Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

58 messages starting Aug 15 17 and ending Aug 16 17
Date index | Thread index | Author index

advisories

QuantaStor Software Define Storage mmultiple vulnerabilities advisories (Aug 15)

Asterisk Security Team

AST-2017-007: Remote Crash Vulerability in res_pjsip Asterisk Security Team (Aug 31)
AST-2017-006: Shell access command injection in app_minivm Asterisk Security Team (Aug 31)
AST-2017-005: Media takeover in RTP stack Asterisk Security Team (Aug 31)

Black Arch

New BlackArch Linux ISOs (2017.08.30) released! Black Arch (Aug 31)

Daisuke Noguchi[NRIセキュア　野口]

ConnMan #ConnManDo Vulnerability Daisuke Noguchi[NRIセキュア　野口] (Aug 29)

Daniel Correa

Lexmark Scan to Network (SNF) printer application <= 3.2.9 Information Exposure Daniel Correa (Aug 31)

DefenseCode

DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities DefenseCode (Aug 08)
DefenseCode ThunderScan SAST Advisory: WordPress Podlove Podcast Publisher Plugin Security Vulnerability DefenseCode (Aug 08)
DefenseCode ThunderScan SAST Advisory: WordPress PressForward Plugin Security Vulnerability DefenseCode (Aug 08)

Francois Goichon via Fulldisclosure

Re: NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities Francois Goichon via Fulldisclosure (Aug 22)
NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities Francois Goichon via Fulldisclosure (Aug 17)

Gabriele Gristina

CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api Gabriele Gristina (Aug 02)

geeknik via Fulldisclosure

Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698) geeknik via Fulldisclosure (Aug 11)

Geolado giolado

[CVE-2017-11320] Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 Geolado giolado (Aug 02)

Hector Martin "marcan"

[No CVE assigned] SMBLoris Windows/Samba SMB service DoS PoC Hector Martin "marcan" (Aug 02)

Ismail Doe

BlackBoard LMS (9.1.140152.0) Stored XSS/Arbitrary File Upload Ismail Doe (Aug 22)

Karn Ganeshen

[ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability Karn Ganeshen (Aug 31)
[ICS] AzeoTech DAQFactory – Insecure Default Permissions and Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)
[ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow Vulnerability Karn Ganeshen (Aug 31)
[ICS] Schneider Electric Trio TView – vulnerable JRE versions in use Karn Ganeshen (Aug 31)
[ICS] Solar Controls WATTConfig M Software – Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)
[ICS] SIMPlight SCADA software – Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)
[ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)
[ICS] Schneider Electric Pro-Face WinGP – Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)
[ICS] Solar Controls Heating Control Downloader – Insecure Library Loading Allows Code Execution Karn Ganeshen (Aug 31)

kyaw thiha

Format Factory DLL Hijacking Vulnerability kyaw thiha (Aug 04)

Manuel Garcia Cardenas

SQL Injection in TheoCMS <= 2.0 Manuel Garcia Cardenas (Aug 11)
Backdrop CMS <= 1.7.1 - Persistent Cross-Site Scripting Manuel Garcia Cardenas (Aug 22)

Maor Shwartz

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow Maor Shwartz (Aug 11)
SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Maor Shwartz (Aug 11)
Re: [FD] SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution Maor Shwartz (Aug 11)
SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution Maor Shwartz (Aug 08)
SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution Maor Shwartz (Aug 11)
SSD Advisory – Chrome Turbofan Remote Code Execution Maor Shwartz (Aug 17)

Mark Wadham

CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.23 Mark Wadham (Aug 02)

NL Deloitte Zero Day (NL - Amsterdam)

CVE-2017-13671 - MISP Stored XSS NL Deloitte Zero Day (NL - Amsterdam) (Aug 29)

Patrick Webster

Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference Patrick Webster (Aug 25)

Philip Pettersson

CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE Philip Pettersson (Aug 17)

Poyo VL via Fulldisclosure

NetRipper - Smart Traffic Sniffing - Support for x64 Poyo VL via Fulldisclosure (Aug 17)

qflb.wu

wildmidi multiple vulnerabilities qflb.wu (Aug 08)
libgig-LinuxSampler multiple vulnerabilities qflb.wu (Aug 22)
minidjvu multiple vulnerabilities qflb.wu (Aug 08)

RedTeam Pentesting GmbH

[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs RedTeam Pentesting GmbH (Aug 22)
[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification RedTeam Pentesting GmbH (Aug 22)
[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates RedTeam Pentesting GmbH (Aug 22)
[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates RedTeam Pentesting GmbH (Aug 22)

Ryan Dewhurst

BSides Bordeaux Call For Papers (CFP) Ryan Dewhurst (Aug 08)

SEC Consult Vulnerability Lab

SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability SEC Consult Vulnerability Lab (Aug 04)
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection SEC Consult Vulnerability Lab (Aug 04)
SEC Consult SA-20170822-0 :: Multiple vulnerabilities in Progress Sitefinity CMS SEC Consult Vulnerability Lab (Aug 22)

Securify B.V. via Fulldisclosure

Xamarin Studio for Mac API documentation update affected by local privilege escalation Securify B.V. via Fulldisclosure (Aug 14)

Stefan Kanthak

Executable installers are vulnerable^WEVIL (case 53): escalation of privilege with QNAP's installers for Windows Stefan Kanthak (Aug 17)

Timo Teras

Re: libmad memory corruption vulnerability Timo Teras (Aug 31)

Tomi Tuominen

t2'17: Challenge – a break from tradition Tomi Tuominen (Aug 04)

Vladis Dronov

[CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 04)

Vulnerability Lab

Apple iOS 10.3 - UI SMS Access Permission Vulnerability Vulnerability Lab (Aug 16)
Microsoft Resnet - DNS Configuration Web Vulnerability Vulnerability Lab (Aug 16)

Previous period

Next period