Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

108 messages starting May 01 17 and ending May 29 17
Date index | Thread index | Author index

Monday, 01 May

Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V.

Wednesday, 03 May

Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability Vulnerability Lab
Icecream v4.53 & Pro - File Permission Privilege Escalation Vulnerability Lab
Hola VPN v1.34 - Privilege Escalation Vulnerability Vulnerability Lab
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability Vulnerability Lab
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability Vulnerability Lab
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability Vulnerability Lab
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability Vulnerability Lab

Thursday, 04 May

Re: Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability Brandon Perry
Re: 360 security android app snoops data to China Unicom network via insecure HTTP Daniel Wood
[oss-security]Sourcetree arbitrary command execution 洪宇
[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs
[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs
DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability DefenseCode
SSD Advisory – Serviio Media Server Multiple Vulnerabilities Maor Shwartz
https://blogs.securiteam.com/index.php/archives/3171 Maor Shwartz
Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563) Roee Hay
ES File Explorer android app snoops data to China Unicom network via insecure HTTP seclists
Re: 360 security android app snoops data to China Unicom network via insecure HTTP seclists () email tg

Friday, 05 May

Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege Stefan Kanthak

Sunday, 07 May

Re: 360 security android app snoops data to China Unicom network via insecure HTTP Craig Young

Tuesday, 09 May

CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address Zeng Wester
Aleph Research: Google Nexus 9 SensorHub Firmware Downgrade Vulnerability (CVE-2017-0582) Roee Hay
Re: 360 security android app snoops data to China Unicom network via insecure HTTP seclists
CSRF/Stored XSS in MSMC – Redirect After Comment could allow unauthenticated individuals to do almost anything (WordPress plugin) dxw Security
Veritas Netbackup v8.0 - Multiple Vulnerabilities Sven Blumenstein via Fulldisclosure
SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager SEC Consult Vulnerability Lab
Numerous FreeTDS crashes fixed on master Brandon Perry

Wednesday, 10 May

SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App SEC Consult Vulnerability Lab
[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability Core Security Advisories Team
[FOXMOLE SA 2017-02-23] Dolibarr ERP & CRM - Multiple Issues FOXMOLE Advisories
Re: Numerous FreeTDS crashes fixed on master Brandon Perry
QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Kacper Szurek
Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution Majid Alqabandi
Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892] Nightwatch Cybersecurity Research

Thursday, 11 May

SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager SEC Consult Vulnerability Lab
Re: Numerous FreeTDS crashes fixed on master Brandon Perry
trashbilling.com and Trashflow 3.0.0 Multiple Issues g00se--- via Fulldisclosure
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities DefenseCode
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities DefenseCode

Friday, 12 May

CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response oststrom (public)

Monday, 15 May

Multiple crashes in OpenEXR Brandon Perry
Mimosa Wireless Radios - RCE, DoS, and Local File Disclosure Vulnerabilities Ian Ling via Fulldisclosure
Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains hyp3rlinx
APPLE-SA-2017-05-15-1 macOS 10.12.5 Apple Product Security
APPLE-SA-2017-05-15-2 iOS 10.3.2 Apple Product Security
APPLE-SA-2017-05-15-3 tvOS 10.2.1 Apple Product Security
APPLE-SA-2017-05-15-4 watchOS 3.2.1 Apple Product Security
APPLE-SA-2017-05-15-5 iCloud for Windows 6.2.1 Apple Product Security
APPLE-SA-2017-05-15-6 iTunes 12.6.1 Apple Product Security
APPLE-SA-2017-05-15-7 Safari 10.1.1 Apple Product Security
[CVE-2017-7953] Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields Yoroi - CVE report
[CVE-2017-7952] SQL injection in INFOR EAM V11.0 Build 201410 search fields (web/base/..) via filtervalue parameter Yoroi - CVE report
Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages Manuel Mancera

Tuesday, 16 May

PayPal Inc announces 2 new Bug Bounty Program Domains Vulnerability Lab
Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability Vulnerability Lab
MikroTik RouterBoard v6.38.5 - Denial of Service Vulnerability Vulnerability Lab
Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities Vulnerability Lab
Stealing Windows Credentials Using Google Chrome DefenseCode
Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability geeknik via Fulldisclosure

Wednesday, 17 May

Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage

Thursday, 18 May

SEC Consult SA-20170518-0 :: Multiple critical vulnerabilities in Western Digital TV Media Player SEC Consult Vulnerability Lab

Friday, 19 May

Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption David Tomaschik via Fulldisclosure
Re: [oss-security] Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch
Re: [oss-security] Dolibarr ERP & CRM - Multiple Issues Brandon Perry
[ERPSCAN-17-022] SSRF in PeopleSoft IMServlet ERPScan inc
Ceragon FibeAir IP-10 Hidden User Backdoor Ian Ling via Fulldisclosure
SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow Maor Shwartz
WhatsApp (Android) Privacy Issues with Handling of Media Files [CVE-2017-8769] Nightwatch Cybersecurity Research
HP SiteScope 11.32: Unauthenticated JMX Console RCE Harrison Neal
Google I/O 2017 Android App Doesn't Use SSL for Some Content [CVE-2017-9045] Nightwatch Cybersecurity Research
AST-2017-002: Buffer Overrun in PJSIP transaction layer Asterisk Security Team
AST-2017-003: Crash in PJSIP multi-part body parser Asterisk Security Team
AST-2017-004: Memory exhaustion on short SCCP packets Asterisk Security Team

Monday, 22 May

CFP - WPES - 2017 Workshop on Privacy in the Electronic Society Bill Garrison
CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution hyp3rlinx
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal hyp3rlinx
Re: CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal hyp3rlinx
CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection hyp3rlinx
Re: [oss-security] Multiple crashes in OpenEXR Brandon Perry
HP SimplePass Local Privilege Escalation Rehan Ahmed

Tuesday, 23 May

Out of bound memory access in PJSIP multipart parser crashes Asterisk Sandro Gauci
Asterisk Skinny memory exhaustion vulnerability leads to DoS Sandro Gauci
Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP Sandro Gauci
Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability Vulnerability Lab
Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability Vulnerability Lab
HTTrack v3.x - Stack Buffer Overflow Vulnerability Vulnerability Lab
SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane SEC Consult Vulnerability Lab
[CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities Core Security Advisories Team

Wednesday, 24 May

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation Sydream Labs
CVE-2017-8895 / VTS17-006: UAF in Veritas Backup Exec Remote Agent for Windows Matthew Daley
Sunell IPR54/14AKDN(II)/13 IP Camera - Stored Cross-Site Scripting Advisories
Sunell IPR54/14AKDN(II)/13 IP Camera - Reflected Cross-Site Scripting Advisories
Sunell IPR54/14AKDN(II)/13 IP Camera - Session ID Enumeration Advisories
DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability DefenseCode

Monday, 29 May

Hacktivity 2017 Call For Papers Attila Marosi
Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato
Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11 Florian Bogner
SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities Maor Shwartz
SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE Maor Shwartz
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities Maor Shwartz
[CVE-2017-8782]Libming readString denial of service 吴栋
Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent Stefan Kanthak

Previous period

Next period