Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

89 messages starting Aug 15 14 and ending Aug 15 14
Date index | Thread index | Author index

Adam Dodson

Re: [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header Adam Dodson (Aug 15)

Advisories

Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities Advisories (Aug 31)
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification advisories (Aug 25)

Benjamin Harris

XRMS SQLi to RCE 0day Benjamin Harris (Aug 27)
PHP-Wiki Command Injection Benjamin Harris (Aug 27)
Actual Analyzer Unauthenticated Command Execution Benjamin Harris (Aug 27)

BM-2cUyyVgPPf214fLtM7Kj9NxMSmKpdkYnog

Outdated Software on Huffington Post BM-2cUyyVgPPf214fLtM7Kj9NxMSmKpdkYnog (Aug 04)

Brandon Perry

Re: XXE Injection in HP Release Control Brandon Perry (Aug 04)

coderman

Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman (Aug 04)
Re: Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman (Aug 04)
Re: Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman (Aug 04)

Contarino, Rodrigo (LATCO - Buenos Aires)

ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930] Contarino, Rodrigo (LATCO - Buenos Aires) (Aug 26)

CORE Advisories Team

[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow CORE Advisories Team (Aug 20)

[CXSEC]

C++11 <regex> insecure by default [CXSEC] (Aug 02)

David Kaplan

(CVE-2014-3500/1/2) Apache Cordova for Android - Multiple Vulnerabilities David Kaplan (Aug 05)

Dirk-Willem van Gulik

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik (Aug 18)

Disclosure

Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Disclosure (Aug 28)

Dolev Farhi

VMware vm-support multiple vulnerabilities Dolev Farhi (Aug 26)

Douglas Held

Re: XXE Injection in HP Release Control Douglas Held (Aug 04)

Dragos Ruiu

Reminder: CFP closes next week for PacSec.jp in Tokyo Nov12-13 Dragos Ruiu (Aug 15)

dxw Security

Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin) dxw Security (Aug 20)

Fernando Gont

DoS attacks (ICMPv6-based) resulting from IPv6 EH drops Fernando Gont (Aug 21)
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks Fernando Gont (Aug 26)

Francisco Amato

Perverting Embedded Devices - ZKSoftware Fingerprint Reader (Part I) Francisco Amato (Aug 12)

Greg Knaddison

Re: Superfish 7.x Minor Cross Site Scripting Vulnerability Greg Knaddison (Aug 04)

Gregory Pickett

CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service Gregory Pickett (Aug 12)

Joshua Rogers

Paypal Complete 2-Factor Authentication(2FA) Bypass Exploit. Working as of August 5th, 2014. Joshua Rogers (Aug 04)

J. Tozo

CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi. J. Tozo (Aug 25)

Kenny Mathis

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities Kenny Mathis (Aug 07)

Kishor Sonawane

LinkedIn User Account Handling Vulnerability(s) Kishor Sonawane (Aug 04)

labz

VISA USA VULNERABILITY labz (Aug 18)

leex

RCE in dragonfly gem leex (Aug 25)

Len Srinivasan

Vulnerabilities in Vembu Backup and Disaster Recovery addressed Len Srinivasan (Aug 07)

Mehdi Talbi

[TOOL] Haka v0.2 release! Mehdi Talbi (Aug 13)

Melchior Limacher

Outlook XML Bomb? Melchior Limacher (Aug 07)

Michal Zalewski

(kind of) new tool: american fuzzy lop Michal Zalewski (Aug 04)

Mike Antcliffe

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] Mike Antcliffe (Aug 04)

MustLive

XSS vulnerability in In-Portal CMS MustLive (Aug 31)

Nathan Power

Microsoft Exchange Multiple Vulnerabilities Nathan Power (Aug 04)

Nik Cubrilovic

Multiple Vulnerabilities in Disqus for Wordpress v2.7.5 Nik Cubrilovic (Aug 12)
CS-Cart v4.2.0 Session Hijack and Other Vulnerabilities Nik Cubrilovic (Aug 12)

nullcon

nullcon CFP is open nullcon (Aug 07)

paul . szabo

Mathematica10.0.0 on Linux /tmp/MathLink vulnerability paul . szabo (Aug 26)

