Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

139 messages starting Aug 05 16 and ending Aug 22 16
Date index | Thread index | Author index

0xr0ot

CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot (Aug 05)
CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot (Aug 05)

1n3

Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3 (Aug 16)
Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3 (Aug 12)

Andrew Klaus

Actiontec T2200H (Telus Modem) Root Reverse Shell Andrew Klaus (Aug 16)

Apple Product Security

APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security (Aug 25)

Benjamin Daniel Mussler

D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB Benjamin Daniel Mussler (Aug 05)

Black Arch

New BlackArch Linux ISOs (2016.08.19) released Black Arch (Aug 22)

Brandon Perry

Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry (Aug 16)
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry (Aug 16)

CORE Advisories Team

[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team (Aug 10)

crashenator

php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12 crashenator (Aug 16)

[CXSEC]

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 [CXSEC] (Aug 26)

David Coomber

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber (Aug 05)

David Tomaschik

ObiHai ObiPhone - Multiple Vulnerabilities David Tomaschik (Aug 22)

Dawid Golunski

CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski (Aug 12)

Ddanchev

DDanchev's Blog Going Private - Request Access Ddanchev (Aug 12)

dxw Security

Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin) dxw Security (Aug 12)

Florian Bogner

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner (Aug 22)

Francesco Oddo

Nagios Log Server Multiple Vulnerabilities Francesco Oddo (Aug 12)
Nagios Incident Manager Multiple Vulnerabilities Francesco Oddo (Aug 12)
Nagios Network Analyzer Multiple Vulnerabilities Francesco Oddo (Aug 12)

Francisco Amato

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 22)

Gary Baribault

Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Gary Baribault (Aug 22)

gen type

Dotclear 2.9.1 Malicious File Upload Restriction Bypass gen type (Aug 24)
Dotclear 2.9.1 Directory Download Vulnerability gen type (Aug 24)
Dotclear 2.9.1 SSRF/XSPA Vulnerability gen type (Aug 24)

Hanz Jenson

RCE in Teamspeak 3 server Hanz Jenson (Aug 12)

Julien Ahrens

[RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting Julien Ahrens (Aug 24)

Justin Bull

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 22)

Klaus Eisentraut (SySS GmbH)

[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection Klaus Eisentraut (SySS GmbH) (Aug 05)

Manuel Mancera

K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting Manuel Mancera (Aug 05)

Matías Mevied

Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Matías Mevied (Aug 25)

Matthias Deeg

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) Matthias Deeg (Aug 05)

Mevied, Matias

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Mevied, Matias (Aug 22)

nullcon

nullcon 8-bit Call for Papers is open nullcon (Aug 24)

Onapsis Research

Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research (Aug 23)
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research (Aug 19)
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research (Aug 22)
Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information Onapsis Research (Aug 18)
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439 Onapsis Research (Aug 30)
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Onapsis Research (Aug 19)
Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research (Aug 23)
Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research (Aug 23)
Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure Onapsis Research (Aug 25)
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438 Onapsis Research (Aug 30)
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437 Onapsis Research (Aug 30)
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436 Onapsis Research (Aug 30)

Pedro Ribeiro

Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 05)
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 05)
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro (Aug 12)

psy

New release: UFONet v0.7 - "Big Crunch!" psy (Aug 22)

Reggie Dodd

Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass Reggie Dodd (Aug 16)

Rv3Lab.org

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org (Aug 12)

Sebastian Michel

German Cable Provider Router (In)Security Sebastian Michel (Aug 16)

SEC Consult Vulnerability Lab

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab (Aug 25)
SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform SEC Consult Vulnerability Lab (Aug 10)
SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker SEC Consult Vulnerability Lab (Aug 31)

Securify B.V.

Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V. (Aug 09)
DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V. (Aug 05)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak (Aug 12)
Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege Stefan Kanthak (Aug 31)
Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege Stefan Kanthak (Aug 16)
Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege Stefan Kanthak (Aug 12)

Summer of Pwnage

Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage (Aug 04)
Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage (Aug 03)
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage (Aug 15)
Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage (Aug 15)
Cross-Site Scripting in Store Locator Plus for WordPress Summer of Pwnage (Aug 05)
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage (Aug 15)
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage (Aug 15)
Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage (Aug 02)
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Summer of Pwnage (Aug 01)
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage (Aug 08)
Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage (Aug 03)
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage (Aug 01)
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage (Aug 15)
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage (Aug 15)
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage (Aug 15)
Ajax Load More Local File Inclusion vulnerability Summer of Pwnage (Aug 15)
Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage (Aug 04)
Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage (Aug 01)
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage (Aug 15)
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage (Aug 15)
Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage (Aug 02)
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Aug 05)
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage (Aug 03)
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage (Aug 15)

VMware Security Response Center

NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability. VMware Security Response Center (Aug 12)
NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues VMware Security Response Center (Aug 23)

Vulnerability Lab

FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 05)
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 02)
Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193 Vulnerability Lab (Aug 24)
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 01)
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab (Aug 02)
phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 08)
WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab (Aug 02)
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab (Aug 09)
ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability Vulnerability Lab (Aug 22)
Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 15)
Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability Vulnerability Lab (Aug 22)
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 04)
AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Aug 22)
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab (Aug 05)
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab (Aug 11)
PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab (Aug 15)
Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 05)
phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability Vulnerability Lab (Aug 22)
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 02)
FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab (Aug 02)
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab (Aug 09)
Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab (Aug 11)
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Aug 01)
FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab (Aug 04)
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 02)
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab (Aug 09)

x ksi

The continuing problem of a third party resources in web applications. x ksi (Aug 22)

Previous period

Next period