Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

129 messages starting Dec 03 15 and ending Dec 31 15
Date index | Thread index | Author index

Thursday, 03 December

[CFP] BSides San Francisco - February 2016 BSides SF
BF and CE vulnerabilities in ASUS RT-G32 MustLive
Huawei Wimax routers vulnerable to multiple threats Pierre Kim
Multiple vulnerabilities in Huutopörssi's website (huutoporssi.fi) Wub TheCaptain

Friday, 04 December

KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures

Tuesday, 08 December

MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow [CXSEC]

Wednesday, 09 December

[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team
Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh
[CVE-2015-8369] Cacti SQL injection in graph.php changzhao . mao
Announcing NorthSec 2016 CFP + Reg - Montreal, May 19-22 Pierre-David Oriol
ntop-ng <= 2.0.151021 - Privilege Escalation Dolev Farhi
SQLMap Code Execute Vex Woo
4images 1.7.12: XSS Curesec Research Team (CRT)
4images 1.7.11: SQL Injection Curesec Research Team (CRT)
4images 1.7.11: Path Traversal Curesec Research Team (CRT)
4images 1.7.11: Code Execution Exploit Curesec Research Team (CRT)
4images 1.7.11: Code Execution Curesec Research Team (CRT)
CodoForum 3.4: XSS Curesec Research Team (CRT)
phpwcms 1.7.9: CSRF Curesec Research Team (CRT)
phpwcms 1.7.9: Code Execution Curesec Research Team (CRT)
Geeklog 2.1.0: XSS Curesec Research Team (CRT)
Geeklog 2.1.0: Code Execution Exploit Curesec Research Team (CRT)
Geeklog 2.1.0: Code Execution Curesec Research Team (CRT)
redaxscript 2.5.0: XSS Curesec Research Team (CRT)
redaxscript 2.5.0: Code Execution Curesec Research Team (CRT)
appRain 4.0.3: XSS Curesec Research Team (CRT)
appRain 4.0.3: Path Traversal Curesec Research Team (CRT)
appRain 4.0.3: CSRF Curesec Research Team (CRT)
appRain 4.0.3: Code Execution Curesec Research Team (CRT)
Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak
[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas
LG Nortel ADSL modems - Multiple vulnerabilities Karn Ganeshen
APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security
APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security
APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security
APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security
APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security
GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Rio Sherri
[CVE-2014-3260] Crypto implementation flaws in Pacom GMS System XPD Advisories Team

Thursday, 10 December

SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab

Friday, 11 December

CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY – CVE-2015-4699 agotouning () libero it
Polycom VVX-Series Business Media Phones Path Traversal Vulnerability Jake Reynolds
APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security

Saturday, 12 December

COM+ Services DLL side loading vulnerability Securify B.V.
Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V.
Windows Authentication UI DLL side loading vulnerability Securify B.V.

Sunday, 13 December

XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind
SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability CSW Research Lab
OcPortal CMS 9.0.20 – Cross-Site Scripting Vulnerability CSW Research Lab
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab
Bedita 3.6.0 – Cross-Site Scripting Vulnerability CSW Research Lab
Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities CSW Research Lab
DAVOSET v.1.2.7 MustLive
[CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability xiaotian.wang () dbappsecurity com cn

Wednesday, 16 December

Shutdown UX DLL side loading vulnerability Securify B.V.
Shockwave Flash Object DLL side loading vulnerability Securify B.V.
OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V.
[CFP] Speak About Your Cyberwar at PHDays VI Alexander Lashkov
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc
#BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook Haifei Li
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen
Two bytes change and you have a zero day Hossein Lotfi
User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13 Stefan Kanthak

Thursday, 17 December

Re: Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13 imposter imp
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak

Friday, 18 December

PFSense <= 2.2.5 Directory Traversal Rio Sherri
Samsung softap weak random generated password Augusto Pereyra
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures

Saturday, 19 December

Notepad ++ NPPFtp Plugin Buffer Overflow Rio Sherri

Monday, 21 December

giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen
Call for Papers -YSTS X - Information Security Conference, Brazil Luiz Eduardo
Re: PFSense <= 2.2.5 Directory Traversal Bacon Zombie
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak
Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Francisco Amato

Tuesday, 22 December

[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
WP Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab
Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab
Switch v4.68 - Code Execution Vulnerability Vulnerability Lab
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab
Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab
SIPROTEC 4 and SIPROTEC Compact FAQ #5 SCADA StrangeLove

Wednesday, 23 December

Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh
Re: Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Ryan Dewhurst
PhpSocial v2.0.0304: XSS Curesec Research Team (CRT)
PhpSocial v2.0.0304: CSRF Curesec Research Team (CRT)
Arastta 1.1.5: XSS Curesec Research Team (CRT)
Arastta 1.1.5: SQL Injection Curesec Research Team (CRT)
Grawlix 1.0.3: XSS Curesec Research Team (CRT)
Grawlix 1.0.3: CSRF Curesec Research Team (CRT)
Grawlix 1.0.3: Code Execution Curesec Research Team (CRT)
CouchCMS 1.4.5: XSS & Open Redirect Curesec Research Team (CRT)
CouchCMS 1.4.5: Code Execution Curesec Research Team (CRT)
esoTalk 1.0.0g4: XSS Curesec Research Team (CRT)
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Shawn McMahon
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege NaxoneZ .
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Justin Ferguson

Thursday, 24 December

XZERES 442SR Wind Turbine XSS Karn Ganeshen
Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Karn Ganeshen
eWON sa Industrial router - Multiple Vulnerabilities Karn Ganeshen

Saturday, 26 December

libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen
EasyCafe Server <= 2.2.14 Remote File Read Rio Sherri
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak

Monday, 28 December

Re: libtiff: invalid write (CVE-2015-7554) Martin Kühne

Tuesday, 29 December

Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar
Vulnerabilities in Mobile Safari MustLive

Wednesday, 30 December

Netduma R1 Router CSRF Josh Chaney
Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege lists

Thursday, 31 December

Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak

Previous period

Next period