Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

111 messages starting Nov 02 15 and ending Nov 30 15
Date index | Thread index | Author index

Monday, 02 November

Unauthenticated remote command execution on Cisco Linksys x2000 routers Lorenzo Pistone
SQL Buddy 1.3.3: CSRF Curesec Research Team (CRT)
SQL Buddy 1.3.3: XSS Curesec Research Team (CRT)
Chyrp CMS 2.5.2: XSS Curesec Research Team (CRT)
CVE-2015-6498 csirt
Cross-Site Scripting | Zeuscart V4 ITAS Team
TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks Jing Wang
Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem Jing Wang
DAVOSET v.1.2.6 MustLive
Winehat Security Conference Lorenzo Primiterra

Wednesday, 04 November

[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability Egidio Romano
[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability Egidio Romano
[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability Egidio Romano
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability Egidio Romano
[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability Egidio Romano

Thursday, 05 November

SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products SEC Consult Vulnerability Lab

Friday, 06 November

New release: UFONet v0.6 - "Galactic OFFensive!" psy
Re: eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM Dawid Golunski
MiniBB 3.1.1: XSS Curesec Research Team (CRT)
MyWebSQL 3.6: CSRF Curesec Research Team (CRT)
OpenCart 2.0.3.1: CSRF Curesec Research Team (CRT)
Supercali Event Calendar 1.0.8: CSRF Curesec Research Team (CRT)
Supercali Event Calendar 1.0.8: XSS Curesec Research Team (CRT)
CubeCart 6.0.7: Code Execution Curesec Research Team (CRT)
CubeCart 6.0.7: XSS Curesec Research Team (CRT)
Quick.Cart 6.6: CSRF Curesec Research Team (CRT)
Quick.Cart 6.6: Multiple XSS Curesec Research Team (CRT)
TheHostingTool 1.2.6: Code Execution Curesec Research Team (CRT)
TheHostingTool 1.2.6: Multiple SQL Injection Curesec Research Team (CRT)
TheHostingTool 1.2.6: Multiple XSS Curesec Research Team (CRT)
SQLiteManager 1.2.4: Multiple XSS Curesec Research Team (CRT)
First annual BloomCON CFP Philip Polstra

Saturday, 07 November

Broken, Abandoned, and Forgotten Code, Part 14 Zach Cutlip
Google AdWords API PHP client library <= 6.2.0 Arbitrary PHP Code Execution Dawid Golunski
Google AdWords API client libraries - XML eXternal Entity Injection (XXE) Dawid Golunski

Monday, 09 November

[Onapsis Security Advisory 2015-024-040] SAP HANA TrexNet Vulnerabilities Onapsis Research Team
[Onapsis Security Advisory 2015-041] SAP HANA Remote Trace Disclosure Onapsis Research Team
[Onapsis Security Advisory 2015-042] SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption Onapsis Research Team
[Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based) Onapsis Research Team
[Onapsis Security Advisory 2015-044] SAP HANA Remote Code Execution (SQL Login based) Onapsis Research Team

Tuesday, 10 November

TestLink 1.9.14 Persistent XSS Aravind
TestLink 1.9.14 CSRF Vulnerability Aravind
Joomla CMS - Bad Cryptography - Multiple Vulnerabilities Scott Arciszewski
Re: SQLiteManager 1.2.4: Multiple XSS Henri Salo

