Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

108 messages starting May 24 17 and ending May 04 17
Date index | Thread index | Author index

Advisories

Sunell IPR54/14AKDN(II)/13 IP Camera - Stored Cross-Site Scripting Advisories (May 24)
Sunell IPR54/14AKDN(II)/13 IP Camera - Reflected Cross-Site Scripting Advisories (May 24)
Sunell IPR54/14AKDN(II)/13 IP Camera - Session ID Enumeration Advisories (May 24)

Apple Product Security

APPLE-SA-2017-05-15-7 Safari 10.1.1 Apple Product Security (May 15)
APPLE-SA-2017-05-15-1 macOS 10.12.5 Apple Product Security (May 15)
APPLE-SA-2017-05-15-5 iCloud for Windows 6.2.1 Apple Product Security (May 15)
APPLE-SA-2017-05-15-4 watchOS 3.2.1 Apple Product Security (May 15)
APPLE-SA-2017-05-15-3 tvOS 10.2.1 Apple Product Security (May 15)
APPLE-SA-2017-05-15-6 iTunes 12.6.1 Apple Product Security (May 15)
APPLE-SA-2017-05-15-2 iOS 10.3.2 Apple Product Security (May 15)

Asterisk Security Team

AST-2017-003: Crash in PJSIP multi-part body parser Asterisk Security Team (May 19)
AST-2017-004: Memory exhaustion on short SCCP packets Asterisk Security Team (May 19)
AST-2017-002: Buffer Overrun in PJSIP transaction layer Asterisk Security Team (May 19)

Attila Marosi

Hacktivity 2017 Call For Papers Attila Marosi (May 29)

Bill Garrison

CFP - WPES - 2017 Workshop on Privacy in the Electronic Society Bill Garrison (May 22)

Brandon Perry

Re: [oss-security] Dolibarr ERP & CRM - Multiple Issues Brandon Perry (May 19)
Multiple crashes in OpenEXR Brandon Perry (May 15)
Numerous FreeTDS crashes fixed on master Brandon Perry (May 09)
Re: Numerous FreeTDS crashes fixed on master Brandon Perry (May 11)
Re: [oss-security] Multiple crashes in OpenEXR Brandon Perry (May 22)
Re: Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability Brandon Perry (May 04)
Re: Numerous FreeTDS crashes fixed on master Brandon Perry (May 10)

Core Security Advisories Team

[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability Core Security Advisories Team (May 10)
[CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities Core Security Advisories Team (May 23)

Craig Young

Re: 360 security android app snoops data to China Unicom network via insecure HTTP Craig Young (May 07)

Daniel Wood

Re: 360 security android app snoops data to China Unicom network via insecure HTTP Daniel Wood (May 04)

David Tomaschik via Fulldisclosure

Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption David Tomaschik via Fulldisclosure (May 19)

DefenseCode

Stealing Windows Credentials Using Google Chrome DefenseCode (May 16)
DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability DefenseCode (May 24)
DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability DefenseCode (May 04)
DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability DefenseCode (May 24)
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities DefenseCode (May 11)
DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability DefenseCode (May 04)
DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability DefenseCode (May 24)
DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability DefenseCode (May 04)
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability DefenseCode (May 11)
DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities DefenseCode (May 11)

dxw Security

CSRF/Stored XSS in MSMC – Redirect After Comment could allow unauthenticated individuals to do almost anything (WordPress plugin) dxw Security (May 09)

ERPScan inc

[ERPSCAN-17-022] SSRF in PeopleSoft IMServlet ERPScan inc (May 19)

Florian Bogner

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11 Florian Bogner (May 29)

FOXMOLE Advisories

[FOXMOLE SA 2017-02-23] Dolibarr ERP & CRM - Multiple Issues FOXMOLE Advisories (May 10)

Francisco Amato

Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (May 29)

g00se--- via Fulldisclosure

trashbilling.com and Trashflow 3.0.0 Multiple Issues g00se--- via Fulldisclosure (May 11)

geeknik via Fulldisclosure

Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability geeknik via Fulldisclosure (May 16)

Harrison Neal

HP SiteScope 11.32: Unauthenticated JMX Console RCE Harrison Neal (May 19)

hyp3rlinx

Re: CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal hyp3rlinx (May 22)
Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains hyp3rlinx (May 15)
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal hyp3rlinx (May 22)
CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution hyp3rlinx (May 22)
CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection hyp3rlinx (May 22)

Ian Ling via Fulldisclosure

Ceragon FibeAir IP-10 Hidden User Backdoor Ian Ling via Fulldisclosure (May 19)
Mimosa Wireless Radios - RCE, DoS, and Local File Disclosure Vulnerabilities Ian Ling via Fulldisclosure (May 15)

