Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
167 messages
starting Jul 01 14 and
ending Jul 31 14
Date index |
Thread index |
Author index
Tuesday, 01 July
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom SEC Consult Vulnerability Lab
HTML5 Modern Day Attack And Defence Vectors Rafay Baloch
Iron Mountain doesn't take physical security seriously freddielarge
IDGuard v0.60 Gregory Pickett
Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Lukasz Biegaj
Re: AV scan on read vs write debate.... Yoann Gini
Re: AV scan on read vs write debate.... Carlos P
BlackArch Linux: New ISOs and more. Black Arch
Project Saltstrap and Instance-Tor Project Un1c0rn
Re: Back To The Future: Unix Wildcards Gone Wild Phil Pennock
Re: Back To The Future: Unix Wildcards Gone Wild Nick Lindridge
Re: AV scan on read vs write debate.... Joe Brown
Re: AV scan on read vs write debate.... Reindl Harald
Saturday, 05 July
Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A) Curesec Research Team
Raritan IPMI vulnerability Jörg Kost
new pen-test tool! Pete Herzog
Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796) Michail Strokin
Finding page including parameters with google dorks rai
Re: AV scan on read vs write debate.... Victor Aguilar
Re: Iron Mountain doesn't take physical security seriously Hinky Dink
Re: Iron Mountain doesn't take physical security seriously Sanguinarious
Monday, 07 July
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability Vulnerability Lab
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability Vulnerability Lab
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability Vulnerability Lab
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability Vulnerability Lab
Resubmission of exploits Akra Macha
Re: Iron Mountain doesn't take physical security seriously Todd Weiler
Re: new pen-test tool! Árpád Magosányi
Re: new pen-test tool! Keira Cran
Re: Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796) Cody Tarrant
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries Stefan Kanthak
Tuesday, 08 July
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX Portcullis Advisories
Root command injection in ext-pack name for Virtualbox because of GKSu Brandon Perry
Re: new pen-test tool! Jim Credland
Wednesday, 09 July
InvGate Service Desk post-auth SQL injection as non-privileged user Brandon Perry
CVE-2014-3418 - OS Command Injection Infoblox Network Automation Nate Kettlewell
FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO) Lee
TxDOT fixes security issues with txtag.org David Longenecker
Thursday, 10 July
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab
SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop SEC Consult Vulnerability Lab
SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system SEC Consult Vulnerability Lab
SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu SEC Consult Vulnerability Lab
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment) Vulnerability Vulnerability Lab
Dell Scrutinizer 11.01 multiple vulnerabilities Brandon Perry
Re: FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO) Nick Boyce
Is the era of ezine txt files over? rai
Should it be better ... Pablo
Re: Should it be better ... Fyodor
Re: Is the era of ezine txt files over? Matt Simmons
Re: Is the era of ezine txt files over? Scott Arciszewski
Re: Is the era of ezine txt files over? Aaron Peterson
Improperly Issued Digital Certificates Could Allow Spoofing Jeffrey Walton
Re: FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO) Brandon Perry
Re: Should it be better ... Brandon Perry
Meta: List moderation Dave Horsfall
Re: Meta: List moderation Fyodor
Friday, 11 July
QNAP TS-469U shadow file world readable Melchior Limacher
Re: QNAP TS-469U shadow file world readable Joerg Mertin
Re: QNAP TS-469U shadow file world readable Erik Auerswald
Re: Is the era of ezine txt files over? Berend-Jan Wever
Re: QNAP TS-469U shadow file world readable David Kennedy
Re: Is the era of ezine txt files over? Daniel Miller
Re: Is the era of ezine txt files over? Chris Schmidt
Re: Is the era of ezine txt files over? Noah Axon
Sunday, 13 July
XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress MustLive
United Airways(r) united.com Insecure Transmission of User Credentials Michael Scheidell
Monday, 14 July
[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability Egidio Romano
Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk Rafay Baloch
Tuesday, 15 July
Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC. Mauro Risonho de Paula Assumpção
KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation KoreLogic Disclosures
Re: Is the era of ezine txt files over? Alfie John
Wednesday, 16 July
SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition SEC Consult Vulnerability Lab
A more robust POC for the ntp amplification dos rai
Re: Is the era of ezine txt files over? surivaton surivaton
Jamming WiFi tracking beacons Keira Cran
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" SEC Consult Vulnerability Lab
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway SEC Consult Vulnerability Lab
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone SEC Consult Vulnerability Lab
Thursday, 17 July
Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE Brandon Perry
Mining website blacklists Paredes
Oracle Data Redaction is Broken david
Re: Is the era of ezine txt files over? Andy Bach
