Full Disclosure: by author
111 messages
starting Nov 30 15 and
ending Nov 19 15
Date index |
Thread index |
Author index
advisories
LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection advisories (Nov 30)
Aravind
TestLink 1.9.14 CSRF Vulnerability Aravind (Nov 10)
TestLink 1.9.14 Persistent XSS Aravind (Nov 10)
Bhadresh Patel
D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability Bhadresh Patel (Nov 14)
Black Arch
BlackArch Linux: New ISOs and Guide released Black Arch (Nov 28)
Brian Baskin
Call For Papers - BSidesCharm (Baltimore, MD) Brian Baskin (Nov 15)
bugbasher
Cross Site Scripting (XSS) 0day in SimpleViewer all versions bugbasher (Nov 24)
ChenQin
[Advisory]LibRaw Multi Memory error[CVE-2015-8366 and CVE-2015-8367] ChenQin (Nov 30)
Cláudio André
Google AOSP Email App HTML Injection Cláudio André (Nov 17)
csirt
CVE-2015-6498 csirt (Nov 02)
Curesec Research Team (CRT)
XCart 5.2.6: Code Execution Exploit Curesec Research Team (CRT) (Nov 14)
CubeCart 6.0.7: XSS Curesec Research Team (CRT) (Nov 06)
Supercali Event Calendar 1.0.8: XSS Curesec Research Team (CRT) (Nov 06)
SQL Buddy 1.3.3: CSRF Curesec Research Team (CRT) (Nov 02)
OpenCart 2.0.3.1: CSRF Curesec Research Team (CRT) (Nov 06)
AlegroCart 1.2.8: LFI/RFI Curesec Research Team (CRT) (Nov 14)
ClipperCMS 1.3.0: Code Execution Exploit Curesec Research Team (CRT) (Nov 14)
Chyrp CMS 2.5.2: XSS Curesec Research Team (CRT) (Nov 02)
SQLiteManager 1.2.4: Multiple XSS Curesec Research Team (CRT) (Nov 06)
MiniBB 3.1.1: XSS Curesec Research Team (CRT) (Nov 06)
XCart 5.2.6: Path Traversal Curesec Research Team (CRT) (Nov 14)
MyWebSQL 3.6: CSRF Curesec Research Team (CRT) (Nov 06)
LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT) (Nov 14)
ClipperCMS 1.3.0: CSRF Curesec Research Team (CRT) (Nov 14)
ClipperCMS 1.3.0: Code Execution Curesec Research Team (CRT) (Nov 14)
SQL Buddy 1.3.3: XSS Curesec Research Team (CRT) (Nov 02)
Quick.Cart 6.6: CSRF Curesec Research Team (CRT) (Nov 06)
ClipperCMS 1.3.0: XSS Curesec Research Team (CRT) (Nov 14)
TomatoCart v1.1.8.6.1: Code Execution Curesec Research Team (CRT) (Nov 14)
TomatoCart v1.1.8.6.1: XSS Curesec Research Team (CRT) (Nov 14)
XCart 5.2.6: XSS Curesec Research Team (CRT) (Nov 14)
dotclear 2.8.1: Code Execution Curesec Research Team (CRT) (Nov 14)
AlegroCart 1.2.8: SQL Injection Curesec Research Team (CRT) (Nov 14)
CubeCart 6.0.7: Code Execution Curesec Research Team (CRT) (Nov 06)
dotclear 2.8.1: XSS Curesec Research Team (CRT) (Nov 14)
TheHostingTool 1.2.6: Code Execution Curesec Research Team (CRT) (Nov 06)
Supercali Event Calendar 1.0.8: CSRF Curesec Research Team (CRT) (Nov 06)
Sitemagic CMS 4.1: XSS Curesec Research Team (CRT) (Nov 14)
Quick.Cart 6.6: Multiple XSS Curesec Research Team (CRT) (Nov 06)
ClipperCMS 1.3.0: Path Traversal Curesec Research Team (CRT) (Nov 14)
Thelia 2.2.1: XSS Curesec Research Team (CRT) (Nov 14)
Re: LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT) (Nov 24)
TheHostingTool 1.2.6: Multiple XSS Curesec Research Team (CRT) (Nov 06)
Open Source Social Network 3.5: XSS Curesec Research Team (CRT) (Nov 14)
XCart 5.2.6: Code Execution Curesec Research Team (CRT) (Nov 14)
TheHostingTool 1.2.6: Multiple SQL Injection Curesec Research Team (CRT) (Nov 06)
ClipperCMS 1.3.0: SQL Injection Curesec Research Team (CRT) (Nov 14)
Daniel Díez
Leak information on Huawei HG253s v2, Comtrend VG 8050 and ADB P.DGA4001N (HomeStation) Daniel Díez (Nov 24)
Dawid Golunski
Google AdWords API client libraries - XML eXternal Entity Injection (XXE) Dawid Golunski (Nov 07)
Google AdWords API PHP client library <= 6.2.0 Arbitrary PHP Code Execution Dawid Golunski (Nov 07)
Re: eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM Dawid Golunski (Nov 06)
Egidio Romano
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability Egidio Romano (Nov 04)
[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability Egidio Romano (Nov 04)
[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability Egidio Romano (Nov 04)
[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability Egidio Romano (Nov 04)
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability Egidio Romano (Nov 04)
[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability Egidio Romano (Nov 04)
ERPScan inc
[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import ERPScan inc (Nov 24)
[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE ERPScan inc (Nov 24)
[ERPSCAN-15-019] SAP Afaria - Stored XSS ERPScan inc (Nov 24)
Francisco Javier Santiago Vázquez
