Full Disclosure: by thread
134 messages
starting Jan 01 15 and
ending Jan 30 15
Date index |
Thread index |
Author index
- 31C3 releases: SmartGrid & USB modems SCADA StrangeLove (Jan 01)
- Windows 8 Privilege Escalation Allen (Jan 02)
- [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central Pedro Ribeiro (Jan 02)
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook Stefan Kanthak (Jan 02)
- Mantis BugTracker 1.2.17 - Multiple security vulnerabilities. Popovici, Alejo (LATCO - Buenos Aires) (Jan 05)
- [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 Pedro Ribeiro (Jan 05)
- ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities Vulnerability Lab (Jan 06)
- McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 06)
- Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure Brandon Perry (Jan 12)
- SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Steffen Rösemann (Jan 06)
- Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Steffen Rösemann (Jan 06)
- Reflecting XSS vulnerability in CMS Kajona v. 4.6 Steffen Rösemann (Jan 06)
- Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia Andraz Sraka (Jan 07)
- CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF) Sean Wright (Jan 07)
- Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada cfp2015 (Jan 08)
- Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Steffen Rösemann (Jan 08)
- Good for Enterprise Android HTML Injection (CVE-2014-4925) Cláudio André (Jan 08)
- Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Steffen Rösemann (Jan 09)
- [Tool] SPARTA 1.0 BETA Antonio Quina (Jan 09)
- CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability Jing Wang (Jan 09)
- CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Jing Wang (Jan 09)
- Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability Jing Wang (Jan 11)
- Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Jing Wang (Jan 11)
- Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Steffen Rösemann (Jan 11)
- Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Steffen Rösemann (Jan 11)
- Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities Pietro Oliva (Jan 11)
- Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability Vulnerability Lab (Jan 11)
- ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities Vulnerability Lab (Jan 11)
- Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability Vulnerability Lab (Jan 11)
- Blitz CMS Community - SQL Injection Web Vulnerability Vulnerability Lab (Jan 12)
- [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
- CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)
- Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
- <Possible follow-ups>
- Corel Software DLL Hijacking CORE Advisories Team (Jan 12)
- Corel Software DLL Hijacking CORE Security Technologies Advisories-team (jrv) (Jan 12)
- Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection Brandon Perry (Jan 12)
- XSS Vulnerability in Fork CMS 3.8.3 ITAS Team (Jan 12)
- Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 12)
- Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 12)
- Re: Snom SIP phones denial of service through HTTP Max Mühlbronner (Jan 13)
- Re: Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 13)
- Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 13)
- Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 12)
- Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
- Lizard Stresser rekt Robert Cavanaugh (Jan 12)
- Re: Lizard Stresser rekt Julius Kivimäki (Jan 12)
- [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager Peter Lapp (Jan 12)
- SQL Injection Vulnerability in Microweber 0.95 ITAS Team (Jan 12)
- MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" Diéyǔ (Jan 12)
- Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0 Steffen Rösemann (Jan 13)
- SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones SEC Consult Vulnerability Lab (Jan 13)
- Re: SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones kapejod () googlemail com (Jan 13)
- SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower SEC Consult Vulnerability Lab (Jan 13)
- SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi SEC Consult Vulnerability Lab (Jan 13)
- Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 13)
- Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability Vulnerability Lab (Jan 13)
- ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities Vulnerability Lab (Jan 13)
- Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Luke Walker (Jan 13)
- Reflected XSS in Flash files of TechSmith Camtasia 8 & 7 Soroush Dalili (Jan 13)
- MS14-080 CVE-2014-6365 Code Diéyǔ (Jan 14)
- Alienvault OSSIM/USM Command Execution Vulnerability Peter Lapp (Jan 15)
- CatBot v0.4.2 (PHP) - SQL Injection Vulnerability Vulnerability Lab (Jan 16)
