Full Disclosure: by date

PreviousPrevious period
Next periodNext

134 messages starting Jan 01 15 and ending Jan 30 15
Date index | Thread index | Author index

Thursday, 01 January

31C3 releases: SmartGrid & USB modems SCADA StrangeLove

Friday, 02 January

Windows 8 Privilege Escalation Allen
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak

Monday, 05 January

Mantis BugTracker 1.2.17 - Multiple security vulnerabilities. Popovici, Alejo (LATCO - Buenos Aires)
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro
Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro

Tuesday, 06 January

ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab
McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry
SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Steffen Rösemann
Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Steffen Rösemann
Reflecting XSS vulnerability in CMS Kajona v. 4.6 Steffen Rösemann
Re: [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro

Wednesday, 07 January

Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia Andraz Sraka
CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF) Sean Wright

Thursday, 08 January

Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada cfp2015
Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Steffen Rösemann
Good for Enterprise Android HTML Injection (CVE-2014-4925) Cláudio André

Friday, 09 January

Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Steffen Rösemann
[Tool] SPARTA 1.0 BETA Antonio Quina
CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability Jing Wang
CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Jing Wang

Sunday, 11 January

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability Jing Wang
Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Jing Wang
Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Steffen Rösemann
Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Steffen Rösemann
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab

Monday, 12 January

Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH
Corel Software DLL Hijacking CORE Advisories Team
Corel Software DLL Hijacking CORE Advisories Team
Corel Software DLL Hijacking CORE Security Technologies Advisories-team (jrv)
Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection Brandon Perry
Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry
XSS Vulnerability in Fork CMS 3.8.3 ITAS Team
Snom SIP phones denial of service through HTTP kapejod () googlemail com
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp
Lizard Stresser rekt Robert Cavanaugh
Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp
Re: Lizard Stresser rekt Julius Kivimäki
Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Tim
SQL Injection Vulnerability in Microweber 0.95 ITAS Team
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ

Tuesday, 13 January

Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0 Steffen Rösemann
Re: Snom SIP phones denial of service through HTTP Max Mühlbronner
Re: Snom SIP phones denial of service through HTTP kapejod () googlemail com
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability Vulnerability Lab
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities Vulnerability Lab
Re: SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones kapejod () googlemail com
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Luke Walker
Reflected XSS in Flash files of TechSmith Camtasia 8 & 7 Soroush Dalili
Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher

Wednesday, 14 January

MS14-080 CVE-2014-6365 Code Diéyǔ

Thursday, 15 January

Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp

Friday, 16 January

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab
VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab

Sunday, 18 January

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com
McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass David Coomber
Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3 Steffen Rösemann
N-central Remote Support Manager Multiple Vulnerabilities Thomas Hibbert
VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) Veysel hataş

Monday, 19 January

SPSControl v1.2 iOS - (.spc) Persistent Vulnerability Vulnerability Lab
Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities Vulnerability Lab

Tuesday, 20 January

MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories
Barracuda Load Balancer ADC VM multiple vulnerabilities Cristiano Maruti
Hack In Paris 2015 Call For Papers / Call For Trainings Damien Cauquil
vorbis-tools issues Paris Zoumpouloglou
WebGUI 7.10.29 stable version Cross site scripting vulnerability SECUPENT Research Center
Arbitrary File Upload in articleFR CMS 3.0.5 Tien Tran Dinh
SQL injection vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh

Wednesday, 21 January

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab
LizardSquad DDoS Stresser - Multiple Vulnerabilities Vulnerability Lab
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab
PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH
CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo
full name disclosure information leak in google drive kevin mcsheehan
Re: full name disclosure information leak in google drive Daniel Miller
Re: full name disclosure information leak in google drive kevin mcsheehan

Thursday, 22 January

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab
Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab
PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab
USAA mobile app gives away personal data; fix released David Longenecker
Re: full name disclosure information leak in google drive forgottenpassword
CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities Jing Wang
CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities Jing Wang
Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha Steffen Rösemann
IT Hot Topics 2015 Call for Papers Squirrel Herder Productions
XSS vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh

Sunday, 25 January

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability Vulnerability Lab

Monday, 26 January

Mangallam CMS - SQL Injection Web Vulnerability Vulnerability Lab
[CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team
Barracuda Networks Cloud Series - Filter Bypass Vulnerability bkm () evolution-sec com
[Call For Papers] Security BSides San Francisco April 2015 BSidesLV

Tuesday, 27 January

[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team
NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center
[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories
CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect') Popovici, Alejo (LATCO - Buenos Aires)
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory
Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE) Steffen Rösemann

Wednesday, 28 January

Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability Paolo Perego
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Timo Goosen
AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability Asterisk Security Team
Vulnerabilities in HP LaserJet MustLive
Re: CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. Paul B. Henson
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures
AirWatch Multiple Direct Object References Denis Andzakovic
Cisco Meraki Systems Manager Multiple Vulnerabilities Denis Andzakovic
Fortinet FortiAuthenticator Multiple Vulnerabilities Denis Andzakovic
Fortinet FortiClient Multiple Vulnerabilities Denis Andzakovic
Fortinet FortiOS Multiple Vulnerabilities Denis Andzakovic
Kaseya BYOD Gateway Multiple Vulnerabilities Denis Andzakovic
Kaseya Browser Android Path Traversal Denis Andzakovic

Thursday, 29 January

NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center
Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection Paul Craig
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz
Facebook Malware that infected more than 110K and still on the rise Mohammad Reza Faghani
Registration open for Rooted CON 2015 omarbv

Friday, 30 January

Unrevealed Secrets of MAL-Drone jack ana
PreviousPrevious period
Next periodNext