Saturday, 14 November

D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability Bhadresh Patel
Huawei HG630a and HG630a-50 Modems Default SSH Admin Password Murat Sahin
OpenBSD package 'net-snmp' information disclosure Pierre Kim
ZTE ADSL modems - Multiple vulnerabilities Karn Ganeshen
XCart 5.2.6: XSS Curesec Research Team (CRT)
XCart 5.2.6: Path Traversal Curesec Research Team (CRT)
XCart 5.2.6: Code Execution Curesec Research Team (CRT)
XCart 5.2.6: Code Execution Exploit Curesec Research Team (CRT)
TomatoCart v1.1.8.6.1: Code Execution Curesec Research Team (CRT)
TomatoCart v1.1.8.6.1: XSS Curesec Research Team (CRT)
Thelia 2.2.1: XSS Curesec Research Team (CRT)
Sitemagic CMS 4.1: XSS Curesec Research Team (CRT)
Open Source Social Network 3.5: XSS Curesec Research Team (CRT)
dotclear 2.8.1: Code Execution Curesec Research Team (CRT)
dotclear 2.8.1: XSS Curesec Research Team (CRT)
ClipperCMS 1.3.0: Code Execution Curesec Research Team (CRT)
ClipperCMS 1.3.0: Code Execution Exploit Curesec Research Team (CRT)
ClipperCMS 1.3.0: CSRF Curesec Research Team (CRT)
ClipperCMS 1.3.0: SQL Injection Curesec Research Team (CRT)
ClipperCMS 1.3.0: Path Traversal Curesec Research Team (CRT)
ClipperCMS 1.3.0: XSS Curesec Research Team (CRT)
LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT)
AlegroCart 1.2.8: LFI/RFI Curesec Research Team (CRT)
AlegroCart 1.2.8: SQL Injection Curesec Research Team (CRT)

Sunday, 15 November

Call For Papers - BSidesCharm (Baltimore, MD) Brian Baskin
Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths Stefan Kanthak

Tuesday, 17 November

Port Scan v2.0 iOS - Command Inject Vulnerability Vulnerability Lab
LAN Scan HD v1.20 iOS - Command Inject Vulnerability Vulnerability Lab
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability Vulnerability Lab
Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities Vulnerability Lab
LineNity WP Premium Theme - File Include Vulnerability Vulnerability Lab
Murgent CMS - SQL Injection Vulnerability Vulnerability Lab
Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) Vulnerability Lab
Google AOSP Email App HTML Injection Cláudio André
CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability Matthew Flanagan
zTree v3 Security Advisory - XSS Vulnerability - CVE-2015-7348 Onur Yilmaz

Wednesday, 18 November

Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability Vulnerability Lab

Thursday, 19 November

LinkedIn - Persistent Cross-Site Scripting vulnerability(XSS) Rohit Dua
[CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Jonathan Brossard
Re: LiteCart 1.3.2: Multiple XSS Henri Salo
Cambium ePMP 1000 - Multiple Vulnerabilities Karn Ganeshen
Qualsoft Systems - (AddNewsDetails.php) Auth ByPass Vulnerability ZoRLu Bugrahan

Tuesday, 24 November

List of Bug Bounty Programs INTERNATIONAL 427+ OFFICIAL - Bug Bounty Sheet Vulnerability Lab
CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability SBA Research Advisory
: CVE-2015-8299 RCE Vulnerability in the KNX management software ETS SBA Research Advisory
: CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin SBA Research Advisory
Cross Site Scripting (XSS) 0day in SimpleViewer all versions bugbasher
Re: LiteCart 1.3.2: Multiple XSS Curesec Research Team (CRT)
Leak information on Huawei HG253s v2, Comtrend VG 8050 and ADB P.DGA4001N (HomeStation) Daniel Díez
[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE ERPScan inc
[ERPSCAN-15-019] SAP Afaria - Stored XSS ERPScan inc
[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import ERPScan inc
Celoxis <= 9.5 - Cross Site Scripting (XSS) Manuel Mancera

Wednesday, 25 November

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability Vulnerability Lab

Friday, 27 November

Google Translator affected by Cross-Site Scripting vulnerability Francisco Javier Santiago Vázquez
[CVE-2015-6942] CoreMail XT3.0 Stored XSS shack . li
Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers Stefan Kanthak
PRTG Network Monitor Tool – Multiple Cross-Site Scripting Vulnerability Sachin Wagh

Saturday, 28 November

BlackArch Linux: New ISOs and Guide released Black Arch
Re: Google Translator affected by Cross-Site Scripting vulnerability Gynvael Coldwind
Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) Manuel Mancera

Monday, 30 November

LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection advisories
[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7) Security Explorations
[Advisory]LibRaw Multi Memory error[CVE-2015-8366 and CVE-2015-8367] ChenQin
Brocade Fabric OS v6.3.1b Multiple Vulnerabilities Karn Ganeshen
Mutliple Vulnerabilities in ZurmoCRM 3.0.5 NaxoneZ .

Previous period

Next period