Kacper Szurek

QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Kacper Szurek (May 10)

Majid Alqabandi

Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution Majid Alqabandi (May 10)

Manuel Mancera

Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages Manuel Mancera (May 15)

Maor Shwartz

https://blogs.securiteam.com/index.php/archives/3171 Maor Shwartz (May 04)
SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE Maor Shwartz (May 29)
SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow Maor Shwartz (May 19)
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities Maor Shwartz (May 29)
SSD Advisory – Serviio Media Server Multiple Vulnerabilities Maor Shwartz (May 04)
SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities Maor Shwartz (May 29)

Matthew Daley

CVE-2017-8895 / VTS17-006: UAF in Veritas Backup Exec Remote Agent for Windows Matthew Daley (May 24)

Nightwatch Cybersecurity Research

Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892] Nightwatch Cybersecurity Research (May 10)
WhatsApp (Android) Privacy Issues with Handling of Media Files [CVE-2017-8769] Nightwatch Cybersecurity Research (May 19)
Google I/O 2017 Android App Doesn't Use SSL for Some Content [CVE-2017-9045] Nightwatch Cybersecurity Research (May 19)

oststrom (public)

CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response oststrom (public) (May 12)

Rehan Ahmed

HP SimplePass Local Privilege Escalation Rehan Ahmed (May 22)

Roee Hay

Aleph Research: Google Nexus 9 SensorHub Firmware Downgrade Vulnerability (CVE-2017-0582) Roee Hay (May 09)
Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563) Roee Hay (May 04)

Sandro Gauci

Out of bound memory access in PJSIP multipart parser crashes Asterisk Sandro Gauci (May 23)
Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP Sandro Gauci (May 23)
Asterisk Skinny memory exhaustion vulnerability leads to DoS Sandro Gauci (May 23)

SEC Consult Vulnerability Lab

SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager SEC Consult Vulnerability Lab (May 09)
SEC Consult SA-20170518-0 :: Multiple critical vulnerabilities in Western Digital TV Media Player SEC Consult Vulnerability Lab (May 18)
SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager SEC Consult Vulnerability Lab (May 11)
SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane SEC Consult Vulnerability Lab (May 23)
SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App SEC Consult Vulnerability Lab (May 10)

seclists

ES File Explorer android app snoops data to China Unicom network via insecure HTTP seclists (May 04)
Re: 360 security android app snoops data to China Unicom network via insecure HTTP seclists (May 09)

seclists () email tg

Re: 360 security android app snoops data to China Unicom network via insecure HTTP seclists () email tg (May 04)

Securify B.V.

Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (May 01)

Stefan Kanthak

Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent Stefan Kanthak (May 29)
Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege Stefan Kanthak (May 05)

Stefan Pietsch

Re: [oss-security] Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch (May 19)

Summer of Pwnage

Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (May 17)

Sven Blumenstein via Fulldisclosure

Veritas Netbackup v8.0 - Multiple Vulnerabilities Sven Blumenstein via Fulldisclosure (May 09)

Sydream Labs

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation Sydream Labs (May 24)

Sysdream Labs

[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs (May 04)
[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs (May 04)

Vulnerability Lab

Zenario v7.6 - Persistent Cross Site Scripting Vulnerability Vulnerability Lab (May 03)
MikroTik RouterBoard v6.38.5 - Denial of Service Vulnerability Vulnerability Lab (May 16)
PayPal Inc announces 2 new Bug Bounty Program Domains Vulnerability Lab (May 16)
Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities Vulnerability Lab (May 16)
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability Vulnerability Lab (May 03)
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability Vulnerability Lab (May 03)
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability Vulnerability Lab (May 03)
Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability Vulnerability Lab (May 16)
HTTrack v3.x - Stack Buffer Overflow Vulnerability Vulnerability Lab (May 23)
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability Vulnerability Lab (May 03)
Hola VPN v1.34 - Privilege Escalation Vulnerability Vulnerability Lab (May 03)
Icecream v4.53 & Pro - File Permission Privilege Escalation Vulnerability Lab (May 03)
Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability Vulnerability Lab (May 23)
Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability Vulnerability Lab (May 23)

Yoroi - CVE report

[CVE-2017-7953] Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields Yoroi - CVE report (May 15)
[CVE-2017-7952] SQL injection in INFOR EAM V11.0 Build 201410 search fields (web/base/..) via filtervalue parameter Yoroi - CVE report (May 15)

Zeng Wester

CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address Zeng Wester (May 09)

吴栋

[CVE-2017-8782]Libming readString denial of service 吴栋 (May 29)

洪宇

[oss-security]Sourcetree arbitrary command execution 洪宇 (May 04)

Previous period

Next period