Full Disclosure: by author
165 messages
starting Mar 12 15 and
ending Mar 18 15
Date index |
Thread index |
Author index
Advisories
Re: MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation Advisories (Mar 12)
MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation Advisories (Mar 12)
Alan Coopersmith
Re: Java 8u40 released: why? Alan Coopersmith (Mar 07)
Re: Java 8u40 released: why? Alan Coopersmith (Mar 07)
Alexander Burke
Re: Java 8u40 released: why? Alexander Burke (Mar 07)
Aris Adamantiadis
Re: 'Rowhammer' - Software-triggered DRAM corruption Aris Adamantiadis (Mar 12)
Bastian
The Palinopsia Bug: Recovering framebuffers from VRAM Bastian (Mar 22)
Ben Fuhrmannek
Cross-Site-Scripting (XSS) in tcllib's html::textarea Ben Fuhrmannek (Mar 01)
Berend-Jan Wever
1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free Berend-Jan Wever (Mar 26)
Black Arch
New BlackArch Linux ISOs & installer Black Arch (Mar 30)
Brandon Perry
Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections Brandon Perry (Mar 18)
Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566) Brandon Perry (Mar 03)
Raritan PowerIQ known session secret Brandon Perry (Mar 11)
BSidesLV Info
[CFP] BSides Las Vegas August 2015 BSidesLV Info (Mar 19)
Christophe Hauser
Re: Partial pointer leaks Christophe Hauser (Mar 07)
Partial pointer leaks Christophe Hauser (Mar 04)
CORE Advisories Team
[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow CORE Advisories Team (Mar 18)
[CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation CORE Advisories Team (Mar 10)
[CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow CORE Advisories Team (Mar 30)
csirt
CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication csirt (Mar 02)
Daniel Wood
Re: Regarding how can I request a CVE number? Daniel Wood (Mar 19)
Dave Warren
Re: Java 8u40 released: why? Dave Warren (Mar 09)
Dirk-Willem van Gulik
Re: 'Rowhammer' - Software-triggered DRAM corruption Dirk-Willem van Gulik (Mar 16)
dirt diggler
mDNS VU#550620 dirt diggler (Mar 31)
dxw Security
CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin) dxw Security (Mar 04)
fulldisclosure
Re: 'Rowhammer' - Software-triggered DRAM corruption fulldisclosure (Mar 16)
Gil Besso
Re: Partial pointer leaks Gil Besso (Mar 08)
Gsunde Orangen
Re: Java 8u40 released: why? Gsunde Orangen (Mar 05)
Guang Gong
Re: [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer Guang Gong (Mar 11)
A local application could cause a denial-of-service to the audio_policy app in Android Guang Gong (Mar 16)
[CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission Guang Gong (Mar 11)
[CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer Guang Gong (Mar 11)
Re: [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission Guang Gong (Mar 11)
Guy Dawson
Re: Java 8u40 released: why? Guy Dawson (Mar 06)
halfdog
Having fun with dmesg halfdog (Mar 16)
D-RamPage: POC for zero-risk row-hammer exploitation halfdog (Mar 16)
upstart logrotate privilege escalation in Ubuntu Vivid (development) halfdog (Mar 01)
Re: D-RamPage: POC for zero-risk row-hammer exploitation halfdog (Mar 22)
Hanno Böck
Stack overflow in libtasn1 Hanno Böck (Mar 30)
Hutton
Multiple vulnerabilities in Untangle NGFW 9-11 Hutton (Mar 08)
info
Mac OS X 10.10.2 IOHIDFamily.kext IOHIDSecurePromptClient Heap Overflow info (Mar 18)
INURL Brasil
(0DAY) WebDepo -SQL injection / INURL BRASIL INURL Brasil (Mar 27)
ITAS Team
Community Gallery - Srored Corss-Site Scripting vulnerability ITAS Team (Mar 11)
ProjectSend r561 - SQL injection vulnerability ITAS Team (Mar 05)
James Forshaw
Windows Local WebDAV NTLM Reflection Elevation of Privilege James Forshaw (Mar 23)
James Hodgkinson
Re: Java 8u40 released: why? James Hodgkinson (Mar 07)
Re: Java 8u40 released: why? James Hodgkinson (Mar 09)
James Hooker
Re: Regarding how can I request a CVE number? James Hooker (Mar 18)
Javantea
CSRF in Realms Wiki Javantea (Mar 25)
Remote Code Execution in Realms Wiki install.sh Javantea (Mar 25)
jericho
Re: Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64 jericho (Mar 18)
Jing Wang
WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 10)
Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Jing Wang (Mar 16)
724CMS 5.01 Multiple SQL Injection Security Vulnerabilities Jing Wang (Mar 16)
Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities Jing Wang (Mar 16)
NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Jing Wang (Mar 01)
WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities Jing Wang (Mar 07)
WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities Jing Wang (Mar 10)
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities Jing Wang (Mar 07)
724CMS 5.01 Multiple Information Leakage Security Vulnerabilities Jing Wang (Mar 16)
Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 01)
Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities Jing Wang (Mar 10)
NetCat CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 07)
WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities Jing Wang (Mar 04)
SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 10)
724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 16)
NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities Jing Wang (Mar 01)
Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Jing Wang (Mar 01)
Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 10)
Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities Jing Wang (Mar 07)
WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 04)
Webshop hun v1.062S Directory Traversal Security Vulnerabilities Jing Wang (Mar 04)
NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities Jing Wang (Mar 01)
724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities Jing Wang (Mar 16)
Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang (Mar 04)
WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities Jing Wang (Mar 07)
Webshop hun v1.062S SQL Injection Security Vulnerabilities Jing Wang (Mar 04)
Jouko Pynnonen
WPML WordPress plug-in SQL injection etc. Jouko Pynnonen (Mar 12)
Google Analytics by Yoast stored XSS Jouko Pynnonen (Mar 19)
Re: WPML WordPress plug-in SQL injection etc. Jouko Pynnonen (Mar 16)
Kevin Schaller
[CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection) Kevin Schaller (Mar 22)
Luca Todesco
Mac OS X 10.10.2 kernel extension heap overflow resulting in LPE Luca Todesco (Mar 18)
Mac OS X 10.10.2 Default KEXT heap overflow LPE Luca Todesco (Mar 18)
Marek Kroemeke
Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke (Mar 09)
Matt
0x08 SEC-T 2015: Call For Papers annoucement Matt (Mar 01)
Matthew Daley
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 Matthew Daley (Mar 27)
Advisory: CVE-2014-9708: Appweb Web Server Matthew Daley (Mar 27)
Mauro Gentile
CVE-2011-2461 is back! Mauro Gentile (Mar 22)
Re: CVE-2011-2461 is back! Mauro Gentile (Mar 30)
Ming
Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open Ming (Mar 23)
Mohamed A. Baset
MikroTik RouterOS Admin Password Change CSRF Mohamed A. Baset (Mar 08)
Metasploit Project initial User Creation CSRF Mohamed A. Baset (Mar 16)
[CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting Mohamed A. Baset (Mar 09)
OpenKM Platform Remote Reflected Cross Site Scripting Mohamed A. Baset (Mar 08)
MustLive
Vulnerabilities in Hikvision DS-7204HWI-SH MustLive (Mar 01)
Fw: Vulnerabilities in ASUS RT-G32 MustLive (Mar 07)
Vulnerabilities in multiple Hikvision IP cameras and DVR MustLive (Mar 30)
Nguyen Anh Quynh
Capstone disassembly engine 3.0.2 is out! Nguyen Anh Quynh (Mar 11)
Nick Boyce
'Rowhammer' - Software-triggered DRAM corruption Nick Boyce (Mar 12)
Re: 'Rowhammer' - Software-triggered DRAM corruption Nick Boyce (Mar 16)
Re: Regarding how can I request a CVE number? Nick Boyce (Mar 19)
Nick FitzGerald
Re: Java 8u40 released: why? Nick FitzGerald (Mar 07)
Nick Prowse
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64 Nick Prowse (Mar 16)
Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro - x64 Nick Prowse (Mar 16)
NSO Research
Jolla Phone tel URI Spoofing NSO Research (Mar 16)
Onur Alanbel
Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Onur Alanbel (Mar 16)
Pablo
Tor Browser 4.0.3 with websockets enabled by default? Pablo (Mar 01)
Patrik Kernstock
Upcoming new OpenSSL version with "high severity" security issues Patrik Kernstock (Mar 18)
paul . szabo
Re: Java 8u40 released: why? paul . szabo (Mar 07)
Re: Java 8u40 released: why? paul . szabo (Mar 06)
Java 8u40 released: why? paul . szabo (Mar 04)
Peter Adkins
D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities Peter Adkins (Mar 01)
Re: Regarding how can I request a CVE number? Peter Adkins (Mar 19)
Pichaya Morimoto
PHPMoAdmin Unauthorized Remote Code Execution (0-Day) Pichaya Morimoto (Mar 03)
Pierre-David / NorthSec Conference
