Full Disclosure: by thread
129 messages
starting Dec 03 15 and
ending Dec 31 15
Date index |
Thread index |
Author index
- [CFP] BSides San Francisco - February 2016 BSides SF (Dec 03)
- BF and CE vulnerabilities in ASUS RT-G32 MustLive (Dec 03)
- Huawei Wimax routers vulnerable to multiple threats Pierre Kim (Dec 03)
- Multiple vulnerabilities in Huutopörssi's website (huutoporssi.fi) Wub TheCaptain (Dec 03)
- KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures (Dec 04)
- MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow [CXSEC] (Dec 08)
- [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team (Dec 09)
- Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 09)
- Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 23)
- [CVE-2015-8369] Cacti SQL injection in graph.php changzhao . mao (Dec 09)
- Announcing NorthSec 2016 CFP + Reg - Montreal, May 19-22 Pierre-David Oriol (Dec 09)
- ntop-ng <= 2.0.151021 - Privilege Escalation Dolev Farhi (Dec 09)
- SQLMap Code Execute Vex Woo (Dec 09)
- 4images 1.7.12: XSS Curesec Research Team (CRT) (Dec 09)
- 4images 1.7.11: SQL Injection Curesec Research Team (CRT) (Dec 09)
- 4images 1.7.11: Path Traversal Curesec Research Team (CRT) (Dec 09)
- 4images 1.7.11: Code Execution Exploit Curesec Research Team (CRT) (Dec 09)
- 4images 1.7.11: Code Execution Curesec Research Team (CRT) (Dec 09)
- CodoForum 3.4: XSS Curesec Research Team (CRT) (Dec 09)
- phpwcms 1.7.9: CSRF Curesec Research Team (CRT) (Dec 09)
- phpwcms 1.7.9: Code Execution Curesec Research Team (CRT) (Dec 09)
- Geeklog 2.1.0: XSS Curesec Research Team (CRT) (Dec 09)
- Geeklog 2.1.0: Code Execution Exploit Curesec Research Team (CRT) (Dec 09)
- Geeklog 2.1.0: Code Execution Curesec Research Team (CRT) (Dec 09)
- redaxscript 2.5.0: XSS Curesec Research Team (CRT) (Dec 09)
- redaxscript 2.5.0: Code Execution Curesec Research Team (CRT) (Dec 09)
- appRain 4.0.3: XSS Curesec Research Team (CRT) (Dec 09)
- appRain 4.0.3: Path Traversal Curesec Research Team (CRT) (Dec 09)
- appRain 4.0.3: CSRF Curesec Research Team (CRT) (Dec 09)
- appRain 4.0.3: Code Execution Curesec Research Team (CRT) (Dec 09)
- Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak (Dec 09)
- [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas (Dec 09)
- LG Nortel ADSL modems - Multiple vulnerabilities Karn Ganeshen (Dec 09)
- APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security (Dec 09)
- APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 09)
- APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security (Dec 09)
- APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security (Dec 09)
- APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security (Dec 09)
- APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security (Dec 09)
- GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Rio Sherri (Dec 09)
- [CVE-2014-3260] Crypto implementation flaws in Pacom GMS System XPD Advisories Team (Dec 09)
- SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab (Dec 10)
- BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab (Dec 10)
- CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY – CVE-2015-4699 agotouning () libero it (Dec 11)
- Polycom VVX-Series Business Media Phones Path Traversal Vulnerability Jake Reynolds (Dec 11)
- APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security (Dec 11)
- COM+ Services DLL side loading vulnerability Securify B.V. (Dec 12)
- Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V. (Dec 12)
- Windows Authentication UI DLL side loading vulnerability Securify B.V. (Dec 12)
- XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind (Dec 13)
- SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)
- OcPortal CMS 9.0.20 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)
- OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab (Dec 13)
- Bedita 3.6.0 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)
- Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities CSW Research Lab (Dec 13)
- DAVOSET v.1.2.7 MustLive (Dec 13)
- [CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability xiaotian.wang () dbappsecurity com cn (Dec 13)
- Shutdown UX DLL side loading vulnerability Securify B.V. (Dec 16)
- Shockwave Flash Object DLL side loading vulnerability Securify B.V. (Dec 16)
- OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V. (Dec 16)
- [CFP] Speak About Your Cyberwar at PHDays VI Alexander Lashkov (Dec 16)
- [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc (Dec 16)
- ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc (Dec 16)
- #BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook Haifei Li (Dec 16)
- Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert (Dec 16)
- libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen (Dec 16)
- libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen (Dec 16)
- Two bytes change and you have a zero day Hossein Lotfi (Dec 16)
- User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 16)
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak (Dec 16)
- Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13 Stefan Kanthak (Dec 16)
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak (Dec 17)
- PFSense <= 2.2.5 Directory Traversal Rio Sherri (Dec 18)
- Re: PFSense <= 2.2.5 Directory Traversal Bacon Zombie (Dec 21)
- Samsung softap weak random generated password Augusto Pereyra (Dec 18)
- KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures (Dec 18)
- KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures (Dec 18)
- Notepad ++ NPPFtp Plugin Buffer Overflow Rio Sherri (Dec 19)
- giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen (Dec 21)
- Call for Papers -YSTS X - Information Security Conference, Brazil Luiz Eduardo (Dec 21)
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak (Dec 21)
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak (Dec 21)
- Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Francisco Amato (Dec 21)
- [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH (Dec 22)
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak (Dec 22)
- DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab (Dec 22)
- Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 22)
- WP Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)
- Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)
- Re: Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Ryan Dewhurst (Dec 23)
- Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab (Dec 22)
- Switch v4.68 - Code Execution Vulnerability Vulnerability Lab (Dec 22)
- POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab (Dec 22)
- Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Dec 22)
- SIPROTEC 4 and SIPROTEC Compact FAQ #5 SCADA StrangeLove (Dec 22)
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 23)
- Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Shawn McMahon (Dec 23)
- Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege NaxoneZ . (Dec 23)
- Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 26)
- Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege lists (Dec 30)
- Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege Stefan Kanthak (Dec 31)
- Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Shawn McMahon (Dec 23)
- PhpSocial v2.0.0304: XSS Curesec Research Team (CRT) (Dec 23)
- PhpSocial v2.0.0304: CSRF Curesec Research Team (CRT) (Dec 23)
- Arastta 1.1.5: XSS Curesec Research Team (CRT) (Dec 23)
- Arastta 1.1.5: SQL Injection Curesec Research Team (CRT) (Dec 23)
- Grawlix 1.0.3: XSS Curesec Research Team (CRT) (Dec 23)
- Grawlix 1.0.3: CSRF Curesec Research Team (CRT) (Dec 23)
- Grawlix 1.0.3: Code Execution Curesec Research Team (CRT) (Dec 23)
- CouchCMS 1.4.5: XSS & Open Redirect Curesec Research Team (CRT) (Dec 23)
- CouchCMS 1.4.5: Code Execution Curesec Research Team (CRT) (Dec 23)
- esoTalk 1.0.0g4: XSS Curesec Research Team (CRT) (Dec 23)
- XZERES 442SR Wind Turbine XSS Karn Ganeshen (Dec 24)
- Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Karn Ganeshen (Dec 24)
- eWON sa Industrial router - Multiple Vulnerabilities Karn Ganeshen (Dec 24)
- libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen (Dec 26)
- <Possible follow-ups>
- Re: libtiff: invalid write (CVE-2015-7554) Martin Kühne (Dec 28)
- EasyCafe Server <= 2.2.14 Remote File Read Rio Sherri (Dec 26)
- Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar (Dec 29)
- Vulnerabilities in Mobile Safari MustLive (Dec 29)
- Netduma R1 Router CSRF Josh Chaney (Dec 30)
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)