Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

56 messages starting Dec 21 18 and ending Dec 21 18
Date index | Thread index | Author index

advisories

[CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities advisories (Dec 21)
[CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities advisories (Dec 21)

Alex Craggs

SolarWinds SFTP Vulnerabilities Alex Craggs (Dec 04)

alt3kx via Fulldisclosure

CVE-2018-7691 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure (Dec 14)
CVE-2018-7690 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure (Dec 14)

Andraz Sraka

[CFP] Security BSides Ljubljana 0x7E3 | March 16, 2019 Andraz Sraka (Dec 11)

Apple Product Security via Fulldisclosure

APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-06-1 watchOS 5.1.2 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-3 tvOS 12.1.1 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-1 iOS 12.1.1 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-4 Safari 12.0.2 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Apple Product Security via Fulldisclosure (Dec 07)
APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra Apple Product Security via Fulldisclosure (Dec 07)

Daniel Bishtawi

Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4 Daniel Bishtawi (Dec 04)
Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Daniel Bishtawi (Dec 04)
Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Daniel Bishtawi (Dec 04)
Reflected Cross-site Scripting Vulnerability in Typesetter 5.1 Daniel Bishtawi (Dec 04)
Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0 Daniel Bishtawi (Dec 04)
SQL Injection and Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Daniel Bishtawi (Dec 04)
Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0 Daniel Bishtawi (Dec 04)

Egidio Romano

[KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability Egidio Romano (Dec 31)
[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability Egidio Romano (Dec 31)
[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability Egidio Romano (Dec 31)
[KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability Egidio Romano (Dec 31)

Gustavo Sorondo

Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877) Gustavo Sorondo (Dec 07)

Hacker Fantastic via Fulldisclosure

Mikrotik RouterOS telnet arbitrary root file creation 0day Hacker Fantastic via Fulldisclosure (Dec 14)
GNU inetutils <= 1.9.4 telnet.c multiple overflows Hacker Fantastic via Fulldisclosure (Dec 14)

Henri Salo

Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) Henri Salo (Dec 21)

hyp3rlinx

CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage hyp3rlinx (Dec 04)

Jacek Lipkowski

Vmware airwatch feature Jacek Lipkowski (Dec 11)

Luiz Eduardo

YSTS 13th Edition - CFP Luiz Eduardo (Dec 14)

Marcin Kozlowski

Dynamic Loader Oriented Programming - Wiedergaenger PoC (Proof of Concept) on Ubuntu 16.04.5 LTS - 2018 Marcin Kozlowski (Dec 11)

Murat Aydemir

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API Murat Aydemir (Dec 21)
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section Murat Aydemir (Dec 21)
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API. Murat Aydemir (Dec 11)
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section Murat Aydemir (Dec 21)

MustLive

DAVOSET v.1.3.7 MustLive (Dec 21)
New vulnerabilities in Transcend Wi-Fi SD Card MustLive (Dec 21)

Nguyen Anh Quynh

Capstone disassembler v4.0 is out! Nguyen Anh Quynh (Dec 21)

Nicholas Luedtke

Tracking Linux Kernel Vulnerabilities Nicholas Luedtke (Dec 14)

Prashast Srivastava

Multiple vulnerabilities found in Trendnet routers and IP Cameras. Prashast Srivastava (Dec 09)

Rafael Pedrero

CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 Rafael Pedrero (Dec 21)
[CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) Rafael Pedrero (Dec 07)
[CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method Rafael Pedrero (Dec 07)
CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631) Rafael Pedrero (Dec 21)

SEC Consult Vulnerability Lab

SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol SEC Consult Vulnerability Lab (Dec 05)

Tyler Cui

[CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)
[CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)
[CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)

zzt0907

LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) zzt0907 (Dec 21)
Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) zzt0907 (Dec 21)

Previous period

Next period