Iramar dos Santos

Saturday, 21 February

WooCommerce WordPress plugin 2.2.10 Reflected XSS Eric Flokstra
Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF Eric Flokstra
New version of Hyperion PE runtime encrypter Levon Kayan
VLC for Android beta crash Paweł
Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities Praveen D
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) Stefan Kanthak
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3 Steffen Rösemann
Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0 Steffen Rösemann
Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen
Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen
xaviershay-dm-rails v0.10.3.8 mysql credential exposure Larry W. Cashdollar
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation Stefan Kanthak

Sunday, 22 February

Fwd: Apple OS X: Don't trust, and don't prompt to trust certificates Douglas Held
ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann

Monday, 23 February

WESP SDK multiple Remote Code Execution Vulnerabilities Praveen D

Wednesday, 25 February

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench Onapsis Research Labs
[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA Onapsis Research Labs

Thursday, 26 February

DSS TFTP 1.0 Server - Path Traversal Vulnerability Vulnerability Lab
Data Source: Scopus CMS - SQL Injection Web Vulnerability Vulnerability Lab
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities Vulnerability Lab

Friday, 27 February

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home SEC Consult Vulnerability Lab

Saturday, 28 February

Swiss File Knife v1.7.4 HTTP - Buffer Overflow Vulnerability Vulnerability Lab
PreviousPrevious period
Next periodNext