Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
113 messages
starting Apr 03 17 and
ending Apr 30 17
Date index |
Thread index |
Author index
Monday, 03 April
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber
CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik
CVE Request -- mapr: information disclosure vulnerability Mark Felder
Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09 pratik shah
APPLE-SA-2017-04-03-1 iOS 10.3.1 Apple Product Security
Tuesday, 04 April
AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team
Dell OpenManage Server Administrator v8.4: CVE-2016-4004 Addendum Harrison Neal
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories
ManageEngine Applications Manager Multiple Vulnerabilities ljj
Inchoo Facebook Connect Extension for Magento Parameter XSS Patrick Webster via Fulldisclosure
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster via Fulldisclosure
AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster via Fulldisclosure
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster via Fulldisclosure
Lotus Protector for Mail Security remote code execution Patrick Webster via Fulldisclosure
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster via Fulldisclosure
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster via Fulldisclosure
Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster via Fulldisclosure
SilverStripe CMS - Path Disclosure Patrick Webster via Fulldisclosure
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster via Fulldisclosure
AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster via Fulldisclosure
Kaseya information disclosure vulnerability Patrick Webster via Fulldisclosure
iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster via Fulldisclosure
Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster via Fulldisclosure
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode
Thursday, 06 April
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber
QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359) Harry Sintonen
APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android Apple Product Security
CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security
[DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later) DefenseCode
Friday, 07 April
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab
DAVOSET v.1.3.1 MustLive
Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution Stefan Kanthak
LAquis SCADA Access Control Vulnerability Karn Ganeshen
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution Karn Ganeshen
SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities Karn Ganeshen
Cambium SNMP Security Vulnerabilities Karn Ganeshen
Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities Karn Ganeshen
DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling
CVE Request:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4 Wester 95
CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status Wester 95
CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings Wester 95
Sunday, 09 April
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection Manuel Garcia Cardenas
CVE-Request:stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations Wester 95
NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003 Rewanth Cool
NSE Script for exploiting Directory traversal vulnerability in Wordpress Rewanth Cool
NSE scripts for XSS and session hijacking in AsusWRT Rewanth Cool
NSE Script for CVE 2017-6527 Rewanth Cool
Tuesday, 11 April
Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx
CVE-2017-7456 MXview v2.8 Denial Of Service hyp3rlinx
Moxa MX AOPC-Server v1.5 XML External Entity hyp3rlinx
CVE Request:CSRF in Serendipity allows attacker installs any themes Wester 95
CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11) Wester 95
CVE Request:Directory Traversal in smilie module(MyBB <1.8.11) Wester 95
CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham
SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities Maor Shwartz
[SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89) Matthias Deeg
[SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Matthias Deeg
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research
Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V.
Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V.
Wednesday, 12 April
c0c0n X August 17-19, 2017 Call for Papers Open Prajwal Panchmahalkar
Proxifier for Mac 2.19 local root privesc Mark Wadham
Re: CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode
DefenseCode ThunderScan SAST Advisory: 53+ WordPress plugins by BestWebSoft Multiple Cross-Site Scripting (XSS) Vulnerabilities DefenseCode
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode
Friday, 14 April
Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation hyp3rlinx
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin Securify B.V.
Monday, 17 April
CVE-2017-0199 PoC David ROUTIN
Re: [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Nick Boyce
Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx
Tuesday, 18 April
SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation Maor Shwartz
Thursday, 20 April
Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage
Friday, 21 April
Unicorn Emulator v1.0.1 is out! Nguyen Anh Quynh
nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect Kyriakos Economou
[ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector ERPScan inc
[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT ERPScan inc
[ERPSCAN-17-022] SSRF in PeopleSoft IMServlet ERPScan inc
SecretServerSecretStealer - An extraction utility for Thycotic Secret Server Denis Andzakovic
Code Injection through DLL Sideloading in 64bit Oracle Java Florian Bogner
CVE-2017-7991-SQL injection-Exponent CMS 404 Not Found
DefenseCode ThunderScan SAST Advisory: WordPress AccessPress Social Icons Plugin Multiple SQL injection Security Vulnerabilities DefenseCode
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability DefenseCode
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin
Saturday, 22 April
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Securify B.V.
Sunday, 23 April
Tales of SugarCRM Security Horrors Egidio Romano
Monday, 24 April
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path KoreLogic Disclosures
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures
Tuesday, 25 April
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method Andrey B. Panfilov
OXATIS 'EMail' Cross Site Scripting Vulnerability HTTPCS
Flyspray 'real_name' Cross Site Scripting Vulnerability HTTPCS
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski
Samsung Smart TV Wi-Fi Direct Improper Authentication Info
Dell Customer Connect 1.3.28.0 Privilege Escalation Kacper Szurek
SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities Maor Shwartz
SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation SEC Consult Vulnerability Lab
Thursday, 27 April
Security Issues in Alerton Webtalk (Auth Bypass, RCE) David Tomaschik via Fulldisclosure
Friday, 28 April
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab
Saturday, 29 April
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V.
Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS Securify B.V.
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V.
Sunday, 30 April
CVE-2017-7981: Tuleap Remote OS Command Injection Ben N
PRL and CSRF vulnerabilities in D-Link DAP-1360 MustLive
360 security android app snoops data to China Unicom network via insecure HTTP seclists