Full Disclosure: by author
134 messages
starting Jan 18 15 and
ending Jan 11 15
Date index |
Thread index |
Author index
admin () evolution-sec com
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com (Jan 18)
Advisories
MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories (Jan 20)
Allen
Windows 8 Privilege Escalation Allen (Jan 02)
Amplia Security Advisories
[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories (Jan 27)
Andraz Sraka
Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia Andraz Sraka (Jan 07)
Antonio Quina
[Tool] SPARTA 1.0 BETA Antonio Quina (Jan 09)
Asterisk Security Team
AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team (Jan 28)
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability Asterisk Security Team (Jan 28)
bkm () evolution-sec com
Barracuda Networks Cloud Series - Filter Bypass Vulnerability bkm () evolution-sec com (Jan 26)
Brandon Perry
Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 12)
McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 06)
Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection Brandon Perry (Jan 12)
BSidesLV
[Call For Papers] Security BSides San Francisco April 2015 BSidesLV (Jan 26)
cfp2015
Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada cfp2015 (Jan 08)
Cláudio André
Good for Enterprise Android HTML Injection (CVE-2014-4925) Cláudio André (Jan 08)
CORE Advisories Team
Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team (Jan 27)
[CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team (Jan 26)
CORE Security Technologies Advisories-team (jrv)
Corel Software DLL Hijacking CORE Security Technologies Advisories-team (jrv) (Jan 12)
Cristiano Maruti
Barracuda Load Balancer ADC VM multiple vulnerabilities Cristiano Maruti (Jan 20)
Damien Cauquil
Hack In Paris 2015 Call For Papers / Call For Trainings Damien Cauquil (Jan 20)
Daniel Miller
Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)
David Coomber
McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass David Coomber (Jan 18)
David Longenecker
USAA mobile app gives away personal data; fix released David Longenecker (Jan 22)
Denis Andzakovic
AirWatch Multiple Direct Object References Denis Andzakovic (Jan 28)
Fortinet FortiOS Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Kaseya Browser Android Path Traversal Denis Andzakovic (Jan 28)
Kaseya BYOD Gateway Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Cisco Meraki Systems Manager Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Fortinet FortiAuthenticator Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Fortinet FortiClient Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Diéyǔ
MS14-080 CVE-2014-6365 Code Diéyǔ (Jan 14)
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ (Jan 12)
forgottenpassword
Re: full name disclosure information leak in google drive forgottenpassword (Jan 22)
ITAS Team
SQL Injection Vulnerability in Microweber 0.95 ITAS Team (Jan 12)
XSS Vulnerability in Fork CMS 3.8.3 ITAS Team (Jan 12)
jack ana
Unrevealed Secrets of MAL-Drone jack ana (Jan 30)
Jing Wang
Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability Jing Wang (Jan 11)
CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Jan 22)
Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Jing Wang (Jan 11)
CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability Jing Wang (Jan 09)
CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Jan 09)
CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities Jing Wang (Jan 22)
Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities Jing Wang (Jan 22)
J. Tozo
CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo (Jan 21)
Julius Kivimäki
Re: Lizard Stresser rekt Julius Kivimäki (Jan 12)
kapejod () googlemail com
Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 12)
Re: SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones kapejod () googlemail com (Jan 13)
Re: Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 13)
kevin mcsheehan
Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
KoreLogic Disclosures
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures (Jan 28)
Luke Walker
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Luke Walker (Jan 13)
Martin Schuhmacher
Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 12)
Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 13)
Max Mühlbronner
Re: Snom SIP phones denial of service through HTTP Max Mühlbronner (Jan 13)
Mohammad Reza Faghani
Facebook Malware that infected more than 110K and still on the rise Mohammad Reza Faghani (Jan 29)
MustLive
Vulnerabilities in HP LaserJet MustLive (Jan 28)
omarbv
Registration open for Rooted CON 2015 omarbv (Jan 29)
Onur Yilmaz
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz (Jan 29)
Paolo Perego
Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability Paolo Perego (Jan 28)
Paris Zoumpouloglou
vorbis-tools issues Paris Zoumpouloglou (Jan 20)
Paul B. Henson
Re: CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. Paul B. Henson (Jan 28)
Paul Craig
Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection Paul Craig (Jan 29)
Pedro Ribeiro
Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 05)
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 02)
Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 06)
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro (Jan 28)
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 05)
Peter Lapp
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp (Jan 15)
Pietro Oliva
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva (Jan 11)
Popovici, Alejo (LATCO - Buenos Aires)
Mantis BugTracker 1.2.17 - Multiple security vulnerabilities. Popovici, Alejo (LATCO - Buenos Aires) (Jan 05)
CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect') Popovici, Alejo (LATCO - Buenos Aires) (Jan 27)
Qualys Security Advisory
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
RedTeam Pentesting GmbH
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH (Jan 21)
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
Robert Cavanaugh
Lizard Stresser rekt Robert Cavanaugh (Jan 12)
SCADA StrangeLove
31C3 releases: SmartGrid & USB modems SCADA StrangeLove (Jan 01)
Sean Wright
CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF) Sean Wright (Jan 07)
SEC Consult Vulnerability Lab
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab (Jan 13)
SECUPENT Research Center
WebGUI 7.10.29 stable version Cross site scripting vulnerability SECUPENT Research Center (Jan 20)
Soroush Dalili
Reflected XSS in Flash files of TechSmith Camtasia 8 & 7 Soroush Dalili (Jan 13)
Squirrel Herder Productions
IT Hot Topics 2015 Call for Papers Squirrel Herder Productions (Jan 22)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak (Jan 02)
Steffen Rösemann
Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Steffen Rösemann (Jan 06)
Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha Steffen Rösemann (Jan 22)
Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE) Steffen Rösemann (Jan 27)
Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3 Steffen Rösemann (Jan 18)
Reflecting XSS vulnerability in CMS Kajona v. 4.6 Steffen Rösemann (Jan 06)
Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0 Steffen Rösemann (Jan 13)
Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Steffen Rösemann (Jan 11)
Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Steffen Rösemann (Jan 09)
Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Steffen Rösemann (Jan 08)
Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Steffen Rösemann (Jan 11)
SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Steffen Rösemann (Jan 06)
Thomas Hibbert
N-central Remote Support Manager Multiple Vulnerabilities Thomas Hibbert (Jan 18)
Tien Tran Dinh
XSS vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 22)
SQL injection vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)
Arbitrary File Upload in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)
Tim
Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Tim (Jan 12)
Timo Goosen
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Timo Goosen (Jan 28)
Veysel hataş
VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) Veysel hataş (Jan 18)
VMware Security Response Center
NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center (Jan 27)
NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center (Jan 29)
Vulnerability Lab
VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab (Jan 16)
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities Vulnerability Lab (Jan 13)
PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 22)
Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability Vulnerability Lab (Jan 13)
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 13)
SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability Vulnerability Lab (Jan 25)
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab (Jan 16)
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab (Jan 06)
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab (Jan 11)
Mangallam CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 26)
LizardSquad DDoS Stresser - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab (Jan 16)
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab (Jan 11)
PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 21)
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab (Jan 12)
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 16)
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab (Jan 21)
Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab (Jan 22)
SPSControl v1.2 iOS - (.spc) Persistent Vulnerability Vulnerability Lab (Jan 19)
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab (Jan 16)
Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities Vulnerability Lab (Jan 19)
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab (Jan 11)