Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
162 messages
starting Nov 18 16 and
ending Nov 22 16
Date index |
Thread index |
Author index
0xr0ot
CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call 0xr0ot (Nov 18)
Agazzini Maurizio
Red Hat JBoss EAP deserialization of untrusted data Agazzini Maurizio (Nov 25)
aj
Sparkjava Framework - Arbitrary File Read Vulnerability aj (Nov 02)
Ajin Abraham
MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 25)
Alexander Lashkov
PHDays VII Call for Papers: How to Stand Up at the Standoff Alexander Lashkov (Nov 22)
Andrew Klaus
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation Andrew Klaus (Nov 06)
Anti Räis
Joomla plugin K2 RCE via CSRF or WCI Anti Räis (Nov 20)
Berend-Jan Wever
MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read Berend-Jan Wever (Nov 04)
VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever (Nov 07)
Microsoft Internet Explorer 11 MSHTML CGeneratedContent::HasGeneratedSVGMarker type confusion Berend-Jan Wever (Nov 25)
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever (Nov 25)
Microsoft Edge edgehtml CAttrArray::Destroy use-after-free details Berend-Jan Wever (Nov 15)
CVE-2013-3120 MSIE 10 MSHTML CEditAdorner::Detach use-after-free details Berend-Jan Wever (Nov 25)
Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details Berend-Jan Wever (Nov 18)
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever (Nov 01)
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever (Nov 18)
VBScript RegExpComp::PnodeParse out-of-bounds read details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever (Nov 09)
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever (Nov 10)
Re: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
Google Chrome blink Serializer::doSerialize bad cast details Berend-Jan Wever (Nov 11)
MSIE8 MSHTML Ptls5::LsFindSpanVisualBoundaries memory corruption Berend-Jan Wever (Nov 22)
MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read Berend-Jan Wever (Nov 04)
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever (Nov 14)
CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details Berend-Jan Wever (Nov 28)
MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details Berend-Jan Wever (Nov 02)
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
Tetris heap spraying: spraying the heap on a budget Berend-Jan Wever (Nov 18)
CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details Berend-Jan Wever (Nov 25)
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever (Nov 18)
Brandon Perry
Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Brandon Perry (Nov 01)
Carlo Di Dato
UCanCode multiple vulnerabilities Carlo Di Dato (Nov 25)
CORE Advisories Team
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team (Nov 22)
Curesec Research Team (CRT)
Mezzanine 4.2.0: XSS Curesec Research Team (CRT) (Nov 18)
MyBB 1.8.6: XSS Curesec Research Team (CRT) (Nov 10)
SPIP 3.1: XSS & Host Header Injection Curesec Research Team (CRT) (Nov 18)
MyLittleForum 2.3.6.1: CSRF Curesec Research Team (CRT) (Nov 18)
Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags Curesec Research Team (CRT) (Nov 18)
MyLittleForum 2.3.6.1: XSS & RPO Curesec Research Team (CRT) (Nov 18)
FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF Curesec Research Team (CRT) (Nov 18)
MoinMoin 1.9.8: XSS Curesec Research Team (CRT) (Nov 18)
The HS-110 Smart Plug aka Projekt Kasa Curesec Research Team (CRT) (Nov 25)
Jaws 1.1.1: Code Execution Curesec Research Team (CRT) (Nov 18)
Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling Curesec Research Team (CRT) (Nov 18)
FUDforum 3.0.6: LFI Curesec Research Team (CRT) (Nov 18)
Lepton 2.2.2: Code Execution Curesec Research Team (CRT) (Nov 18)
Lepton 2.2.2: SQL Injection Curesec Research Team (CRT) (Nov 18)
Dawid Golunski
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski (Nov 04)
Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Dawid Golunski (Nov 16)
MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] Dawid Golunski (Nov 01)
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski (Nov 25)
dxw Security
Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin) dxw Security (Nov 18)
SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
Egidio Romano
[KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability Egidio Romano (Nov 07)
Elar Lang
Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang (Nov 02)
Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang (Nov 01)
eov eov
Vlany: A Linux (LD_PRELOAD) rootkit eov eov (Nov 10)
ERPScan inc
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 18)
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 18)
[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability ERPScan inc (Nov 22)
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 22)
Felix Matei
Several unpatched vulns in OwnCloud Felix Matei (Nov 07)
Francisco Amato
Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 25)
Freeman
[ndhXV] Call For Paper - 15th anniversary - 24-25 June 2017 Freeman (Nov 28)
Hector Marco
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 15)
Hector Marco-Gisbert
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert (Nov 15)
hyp3rlinx
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow hyp3rlinx (Nov 06)
Axessh 4.2.2 Denial Of Service hyp3rlinx (Nov 06)
Rapid PHP Editor CSRF Remote Command Execution hyp3rlinx (Nov 06)
Ian Ling
Trango Systems hidden default root login (all models) Ian Ling (Nov 11)
Ionut Popescu
Release - Shellcode Compiler Ionut Popescu (Nov 10)
Jason Cooper
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 16)
jericho
Re: QUANTUMSQUIRREL - attrition.org unmasked as NSA TAO OP jericho (Nov 16)
Julian Horoszkiewicz
Unexpected behavior of cmd.exe while processing .bat files leads to potential command injection vulnerabilities Julian Horoszkiewicz (Nov 13)
Julien Ahrens
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens (Nov 20)
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens (Nov 20)
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 20)
Kacper Szurek
e107 CMS <= 2.1.2 Privilege Escalation Kacper Szurek (Nov 10)
Klaus Tichmann
[SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287) Klaus Tichmann (Nov 07)
KoreLogic Disclosures
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures (Nov 04)
