Full Disclosure: by date

53 messages starting Aug 02 18 and ending Aug 31 18
Date index | Thread index | Author index

Thursday, 02 August

CA20180802-01: Security Notice for CA API Developer Portal Kotas, Kevin J
(CVE-2018-13415) Out-of-Band XXE in Plex Media Server Chris
(CVE-2018-13417) Out-of-Band XXE in Vuze Bittorrent Client Chris
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 Stefan Kanthak

Friday, 03 August

DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability Dell EMC Product Security Response Center
CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5) Simon Uvarov via Fulldisclosure
Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe Stefan Kanthak

Tuesday, 07 August

CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting Nikola Kojic

Wednesday, 08 August

Full Disclosure - Responsive File Manager Silton Renato

Friday, 10 August

SOC Battle - ARE YOU READY FOR AN EXTRAORDINARY CTF? Mustafa Kaan Demirhan

Monday, 13 August

[CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE Anibal Aguiar
Re: Full Disclosure - Responsive File Manager Henri Salo

Thursday, 16 August

SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore SEC Consult Vulnerability Lab

Friday, 17 August

Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities SCADA StrangeLove

Tuesday, 21 August

Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure
X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories
UISGCON14 CFP Andrey Loginov
Multiple vulnerabilities in OSCAR EMR Brian Hysell
CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L) kenney_lu () trendmicro com
CVE-2017-11564: multiple command inject in D-Link EyeOn Baby Monitor (DCS-825L) kenney_lu () trendmicro com
CVE-2017-12573: command injection in PLANEX CS-W50HD kenney_lu () trendmicro com
CVE-2017-12574: Hardcode credential in PLANEX CS-W50HD kenney_lu () trendmicro com
CVE-2017-12575: information leakage in NEC Aterm WG2600HP2 kenney_lu () trendmicro com
CVE-2017-12576: an hidden management page in PLANEX CS-QR20 kenney_lu () trendmicro com
CVE-2017-12577: an hardcode credential in PLANEX CS-QR20 kenney_lu () trendmicro com
XSS and CSRF vulnerabilities in ASUS RT-N15U MustLive
DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint component Dell EMC Product Security Response Center
DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability Dell EMC Product Security Response Center
Re: Full Disclosure - Responsive File Manager Silton Renato
RESPONSIVE filemanager Simon Uvarov via Fulldisclosure
Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege Stefan Kanthak

Wednesday, 22 August

Seagate Media Server multiple SQL injection vulnerabilities Summer of Pwnage via Fulldisclosure

Friday, 24 August

Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure
Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure
Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529) Reggie Dodd
Couchbase Server - Remote Code Execution x ksi
DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint component secure
DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability secure
Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters
Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters

Monday, 27 August

CVE-2018-12710 Kevin R

Tuesday, 28 August

DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities secure

Friday, 31 August

Argus Surveillance DVR - 4.0.0.0 / SYSTEM Privilege Escalation hyp3rlinx
Argus Surveillance DVR - 4.0.0.0 / Unauthenticated Directory Traversal File Disclosure hyp3rlinx
CA20180829-01: Security Notice for CA PPM Williams, Ken
CA20180829-02: Security Notice for CA Unified Infrastructure Management Williams, Ken
CA20180829-03: Security Notice for CA Release Automation Williams, Ken
Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489] Nightwatch Cybersecurity Research

Previous period

Next period