Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

138 messages starting Dec 09 14 and ending Dec 15 14
Date index | Thread index | Author index

Adrian Furtuna

Releasing PuttyRider - for penetration testers Adrian Furtuna (Dec 09)

Agostino Sarubbo

Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo (Dec 08)

Alexander Lashkov

Positive Hack Days V — Call for Papers Alexander Lashkov (Dec 03)

Alfred Baroti

Interesting Backdoor Alfred Baroti (Dec 08)

Asterisk Security Team

AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team (Dec 10)

A. W.

Humhub insecure password validation and reset design A. W. (Dec 15)
Humhub SQL injection and multiple persistent XSS vulnerabilities A. W. (Dec 08)
Yii framework CmsInput extension improper XSS sanitation A. W. (Dec 03)

A Z

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z (Dec 03)

Barry Dorrans

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Barry Dorrans (Dec 04)

Ben Lincoln (F7EFC8C9 - FD)

Dictionary/brute-force attack against "kerberized" IIS service accounts without triggering account lockout Ben Lincoln (F7EFC8C9 - FD) (Dec 18)

Brandon Perry

BMC TrackIt! Unauthenticated Arbitrary Local System User Password Change Brandon Perry (Dec 11)

Brandon Vincent

Re: Interesting Backdoor Brandon Vincent (Dec 09)

C0r3dump3d

CVE-2014-9016 and CVE-2014-9034. Wordpress and Drupal DOS C0r3dump3d (Dec 03)

Colin Keigher

Call for Presenters - B-Sides Vancouver 2015 - March 16-17, 2015 in Vancouver, Canada Colin Keigher (Dec 09)

Daniel Busch

BSidesHH 2014 Daniel Busch (Dec 03)

dash

hack4 is coming - hackercon in berlin - date: end of the year 2014 dash (Dec 03)

Devsec Security Departament

XSS in WIX pages Devsec Security Departament (Dec 03)

Dragos Ruiu

Reminder and Extension CanSecWest CFP deadline tomorrow, December 30th. Dragos Ruiu (Dec 29)

Ed Tredgett

Re: Interesting Backdoor Ed Tredgett (Dec 09)

Egidio Romano

[KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability Egidio Romano (Dec 31)
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability Egidio Romano (Dec 31)
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability Egidio Romano (Dec 31)
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability Egidio Romano (Dec 31)
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability Egidio Romano (Dec 31)

Eric Windisch

Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch (Dec 15)

freeman

CALL FOR PAPERS - NUIT DU HACK - 20/21 JUNE 2015 freeman (Dec 23)

Gynvael Coldwind

Re: The Misfortune Cookie Vulnerability Gynvael Coldwind (Dec 22)

Hanno Böck

less out of bounds read access - TFPA 002/2014 Hanno Böck (Dec 03)

Hector Marco

Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 04)

Ivan .Heca

The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED Ivan .Heca (Dec 18)

James Hooker

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message James Hooker (Dec 03)

Jeffrey Walton

Sony: 22 Breaches and Counting Jeffrey Walton (Dec 08)

Jing Wang

CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 28)
CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities Jing Wang (Dec 29)
CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 18)
ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities Jing Wang (Dec 09)
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Dec 18)
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Jing Wang (Dec 09)
Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities Jing Wang (Dec 18)
CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Dec 09)
CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability Jing Wang (Dec 29)

Jon Hart

Re: The Misfortune Cookie Vulnerability Jon Hart (Dec 23)

Joshua Wright

Re: CVE-2014-8610 Android < 5.0 SMS resend vulnerability Joshua Wright (Dec 03)

J. Tozo

Graylog2-Web LDAP Injection - CVE-2014-9217 J. Tozo (Dec 22)

Kenneth Buckler

Keurig 2.0 Genuine K-Cup Spoofing Vulnerability Kenneth Buckler (Dec 09)

Kousuke Ebihara

RedCloth contains unfixed XSS vulnerability for 9 years Kousuke Ebihara (Dec 11)

LayerSEC Ltd

Re: iBackup v10.0.0.45 - Privilege Escalation Vulnerability LayerSEC Ltd (Dec 22)

Mark Steward

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Mark Steward (Dec 03)

Matteo Beccati

[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati (Dec 18)

Mazin Ahmed

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed (Dec 16)

Michal Zalewski

Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)
Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)

