Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
91 messages
starting Mar 01 17 and
ending Mar 31 17
Date index |
Thread index |
Author index
Wednesday, 01 March
SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave SEC Consult Vulnerability Lab
Thursday, 02 March
New BlackArch Linux ISOs (2017.03.01) released! Black Arch
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar
Sunday, 05 March
Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe Stefan Kanthak
Call for Papers for 5th Balkan Computer Congress – BalCCon2k17 Milos Krasojevic
CVE-2017-6443: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Michael Benich
Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck
0-Day: Dahua backdoor Generation 2 and 3 bashis
Monday, 06 March
Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe Stefan Kanthak
Re: 0-Day: Dahua backdoor Generation 2 and 3 Chris Holland
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility Aromal Raj
OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) Wolfgang
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility Aromal Raj
Cross-Site Request Forgery in WordPress Press This function allows DoS Summer of Pwnage
WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage
Tuesday, 07 March
[Tool] Docker Scan: Security analysis tools for Docker Images and Docker Registries cr0hn
Re: Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe fulldisclosure
Re: 0-Day: Dahua backdoor Generation 2 and 3 bashis
Western Digital My Cloud vulnerable to multiple command injection vulnerabilities Securify B.V.
SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud SEC Consult Vulnerability Lab
Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability Securify B.V.
Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Securify B.V.
Bypassing Authentication on iball Baton Routers Indrajith AN
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead Pierre Kim
Wednesday, 08 March
SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint SEC Consult Vulnerability Lab
Friday, 10 March
SICUNET Physical Access Controller - Multiple Vulnerabilities Andrew Griffiths
FTP Voyager Scheduler v16.2.0 CSRF Remote Command Execution hyp3rlinx
Bypassing Authentication on iball Baton Routers Indrajith AN
CVE-2017-6466 - Remote Code Execution under SYSTEM via MITM in F-Secure AV Martin Kolárik
Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Nicholas von Pechmann
Hardwear.io Call For Papers 2017 is open! Yuliya Pliavaka
CVE-2017-6550: Kinsey Infor-Lawson - Multiple SQL Injections Michael Benich
DAVOSET v.1.3 MustLive
KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery KoreLogic Disclosures
Tuesday, 14 March
CVE-2017-6805 MobaXterm Personal Edition v9.4 Directory Traversal File Disclosure hyp3rlinx
Aleph Research: Attacking Nexus 9 with Malicious Headphones (CVE-2017-0510) Roee Hay
URL spoofing in UC browser. x ksi
Microsoft Edge Fetch API allows setting of arbitrary request headers Securify B.V.
Thursday, 16 March
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab
Microsoft Windows "LoadUvsTable()" Buffer Overflow Vulnerability Hossein Lotfi
Windows DVD Maker XML External Entity File Disclosure hyp3rlinx
Axis Camera Multiple Vulnerabilities David Wearing
USB Pratirodh XML External Entity Injection Vulnerability Sachin Wagh
USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability Sachin Wagh
Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll) Sachin Wagh
Friday, 17 March
phplist 3.2.6: SQL Injection Curesec Research Team (CRT)
phplist 3.2.6: XSS Curesec Research Team (CRT)
HumHub 1.0.1: XSS Curesec Research Team (CRT)
HumHub 0.20.1 / 1.0.0-beta.3: Code Execution Curesec Research Team (CRT)
Saturday, 18 March
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting 陈彦羽
TS Session Hijacking / Privilege escalation all windows versions Alexander Korznikov
Monday, 20 March
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service hyp3rlinx
Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router. Indrajith AN
Re: TS Session Hijacking / Privilege escalation all windows versions Kevin Beaumont
Re: 0-Day: Dahua backdoor Generation 2 and 3 bashis
Re: SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products Carlos Silva
Re: Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Thomas Deutschmann
Tuesday, 21 March
Adium vulnerable to remote code execution via libpurple erythronium23
Wednesday, 22 March
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices SEC Consult Vulnerability Lab
Friday, 24 March
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM ERPScan inc
QNAP QTS Domain Privilege Escalation Vulnerability Pasquale Fiorillo
[CVE-2017-6087] EON 5.0 Remote Code Execution Sydream Labs
[CVE-2017-6088] EON 5.0 Multiple SQL Injection Sydream Labs
[CVE-2017-5869] Nuxeo Platform remote code execution Sydream Labs
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security
APPLE-SA-2017-03-22-2 iTunes for Mac 12.6 Apple Product Security
Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato
Defense in depth -- the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier" Stefan Kanthak
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak
[CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal Jens Regel
Monday, 27 March
[FOXMOLE SA 2017-01-25] inoERP - Multiple Issues FOXMOLE Advisories
pfsense 2.3.2: Code Execution Curesec Research Team (CRT)
pfsense 2.3.2: XSS Curesec Research Team (CRT)
pfsense 2.3.2: CSRF Curesec Research Team (CRT)
Vulnerabilities in Transcend Wi-Fi SD Card MustLive
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS Apple Product Security
CVE-2017-5900 Luke Symons
Tuesday, 28 March
DzSoft PHP Editor v4.2.7 File Enumeration [**UPDATED FIXED TYPO] hyp3rlinx
Outlook Remote Crashing Bug Haifei Li
Re: Vulnerabilities in Transcend Wi-Fi SD Card Joey Kelly
APPLE-SA-2017-03-27-2 Safari 10.1 Apple Product Security
APPLE-SA-2017-03-27-4 iOS 10.3 Apple Product Security
APPLE-SA-2017-03-27-5 watchOS 3.2 Apple Product Security
APPLE-SA-2017-03-27-7 macOS Server 5.3 Apple Product Security
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite Apple Product Security
Re: Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak
Wednesday, 29 March
Hidden malicious modules in MS VBA (Visual Basic for Applications) Thegrideon Software
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 Apple Product Security
APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security
Thursday, 30 March
Splunk Enterprise Information Theft - CVE-2017-5607 hyp3rlinx
Friday, 31 March
Re: Hidden malicious modules in MS VBA (Visual Basic for Applications Douglas Held