Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
100 messages
starting Jan 06 16 and
ending Jan 27 16
Date index |
Thread index |
Author index
Ahmed Sultan
MediaAccess , unauthenticated file disclosure Ahmed Sultan (Jan 06)
Andraz Sraka
Security BSides Ljubljana 0x7E0 CFP - March 9, 2016 Andraz Sraka (Jan 08)
Apple Product Security
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security (Jan 08)
Benedikt Westermann
Netgear GS105Ev2 - Multiple Vulnerabilities Benedikt Westermann (Jan 27)
Black Arch
New BlackArch Linux ISOs (2016.01.10) released Black Arch (Jan 11)
Brian Hysell
Unauthenticated remote code execution in OpenMRS Brian Hysell (Jan 06)
cfp2016
Recon 2016 Call For Papers - June 17 - 19, 2016 - Montreal, Canada cfp2016 (Jan 27)
changzhao.mao () dbappsecurity com cn
[CVE-2015-8604] Cacti SQL injection in graphs_new.php changzhao.mao () dbappsecurity com cn (Jan 08)
CORE Advisories Team
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities CORE Advisories Team (Jan 25)
[CORE-2016-0001] - Intel Driver Update Utility MiTM CORE Advisories Team (Jan 19)
CSW Research Lab
Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24 CSW Research Lab (Jan 11)
Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 CSW Research Lab (Jan 06)
Broken Authentication & Improper Session Management in Netgear Router JNR1010 Version 1.0.0.24 CSW Research Lab (Jan 11)
Multiple Cross Site Scripting in Netgear Router Version 1.0.0.24 CSW Research Lab (Jan 11)
David Longenecker
Administrator auto-logout design flaw in ASUS wireless routers David Longenecker (Jan 20)
Douglas Held
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Douglas Held (Jan 11)
Egidio Romano
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability Egidio Romano (Jan 15)
Eitan Caspi
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through Eitan Caspi (Jan 05)
ERPScan inc
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption ERPScan inc (Jan 27)
freeman
CALL FOR PAPERS - NUIT DU HACK - 02/03 july 2016 freeman (Jan 05)
GomoR
[TOOL] The Metabrik Platform GomoR (Jan 15)
graphx
ZyXel WAP3205 V1 Multiple Persistent and Reflected XSS graphx (Jan 27)
Eclipse BIRT report viewer <= 4.5.0 Persistent XSS graphx (Jan 27)
Eclipse BIRT Report Viewer <= 4.5.0 XSS graphx (Jan 27)
Eclipse BIRT Viewer <= v4.5.0 Persistent XSS graphx (Jan 27)
gremlin
Re: Combining DLL hijacking with USB keyboard emulation gremlin (Jan 11)
Hacking Corporation Sàrl
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi Hacking Corporation Sàrl (Jan 27)
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase Hacking Corporation Sàrl (Jan 27)
halfdog
Linux user namespaces overlayfs local root halfdog (Jan 11)
Imre RAD
PHP-FPM fpm_log.c memory leak and buffer overflow Imre RAD (Jan 27)
PHP LiteSpeed SAPI out of boundaries read due to missing input validation Imre RAD (Jan 27)
PHP LiteSpeed SAPI secret key improper disposal Imre RAD (Jan 27)
Authentication bypass in PHP File Manager 0.9.8 Imre Rad (Jan 27)
Jean-Marie Bourbon
GRR <= 3.0.0-RC1 (all versions) file upload filter bypass (authenficated) Jean-Marie Bourbon (Jan 20)
Karn Ganeshen
SeaWell Networks Spectrum - Multiple Vulnerabilities Karn Ganeshen (Jan 20)
Kyriakos Economou
McAfee File Lock Driver - Kernel Stack Based BOF Kyriakos Economou (Jan 27)
McAfee File Lock Driver - Kernel Memory Leak Kyriakos Economou (Jan 27)
McAfee File Lock Driver - Kernel Memory Leak Kyriakos Economou (Jan 27)
lists () antonioherraizs com lists () antonioherraizs com
Correct answer Information Disclosure in TCExam <= 12.2.5 lists () antonioherraizs com lists () antonioherraizs com (Jan 16)
metalkey net
Google Chrome - Javascript Execution Via Default Search Engines metalkey net (Jan 11)
Michel Arboi
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Michel Arboi (Jan 15)
murtuja bharmal
Announcing nullcon HackIM 2016 Powered by EMC2 murtuja bharmal (Jan 27)
MustLive
Vulnerabilities in Office Document Reader for iOS MustLive (Jan 05)
NaxoneZ .
