Full Disclosure: by author
135 messages
starting Oct 13 14 and
ending Oct 19 14
Date index |
Thread index |
Author index
Abraham Aranguren
OWASP OWTF 1.0 "Lionheart" released! Abraham Aranguren (Oct 13)
Alexandre Herzog
SAP Security Note 1908531 - XXE in BusinessObjects Explorer Alexandre Herzog (Oct 09)
CSNC-2014-004 neuroML - Multiple Vulnerabilities Alexandre Herzog (Oct 09)
SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer Alexandre Herzog (Oct 09)
SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer Alexandre Herzog (Oct 09)
Alvaro Diaz
Yourls XSS Stored Alvaro Diaz (Oct 24)
Andrew Lutomirski
Exploit for CVE-2014-5207 Andrew Lutomirski (Oct 07)
Asterisk Security Team
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team (Oct 20)
Barak Engel
Re: Mulesoft ESB Authenticated Privilege Escalation Barak Engel (Oct 24)
Ben Perry
Command-injection vulnerability in windows cmd scripts Ben Perry (Sep 30)
Black Arch
BlackArch Linux: New ISOs released Black Arch (Oct 07)
Brandon Perry
Mulesoft ESB Authenticated Privilege Escalation Brandon Perry (Oct 22)
Re: CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink Brandon Perry (Oct 01)
Constantine A. Murenin
Adobe Acrobat XI on Uniguest Secured Advantage 7 privacy issue at Marriott et al Constantine A. Murenin (Oct 07)
CORE Advisories Team
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team (Oct 16)
David Daynard
Re: [oss-security] CVE request: remote code execution in Android CTS David Daynard (Oct 19)
David Longenecker
CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack David Longenecker (Oct 28)
Dirk-Willem van Gulik
Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik (Oct 14)
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Dirk-Willem van Gulik (Oct 13)
dxw Security
Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin) dxw Security (Oct 01)
E Boogie
Re: CSP Bypass on Android prior to 4.4 E Boogie (Oct 13)
CSP Bypass on Android prior to 4.4 E Boogie (Oct 11)
Re: CSP Bypass on Android prior to 4.4 E Boogie (Oct 13)
Egidio Romano
[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano (Oct 23)
[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano (Oct 23)
Fara Rustein fararustein () ultusecurity com
Epicor Enterprise vulnerabilities Fara Rustein fararustein () ultusecurity com (Sep 30)
Florian Weimer
Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) Florian Weimer (Oct 14)
Grond
Re: [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
Henri Salo
Re: CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) Henri Salo (Oct 14)
illwill
Re: Yahoo! hacked on October 5, 2014... illwill (Oct 08)
Jann Horn
Re: CVE request: remote code execution in Android CTS Jann Horn (Oct 19)
OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux Jann Horn (Oct 07)
Jeff Costlow
Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Jeff Costlow (Oct 30)
Jeffrey Walton
Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Jeffrey Walton (Oct 19)
Jing Wang
CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability Jing Wang (Oct 19)
Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains) Jing Wang (Oct 19)
CVE-2014-2230 - OpenX Open Redirect Vulnerability Jing Wang (Oct 15)
New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected) Jing Wang (Oct 15)
Jonathan Hall
Yahoo! hacked on October 5, 2014... Jonathan Hall (Oct 07)
kvnjs
Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product kvnjs (Sep 30)
Larry W. Cashdollar
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 22)
Lord Tuskington
Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington (Oct 19)
CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington (Oct 18)
Cyanogenmod: multiple flaws in dependencies, including RCE Lord Tuskington (Oct 18)
Mario Vilas
Re: [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 22)
Martin Jartelius
CVE-2014-3110 SCADA XSS and patch review of Honeywell Falcon XLWEB Martin Jartelius (Oct 02)
CVE-2014-2717 SCADA Privilege Escalation in Honeywell Falcon XLWEB Martin Jartelius (Sep 30)
Martins, Luciano (LATCO - Buenos Aires)
CVE-2014-4313 Epicor Procurement SQL Injection Martins, Luciano (LATCO - Buenos Aires) (Oct 04)
Michael Bazzinotti
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michael Bazzinotti (Oct 04)
Michael Stroucken
Re: TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Michael Stroucken (Oct 09)
Michal Zalewski
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) Michal Zalewski (Oct 14)
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
vulnerabilities in libbfd (CVE-2014-beats-me) Michal Zalewski (Oct 26)
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
Mick Ayzenberg
CVE-2014-4502 (Updated) : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow Mick Ayzenberg (Oct 07)
CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work Mick Ayzenberg (Oct 07)
Mirko Casadei
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway Mirko Casadei (Oct 03)
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway Mirko Casadei (Oct 03)
MustLive
XSS vulnerabilities in Megapolis.Portal Manager MustLive (Oct 17)
DAVOSET v.1.2.1 MustLive (Oct 28)
Multiple vulnerabilities in Refraction theme for WordPress MustLive (Sep 30)
Nahuel Grisolía
Re: Go Home WP-API, You're Drunk... Nahuel Grisolía (Oct 30)
Nick Kralevich