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures (Nov 04)
Larry W. Cashdollar
/tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Larry W. Cashdollar (Nov 18)
Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Larry W. Cashdollar (Nov 18)
Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Larry W. Cashdollar (Nov 20)
Teradata Virtual Machine Community Edition v15.10 has insecure file permission Larry W. Cashdollar (Nov 10)
Leo Famulari
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 15)
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Leo Famulari (Nov 04)
Magnus Stubman
[CVE-2016-7434] ntpd remote pre-auth DoS Magnus Stubman (Nov 22)
Manuel Garcia Cardenas
Reflected XSS in WonderCMS <= v0.9.8 Manuel Garcia Cardenas (Nov 22)
Matthias Deeg
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) Matthias Deeg (Nov 25)
[SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) Matthias Deeg (Nov 25)
Michael Heydon
Multiple issues in OpManager 12100 & 12200 Michael Heydon (Nov 20)
Michal Zalewski
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski (Nov 05)
MustLive
Vulnerabilities in D-Link DIR-300 MustLive (Nov 01)
Nic Wiswat
Bypass Imperva by confusing HTTP Pollution Normalization Engine Nic Wiswat (Nov 04)
Nightwatch Cybersecurity Research
Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723] Nightwatch Cybersecurity Research (Nov 08)
Obfuscator
Disclose [10 * cve] in Exponent CMS Obfuscator (Nov 02)
Pedro Ribeiro
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro (Nov 08)
Peter Lapp
CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability Peter Lapp (Nov 01)
CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability Peter Lapp (Nov 01)
CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS Peter Lapp (Nov 01)
CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability Peter Lapp (Nov 01)
Philip Polstra
CFP - BloomCON 0x02 - March 24-25, 2017 Bloomsburg, PA Philip Polstra (Nov 28)
Ralf Spenneberg
OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl Ralf Spenneberg (Nov 15)
OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Ralf Spenneberg (Nov 15)
redrain root
[oss-security] CVE request:Lynx invalid URL parsing with '?' redrain root (Nov 04)
RedTeam Pentesting GmbH
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH (Nov 24)
Rio Sherri
Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM) Rio Sherri (Nov 09)
Román Ramírez
[RootedCON 2017] Call for Papers open for RootedCON Madrid 2017! Román Ramírez (Nov 07)
Ronald Volgers
[CT-2016-1110] Unauthenticated RCE in Observium network monitor Ronald Volgers (Nov 10)
Sanehdeep Singh
Cross Site Scripting Vulnerability In Verint Impact 360 Sanehdeep Singh (Nov 08)
SEC Consult Vulnerability Lab
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab (Nov 14)
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab (Nov 28)
Simon Waters (Surevine)
Re: Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Simon Waters (Surevine) (Nov 28)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak (Nov 18)
Summer of Pwnage
Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin Summer of Pwnage (Nov 29)
Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Summer of Pwnage (Nov 08)
Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin Summer of Pwnage (Nov 10)
Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin Summer of Pwnage (Nov 10)
Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin Summer of Pwnage (Nov 08)
Cross-Site Scripting in All In One WP Security & Firewall WordPress Plugin Summer of Pwnage (Nov 16)
Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage (Nov 19)
Information disclosure race condition in W3 Total Cache WordPress Plugin Summer of Pwnage (Nov 10)
Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin Summer of Pwnage (Nov 23)
Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 20)
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage (Nov 08)
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage (Nov 08)
YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Nov 08)
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 19)
Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF Summer of Pwnage (Nov 19)
Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF Summer of Pwnage (Nov 10)
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage (Nov 19)
Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage (Nov 08)
Thomas Dickey
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
VMware Security Response Center
New VMSA-2016-0020 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Nov 15)
New VMSA-2016-0019 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Nov 13)
NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability VMware Security Response Center (Nov 25)
NEW VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Response Center (Nov 25)
Vulnerability Lab
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab (Nov 18)
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab (Nov 07)
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab (Nov 28)
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Nov 07)
Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation Vulnerability Lab (Nov 07)
Schoolhos CMS v2.29 - userberita SQL injection Vulnerability Vulnerability Lab (Nov 28)
Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability Vulnerability Lab (Nov 18)
Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards Vulnerability Lab (Nov 01)
Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Nov 07)
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab (Nov 18)
Huawei Flybox B660 3G/4G Router - Auth Bypass Vulnerability Vulnerability Lab (Nov 18)
Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability Vulnerability Lab (Nov 28)
Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability (APSB16-35) [CVE-2016-7851] Vulnerability Lab (Nov 09)
EditMe CMS - CSRF Privilege Escalate Web Vulnerability Vulnerability Lab (Nov 18)
Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Vulnerability Lab (Nov 28)
Williams, Ken
CA20161109-02: Security Notice for CA Service Desk Manager Williams, Ken (Nov 10)
CA20161109-01: Security Notice for CA Unified Infrastructure Management Williams, Ken (Nov 10)
x33fcon.office
[x33fcon] Call for Papers (and Trainers) x33fcon.office (Nov 22)