Pedro Ribeiro

[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro (Aug 27)
[The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central Pedro Ribeiro (Aug 31)
Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) Pedro Ribeiro (Aug 29)
Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro (Aug 29)
Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro (Aug 27)
[The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) Pedro Ribeiro (Aug 20)

Pete Herzog

mind tricks and other hacks Pete Herzog (Aug 13)

peter . wiedekind

Optical Society of America's peer-review system can leaks reviewers' usernames peter . wiedekind (Aug 14)

Pichaya Morimoto

HybridAuth <= 2.1.2 Remote Code Execution Pichaya Morimoto (Aug 04)
HybridAuth <= 2.2.2 Remote Code Execution (0-day again) Pichaya Morimoto (Aug 05)

Portcullis Advisories

CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall Portcullis Advisories (Aug 04)
CVE-2014-4973 - Privilege Escalation in ESET Windows Products Portcullis Advisories (Aug 20)
CVE-2014-5307 - Privilege Escalation in Panda Security Products Portcullis Advisories (Aug 20)

Reindl Harald

Re: Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files Reindl Harald (Aug 12)

Sanguinarious

Re: Hilariously Bad SQRL Implementation Sanguinarious (Aug 21)

Scott Arciszewski

Re: Hilariously Bad SQRL Implementation Scott Arciszewski (Aug 25)
Re: Hilariously Bad SQRL Implementation Scott Arciszewski (Aug 20)
Hilariously Bad SQRL Implementation Scott Arciszewski (Aug 18)

SEC Consult Vulnerability Lab

SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting SEC Consult Vulnerability Lab (Aug 28)
SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director SEC Consult Vulnerability Lab (Aug 05)

Securify B.V.

Outlook.com for Android fails to validate server certificates Securify B.V. (Aug 17)

Seybold, Juan (LATCO - Buenos Aires)

[CVE-2014-5440] MX-SmartTimer SQL Injection Seybold, Juan (LATCO - Buenos Aires) (Aug 29)

Stefan Kanthak

Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) Stefan Kanthak (Aug 16)
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak (Aug 12)
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs Stefan Kanthak (Aug 16)
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) Stefan Kanthak (Aug 16)

Stefan Paletta

“Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header Stefan Paletta (Aug 12)

Steffen Bauch

ntopng 1.2.0 XSS injection using monitored network traffic Steffen Bauch (Aug 25)

stevyn prothero

PRESS RELEASE :: Phuture Conference Denver OCT 11 stevyn prothero (Aug 19)

surivaton surivaton

MyBB 1.6 - MyAwards CSRF surivaton surivaton (Aug 25)
WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5 surivaton surivaton (Aug 20)

Tavis Ormandy

CVE-2014-5119 glibc __gconv_translit_find() exploit Tavis Ormandy (Aug 25)

Thomas Hibbert

F5 Unauthenticated rsync access to Remote Root Code Execution Thomas Hibbert (Aug 28)

Travis Biehn

Re: Hilariously Bad SQRL Implementation Travis Biehn (Aug 20)

Ubani Balogun

Superfish 7.x Minor Cross Site Scripting Vulnerability Ubani Balogun (Aug 04)

Voxel@Night

CSRF in Disqus for Wordpress 2.77 Voxel@Night (Aug 16)

Vulnerability Lab

Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities Vulnerability Lab (Aug 07)
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability Vulnerability Lab (Aug 04)
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab (Aug 04)
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699) Vulnerability Lab (Aug 25)
PhotoSync v2.2 iOS - Command Inject Web Vulnerability Vulnerability Lab (Aug 06)
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707) Vulnerability Lab (Aug 25)
Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab (Aug 01)
PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability Vulnerability Lab (Aug 06)
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Aug 04)

William Costa

XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 William Costa (Aug 15)

Previous period

Next period