Re: [oss-security] CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
Nicolas Grégoire
Bypassing blacklists based on IPy Nicolas Grégoire (Oct 15)
NoSuchCon
NoSuchCon 2014 - Schedule NoSuchCon (Oct 24)
omarbv
Rooted CON 2015 - Call For Papers omarbv (Oct 13)
Onapsis Research Labs
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection Onapsis Research Labs (Oct 08)
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities Onapsis Research Labs (Oct 08)
oststrom (public)
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) oststrom (public) (Oct 13)
CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth) oststrom (public) (Oct 13)
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public) (Oct 13)
Re: CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) oststrom (public) (Oct 14)
Pål Nilsen
Re: Yahoo! hacked on October 5, 2014... Pål Nilsen (Oct 07)
Paul Vixie
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Paul Vixie (Oct 01)
Pedro Ribeiro
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! Pedro Ribeiro (Oct 07)
Peter Thoeny
TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Peter Thoeny (Oct 09)
TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server Peter Thoeny (Oct 09)
Portcullis Advisories
CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories (Oct 30)
CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Portcullis Advisories (Oct 28)
CVE-2014-7178 - Remote Command Execution in Enalean Tuleap Portcullis Advisories (Oct 28)
CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink Portcullis Advisories (Oct 01)
CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS Portcullis Advisories (Oct 01)
CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP Portcullis Advisories (Oct 30)
Rob Thomas
FreePBX (All Versions) RCE Rob Thomas (Sep 30)
SCADA StrangeLove
MS08-067 strikes again. Now ATM SCADA StrangeLove (Oct 29)
Scott Arciszewski
Go Home WP-API, You're Drunk... Scott Arciszewski (Oct 28)
Re: Go Home WP-API, You're Drunk... Scott Arciszewski (Oct 30)
Sean Wright
CVE-2014-7180 - ElectricCommander Local Privilege Escalation Sean Wright (Oct 23)
SEC Consult Vulnerability Lab
SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access SEC Consult Vulnerability Lab (Oct 31)
SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab (Oct 29)
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces SEC Consult Vulnerability Lab (Oct 15)
SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab (Oct 29)
Security Explorations
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU Security Explorations (Oct 31)
[SE-2014-01] Breaking Oracle Database through Java exploits (details) Security Explorations (Oct 14)
Simo Ben youssef
Fonality trixbox CE remote root exploit Simo Ben youssef (Oct 17)
Incredible PBX remote command execution exploit Simo Ben youssef (Oct 22)
Stefan Horst
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst (Oct 15)
Stefan Kanthak
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries Stefan Kanthak (Oct 24)
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1 Stefan Kanthak (Oct 24)
The Security Factory
Nessus Web UI 2.3.3: Stored XSS The Security Factory (Oct 07)
Vic Vandal
CarolinaCon-11 call for papers/presenters Vic Vandal (Oct 01)
Vitor Ventura
Fwd: Re: CSP Bypass on Android prior to 4.4 Vitor Ventura (Oct 14)
VMware Security Response Center
FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities VMware Security Response Center (Sep 30)
Vulnerability Lab
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability Vulnerability Lab (Oct 13)
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab (Oct 21)
iFileExplorer v6.51 iOS - File Include Web Vulnerability Vulnerability Lab (Oct 27)
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability Vulnerability Lab (Oct 27)
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability Vulnerability Lab (Oct 27)
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab (Oct 27)
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab (Oct 23)
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab (Oct 21)
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities Vulnerability Lab (Oct 06)
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability Vulnerability Lab (Oct 03)
iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab (Oct 22)
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities Vulnerability Lab (Oct 06)
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Vulnerability Lab (Oct 14)
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability Vulnerability Lab (Oct 14)
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability Vulnerability Lab (Oct 14)
WebDisk+ v2.1 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 27)
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 23)
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability Vulnerability Lab (Oct 03)
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability Vulnerability Lab (Oct 03)
File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 22)
Williams, James K
CA20141001-01: Security Notice for Bash Shellshock Vulnerability Williams, James K (Oct 06)
yoloswag
Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 yoloswag (Oct 17)
Артур Истомин
Re: Cyanogenmod: multiple flaws in dependencies, including RCE Артур Истомин (Oct 19)