Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
103 messages
starting Oct 31 14 and
ending Nov 28 14
Date index |
Thread index |
Author index
Friday, 31 October
Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield
Saturday, 01 November
Three out of bounds access issues in ImageMagick (CVE-2014-8354, CVE-2014-8355, CVE-2014-8562) Hanno Böck
Monday, 03 November
CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core Portcullis Advisories
CNIL CookieViz XSS + SQL injection leading to user pwnage iliketurtles
Tuesday, 04 November
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read KoreLogic Disclosures
Vulnerabilities in D-Link DAP-1360 MustLive
Thursday, 06 November
Cisco RV Series multiple vulnerabilities Securify B.V.
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar
CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting Issues Luciano Pedreira
CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues Luciano Pedreira
DAVOSET v.1.2.2 MustLive
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser Pedro Ribeiro
Wordpress bulletproof-security <=.51 multiple vulnerabilities Pietro Oliva
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] Programa STIC
Friday, 07 November
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability Vulnerability Lab
BookFresh - Persistent Clients Invite Vulnerability Vulnerability Lab
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability Vulnerability Lab
Saturday, 08 November
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro Pedro Ribeiro
IL and CSRF vulnerabilities in D-Link DAP-1360 MustLive
Sunday, 09 November
IP.Board <= 3.4.7 SQL Injection secthrowaway
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 Pedro Ribeiro
Wednesday, 12 November
PayPal Inc Bug Bounty #88 - Filter Bypass & Arbitrary Code Execution Vulnerability Vulnerability Lab
Piwigo <= v2.6.0 - Blind SQL Injection Manuel Garcia Cardenas
Lantronix xPrintServer Code execution and CSRF vulnerability Jim Bauwens
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) ESNC Security
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] Programa STIC
Friday, 14 November
CFP: AIPR2015 China - Artificial Intelligence and Pattern Recognition Hazel Ann
Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers Jing Wang
Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Jing Wang
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability Jing Wang
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] Programa STIC
CVE-2014-8681 Blind SQL Injection in Gogs label search Timo Schmid
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs Timo Schmid
CVE-2014-8683 XSS in Gogs Markdown Renderer Timo Schmid
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629) William Costa
xdg-open RCE joernchen
Re: Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net Nick Semenkovich
Monday, 17 November
Reflected XSS in Nibbleblog <= v4.0.1 Manuel Garcia Cardenas
XOOPS <= 2.5.6 - Blind SQL Injection Manuel Garcia Cardenas
81% of Tor users can be de-anonymised by analysing router information, research indicates Ivan .Heca
Re: xdg-open RCE Brandon Perry
Vulnerabilities in D-Link DCS-2103 MustLive
Proticaret E-Commerce Script v3.0 SQL Injection Onur Alanbel
WebsiteBaker <=2.8.3 - Multiple Vulnerabilities Manuel Garcia Cardenas
Zoph <= 0.9.1 - Multiple Vulnerabilities Manuel Garcia Cardenas
CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass Project Zero Labs
Tuesday, 18 November
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload Steffen Bauch
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload Steffen Bauch
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload Steffen Bauch
PHPFox XSS AdminCP Wesley Henrique
CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream Jann Horn
Wednesday, 19 November
CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise Portcullis Advisories
Bootkit via SMS SCADA StrangeLove
CVE-2014-8600 - Insufficient Input Validation By IO Slaves In KDE e.V. KDE Portcullis Advisories
CVE-2014-2630 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux Portcullis Advisories
CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM Portcullis Advisories
[CORE-2014-0008] - Advantech AdamView Buffer Overflow CORE Advisories Team
[CORE-2014-0009] - Advantech EKI-6340 Command Injection CORE Advisories Team
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow CORE Advisories Team
Thursday, 20 November
Capstone disassembly engine 3.0 released! Nguyen Anh Quynh
CVE-2014-8349 LIFERAY Portal Stored XSS Garcia, Ariel (LATCO - Buenos Aires)
WordPress 3 persistent script injection Jouko Pynnonen
DAVOSET v.1.2.3 MustLive
Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ... Stefan Kanthak
AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. Asterisk Security Team
AST-2014-013: PJSIP ACLs are not loaded on startup Asterisk Security Team
AST-2014-014: High call load may result in hung channels in ConfBridge. Asterisk Security Team
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> Asterisk Security Team
AST-2014-018: AMI permission escalation through DB dialplan function Asterisk Security Team
Friday, 21 November
Supr Shopsystem - Persistent UI Vulnerability Vulnerability Lab
FluxBB <= 1.5.6 SQL Injection secthrowaway
Sunday, 23 November
on Linux, 'less' can probably get you owned Michal Zalewski
Tuesday, 25 November
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin Larry W. Cashdollar
Re: FluxBB <= 1.5.6 SQL Injection secthrowaway
DataSoft Nova Anti-reconnaissance System 13.10.0 || Stored XSS static rez
Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef
Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data Stefan Kanthak
Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates Stefan Kanthak
MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability Taoguang Chen
phpBB <= 3.1.1 deregister_globals() Function Bypass Taoguang Chen
CVE-2014-8609 Android Settings application privilege leakage vulnerability Wang,Tao(Scloud)
device42 DCIM authenticated remote root via appliance manager Brandon Perry
CVE-2014-8610 Android < 5.0 SMS resend vulnerability Wang,Tao(Scloud)
CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager Wang,Tao(Scloud)
Wednesday, 26 November
FileVista < v6.0.8.0 Insecure zip file handling DS MailingList
CVE-2014-5439 - Root shell on Sniffit [with exploit] Hector Marco
The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks Jing Wang
CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability Jing Wang
CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Jing Wang
All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks Jing Wang
Agafi/ROP v1.0 released ! Nicolas A. Economou
Re: Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates Susan Bradley
Re: Slider Revolution/Showbiz Pro shell upload exploit Ryan Dewhurst
Re: Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef
Friday, 28 November
XSS (in 20 chars) in Microsoft IIS 7.5 error message A Z
Re: Slider Revolution/Showbiz Pro shell upload exploit Lukasz Biegaj
[Tool] Responder v2.1.3 laurent gaffie
CSRF and XSS vulnerabilities in D-Link DAP-1360 MustLive
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Egidio Romano
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) Stefan Kanthak