Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

134 messages starting Jan 18 15 and ending Jan 11 15
Date index | Thread index | Author index

admin () evolution-sec com

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com (Jan 18)

Advisories

MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories (Jan 20)

Allen

Windows 8 Privilege Escalation Allen (Jan 02)

Amplia Security Advisories

[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories (Jan 27)

Andraz Sraka

Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia Andraz Sraka (Jan 07)

Antonio Quina

[Tool] SPARTA 1.0 BETA Antonio Quina (Jan 09)

Asterisk Security Team

AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team (Jan 28)
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability Asterisk Security Team (Jan 28)

bkm () evolution-sec com

Barracuda Networks Cloud Series - Filter Bypass Vulnerability bkm () evolution-sec com (Jan 26)

Brandon Perry

Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 12)
McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 06)
Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection Brandon Perry (Jan 12)

BSidesLV

[Call For Papers] Security BSides San Francisco April 2015 BSidesLV (Jan 26)

cfp2015

Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada cfp2015 (Jan 08)

Cláudio André

Good for Enterprise Android HTML Injection (CVE-2014-4925) Cláudio André (Jan 08)

CORE Advisories Team

Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team (Jan 27)
[CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team (Jan 26)

CORE Security Technologies Advisories-team (jrv)

Corel Software DLL Hijacking CORE Security Technologies Advisories-team (jrv) (Jan 12)

Cristiano Maruti

Barracuda Load Balancer ADC VM multiple vulnerabilities Cristiano Maruti (Jan 20)

Damien Cauquil

Hack In Paris 2015 Call For Papers / Call For Trainings Damien Cauquil (Jan 20)

Daniel Miller

Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)

David Coomber

McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass David Coomber (Jan 18)

David Longenecker

USAA mobile app gives away personal data; fix released David Longenecker (Jan 22)

Denis Andzakovic

AirWatch Multiple Direct Object References Denis Andzakovic (Jan 28)
Fortinet FortiOS Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Kaseya Browser Android Path Traversal Denis Andzakovic (Jan 28)
Kaseya BYOD Gateway Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Cisco Meraki Systems Manager Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Fortinet FortiAuthenticator Multiple Vulnerabilities Denis Andzakovic (Jan 28)
Fortinet FortiClient Multiple Vulnerabilities Denis Andzakovic (Jan 28)

Diéyǔ

MS14-080 CVE-2014-6365 Code Diéyǔ (Jan 14)
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ (Jan 12)

forgottenpassword

Re: full name disclosure information leak in google drive forgottenpassword (Jan 22)

ITAS Team

SQL Injection Vulnerability in Microweber 0.95 ITAS Team (Jan 12)
XSS Vulnerability in Fork CMS 3.8.3 ITAS Team (Jan 12)

jack ana

Unrevealed Secrets of MAL-Drone jack ana (Jan 30)

Jing Wang

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability Jing Wang (Jan 11)
CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Jan 22)
Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Jing Wang (Jan 11)
CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability Jing Wang (Jan 09)
CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Jan 09)
CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities Jing Wang (Jan 22)
Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities Jing Wang (Jan 22)

J. Tozo

CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo (Jan 21)

Julius Kivimäki

Re: Lizard Stresser rekt Julius Kivimäki (Jan 12)

kapejod () googlemail com

Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 12)
Re: SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones kapejod () googlemail com (Jan 13)
Re: Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 13)

kevin mcsheehan

Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
full name disclosure information leak in google drive kevin mcsheehan (Jan 21)

KoreLogic Disclosures

KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures (Jan 28)

Luke Walker

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Luke Walker (Jan 13)

Martin Schuhmacher

Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 12)
Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 13)

Max Mühlbronner

Re: Snom SIP phones denial of service through HTTP Max Mühlbronner (Jan 13)

Mohammad Reza Faghani

Facebook Malware that infected more than 110K and still on the rise Mohammad Reza Faghani (Jan 29)

MustLive

Vulnerabilities in HP LaserJet MustLive (Jan 28)

omarbv

Registration open for Rooted CON 2015 omarbv (Jan 29)

Onur Yilmaz

Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz (Jan 29)

Paolo Perego

Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability Paolo Perego (Jan 28)

Paris Zoumpouloglou

vorbis-tools issues Paris Zoumpouloglou (Jan 20)

Paul B. Henson

Re: CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. Paul B. Henson (Jan 28)

Paul Craig

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection Paul Craig (Jan 29)

Pedro Ribeiro

Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 05)
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 02)
Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 06)
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro (Jan 28)
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 05)

Peter Lapp

[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp (Jan 15)

Pietro Oliva

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva (Jan 11)

Popovici, Alejo (LATCO - Buenos Aires)

Mantis BugTracker 1.2.17 - Multiple security vulnerabilities. Popovici, Alejo (LATCO - Buenos Aires) (Jan 05)
CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect') Popovici, Alejo (LATCO - Buenos Aires) (Jan 27)

Qualys Security Advisory

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)

RedTeam Pentesting GmbH

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH (Jan 21)
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)

Robert Cavanaugh

Lizard Stresser rekt Robert Cavanaugh (Jan 12)

SCADA StrangeLove

31C3 releases: SmartGrid & USB modems SCADA StrangeLove (Jan 01)

Sean Wright

CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF) Sean Wright (Jan 07)

SEC Consult Vulnerability Lab

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab (Jan 13)
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab (Jan 13)

SECUPENT Research Center

WebGUI 7.10.29 stable version Cross site scripting vulnerability SECUPENT Research Center (Jan 20)

Soroush Dalili

Reflected XSS in Flash files of TechSmith Camtasia 8 & 7 Soroush Dalili (Jan 13)

Squirrel Herder Productions

IT Hot Topics 2015 Call for Papers Squirrel Herder Productions (Jan 22)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak (Jan 02)

Steffen Rösemann

Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Steffen Rösemann (Jan 06)
Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha Steffen Rösemann (Jan 22)
Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE) Steffen Rösemann (Jan 27)
Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3 Steffen Rösemann (Jan 18)
Reflecting XSS vulnerability in CMS Kajona v. 4.6 Steffen Rösemann (Jan 06)
Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0 Steffen Rösemann (Jan 13)
Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Steffen Rösemann (Jan 11)
Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Steffen Rösemann (Jan 09)
Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Steffen Rösemann (Jan 08)
Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Steffen Rösemann (Jan 11)
SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Steffen Rösemann (Jan 06)

Thomas Hibbert

N-central Remote Support Manager Multiple Vulnerabilities Thomas Hibbert (Jan 18)

Tien Tran Dinh

XSS vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 22)
SQL injection vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)
Arbitrary File Upload in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)

Tim

Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Tim (Jan 12)

Timo Goosen

Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Timo Goosen (Jan 28)

Veysel hataş

VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) Veysel hataş (Jan 18)

VMware Security Response Center

NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center (Jan 27)
NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center (Jan 29)

Vulnerability Lab

VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab (Jan 16)
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities Vulnerability Lab (Jan 13)
PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 22)
Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability Vulnerability Lab (Jan 13)
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 13)
SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability Vulnerability Lab (Jan 25)
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab (Jan 16)
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab (Jan 06)
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab (Jan 11)
Mangallam CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 26)
LizardSquad DDoS Stresser - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab (Jan 16)
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab (Jan 11)
PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 21)
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab (Jan 12)
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 16)
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab (Jan 21)
Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab (Jan 22)
SPSControl v1.2 iOS - (.spc) Persistent Vulnerability Vulnerability Lab (Jan 19)
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab (Jan 16)
Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities Vulnerability Lab (Jan 19)
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab (Jan 11)

Previous period

Next period