Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
89 messages
starting Aug 01 14 and
ending Aug 31 14
Date index |
Thread index |
Author index
Friday, 01 August
Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab
Saturday, 02 August
C++11 <regex> insecure by default [CXSEC]
Monday, 04 August
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability Vulnerability Lab
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability Vulnerability Lab
CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall Portcullis Advisories
Superfish 7.x Minor Cross Site Scripting Vulnerability Ubani Balogun
Paypal Complete 2-Factor Authentication(2FA) Bypass Exploit. Working as of August 5th, 2014. Joshua Rogers
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] Mike Antcliffe
LinkedIn User Account Handling Vulnerability(s) Kishor Sonawane
HybridAuth <= 2.1.2 Remote Code Execution Pichaya Morimoto
Microsoft Exchange Multiple Vulnerabilities Nathan Power
Re: XXE Injection in HP Release Control Douglas Held
Outdated Software on Huffington Post BM-2cUyyVgPPf214fLtM7Kj9NxMSmKpdkYnog
Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman
Re: Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman
Re: Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing] coderman
Re: XXE Injection in HP Release Control Brandon Perry
Re: Superfish 7.x Minor Cross Site Scripting Vulnerability Greg Knaddison
(kind of) new tool: american fuzzy lop Michal Zalewski
Tuesday, 05 August
SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director SEC Consult Vulnerability Lab
(CVE-2014-3500/1/2) Apache Cordova for Android - Multiple Vulnerabilities David Kaplan
HybridAuth <= 2.2.2 Remote Code Execution (0-day again) Pichaya Morimoto
Wednesday, 06 August
PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability Vulnerability Lab
PhotoSync v2.2 iOS - Command Inject Web Vulnerability Vulnerability Lab
Thursday, 07 August
TomatoCart v1.x (latest-stable) Multiple Vulnerabilities Kenny Mathis
Vulnerabilities in Vembu Backup and Disaster Recovery addressed Len Srinivasan
Outlook XML Bomb? Melchior Limacher
nullcon CFP is open nullcon
Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities Vulnerability Lab
Tuesday, 12 August
Perverting Embedded Devices - ZKSoftware Fingerprint Reader (Part I) Francisco Amato
CS-Cart v4.2.0 Session Hijack and Other Vulnerabilities Nik Cubrilovic
“Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header Stefan Paletta
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak
CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service Gregory Pickett
Multiple Vulnerabilities in Disqus for Wordpress v2.7.5 Nik Cubrilovic
Re: Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files Reindl Harald
Wednesday, 13 August
mind tricks and other hacks Pete Herzog
[TOOL] Haka v0.2 release! Mehdi Talbi
Thursday, 14 August
Optical Society of America's peer-review system can leaks reviewers' usernames peter . wiedekind
Friday, 15 August
Re: [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header Adam Dodson
XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 William Costa
Reminder: CFP closes next week for PacSec.jp in Tokyo Nov12-13 Dragos Ruiu
Saturday, 16 August
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs Stefan Kanthak
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) Stefan Kanthak
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) Stefan Kanthak
CSRF in Disqus for Wordpress 2.77 Voxel@Night
Sunday, 17 August
Outlook.com for Android fails to validate server certificates Securify B.V.
Monday, 18 August
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik
Hilariously Bad SQRL Implementation Scott Arciszewski
VISA USA VULNERABILITY labz
Tuesday, 19 August
PRESS RELEASE :: Phuture Conference Denver OCT 11 stevyn prothero
Wednesday, 20 August
CVE-2014-4973 - Privilege Escalation in ESET Windows Products Portcullis Advisories
CVE-2014-5307 - Privilege Escalation in Panda Security Products Portcullis Advisories
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin) dxw Security
[The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) Pedro Ribeiro
WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5 surivaton surivaton
[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow CORE Advisories Team
Re: Hilariously Bad SQRL Implementation Scott Arciszewski
Re: Hilariously Bad SQRL Implementation Travis Biehn
Thursday, 21 August
Re: Hilariously Bad SQRL Implementation Sanguinarious
DoS attacks (ICMPv6-based) resulting from IPv6 EH drops Fernando Gont
Monday, 25 August
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707) Vulnerability Lab
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699) Vulnerability Lab
CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi. J. Tozo
ntopng 1.2.0 XSS injection using monitored network traffic Steffen Bauch
Re: Hilariously Bad SQRL Implementation Scott Arciszewski
MyBB 1.6 - MyAwards CSRF surivaton surivaton
RCE in dragonfly gem leex
CVE-2014-5119 glibc __gconv_translit_find() exploit Tavis Ormandy
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification advisories
Tuesday, 26 August
VMware vm-support multiple vulnerabilities Dolev Farhi
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks Fernando Gont
Mathematica10.0.0 on Linux /tmp/MathLink vulnerability paul . szabo
ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930] Contarino, Rodrigo (LATCO - Buenos Aires)
Wednesday, 27 August
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro
Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro
PHP-Wiki Command Injection Benjamin Harris
XRMS SQLi to RCE 0day Benjamin Harris
Actual Analyzer Unauthenticated Command Execution Benjamin Harris
Thursday, 28 August
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Disclosure
SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting SEC Consult Vulnerability Lab
F5 Unauthenticated rsync access to Remote Root Code Execution Thomas Hibbert
Friday, 29 August
[CVE-2014-5440] MX-SmartTimer SQL Injection Seybold, Juan (LATCO - Buenos Aires)
Re: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert Pedro Ribeiro
Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) Pedro Ribeiro
Sunday, 31 August
Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities Advisories
XSS vulnerability in In-Portal CMS MustLive
[The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central Pedro Ribeiro