135 messages
starting Sep 30 14 and
ending Oct 31 14
Date index |
Thread index |
Author index
CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink Portcullis Advisories (Oct 01)
CarolinaCon-11 call for papers/presenters Vic Vandal (Oct 01)
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability Vulnerability Lab (Oct 03)
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability Vulnerability Lab (Oct 03)
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability Vulnerability Lab (Oct 03)
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway Mirko Casadei (Oct 03)
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway Mirko Casadei (Oct 03)
CVE-2014-4313 Epicor Procurement SQL Injection Martins, Luciano (LATCO - Buenos Aires) (Oct 04)
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab (Oct 06)
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities Vulnerability Lab (Oct 06)
CA20141001-01: Security Notice for Bash Shellshock Vulnerability Williams, James K (Oct 06)
Nessus Web UI 2.3.3: Stored XSS The Security Factory (Oct 07)
Adobe Acrobat XI on Uniguest Secured Advantage 7 privacy issue at Marriott et al Constantine A. Murenin (Oct 07)
CVE-2014-4502 (Updated) : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow Mick Ayzenberg (Oct 07)
CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work Mick Ayzenberg (Oct 07)
Yahoo! hacked on October 5, 2014... Jonathan Hall (Oct 07)
BlackArch Linux: New ISOs released Black Arch (Oct 07)
Exploit for CVE-2014-5207 Andrew Lutomirski (Oct 07)
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! Pedro Ribeiro (Oct 07)
OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux Jann Horn (Oct 07)
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting Onapsis Research Labs (Oct 08)
TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Peter Thoeny (Oct 09)
TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server Peter Thoeny (Oct 09)
CSNC-2014-004 neuroML - Multiple Vulnerabilities Alexandre Herzog (Oct 09)
SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer Alexandre Herzog (Oct 09)
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer Alexandre Herzog (Oct 09)
SAP Security Note 1908531 - XXE in BusinessObjects Explorer Alexandre Herzog (Oct 09)
CSP Bypass on Android prior to 4.4 E Boogie (Oct 11)
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability Vulnerability Lab (Oct 13)
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik (Oct 13)
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public) (Oct 13)
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) oststrom (public) (Oct 13)
CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth) oststrom (public) (Oct 13)
OWASP OWTF 1.0 "Lionheart" released! Abraham Aranguren (Oct 13)
Rooted CON 2015 - Call For Papers omarbv (Oct 13)
Re: CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public) (Oct 14)
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) Michal Zalewski (Oct 14)
[SE-2014-01] Breaking Oracle Database through Java exploits (details) Security Explorations (Oct 14)
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability Vulnerability Lab (Oct 14)
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Vulnerability Lab (Oct 14)
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability Vulnerability Lab (Oct 14)
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces SEC Consult Vulnerability Lab (Oct 15)
CVE-2014-2230 - OpenX Open Redirect Vulnerability Jing Wang (Oct 15)
New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected) Jing Wang (Oct 15)
Bypassing blacklists based on IPy Nicolas Grégoire (Oct 15)
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst (Oct 15)
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team (Oct 16)
XSS vulnerabilities in Megapolis.Portal Manager MustLive (Oct 17)
Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 yoloswag (Oct 17)
Fonality trixbox CE remote root exploit Simo Ben youssef (Oct 17)
Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington (Oct 18)
Cyanogenmod: multiple flaws in dependencies, including RCE Lord Tuskington (Oct 18)
CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Jeffrey Walton (Oct 19)
Re: [oss-security] CVE request: remote code execution in Android CTS David Daynard (Oct 19)
CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability Jing Wang (Oct 19)
Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains) Jing Wang (Oct 19)
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team (Oct 20)
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab (Oct 21)
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab (Oct 21)
iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab (Oct 22)
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 22)
Mulesoft ESB Authenticated Privilege Escalation Brandon Perry (Oct 22)
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 22)
Incredible PBX remote command execution exploit Simo Ben youssef (Oct 22)
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab (Oct 23)
CVE-2014-7180 - ElectricCommander Local Privilege Escalation Sean Wright (Oct 23)
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano (Oct 23)
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano (Oct 23)
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1 Stefan Kanthak (Oct 24)
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries Stefan Kanthak (Oct 24)
NoSuchCon 2014 - Schedule NoSuchCon (Oct 24)
Yourls XSS Stored Alvaro Diaz (Oct 24)
vulnerabilities in libbfd (CVE-2014-beats-me) Michal Zalewski (Oct 26)
iFileExplorer v6.51 iOS - File Include Web Vulnerability Vulnerability Lab (Oct 27)
WebDisk+ v2.1 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 27)
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability Vulnerability Lab (Oct 27)
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability Vulnerability Lab (Oct 27)
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab (Oct 27)
CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Portcullis Advisories (Oct 28)
CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-7178 - Remote Command Execution in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack David Longenecker (Oct 28)
DAVOSET v.1.2.1 MustLive (Oct 28)
Go Home WP-API, You're Drunk... Scott Arciszewski (Oct 28)
SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab (Oct 29)
SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab (Oct 29)
MS08-067 strikes again. Now ATM SCADA StrangeLove (Oct 29)
CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories (Oct 30)
CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories (Oct 30)
Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Jeff Costlow (Oct 30)
SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access SEC Consult Vulnerability Lab (Oct 31)
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU Security Explorations (Oct 31)