Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

79 messages starting Mar 23 18 and ending Mar 13 18
Date index | Thread index | Author index

Agostino Panico

BSidesMilano Event and CFP Agostino Panico (Mar 23)

Alex BALAN

Re: BitDefender Total Security 2018 - Insecure Pipe Permissions Alex BALAN (Mar 13)

Apple Product Security

APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-3 tvOS 11.3 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-1 iOS 11.3 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-4 Xcode 9.3 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-6 Safari 11.1 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-2 watchOS 4.3 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows Apple Product Security (Mar 30)

Core Security Advisories Team

[CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow Core Security Advisories Team (Mar 15)

Cristiano Maruti

Tuleap SQL Injection Cristiano Maruti (Mar 09)

Defense Code

DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products Defense Code (Mar 06)
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities Defense Code (Mar 06)
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes Defense Code (Mar 06)
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery Defense Code (Mar 06)

EMC Product Security Response Center

DSA-2018-038: RSA Archer GRC Platform Multiple Vulnerabilities EMC Product Security Response Center (Mar 06)
DSA-2018-011: RSA Identity Governance and Lifecycle Privilege Escalation Vulnerability EMC Product Security Response Center (Mar 06)
DSA-2018-040: RSA® Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities EMC Product Security Response Center (Mar 27)
DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities EMC Product Security Response Center (Mar 22)
DSA-2018-020: Dell EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Product Security Response Center (Mar 09)
DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities EMC Product Security Response Center (Mar 27)
DSA-2018-037: Dell EMC NetWorker Buffer Overflow Vulnerability EMC Product Security Response Center (Mar 18)

filipe

10-Strike Network Monitor 5.4 - Unquoted Service Path filipe (Mar 09)
Rapid Scada - 5.5.0 - Insecure Permissions filipe (Mar 06)
Panda Global Security 17.0.1 - Unquoted service path filipe (Mar 09)
Hola VPN 1.79.859 - Insecure service permissions filipe (Mar 09)
WPS Free Office 10.2.0.5978 - NULL DACL grants full access filipe (Mar 09)
Panda Global Security 17.0.1 - NULL DACL grants full access filipe (Mar 09)
BitDefender Total Security 2018 - Insecure Pipe Permissions filipe (Mar 09)

Gustavo Sorondo

Multiple SQL injection vulnerabilities in Bacula-Web (CVE-2017-15367) Gustavo Sorondo (Mar 09)

Hate Shape

Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820) Hate Shape (Mar 27)

hyp3rlinx

WebLog Expert Web Server Enterprise v9.4 / Remote Denial Of Service CVE-2018-7582 hyp3rlinx (Mar 09)
DualDesk v20 "Proxy.exe" Server / Denial Of Service - CVE-2018-7583 hyp3rlinx (Mar 02)
Softros Network Time System Server v2.3.4 / Denial Of Service CVE-2018-7658 hyp3rlinx (Mar 06)
CVE-2018-7449 SEGGER embOS/IP FTP Server v3.22 / FTP CMDs Denial Of Service hyp3rlinx (Mar 02)
DEWESoft X3 SP1 (64-bit) installer / Remote Internal Command Access - CVE-2018-7756 hyp3rlinx (Mar 13)
WebLog Expert Web Server Enterprise v9.4 / Authentication Bypass CVE-2018-7581 hyp3rlinx (Mar 09)

keliikoa kirland

Re: new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland (Mar 27)
Re: new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland (Mar 27)
new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland (Mar 27)

Kevin R

CVE-2018-5708 Kevin R (Mar 30)

Kirill Shipulin

Another TCP based IDS bypass technique. CVE-2018-6794 Kirill Shipulin (Mar 02)

KoreLogic Disclosures

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures (Mar 06)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures (Mar 02)

Kotas, Kevin J

CA20180328-01: Security Notice for CA API Developer Portal Kotas, Kevin J (Mar 30)

Manuel Garcia Cardenas

SQL Injection in Textpattern <= 4.6.2 Manuel Garcia Cardenas (Mar 13)

Matthew Fernandez

Re: new email; gw22067 () hotmail com | Double-free segfault bypass Matthew Fernandez (Mar 30)

Michał Kędzior

LDAP Account Manager (6.2) CVE-2018-8763, CVE-2018-8764 Michał Kędzior (Mar 22)

Mohamed A. Baset

Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script Mohamed A. Baset (Mar 30)

MustLive

CSRF vulnerabilities in D-Link DGS-3000-10TC MustLive (Mar 02)

nicolas.buzy-debat

[CVE-2018-7422] Local File Inclusion (LFI) vulnerability in WordPress Site Editor Plugin nicolas.buzy-debat (Mar 18)

Nightwatch Cybersecurity Research

Content Injection in Samsung Display Solutions Application for Android [CVE-2018-6019] Nightwatch Cybersecurity Research (Mar 02)

okan coskun

ManageEngine Service Desk Plus < 9403 Cross-Site Scripting okan coskun (Mar 27)

Prajwal Panchmahalkar

c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops 2018 Open Prajwal Panchmahalkar (Mar 18)

psy

New release: UFONet v1.0 "TachY0n!" psy (Mar 22)

RedTeam Pentesting GmbH

[RT-SA-2018-001] Arbitrary Redirect in Tuleap RedTeam Pentesting GmbH (Mar 08)
[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites RedTeam Pentesting GmbH (Mar 13)

(RS) Tyler Schroder

RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213) (RS) Tyler Schroder (Mar 18)

Sandro Gauci

ES2018-05 Kamailio heap overflow Sandro Gauci (Mar 22)

SEC Consult Vulnerability Lab

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) SEC Consult Vulnerability Lab (Mar 14)
SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail SEC Consult Vulnerability Lab (Mar 12)

Securify B.V. via Fulldisclosure

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links Securify B.V. via Fulldisclosure (Mar 24)

service () baimaohui net

SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 （CVE-2017-16614） service () baimaohui net (Mar 30)

spinfoo via Fulldisclosure

CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo via Fulldisclosure (Mar 02)
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo via Fulldisclosure (Mar 06)

Sydream Labs

[CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability Sydream Labs (Mar 18)

Vulnerability Lab

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities Vulnerability Lab (Mar 27)
AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Mar 27)
Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities Vulnerability Lab (Mar 27)
PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$ Vulnerability Lab (Mar 13)
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability Vulnerability Lab (Mar 27)
PayPal Inc - New Venmo Bug Bounty Program Vulnerability Lab (Mar 13)

Williams, Ken

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center Williams, Ken (Mar 30)

WTS Research Team

Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys WTS Research Team (Mar 30)

x ksi

ModSecurity WAF 3.0 for Nginx - Denial of Service x ksi (Mar 22)
Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation x ksi (Mar 22)
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal x ksi (Mar 22)

Yuliya Pliavaka

hardwear.io CFP is Open & New Security Training in Berlin! Yuliya Pliavaka (Mar 13)

Previous period

Next period