Announcing NorthSec 2015 - Montreal, May 21-24 Pierre-David / NorthSec Conference (Mar 25)
Programa STIC
Vulnerabilities in the Samsung SNS Provider application for Android [STIC-2015-0511] Programa STIC (Mar 11)
Rehan Ahmed
Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities Rehan Ahmed (Mar 18)
Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities Rehan Ahmed (Mar 12)
Ricardo Iramar dos Santos
Re: Reflected File Download in AOL Search Website Ricardo Iramar dos Santos (Mar 01)
Robert Święcki
Re: Partial pointer leaks Robert Święcki (Mar 06)
Roee Hay
Vulnerability in the Dropbox SDK for Android (CVE-2014-8889) Roee Hay (Mar 11)
Ron Gutierrez
GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server Ron Gutierrez (Mar 01)
Ryan Dewhurst
WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection Ryan Dewhurst (Mar 12)
Scott Arciszewski
Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities Scott Arciszewski (Mar 02)
Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console Securify B.V. (Mar 18)
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page Securify B.V. (Mar 19)
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend Securify B.V. (Mar 18)
Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting Securify B.V. (Mar 18)
Source code disclosure of Websense Triton JSP files via double quote character Securify B.V. (Mar 18)
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites Securify B.V. (Mar 18)
Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users Securify B.V. (Mar 19)
Cross-Site Scripting vulnerability in Websense Data Security block page Securify B.V. (Mar 18)
Cross-Site Scripting vulnerability in Websense Explorer report scheduler Securify B.V. (Mar 18)
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser Securify B.V. (Mar 18)
Missing access control on Websense Explorer web folder Securify B.V. (Mar 18)
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting Securify B.V. (Mar 19)
Citrix Command Center allows downloading of configuration files Securify B.V. (Mar 19)
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting Securify B.V. (Mar 19)
Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery Securify B.V. (Mar 18)
Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view Securify B.V. (Mar 18)
Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting Securify B.V. (Mar 18)
Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Securify B.V. (Mar 18)
Viber for Android exposes insecure Javascript interface Securify B.V. (Mar 20)
EMC M&R (Watch4net) data storage collector credentials are not properly protected Securify B.V. (Mar 18)
Command injection vulnerability in EMC Secure Remote Services Virtual Edition Securify B.V. (Mar 18)
EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection Securify B.V. (Mar 18)
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting Securify B.V. (Mar 18)
Security Explorations
[SE-2014-02] Google App Engine Java security sandbox bypasses (details) Security Explorations (Mar 16)
Simon Waters
Insecure file upload in Berta CMS Simon Waters (Mar 26)
Squirrel Herder Productions
[Call for Papers] SOURCE Boston (May 27/28) Squirrel Herder Productions (Mar 03)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting Stefan Kanthak (Mar 16)
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions Stefan Kanthak (Mar 16)
Defense in depth -- the Mozilla way: return and exit codes are dispensable Stefan Kanthak (Mar 16)
Steffen Rösemann
Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Steffen Rösemann (Mar 22)
Steven M. Christey
cve-assign delays Steven M. Christey (Mar 19)
Sullo
RV4sec 2015 CFP Open! Sullo (Mar 02)
Taoguang Chen
Use After Free Vulnerability in unserialize() Taoguang Chen (Mar 20)
Type Confusion Infoleak Vulnerabilities in SoapClient Taoguang Chen (Mar 20)
Use After Free Vulnerability in unserialize() with DateInterval Taoguang Chen (Mar 20)
Type Confusion Vulnerability in SoapClient Taoguang Chen (Mar 20)
Taylor Hornby
Piwik Downloads Updates over HTTP Taylor Hornby (Mar 01)
tom () fadedcode net
Cisco Unified Computing System Manager (UCSM) username and password hashes sent via SYSLOG tom () fadedcode net (Mar 22)
WAHCKon CFP
WAHCKon[2] - Perth - May 2nd and 3rd 2015 WAHCKon CFP (Mar 25)
William Costa
XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617) William Costa (Mar 01)
XiaopengZhang
Regarding how can I request a CVE number? XiaopengZhang (Mar 18)