Full Disclosure: by date

PreviousPrevious period
Next periodNext

138 messages starting Dec 01 14 and ending Dec 31 14
Date index | Thread index | Author index

Monday, 01 December

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf RedTeam Pentesting GmbH
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire RedTeam Pentesting GmbH
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure RedTeam Pentesting GmbH

Tuesday, 02 December

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components RedTeam Pentesting GmbH

Wednesday, 03 December

CVE-2014-9016 and CVE-2014-9034. Wordpress and Drupal DOS C0r3dump3d
Yii framework CmsInput extension improper XSS sanitation A. W.
hack4 is coming - hackercon in berlin - date: end of the year 2014 dash
less out of bounds read access - TFPA 002/2014 Hanno Böck
Re: CVE-2014-8610 Android < 5.0 SMS resend vulnerability Joshua Wright
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro
XSS in WIX pages Devsec Security Departament
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 Stephan.Rickauer
CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message waysea
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Mark Steward
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message James Hooker
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z
Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 Pedro Ribeiro
BSidesHH 2014 Daniel Busch
Positive Hack Days V — Call for Papers Alexander Lashkov

Thursday, 04 December

Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message Barry Dorrans
Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco
SpoofedMe - Social Login Impersonation Attack Or Peles
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities VMware Security Response Center

Friday, 05 December

CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR Portcullis Advisories
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability Vulnerability Lab

Saturday, 06 December

[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) Security Explorations

Monday, 08 December

Sony: 22 Breaches and Counting Jeffrey Walton
Coinbase User Enumeration stephen () averagesecurityguy info
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux Shawn
Humhub SQL injection and multiple persistent XSS vulnerabilities A. W.
Interesting Backdoor Alfred Baroti

Tuesday, 09 December

NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Response Center
CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Jing Wang
ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities Jing Wang
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability Kenneth Buckler
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef
Call for Presenters - B-Sides Vancouver 2015 - March 16-17, 2015 in Vancouver, Canada Colin Keigher
Re: Interesting Backdoor Brandon Vincent
Re: Interesting Backdoor Ed Tredgett
Releasing PuttyRider - for penetration testers Adrian Furtuna
Multiple vulnerabilities in InfiniteWP Admin Panel Walter Hop

Wednesday, 10 December

NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities VMware Security Response Center
CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories
CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys] Portcullis Advisories
CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys] Portcullis Advisories
AST-2014-019: Remote Crash Vulnerability in WebSocket Server Asterisk Security Team

Thursday, 11 December

BMC TrackIt! Unauthenticated Arbitrary Local System User Password Change Brandon Perry
RedCloth contains unfixed XSS vulnerability for 9 years Kousuke Ebihara

Monday, 15 December

Humhub insecure password validation and reset design A. W.
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch
Rooted CON 2014 talks (dubbed into english) are now online omarbv
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... Stefan Kanthak
CA20141215-01: Security Notice for CA LISA Release Automation Williams, Ken
fulldisclosure:你的文件 庄容如
CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF) Seth Art
CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS) Seth Art

Tuesday, 16 December

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) Security Explorations
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA Onapsis Research Labs
iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability Vulnerability Lab
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability Vulnerability Lab
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability Vulnerability Lab
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability Vulnerability Lab
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability Vulnerability Lab
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability Vulnerability Lab
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Mazin Ahmed
BOF(s) +SSRF in Honewell EPKS SCADA StrangeLove

Wednesday, 17 December

Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability Vulnerability Lab
Morfy CMS v1.05 - Command Execution Vulnerability Vulnerability Lab
Jease CMS v2.11 - Persistent UI Web Vulnerability Vulnerability Lab

Thursday, 18 December

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability Vulnerability Lab
E-Journal CMS (ID) - Multiple Web Vulnerabilities Vulnerability Lab
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability Vulnerability Lab
Apple iOS v8.x - Message Context & Privacy Vulnerability Vulnerability Lab
SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) SEC Consult Vulnerability Lab
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted SEC Consult Vulnerability Lab
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager SEC Consult Vulnerability Lab
Dictionary/brute-force attack against "kerberized" IIS service accounts without triggering account lockout Ben Lincoln (F7EFC8C9 - FD)
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED Ivan .Heca
TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables Peter Thoeny
TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Peter Thoeny
CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability Jing Wang
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability Jing Wang
BF and XSS vulnerabilities in D-Link DCS-2103 MustLive
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities Matteo Beccati
The Misfortune Cookie Vulnerability Shahar Tal
Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities Jing Wang
Re: The Misfortune Cookie Vulnerability Michal Zalewski

Friday, 19 December

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor SEC Consult Vulnerability Lab
iBackup v10.0.0.45 - Privilege Escalation Vulnerability Vulnerability Lab
Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 - Privilege Escalation Vulnerability Vulnerability Lab
Facebook BB #18 - IDOR Issue & Privacy Vulnerability Vulnerability Lab

Monday, 22 December

Re: The Misfortune Cookie Vulnerability Gynvael Coldwind
Re: iBackup v10.0.0.45 - Privilege Escalation Vulnerability LayerSEC Ltd
Graylog2-Web LDAP Injection - CVE-2014-9217 J. Tozo
CVE-2014-9330: Libtiff integer overflow in bmp2tiff Project Zero Labs
VP-2014-004 SysAid Server Arbitrary File Disclosure Vantage Point Security
BBC about Ukrainian Cyber Forces MustLive
Re: The Misfortune Cookie Vulnerability Sandro Gauci
Re: The Misfortune Cookie Vulnerability Shahar Tal
Re: The Misfortune Cookie Vulnerability Shahar Tal
Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable Stefan Kanthak
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski
Vulnerabilities in Samsung SyncThru Web Service MustLive
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Paris Zoumpouloglou

Tuesday, 23 December

ObSecure 360 unauthenticated SQL injection Patrick Webster
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Steffen Rösemann
CALL FOR PAPERS - NUIT DU HACK - 20/21 JUNE 2015 freeman
Re: The Misfortune Cookie Vulnerability Jon Hart
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Steffen Rösemann

Thursday, 25 December

Facebook Bug Bounty #17 - Migrate Privacy Vulnerability Vulnerability Lab
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability Vulnerability Lab
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability Vulnerability Lab
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability Vulnerability Lab
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability Vulnerability Lab
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities Vulnerability Lab
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability Vulnerability Lab

Saturday, 27 December

Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ... Stefan Kanthak
Wordpress Frontend Uploader Cross Site Scripting(XSS) SECUPENT Research Center

Sunday, 28 December

XSS and CSRF vulnerabilities in CMS Pylot MustLive
CSRF vulnerability in CMS e107 v.2 alpha2 Steffen Rösemann
CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability Jing Wang
/usr/bin/a2p buffer overflow up201407890

Monday, 29 December

CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability Jing Wang
CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities Jing Wang
Reminder and Extension CanSecWest CFP deadline tomorrow, December 30th. Dragos Ruiu
nullcon HackIM Challenge 9-11 Jan 2015 nullcon

Tuesday, 30 December

Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Steffen Rösemann

Wednesday, 31 December

[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability Egidio Romano
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability Egidio Romano
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability Egidio Romano
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability Egidio Romano
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability Egidio Romano
PreviousPrevious period
Next periodNext