Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
103 messages
starting Nov 20 14 and
ending Nov 14 14
Date index |
Thread index |
Author index
Asterisk Security Team
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team (Nov 20)
AST-2014-014: High call load may result in hung channels in ConfBridge. Asterisk Security Team (Nov 20)
AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. Asterisk Security Team (Nov 20)
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> Asterisk Security Team (Nov 20)
AST-2014-013: PJSIP ACLs are not loaded on startup Asterisk Security Team (Nov 20)
AST-2014-018: AMI permission escalation through DB dialplan function Asterisk Security Team (Nov 20)
A Z
XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z (Nov 28)
Brandon Perry
Re: xdg-open RCE Brandon Perry (Nov 17)
device42 DCIM authenticated remote root via appliance manager Brandon Perry (Nov 25)
CORE Advisories Team
[CORE-2014-0008] - Advantech AdamView Buffer Overflow CORE Advisories Team (Nov 19)
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow CORE Advisories Team (Nov 19)
[CORE-2014-0009] - Advantech EKI-6340 Command Injection CORE Advisories Team (Nov 19)
David Fifield
Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield (Oct 31)
DS MailingList
FileVista < v6.0.8.0 Insecure zip file handling DS MailingList (Nov 26)
Egidio Romano
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Egidio Romano (Nov 28)
ESNC Security
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) ESNC Security (Nov 12)
Garcia, Ariel (LATCO - Buenos Aires)
CVE-2014-8349 LIFERAY Portal Stored XSS Garcia, Ariel (LATCO - Buenos Aires) (Nov 20)
Hanno Böck
Three out of bounds access issues in ImageMagick (CVE-2014-8354, CVE-2014-8355, CVE-2014-8562) Hanno Böck (Nov 01)
Hazel Ann
CFP: AIPR2015 China - Artificial Intelligence and Pattern Recognition Hazel Ann (Nov 14)
Hector Marco
CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco (Nov 26)
iliketurtles
CNIL CookieViz XSS + SQL injection leading to user pwnage iliketurtles (Nov 03)
Ivan .Heca
81% of Tor users can be de-anonymised by analysing router information, research indicates Ivan .Heca (Nov 17)
Jann Horn
CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream Jann Horn (Nov 18)
Jim Bauwens
Lantronix xPrintServer Code execution and CSRF vulnerability Jim Bauwens (Nov 12)
Jing Wang
Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers Jing Wang (Nov 14)
All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks Jing Wang (Nov 26)
The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks Jing Wang (Nov 26)
CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Jing Wang (Nov 26)
Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Jing Wang (Nov 14)
CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability Jing Wang (Nov 26)
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability Jing Wang (Nov 14)
joernchen
xdg-open RCE joernchen (Nov 14)
Jouko Pynnonen
WordPress 3 persistent script injection Jouko Pynnonen (Nov 20)
KoreLogic Disclosures
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read KoreLogic Disclosures (Nov 04)
Larry W. Cashdollar
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar (Nov 06)
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin Larry W. Cashdollar (Nov 25)
laurent gaffie
[Tool] Responder v2.1.3 laurent gaffie (Nov 28)
Luciano Pedreira
CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting Issues Luciano Pedreira (Nov 06)
CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues Luciano Pedreira (Nov 06)
Lukasz Biegaj
Re: Slider Revolution/Showbiz Pro shell upload exploit Lukasz Biegaj (Nov 28)
Manuel Garcia Cardenas
XOOPS <= 2.5.6 - Blind SQL Injection Manuel Garcia Cardenas (Nov 17)
Reflected XSS in Nibbleblog <= v4.0.1 Manuel Garcia Cardenas (Nov 17)
Zoph <= 0.9.1 - Multiple Vulnerabilities Manuel Garcia Cardenas (Nov 17)
WebsiteBaker <=2.8.3 - Multiple Vulnerabilities Manuel Garcia Cardenas (Nov 17)
Piwigo <= v2.6.0 - Blind SQL Injection Manuel Garcia Cardenas (Nov 12)
Michal Zalewski
on Linux, 'less' can probably get you owned Michal Zalewski (Nov 23)
MustLive
CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive (Nov 28)
Vulnerabilities in D-Link DCS-2103 MustLive (Nov 17)
DAVOSET v.1.2.3 MustLive (Nov 20)
Vulnerabilities in D-Link DAP-1360 MustLive (Nov 04)