Call for Paper - NOPcon 2014 - Istanbul, Turkey info
Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Ivan .Heca
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Stephen Crane
Ignore the amount customers confirm is no security vulnerability according to PayPal Jan Kechel
Re: Ignore the amount customers confirm is no security vulnerability according to PayPal Glen Roberts
Re: Ignore the amount customers confirm is no security vulnerability according to PayPal Jan Kechel
Re: Jamming WiFi tracking beacons Eric Rand
Re: Jamming WiFi tracking beacons surivaton
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily devel
Re: Jamming WiFi tracking beacons Dale Visser
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Ivan .Heca
Friday, 18 July
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703) Vulnerability Lab
Microsoft MSN HBE - Blind SQL Injection Vulnerability Vulnerability Lab
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures
Strong Security Processes Require Strong Privacy Protections coderman
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Liz Gossell
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Olaf Rühenbeck
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Rikairchy
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Jack Morgan
Re: Mining website blacklists surivaton surivaton
Re: Should it be better ... Pablo
Re: Jamming WiFi tracking beacons Rikairchy
Re: Jamming WiFi tracking beacons Eric Rand
Re: Jamming WiFi tracking beacons Rikairchy
Re: Jamming WiFi tracking beacons Eric Rand
Saturday, 19 July
Re: Is the era of ezine txt files over? Kirk Durbin
Re: Is the era of ezine txt files over? Scott Arciszewski
Sunday, 20 July
Re: Is the era of ezine txt files over? Alfie John
Bitstamp - Possible breach Jeffrey Walton
Monday, 21 July
IBM GCM16/32 v1.20.0.22575 vulnerabilities Alejandro Alvarez
Apache HTTPd - description of the CVE-2014-0226. funky . koval
Re: Bitstamp - Possible breach Duarte Silva
Re: Bitstamp - Possible breach Philip Cheong
Tuesday, 22 July
Apache HTTPd - description of the CVE-2014-0117. funky . koval
CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol Mick Ayzenberg
CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow Mick Ayzenberg
CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service Mick Ayzenberg
MTS MBlaze 3G Plus Wi-Fi Dongle : Multiple Vulnerabilities Narendra Choyal
Re: Bitstamp - Possible breach Jeffrey Walton
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Vulnerability Lab
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024) William Costa
Thursday, 24 July
CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF) Seth Art
CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog Seth Art
CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml Seth Art
Re: Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily Ivan .Heca
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Re: Bitstamp - Possible breach Colin Keigher
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398 Vulnerability Lab
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Brandon Perry
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Re: CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF) Luca Carettoni
Pligg 2.x SQLi / PWD disclosure / RCE BlackHawk
Friday, 25 July
Barracuda Networks Firewall v6.1.5 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab
Saturday, 26 July
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method info
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction) info
Ground Zero Summit 13 - 16 November 2014, New Delhi | Call For Paper Open GroundZero Summit CFP
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Gynvael Coldwind
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Gynvael Coldwind
Re: Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account Stefan Kanthak
Monday, 28 July
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability Vulnerability Lab
Tuesday, 29 July
New fixes in Siemens SIMATIC WinCC SCADA and DESCrypt on FPGA SCADA StrangeLove
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
(BNSEC-1263) Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities Vulnerability Lab
[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication Onapsis Research Labs
[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass Onapsis Research Labs
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS Onapsis Research Labs
[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service Onapsis Research Labs
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool Onapsis Research Labs
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 Onapsis Research Labs
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529] Programa STIC
Former NSA Chief: Why I'm Worth $1 Million a Month to Wall Street Ivan .Heca
Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x) heige
Wednesday, 30 July
Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x) Securify B.V.
Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x) Securify B.V.
Thursday, 31 July
TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities Vulnerability Lab
Announcement: CEnigma tool! Nguyen Anh Quynh
The Only Security Talk With Eurovision Videos? Pete Herzog
Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x) Łukasz Pilorz
DEF CON nostalgia [was: going double cryptome at DEF CON 22] coderman
Legal Threats and Investigation Trey Ford
XXE Injection in HP Release Control MustLive