Full Disclosure: by author
138 messages
starting Dec 09 14 and
ending Dec 15 14
Date index |
Thread index |
Author index
Adrian Furtuna
Releasing PuttyRider - for penetration testers Adrian Furtuna (Dec 09)
Agostino Sarubbo
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo (Dec 08)
Alexander Lashkov
Positive Hack Days V — Call for Papers Alexander Lashkov (Dec 03)
Alfred Baroti
Interesting Backdoor Alfred Baroti (Dec 08)
Asterisk Security Team
AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team (Dec 10)
A. W.
Humhub insecure password validation and reset design A. W. (Dec 15)
Humhub SQL injection and multiple persistent XSS vulnerabilities A. W. (Dec 08)
Yii framework CmsInput extension improper XSS sanitation A. W. (Dec 03)
A Z
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z (Dec 03)
Barry Dorrans
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Barry Dorrans (Dec 04)
Ben Lincoln (F7EFC8C9 - FD)
Dictionary/brute-force attack against "kerberized" IIS service accounts without triggering account lockout Ben Lincoln (F7EFC8C9 - FD) (Dec 18)
Brandon Perry
BMC TrackIt! Unauthenticated Arbitrary Local System User Password Change Brandon Perry (Dec 11)
Brandon Vincent
Re: Interesting Backdoor Brandon Vincent (Dec 09)
C0r3dump3d
CVE-2014-9016 and CVE-2014-9034. Wordpress and Drupal DOS C0r3dump3d (Dec 03)
Colin Keigher
Call for Presenters - B-Sides Vancouver 2015 - March 16-17, 2015 in Vancouver, Canada Colin Keigher (Dec 09)
Daniel Busch
BSidesHH 2014 Daniel Busch (Dec 03)
dash
hack4 is coming - hackercon in berlin - date: end of the year 2014 dash (Dec 03)
Devsec Security Departament
XSS in WIX pages Devsec Security Departament (Dec 03)
Dragos Ruiu
Reminder and Extension CanSecWest CFP deadline tomorrow, December 30th. Dragos Ruiu (Dec 29)
Ed Tredgett
Re: Interesting Backdoor Ed Tredgett (Dec 09)
Egidio Romano
[KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability Egidio Romano (Dec 31)
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability Egidio Romano (Dec 31)
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability Egidio Romano (Dec 31)
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability Egidio Romano (Dec 31)
Eric Windisch
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch (Dec 15)
freeman
CALL FOR PAPERS - NUIT DU HACK - 20/21 JUNE 2015 freeman (Dec 23)
Gynvael Coldwind
Re: The Misfortune Cookie Vulnerability Gynvael Coldwind (Dec 22)
Hanno Böck
less out of bounds read access - TFPA 002/2014 Hanno Böck (Dec 03)
Hector Marco
Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 04)
Ivan .Heca
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED Ivan .Heca (Dec 18)
James Hooker
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message James Hooker (Dec 03)
Jeffrey Walton
Sony: 22 Breaches and Counting Jeffrey Walton (Dec 08)
Jing Wang
CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 28)
CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities Jing Wang (Dec 29)
CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 18)
ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities Jing Wang (Dec 09)
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 18)
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Jing Wang (Dec 09)
Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities Jing Wang (Dec 18)
CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Dec 09)
CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability Jing Wang (Dec 29)
Jon Hart
Re: The Misfortune Cookie Vulnerability Jon Hart (Dec 23)
Joshua Wright
Re: CVE-2014-8610 Android < 5.0 SMS resend vulnerability Joshua Wright (Dec 03)
J. Tozo
Graylog2-Web LDAP Injection - CVE-2014-9217 J. Tozo (Dec 22)
Kenneth Buckler
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability Kenneth Buckler (Dec 09)
Kousuke Ebihara
RedCloth contains unfixed XSS vulnerability for 9 years Kousuke Ebihara (Dec 11)
LayerSEC Ltd
Re: iBackup v10.0.0.45 - Privilege Escalation Vulnerability LayerSEC Ltd (Dec 22)
Mark Steward
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Mark Steward (Dec 03)
Matteo Beccati
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati (Dec 18)
Mazin Ahmed
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed (Dec 16)
Michal Zalewski
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)
Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)
MustLive
BBC about Ukrainian Cyber Forces MustLive (Dec 22)
CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive (Dec 03)
BF and XSS vulnerabilities in D-Link DCS-2103 MustLive (Dec 18)
Vulnerabilities in Samsung SyncThru Web Service MustLive (Dec 22)
XSS and CSRF vulnerabilities in CMS Pylot MustLive (Dec 28)
nullcon
nullcon HackIM Challenge 9-11 Jan 2015 nullcon (Dec 29)
omarbv
Rooted CON 2014 talks (dubbed into english) are now online omarbv (Dec 15)
Onapsis Research Labs
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs (Dec 16)
Or Peles
SpoofedMe - Social Login Impersonation Attack Or Peles (Dec 04)
Paris Zoumpouloglou