Html injection Dolibarr 3.8.3 NaxoneZ . (Jan 13)
Nicolas Grégoire
Exploiting XXE vulnerabilities in AMF libraries Nicolas Grégoire (Jan 11)
Onur Yilmaz
Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 Onur Yilmaz (Jan 08)
OpenCart Security Advisory - XSS Vulnerabiltiy - CVE-2015-4671 Onur Yilmaz (Jan 08)
LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability Onur Yilmaz (Jan 20)
operator8203
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 operator8203 (Jan 11)
Patrick Toomey
Whatever happened with CVE-2015-0072? Patrick Toomey (Jan 15)
Peter Lapp
EasyDNNnews Reflected XSS Peter Lapp (Jan 13)
Pierre Kim
FreeBSD bsnmpd information disclosure Pierre Kim (Jan 15)
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim (Jan 05)
Profundis Labs
Multiple security issues in MOVEit Managed File Transfer application Profundis Labs (Jan 27)
Qualys Security Advisory
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 15)
RedTeam Pentesting GmbH
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting GmbH (Jan 07)
[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images RedTeam Pentesting GmbH (Jan 07)
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials RedTeam Pentesting GmbH (Jan 07)
Ricardo Iramar dos Santos
mobile.facebook.com is not on HSTS preload list or sending the Strict-Transport-Security header Ricardo Iramar dos Santos (Jan 20)
Rodrigo Menezes
Re: Combining DLL hijacking with USB keyboard emulation Rodrigo Menezes (Jan 15)
Combining DLL hijacking with USB keyboard emulation based attacks Rodrigo Menezes (Jan 08)
Sarah Allen
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Sarah Allen (Jan 11)
Scott Arciszewski
CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers Scott Arciszewski (Jan 15)
It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 16)
OpenCart users, switch to OpenCart-CE immediately Scott Arciszewski (Jan 20)
Sebastian Perez
Confluence Vulnerabilities Sebastian Perez (Jan 05)
SEC Consult Vulnerability Lab
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems SEC Consult Vulnerability Lab (Jan 12)
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices SEC Consult Vulnerability Lab (Jan 21)
Securify B.V.
HP ToComMsg DLL side loading vulnerability Securify B.V. (Jan 23)
HP LaserJet Fax Preview DLL side loading vulnerability Securify B.V. (Jan 23)
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Securify B.V. (Jan 23)
Shahmeer Baloch
SAP Hana Cloud 4 XSS Shahmeer Baloch (Jan 27)
Stefan Kanthak
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak (Jan 05)
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 11)
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... Stefan Kanthak (Jan 15)
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 08)
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? Stefan Kanthak (Jan 15)
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution Stefan Kanthak (Jan 15)
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 15)
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 08)
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Jan 08)
Stelios Tsampas
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas (Jan 11)
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas (Jan 11)
Thomas Bleier
MobaXTerm before version 8.5 vulnerability in "jump host" functionality Thomas Bleier (Jan 08)
Uğur Cihan KOÇ
Alcatel Lucent Home Device Manager - Management Console Multiple XSS Uğur Cihan KOÇ (Jan 05)
Vic Vandal
CarolinaCon-12 - March 2016 - FINAL ANNOUNCEMENT Vic Vandal (Jan 27)
vishnu raju
Buffer Overflow at password field in Advanced Encryption Package Software vishnu raju (Jan 05)
Buffer Overflow in Advanced Encryption Package Software vishnu raju (Jan 05)
Vulnerability Lab
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability Vulnerability Lab (Jan 27)
Apple WatchOS v2.1 - Denial of Service Vulnerability Vulnerability Lab (Jan 27)
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jan 29)
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Jan 28)
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities Vulnerability Lab (Jan 27)
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 27)
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability Vulnerability Lab (Jan 27)
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab (Jan 27)
New Era Company CMS - (id) SQL Injection Vulnerability Vulnerability Lab (Jan 28)
Telegram (API) - Cross Site Request Forgery Vulnerabilities Vulnerability Lab (Jan 27)
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities Vulnerability Lab (Jan 27)
Classic Infomedia (Login) - Auth Bypass Web Vulnerability Vulnerability Lab (Jan 27)