Full Disclosure: by author
71 messages
starting Jan 18 19 and
ending Jan 04 19
Date index |
Thread index |
Author index
Alexander Lashkov
Become a speaker at PHDays 9! Alexander Lashkov (Jan 18)
Apple Product Security via Fulldisclosure
APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security via Fulldisclosure (Jan 25)
Daniel Bishtawi
Cross-site Scripting via XML Vulnerability in DNN 9.1 Daniel Bishtawi (Jan 25)
Reflected Cross-site Scripting in Mantis 2.11.1 Daniel Bishtawi (Jan 08)
Cross-site Scripting Vulnerability in Abantecart 1.2.12 Daniel Bishtawi (Jan 25)
Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Daniel Bishtawi (Jan 25)
Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Daniel Bishtawi (Jan 25)
Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Daniel Bishtawi (Jan 11)
Open Redirection Vulnerabilities in OrangeForum 1.4.0 Daniel Bishtawi (Jan 11)
Vulnerabilities in Zurmo 2.3.4 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Daniel Bishtawi (Jan 04)
Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 08)
Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0 Daniel Bishtawi (Jan 04)
Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6 Daniel Bishtawi (Jan 01)
Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14 Daniel Bishtawi (Jan 08)
XML External Entity Injection Vulnerability in BlogEngine 3.3 Daniel Bishtawi (Jan 11)
Daniel Jones via Fulldisclosure
CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb Daniel Jones via Fulldisclosure (Jan 04)
dxw Security
CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin) dxw Security (Jan 08)
Filip Palian
BMC Network Automation v8.7 - remote session hijacking. Filip Palian (Jan 04)
BMC Remedy + ITAM - multiple security issues. Filip Palian (Jan 04)
Hackira via Fulldisclosure
Call For Paper - leHACK - July 6th - July 7th, 2019 Hackira via Fulldisclosure (Jan 22)
Harry Sintonen
SCP client multiple vulnerabilities Harry Sintonen (Jan 15)
Henri Salo
Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo (Jan 15)
Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo (Jan 11)
Re: Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Henri Salo (Jan 29)
Re: Vulnerabilities in Zurmo 2.3.4 Henri Salo (Jan 08)
Re: Reflected Cross-site Scripting in Mantis 2.11.1 Henri Salo (Jan 11)
Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo (Jan 08)
hyp3rlinx
Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution hyp3rlinx (Jan 18)
Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution hyp3rlinx (Jan 25)
Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day hyp3rlinx (Jan 11)
James Williams via Fulldisclosure
CA20190124-01: Security Notice for CA Automic Workload Automation James Williams via Fulldisclosure (Jan 25)
Jaroslav Lobačevski
Path Traversal in Aspose.ZIP library Jaroslav Lobačevski (Jan 08)
Joxean Koret via Fulldisclosure
EuskalHack Security Congress Call For Papers Joxean Koret via Fulldisclosure (Jan 15)
Kevin Kotas via Fulldisclosure
CA20190117-01: Security Notice for CA Service Desk Manager Kevin Kotas via Fulldisclosure (Jan 22)
martin . heiland . lists
Open-Xchange Security Advisory 2018-12-31 martin . heiland . lists (Jan 04)
Nguyen Anh Quynh
Capstone v4.0.1 is out! Nguyen Anh Quynh (Jan 11)
Nightwatch Cybersecurity Research
Chrome Browser for Android Reveals Sensitive Hardware Information Nightwatch Cybersecurity Research (Jan 01)
Open-Xchange GmbH
Open-Xchange Security Advisory 2019-01-18 Open-Xchange GmbH (Jan 18)
Pedro Ribeiro
[Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE Pedro Ribeiro (Jan 22)
ProSec
CWE-80 XSS Bose Soundtouch App ProSec (Jan 04)
psy
New Release: UFONet v1.2 - "Armageddon!" psy (Jan 08)
Qualys Security Advisory
System Down: A systemd-journald exploit Qualys Security Advisory (Jan 11)
RedTeam Pentesting GmbH
[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH (Jan 24)
[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH (Jan 24)
[RT-SA-2018-004] Cisco RV320 Command Injection RedTeam Pentesting GmbH (Jan 24)
Rob Fuller
Call for Papers for ShmooCon Epilogue Closes Jan 1 Rob Fuller (Jan 01)
Sahil Dhar
Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x Sahil Dhar (Jan 08)
SEC Consult Vulnerability Lab
SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series) SEC Consult Vulnerability Lab (Jan 09)
SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab (Jan 24)
secure
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability secure (Jan 04)
DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability secure (Jan 01)
Security Explorations
[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations (Jan 22)
Simon Bieber
secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler Simon Bieber (Jan 15)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability Stefan Kanthak (Jan 18)
Sullo
RVAsec 2019 Call for Presentations (CFP) Sullo (Jan 24)
Sysdream Labs
[CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones Sysdream Labs (Jan 11)
[CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones Sysdream Labs (Jan 11)
Tyler Cui
Re: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)
Re: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)
Re: [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser X41 D-Sec GmbH Advisories (Jan 11)
zzt0907
/bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) zzt0907 (Jan 04)