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Paris Zoumpouloglou (Dec 22)
Patrick Webster
ObSecure 360 unauthenticated SQL injection Patrick Webster (Dec 23)
Pedro Ribeiro
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 03)
Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 03)
Peter Thoeny
TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables Peter Thoeny (Dec 18)
TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Peter Thoeny (Dec 18)
Portcullis Advisories
CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories (Dec 10)
CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR Portcullis Advisories (Dec 05)
CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys] Portcullis Advisories (Dec 10)
CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories (Dec 10)
Project Zero Labs
CVE-2014-9330: Libtiff integer overflow in bmp2tiff Project Zero Labs (Dec 22)
RedTeam Pentesting GmbH
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure RedTeam Pentesting GmbH (Dec 01)
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf RedTeam Pentesting GmbH (Dec 01)
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components RedTeam Pentesting GmbH (Dec 02)
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire RedTeam Pentesting GmbH (Dec 01)
Sandro Gauci
Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
SCADA StrangeLove
BOF(s) +SSRF in Honewell EPKS SCADA StrangeLove (Dec 16)
SEC Consult Vulnerability Lab
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab (Dec 18)
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab (Dec 19)
SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) SEC Consult Vulnerability Lab (Dec 18)
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab (Dec 18)
SECUPENT Research Center
Wordpress Frontend Uploader Cross Site Scripting(XSS) SECUPENT Research Center (Dec 27)
Security Explorations
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations (Dec 06)
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations (Dec 16)
Seth Art
CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS) Seth Art (Dec 15)
CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF) Seth Art (Dec 15)
Shahar Tal
Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
The Misfortune Cookie Vulnerability Shahar Tal (Dec 18)
Shawn
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Shawn (Dec 08)
Simo Ben youssef
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef (Dec 09)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak (Dec 15)
Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable Stefan Kanthak (Dec 22)
Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ... Stefan Kanthak (Dec 27)
Steffen Rösemann
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Steffen Rösemann (Dec 23)
Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Steffen Rösemann (Dec 30)
CSRF vulnerability in CMS e107 v.2 alpha2 Steffen Rösemann (Dec 28)
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Steffen Rösemann (Dec 23)
Stephan.Rickauer
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 Stephan.Rickauer (Dec 03)
stephen () averagesecurityguy info
Coinbase User Enumeration stephen () averagesecurityguy info (Dec 08)
up201407890
/usr/bin/a2p buffer overflow up201407890 (Dec 28)
Vantage Point Security
VP-2014-004 SysAid Server Arbitrary File Disclosure Vantage Point Security (Dec 22)
VMware Security Response Center
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center (Dec 04)
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center (Dec 10)
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center (Dec 09)
Vulnerability Lab
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab (Dec 16)
Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab (Dec 17)
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab (Dec 25)
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab (Dec 18)
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab (Dec 17)
iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab (Dec 16)
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab (Dec 16)
Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab (Dec 17)
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab (Dec 18)
iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability Vulnerability Lab (Dec 16)
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab (Dec 16)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab (Dec 19)
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability Vulnerability Lab (Dec 05)
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab (Dec 25)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab (Dec 18)
E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab (Dec 18)
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab (Dec 16)
Walter Hop
Multiple vulnerabilities in InfiniteWP Admin Panel Walter Hop (Dec 09)
waysea
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message waysea (Dec 03)
Williams, Ken
CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken (Dec 15)
庄容如
fulldisclosure:你的文件 庄容如 (Dec 15)