MustLive

BBC about Ukrainian Cyber Forces MustLive (Dec 22)
CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive (Dec 03)
BF and XSS vulnerabilities in D-Link DCS-2103 MustLive (Dec 18)
Vulnerabilities in Samsung SyncThru Web Service MustLive (Dec 22)
XSS and CSRF vulnerabilities in CMS Pylot MustLive (Dec 28)

nullcon

nullcon HackIM Challenge 9-11 Jan 2015 nullcon (Dec 29)

omarbv

Rooted CON 2014 talks (dubbed into english) are now online omarbv (Dec 15)

Onapsis Research Labs

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs (Dec 16)

Or Peles

SpoofedMe - Social Login Impersonation Attack Or Peles (Dec 04)

Paris Zoumpouloglou

Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Paris Zoumpouloglou (Dec 22)

Patrick Webster

ObSecure 360 unauthenticated SQL injection Patrick Webster (Dec 23)

Pedro Ribeiro

[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 03)
Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro (Dec 03)

Peter Thoeny

TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables Peter Thoeny (Dec 18)
TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Peter Thoeny (Dec 18)

Portcullis Advisories

CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories (Dec 10)
CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR Portcullis Advisories (Dec 05)
CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys] Portcullis Advisories (Dec 10)
CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories (Dec 10)

Project Zero Labs

CVE-2014-9330: Libtiff integer overflow in bmp2tiff Project Zero Labs (Dec 22)

RedTeam Pentesting GmbH

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure RedTeam Pentesting GmbH (Dec 01)
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf RedTeam Pentesting GmbH (Dec 01)
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components RedTeam Pentesting GmbH (Dec 02)
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire RedTeam Pentesting GmbH (Dec 01)

Sandro Gauci

Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)

SCADA StrangeLove

BOF(s) +SSRF in Honewell EPKS SCADA StrangeLove (Dec 16)

SEC Consult Vulnerability Lab

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab (Dec 18)
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab (Dec 19)
SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) SEC Consult Vulnerability Lab (Dec 18)
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab (Dec 18)

SECUPENT Research Center

Wordpress Frontend Uploader Cross Site Scripting(XSS) SECUPENT Research Center (Dec 27)

Security Explorations

[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations (Dec 06)
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations (Dec 16)

Seth Art

CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS) Seth Art (Dec 15)
CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF) Seth Art (Dec 15)

Shahar Tal

Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
The Misfortune Cookie Vulnerability Shahar Tal (Dec 18)

Shawn

Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Shawn (Dec 08)

Simo Ben youssef

Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef (Dec 09)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak (Dec 15)
Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable Stefan Kanthak (Dec 22)
Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ... Stefan Kanthak (Dec 27)

Steffen Rösemann

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Steffen Rösemann (Dec 23)
Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Steffen Rösemann (Dec 30)
CSRF vulnerability in CMS e107 v.2 alpha2 Steffen Rösemann (Dec 28)
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Steffen Rösemann (Dec 23)

Stephan.Rickauer

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 Stephan.Rickauer (Dec 03)

stephen () averagesecurityguy info

Coinbase User Enumeration stephen () averagesecurityguy info (Dec 08)

up201407890

/usr/bin/a2p buffer overflow up201407890 (Dec 28)

Vantage Point Security

VP-2014-004 SysAid Server Arbitrary File Disclosure Vantage Point Security (Dec 22)

VMware Security Response Center

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center (Dec 04)
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center (Dec 10)
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center (Dec 09)

Vulnerability Lab

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab (Dec 16)
Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab (Dec 17)
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab (Dec 25)
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab (Dec 18)
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab (Dec 17)
iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab (Dec 19)
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab (Dec 16)
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab (Dec 16)
Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab (Dec 17)
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab (Dec 18)
iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability Vulnerability Lab (Dec 16)
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab (Dec 16)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab (Dec 19)
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab (Dec 25)
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability Vulnerability Lab (Dec 05)
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab (Dec 25)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab (Dec 25)
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab (Dec 25)
Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab (Dec 18)
E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab (Dec 18)
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab (Dec 16)

Walter Hop

Multiple vulnerabilities in InfiniteWP Admin Panel Walter Hop (Dec 09)

waysea

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message waysea (Dec 03)

Williams, Ken

CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken (Dec 15)

庄容如

fulldisclosure：你的文件 庄容如 (Dec 15)

Previous period

Next period