Full Disclosure: by thread
103 messages
starting Oct 31 14 and
ending Nov 28 14
Date index |
Thread index |
Author index
- Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield (Oct 31)
- Three out of bounds access issues in ImageMagick (CVE-2014-8354, CVE-2014-8355, CVE-2014-8562) Hanno Böck (Nov 01)
- CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core Portcullis Advisories (Nov 03)
- CNIL CookieViz XSS + SQL injection leading to user pwnage iliketurtles (Nov 03)
- KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read KoreLogic Disclosures (Nov 04)
- Vulnerabilities in D-Link DAP-1360 MustLive (Nov 04)
- Cisco RV Series multiple vulnerabilities Securify B.V. (Nov 06)
- SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab (Nov 06)
- XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar (Nov 06)
- CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting Issues Luciano Pedreira (Nov 06)
- CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues Luciano Pedreira (Nov 06)
- DAVOSET v.1.2.2 MustLive (Nov 06)
- [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser Pedro Ribeiro (Nov 06)
- Wordpress bulletproof-security <=.51 multiple vulnerabilities Pietro Oliva (Nov 06)
- Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] Programa STIC (Nov 06)
- SeasonApps iTransfer 1.1 - Persistent UI Vulnerability Vulnerability Lab (Nov 07)
- BookFresh - Persistent Clients Invite Vulnerability Vulnerability Lab (Nov 07)
- PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability Vulnerability Lab (Nov 07)
- [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Pedro Ribeiro (Nov 08)
- IL and CSRF vulnerabilities in D-Link DAP-1360 MustLive (Nov 08)
- IP.Board <= 3.4.7 SQL Injection secthrowaway (Nov 09)
- [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Pedro Ribeiro (Nov 09)
- PayPal Inc Bug Bounty #88 - Filter Bypass & Arbitrary Code Execution Vulnerability Vulnerability Lab (Nov 12)
- Piwigo <= v2.6.0 - Blind SQL Injection Manuel Garcia Cardenas (Nov 12)
- Lantronix xPrintServer Code execution and CSRF vulnerability Jim Bauwens (Nov 12)
- [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) ESNC Security (Nov 12)
- Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] Programa STIC (Nov 12)
- CFP: AIPR2015 China - Artificial Intelligence and Pattern Recognition Hazel Ann (Nov 14)
- Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers Jing Wang (Nov 14)
- Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Jing Wang (Nov 14)
- Re: Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Nick Semenkovich (Nov 14)
- CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability Jing Wang (Nov 14)
- Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] Programa STIC (Nov 14)
- CVE-2014-8681 Blind SQL Injection in Gogs label search Timo Schmid (Nov 14)
- CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs Timo Schmid (Nov 14)
- CVE-2014-8683 XSS in Gogs Markdown Renderer Timo Schmid (Nov 14)
- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629) William Costa (Nov 14)
- xdg-open RCE joernchen (Nov 14)
- Re: xdg-open RCE Brandon Perry (Nov 17)
- Reflected XSS in Nibbleblog <= v4.0.1 Manuel Garcia Cardenas (Nov 17)
- XOOPS <= 2.5.6 - Blind SQL Injection Manuel Garcia Cardenas (Nov 17)
- 81% of Tor users can be de-anonymised by analysing router information, research indicates Ivan .Heca (Nov 17)
- Vulnerabilities in D-Link DCS-2103 MustLive (Nov 17)
- Proticaret E-Commerce Script v3.0 SQL Injection Onur Alanbel (Nov 17)
- WebsiteBaker <=2.8.3 - Multiple Vulnerabilities Manuel Garcia Cardenas (Nov 17)
- Zoph <= 0.9.1 - Multiple Vulnerabilities Manuel Garcia Cardenas (Nov 17)
- CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass Project Zero Labs (Nov 17)
- CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload Steffen Bauch (Nov 18)
- CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload Steffen Bauch (Nov 18)
- CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload Steffen Bauch (Nov 18)
- PHPFox XSS AdminCP Wesley Henrique (Nov 18)
- CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream Jann Horn (Nov 18)
- CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise Portcullis Advisories (Nov 19)
- Bootkit via SMS SCADA StrangeLove (Nov 19)
- CVE-2014-8600 - Insufficient Input Validation By IO Slaves In KDE e.V. KDE Portcullis Advisories (Nov 19)
- CVE-2014-2630 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux Portcullis Advisories (Nov 19)
- CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM Portcullis Advisories (Nov 19)
- [CORE-2014-0008] - Advantech AdamView Buffer Overflow CORE Advisories Team (Nov 19)
- [CORE-2014-0009] - Advantech EKI-6340 Command Injection CORE Advisories Team (Nov 19)
- [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow CORE Advisories Team (Nov 19)
- Capstone disassembly engine 3.0 released! Nguyen Anh Quynh (Nov 20)
- CVE-2014-8349 LIFERAY Portal Stored XSS Garcia, Ariel (LATCO - Buenos Aires) (Nov 20)
- WordPress 3 persistent script injection Jouko Pynnonen (Nov 20)
- DAVOSET v.1.2.3 MustLive (Nov 20)
- Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ... Stefan Kanthak (Nov 20)
- AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. Asterisk Security Team (Nov 20)
- AST-2014-013: PJSIP ACLs are not loaded on startup Asterisk Security Team (Nov 20)
- AST-2014-014: High call load may result in hung channels in ConfBridge. Asterisk Security Team (Nov 20)
- AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
- AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
- AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> Asterisk Security Team (Nov 20)
- AST-2014-018: AMI permission escalation through DB dialplan function Asterisk Security Team (Nov 20)
- Supr Shopsystem - Persistent UI Vulnerability Vulnerability Lab (Nov 21)
- FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 21)
- <Possible follow-ups>
- Re: FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 25)
- on Linux, 'less' can probably get you owned Michal Zalewski (Nov 23)
- Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin Larry W. Cashdollar (Nov 25)
- DataSoft Nova Anti-reconnaissance System 13.10.0 || Stored XSS static rez (Nov 25)
- Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef (Nov 25)
- Re: Slider Revolution/Showbiz Pro shell upload exploit Ryan Dewhurst (Nov 26)
- Re: Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef (Nov 26)
- Re: Slider Revolution/Showbiz Pro shell upload exploit Lukasz Biegaj (Nov 28)
- Re: Slider Revolution/Showbiz Pro shell upload exploit Ryan Dewhurst (Nov 26)
- Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data Stefan Kanthak (Nov 25)
- Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates Stefan Kanthak (Nov 25)
- MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability Taoguang Chen (Nov 25)
- phpBB <= 3.1.1 deregister_globals() Function Bypass Taoguang Chen (Nov 25)
- CVE-2014-8609 Android Settings application privilege leakage vulnerability Wang,Tao(Scloud) (Nov 25)
- device42 DCIM authenticated remote root via appliance manager Brandon Perry (Nov 25)
- CVE-2014-8610 Android < 5.0 SMS resend vulnerability Wang,Tao(Scloud) (Nov 25)
- CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager Wang,Tao(Scloud) (Nov 25)
- FileVista < v6.0.8.0 Insecure zip file handling DS MailingList (Nov 26)
- CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco (Nov 26)
- The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks Jing Wang (Nov 26)
- CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability Jing Wang (Nov 26)
- CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Jing Wang (Nov 26)
- All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks Jing Wang (Nov 26)
- Agafi/ROP v1.0 released ! Nicolas A. Economou (Nov 26)
- XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z (Nov 28)
- [Tool] Responder v2.1.3 laurent gaffie (Nov 28)
- CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive (Nov 28)
- [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Egidio Romano (Nov 28)
- Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) Stefan Kanthak (Nov 28)