Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

71 messages starting Oct 13 17 and ending Oct 06 17
Date index | Thread index | Author index

Andrey B. Panfilov

Multiple vulnerabilities in OpenText Documentum Content Server Andrey B. Panfilov (Oct 13)

Apple Product Security

APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update Apple Product Security (Oct 06)

Barkın Kılıç

CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability Barkın Kılıç (Oct 07)

Baruch via Fulldisclosure

Bezeq, Israel Telco, allows resetting its home subscribers Baruch via Fulldisclosure (Oct 13)

DefenseCode

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 DefenseCode (Oct 06)
DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities DefenseCode (Oct 10)
DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability DefenseCode (Oct 10)
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2 DefenseCode (Oct 06)

dxw Security

WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts dxw Security (Oct 07)

Egidio Romano

[KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability Egidio Romano (Oct 23)

EMC Product Security Response Center

ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability EMC Product Security Response Center (Oct 31)
ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability EMC Product Security Response Center (Oct 16)
ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability EMC Product Security Response Center (Oct 06)
ESA-2017-141: EMC AppSync Hardcoded Password Vulnerability EMC Product Security Response Center (Oct 31)
ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability EMC Product Security Response Center (Oct 16)
ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Product Security Response Center (Oct 06)
ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability EMC Product Security Response Center (Oct 27)

Etnies

SmartBear SoapUI - Remote Code Execution via Deserialization Etnies (Oct 06)

filipe

Advisory SyncBreeze Enterprise 10.1.16 Buffer Overflow [CVE-2017-15950] filipe (Oct 31)

Giovanni Cerrato

CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability Giovanni Cerrato (Oct 06)

Hakan Küsne

[CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass Hakan Küsne (Oct 17)

Harrison Neal

Re: SmartBear SoapUI - Remote Code Execution via Deserialization Harrison Neal (Oct 10)
Re: ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE Harrison Neal (Oct 10)
ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE Harrison Neal (Oct 10)

Jens Regel

[CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal Jens Regel (Oct 16)

John Torakis

CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation John Torakis (Oct 02)

Juan Diego

Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Juan Diego (Oct 24)

Julien Ahrens

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure Julien Ahrens (Oct 13)
[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure Julien Ahrens (Oct 20)

Karn Ganeshen

JanTek JTC-200 Vulnerabilities Karn Ganeshen (Oct 31)
[ICS] Progea Movicon SCADA/HMI Vulnerabilities Karn Ganeshen (Oct 31)
[ICS] SpiderControl SCADA Web Server Improper Privilege Management Vulnerability Karn Ganeshen (Oct 31)

KoreLogic Disclosures

KL-001-2017-021 : Sophos UTM 9 Management Appplication Local File Inclusion KoreLogic Disclosures (Oct 24)
KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions KoreLogic Disclosures (Oct 24)
KL-001-2017-018 : Infoblox NetMRI Administration Shell Factory Reset Persistence KoreLogic Disclosures (Oct 24)
KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation KoreLogic Disclosures (Oct 24)
KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation KoreLogic Disclosures (Oct 24)

Kurtis Brown

[RCE] TP-Link Remote Code Execution CVE-2017-13772 Kurtis Brown (Oct 20)

kvnjs

Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-) kvnjs (Oct 10)

Maor Shwartz

SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure Maor Shwartz (Oct 03)
SSD Advisory – PHP Melody Multiple Vulnerabilities Maor Shwartz (Oct 10)
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free Maor Shwartz (Oct 17)
SSD Advisory – QNAP HelpDesk SQL Injection Maor Shwartz (Oct 10)
SSD Advisory – Mac OS X 10.12 Quarantine Bypass Maor Shwartz (Oct 03)
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution Maor Shwartz (Oct 20)
SSD Advisory – Microsoft Office SMB Information Disclosure Maor Shwartz (Oct 17)
SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS Maor Shwartz (Oct 20)
SSD Advisory – FiberHome Directory Traversal Maor Shwartz (Oct 17)
SSD Advisory – Horde Groupware Unauthorized File Download Maor Shwartz (Oct 03)
SSD Advisory – Vacron NVR Remote Command Execution Maor Shwartz (Oct 10)
SSD Advisory – Webmin Multiple Vulnerabilities Maor Shwartz (Oct 17)
SSD Advisory – ZTE uSmartView DLL Hijacking Maor Shwartz (Oct 16)
SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution Maor Shwartz (Oct 03)
SSD Advisory – Ikraus Anti Virus Remote Code Execution Maor Shwartz (Oct 17)

Marcin Wołoszyn

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Marcin Wołoszyn (Oct 10)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Marcin Wołoszyn (Oct 06)

Mark Wadham

CVE-2017-12579 Local root privesc in Hashicorp vagrant-vmware-fusion 4.0.24 Mark Wadham (Oct 20)

nicolas.buzy-debat

[CVE-2017-15867] Multiple Cross-Site Scripting (XSS) vulnerabilities in User Login History Wordpress Plugin nicolas.buzy-debat (Oct 31)

Nightwatch Cybersecurity Research

PIA Android App Can Be Crashed via Large Download [CVE-2017-15882] Nightwatch Cybersecurity Research (Oct 27)

SEC Consult Vulnerability Lab

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ SEC Consult Vulnerability Lab (Oct 15)
SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products SEC Consult Vulnerability Lab (Oct 18)
SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component SEC Consult Vulnerability Lab (Oct 17)
SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun SEC Consult Vulnerability Lab (Oct 18)

Simon Rawet

Multiple vulnerabilities in BMC Remedy Simon Rawet (Oct 20)

Stefan Kanthak

Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows Stefan Kanthak (Oct 10)

Stevie Lamb (WLT GB)

Windows Attachment Manager *potential* feature bypass Stevie Lamb (WLT GB) (Oct 27)

Tom Wimmenhove

Bad rolling code in keyfob for many Subaru cars Tom Wimmenhove (Oct 10)

VSR Advisories

Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996) VSR Advisories (Oct 27)

X41 D-Sec GmbH Advisories

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks X41 D-Sec GmbH Advisories (Oct 13)
Advisory X41-2017-010: Command Execution in Shadowsocks-libev X41 D-Sec GmbH Advisories (Oct 13)

Yuliya Pliavaka

Nullcon Goa 2018 Call For Papers is Open! Yuliya Pliavaka (Oct 06)

Previous period

Next period