Google Translator affected by Cross-Site Scripting vulnerability Francisco Javier Santiago Vázquez (Nov 27)
Gynvael Coldwind
Re: Google Translator affected by Cross-Site Scripting vulnerability Gynvael Coldwind (Nov 28)
Henri Salo
Re: LiteCart 1.3.2: Multiple XSS Henri Salo (Nov 19)
Re: SQLiteManager 1.2.4: Multiple XSS Henri Salo (Nov 10)
ITAS Team
Cross-Site Scripting | Zeuscart V4 ITAS Team (Nov 02)
Jing Wang
Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem Jing Wang (Nov 02)
TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks Jing Wang (Nov 02)
Jonathan Brossard
[CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Jonathan Brossard (Nov 19)
Karn Ganeshen
ZTE ADSL modems - Multiple vulnerabilities Karn Ganeshen (Nov 14)
Brocade Fabric OS v6.3.1b Multiple Vulnerabilities Karn Ganeshen (Nov 30)
Cambium ePMP 1000 - Multiple Vulnerabilities Karn Ganeshen (Nov 19)
Lorenzo Pistone
Unauthenticated remote command execution on Cisco Linksys x2000 routers Lorenzo Pistone (Nov 02)
Lorenzo Primiterra
Winehat Security Conference Lorenzo Primiterra (Nov 02)
Manuel Mancera
Celoxis <= 9.5 - Cross Site Scripting (XSS) Manuel Mancera (Nov 24)
Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) Manuel Mancera (Nov 28)
Matthew Flanagan
CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability Matthew Flanagan (Nov 17)
Murat Sahin
Huawei HG630a and HG630a-50 Modems Default SSH Admin Password Murat Sahin (Nov 14)
MustLive
DAVOSET v.1.2.6 MustLive (Nov 02)
NaxoneZ .
Mutliple Vulnerabilities in ZurmoCRM 3.0.5 NaxoneZ . (Nov 30)
Onapsis Research Team
[Onapsis Security Advisory 2015-044] SAP HANA Remote Code Execution (SQL Login based) Onapsis Research Team (Nov 09)
[Onapsis Security Advisory 2015-042] SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption Onapsis Research Team (Nov 09)
[Onapsis Security Advisory 2015-024-040] SAP HANA TrexNet Vulnerabilities Onapsis Research Team (Nov 09)
[Onapsis Security Advisory 2015-041] SAP HANA Remote Trace Disclosure Onapsis Research Team (Nov 09)
[Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based) Onapsis Research Team (Nov 09)
Onur Yilmaz
zTree v3 Security Advisory - XSS Vulnerability - CVE-2015-7348 Onur Yilmaz (Nov 17)
Philip Polstra
First annual BloomCON CFP Philip Polstra (Nov 06)
Pierre Kim
OpenBSD package 'net-snmp' information disclosure Pierre Kim (Nov 14)
psy
New release: UFONet v0.6 - "Galactic OFFensive!" psy (Nov 06)
Rohit Dua
LinkedIn - Persistent Cross-Site Scripting vulnerability(XSS) Rohit Dua (Nov 19)
Sachin Wagh
PRTG Network Monitor Tool – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Nov 27)
SBA Research Advisory
: CVE-2015-8299 RCE Vulnerability in the KNX management software ETS SBA Research Advisory (Nov 24)
CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability SBA Research Advisory (Nov 24)
: CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin SBA Research Advisory (Nov 24)
Scott Arciszewski
Joomla CMS - Bad Cryptography - Multiple Vulnerabilities Scott Arciszewski (Nov 10)
SEC Consult Vulnerability Lab
SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products SEC Consult Vulnerability Lab (Nov 05)
Security Explorations
[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7) Security Explorations (Nov 30)
shack . li
[CVE-2015-6942] CoreMail XT3.0 Stored XSS shack . li (Nov 27)
Stefan Kanthak
Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers Stefan Kanthak (Nov 27)
Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths Stefan Kanthak (Nov 15)
Vulnerability Lab
CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability Vulnerability Lab (Nov 25)
LineNity WP Premium Theme - File Include Vulnerability Vulnerability Lab (Nov 17)
LAN Scan HD v1.20 iOS - Command Inject Vulnerability Vulnerability Lab (Nov 17)
List of Bug Bounty Programs INTERNATIONAL 427+ OFFICIAL - Bug Bounty Sheet Vulnerability Lab (Nov 24)
Murgent CMS - SQL Injection Vulnerability Vulnerability Lab (Nov 17)
Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability Vulnerability Lab (Nov 18)
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability Vulnerability Lab (Nov 17)
Port Scan v2.0 iOS - Command Inject Vulnerability Vulnerability Lab (Nov 17)
Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) Vulnerability Lab (Nov 17)
Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities Vulnerability Lab (Nov 17)
Zach Cutlip
Broken, Abandoned, and Forgotten Code, Part 14 Zach Cutlip (Nov 07)
ZoRLu Bugrahan
Qualsoft Systems - (AddNewsDetails.php) Auth ByPass Vulnerability ZoRLu Bugrahan (Nov 19)