Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

73 messages starting May 15 18 and ending May 28 18
Date index | Thread index | Author index

Akshay Sharma

Multiple Arris Touchstone Gateway Vulnerabilities Akshay Sharma (May 15)

Alan Coopersmith

Re: taglib 1.11.1 vuln Alan Coopersmith (May 29)

Alfredo Ortega

CVE-2018-10994: HTML tag injection in Signal-desktop Alfredo Ortega (May 15)
CVE-2018-11101: Signal-desktop HTML tag injection variant 2 Alfredo Ortega (May 16)

Amine Taouirsa

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 Amine Taouirsa (May 28)
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 Amine Taouirsa (May 28)

Apple Product Security

APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 Apple Product Security (May 07)
APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 Apple Product Security (May 08)

bear.xiong

vcftools 0.1.15 vuln bugs bear.xiong (May 16)
PDFParser vulnerability bear.xiong (May 16)

Core Security Advisories Team

[CORE-2018-0001] TP-Link EAP Controller Multiple Vulnerabilities Core Security Advisories Team (May 03)
[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities Core Security Advisories Team (May 31)
[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities Core Security Advisories Team (May 31)

Davide Lombardo

Privilege escalation on Windows10/x by shortcut alteration. Davide Lombardo (May 16)

debug

airgapping kvm switch debug (May 01)

Derrek Bertrand

Re: Unvalidated Redirect in Shibboleth component of Blackboard Derrek Bertrand (May 01)

dxw Security

CSRF in WP User Groups allows anybody to modify user groups and types (WordPress plugin) dxw Security (May 11)
Stored XSS in WP ULike allows unauthorised users to do almost anything an admin can (WordPress plugin) dxw Security (May 14)
CSRF in Metronet Tag Manager allows anybody to do almost anything an admin can (WordPress plugin) dxw Security (May 15)
WP ULike allows anybody to delete any row in any WordPress table (WordPress plugin) dxw Security (May 14)

EMC Product Security Response Center

DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities EMC Product Security Response Center (May 28)
DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability EMC Product Security Response Center (May 03)
DSA-2018-086: RSA® Authentication Manager Multiple Vulnerabilities EMC Product Security Response Center (May 04)

Emin Ghuliev

WindScribe VPN 1.81 Privilege Escalation Emin Ghuliev (May 28)

Harry Sintonen

foilChat sign up email PIN confirmation bypass Harry Sintonen (May 29)
GNU Wget Cookie Injection [CVE-2018-0494] Harry Sintonen (May 07)

Himanshu Mehta

CVE-2018-11551 AXON PBX DLL Loading Arbitrary Code Execution & Privilege Escalation Vulnerability Himanshu Mehta (May 30)
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Himanshu Mehta (May 30)

hyp3rlinx

Microsoft Windows "FxCop" v10-12 / XML External Entity Injection hyp3rlinx (May 11)

Imre Rad

CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities Imre Rad (May 13)

Javier Bernardo

CVE-2018-10201 – Ncomputing vSpace Pro Directory Traversal Vulnerability Javier Bernardo (May 08)

jerinjoy

Authentication Bypass in Accellion Kiteworks jerinjoy (May 28)

Joe Gray

Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA (CVE-2018-10641) Joe Gray (May 04)

Kotas, Kevin J

CA20180501-01: Security Notice for CA Spectrum Kotas, Kevin J (May 03)

matthew f

ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities matthew f (May 01)

Mohd Hanafie

Buffer overflow in xls2csv (xlsparse.c:716) - catdoc Mohd Hanafie (May 13)

n0ipr0cs

XSS in Flexense DiskSavvy, affects all versions n0ipr0cs (May 01)
XSS in Flexense SyncBreeze, affects all versions n0ipr0cs (May 01)
XSS in Flexense DupScout, affects all versions n0ipr0cs (May 01)
XSS in Flexense DiskSorter, affects all versions n0ipr0cs (May 01)
XSS in Flexense VX Search, affects all versions n0ipr0cs (May 01)
XSS in Flexense DiskPulse, affects all versions n0ipr0cs (May 01)
XSS-Flexense-DiskBoss-Enterprise-all-versions n0ipr0cs (May 01)

Nightwatch Cybersecurity Research

Android OS Didn’t use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] Nightwatch Cybersecurity Research (May 28)

nullbyte

Reptile: a LKM rootkit written for evil purposes nullbyte (May 28)

Pedro Ribeiro

[CVE-2018-1418] IBM QRadar SIEM unauthenticated remote code execution as root Pedro Ribeiro (May 28)

pzpcve180528

SharePoint Site User Enumeration pzpcve180528 (May 28)

Qualys Security Advisory

Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory (May 28)

Sebastian Neuner via Fulldisclosure

Re: Vulnerabilities in IBMs Flashsystems and Storwize Products Sebastian Neuner via Fulldisclosure (May 13)
Vulnerabilities in IBMs Flashsystems and Storwize Products Sebastian Neuner via Fulldisclosure (May 11)

SEC Consult Vulnerability Lab

SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle SEC Consult Vulnerability Lab (May 29)
SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) SEC Consult Vulnerability Lab (May 03)
Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet SEC Consult Vulnerability Lab (May 14)
SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet SEC Consult Vulnerability Lab (May 14)
SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager SEC Consult Vulnerability Lab (May 16)

service () baimaohui net

Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919) service () baimaohui net (May 01)
SSRF（Server Side Request Forgery） in Cockpit 0.4.4-0.5.5 (CVE-2018-9302) service () baimaohui net (May 01)

sosumi

Keeper Commander sosumi (May 15)

Stefan Kanthak

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy Stefan Kanthak (May 08)

Stephen Shkardoon

Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution Stephen Shkardoon (May 01)

Sysdream Labs

[CVE-2018-10094] Dolibarr SQL Injection vulnerability Sysdream Labs (May 28)
Dolibarr XSS Injection vulnerability Sysdream Labs (May 28)
[CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability Sysdream Labs (May 28)

Tomi Tuominen

t2'18: Call For Papers 2018 (Helsinki, Finland) Tomi Tuominen (May 11)

Vadim Zhukov

Re: Buffer overflow in xls2csv (xlsparse.c:716) - catdoc Vadim Zhukov (May 15)

Vangelis Stykas

Calamp.com Incorrect privilege assignment could lead to full user and vehicle compromise Vangelis Stykas (May 15)
Calamp.com Incorrect privilege assignment could lead to full user compromise Vangelis Stykas (May 13)

Xiaoran Wang via Fulldisclosure

JDA Warehouse Management System (WMS) Multiple Critical Vulnerabilities Xiaoran Wang via Fulldisclosure (May 28)
JDA Connect Multiple Critical Vulnerabilities Xiaoran Wang via Fulldisclosure (May 28)

xiaotian.wang

NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability xiaotian.wang (May 28)

Yavuz Atlas

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting Yavuz Atlas (May 28)

熊文彬

libmobi 0.3 vulns 熊文彬 (May 28)
taglib 1.11.1 vuln 熊文彬 (May 28)

Previous period

Next period