IL and CSRF vulnerabilities in D-Link DAP-1360 MustLive (Nov 08)
DAVOSET v.1.2.2 MustLive (Nov 06)
Nguyen Anh Quynh
Capstone disassembly engine 3.0 released! Nguyen Anh Quynh (Nov 20)
Nick Semenkovich
Re: Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Nick Semenkovich (Nov 14)
Nicolas A. Economou
Agafi/ROP v1.0 released ! Nicolas A. Economou (Nov 26)
Onur Alanbel
Proticaret E-Commerce Script v3.0 SQL Injection Onur Alanbel (Nov 17)
Pedro Ribeiro
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Pedro Ribeiro (Nov 09)
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Pedro Ribeiro (Nov 08)
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser Pedro Ribeiro (Nov 06)
Pietro Oliva
Wordpress bulletproof-security <=.51 multiple vulnerabilities Pietro Oliva (Nov 06)
Portcullis Advisories
CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core Portcullis Advisories (Nov 03)
CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise Portcullis Advisories (Nov 19)
CVE-2014-2630 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux Portcullis Advisories (Nov 19)
CVE-2014-8600 - Insufficient Input Validation By IO Slaves In KDE e.V. KDE Portcullis Advisories (Nov 19)
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM Portcullis Advisories (Nov 19)
Programa STIC
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] Programa STIC (Nov 06)
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] Programa STIC (Nov 14)
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] Programa STIC (Nov 12)
Project Zero Labs
CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass Project Zero Labs (Nov 17)
Ryan Dewhurst
Re: Slider Revolution/Showbiz Pro shell upload exploit Ryan Dewhurst (Nov 26)
SCADA StrangeLove
Bootkit via SMS SCADA StrangeLove (Nov 19)
SEC Consult Vulnerability Lab
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab (Nov 06)
secthrowaway
FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 21)
Re: FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 25)
IP.Board <= 3.4.7 SQL Injection secthrowaway (Nov 09)
Securify B.V.
Cisco RV Series multiple vulnerabilities Securify B.V. (Nov 06)
Simo Ben youssef
Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef (Nov 25)
Re: Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef (Nov 26)
static rez
DataSoft Nova Anti-reconnaissance System 13.10.0 || Stored XSS static rez (Nov 25)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data Stefan Kanthak (Nov 25)
Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates Stefan Kanthak (Nov 25)
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) Stefan Kanthak (Nov 28)
Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ... Stefan Kanthak (Nov 20)
Steffen Bauch
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload Steffen Bauch (Nov 18)
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload Steffen Bauch (Nov 18)
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload Steffen Bauch (Nov 18)
Susan Bradley
Re: Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates Susan Bradley (Nov 26)
Taoguang Chen
phpBB <= 3.1.1 deregister_globals() Function Bypass Taoguang Chen (Nov 25)
MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability Taoguang Chen (Nov 25)
Timo Schmid
CVE-2014-8681 Blind SQL Injection in Gogs label search Timo Schmid (Nov 14)
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs Timo Schmid (Nov 14)
CVE-2014-8683 XSS in Gogs Markdown Renderer Timo Schmid (Nov 14)
Vulnerability Lab
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability Vulnerability Lab (Nov 07)
BookFresh - Persistent Clients Invite Vulnerability Vulnerability Lab (Nov 07)
Supr Shopsystem - Persistent UI Vulnerability Vulnerability Lab (Nov 21)
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability Vulnerability Lab (Nov 07)
PayPal Inc Bug Bounty #88 - Filter Bypass & Arbitrary Code Execution Vulnerability Vulnerability Lab (Nov 12)
Wang,Tao(Scloud)
CVE-2014-8609 Android Settings application privilege leakage vulnerability Wang,Tao(Scloud) (Nov 25)
CVE-2014-8610 Android < 5.0 SMS resend vulnerability Wang,Tao(Scloud) (Nov 25)
CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager Wang,Tao(Scloud) (Nov 25)
Wesley Henrique
PHPFox XSS AdminCP Wesley Henrique (Nov 18)
William Costa
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629) William Costa (Nov 14)