- VeryPhoto v3.0 iOS - Command Injection Vulnerability Vulnerability Lab (Jan 16)
- WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability Vulnerability Lab (Jan 16)
- File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jan 16)
- Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability Vulnerability Lab (Jan 16)
- Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability admin () evolution-sec com (Jan 18)
- McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass David Coomber (Jan 18)
- Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3 Steffen Rösemann (Jan 18)
- N-central Remote Support Manager Multiple Vulnerabilities Thomas Hibbert (Jan 18)
- VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) Veysel hataş (Jan 18)
- SPSControl v1.2 iOS - (.spc) Persistent Vulnerability Vulnerability Lab (Jan 19)
- Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities Vulnerability Lab (Jan 19)
- MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Advisories (Jan 20)
- Barracuda Load Balancer ADC VM multiple vulnerabilities Cristiano Maruti (Jan 20)
- Hack In Paris 2015 Call For Papers / Call For Trainings Damien Cauquil (Jan 20)
- vorbis-tools issues Paris Zoumpouloglou (Jan 20)
- WebGUI 7.10.29 stable version Cross site scripting vulnerability SECUPENT Research Center (Jan 20)
- Arbitrary File Upload in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)
- SQL injection vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 20)
- Remote Desktop v0.9.4 Android - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
- LizardSquad DDoS Stresser - Multiple Vulnerabilities Vulnerability Lab (Jan 21)
- iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll Vulnerability Lab (Jan 21)
- PhotoSync v1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 21)
- [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass RedTeam Pentesting GmbH (Jan 21)
- CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo (Jan 21)
- full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)
- Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive forgottenpassword (Jan 22)
- Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)
- SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP SEC Consult Vulnerability Lab (Jan 22)
- Program-O v2.4.6 - Multiple Web Vulnerabilities Vulnerability Lab (Jan 22)
- PhotoSync 1.1.3 Android - Command Inject Vulnerability Vulnerability Lab (Jan 22)
- USAA mobile app gives away personal data; fix released David Longenecker (Jan 22)
- CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities Jing Wang (Jan 22)
- CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang (Jan 22)
- Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities Jing Wang (Jan 22)
- Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha Steffen Rösemann (Jan 22)
- IT Hot Topics 2015 Call for Papers Squirrel Herder Productions (Jan 22)
- XSS vulnerability in articleFR CMS 3.0.5 Tien Tran Dinh (Jan 22)
- SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability Vulnerability Lab (Jan 25)
- Mangallam CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 26)
- [CORE-2015-0002] - Android WiFi-Direct Denial of Service CORE Advisories Team (Jan 26)
- Barracuda Networks Cloud Series - Filter Bypass Vulnerability bkm () evolution-sec com (Jan 26)
- [Call For Papers] Security BSides San Francisco April 2015 BSidesLV (Jan 26)
- [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities CORE Advisories Team (Jan 27)
- NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues VMware Security Response Center (Jan 27)
- [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability Amplia Security Advisories (Jan 27)
- CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect') Popovici, Alejo (LATCO - Buenos Aires) (Jan 27)
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE) Steffen Rösemann (Jan 27)
- Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability Paolo Perego (Jan 28)
- [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) Pedro Ribeiro (Jan 28)
- AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk Security Team (Jan 28)
- AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability Asterisk Security Team (Jan 28)
- Vulnerabilities in HP LaserJet MustLive (Jan 28)
- KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation KoreLogic Disclosures (Jan 28)
- AirWatch Multiple Direct Object References Denis Andzakovic (Jan 28)
- Cisco Meraki Systems Manager Multiple Vulnerabilities Denis Andzakovic (Jan 28)
- Fortinet FortiAuthenticator Multiple Vulnerabilities Denis Andzakovic (Jan 28)
- Fortinet FortiClient Multiple Vulnerabilities Denis Andzakovic (Jan 28)
- Fortinet FortiOS Multiple Vulnerabilities Denis Andzakovic (Jan 28)
- Kaseya BYOD Gateway Multiple Vulnerabilities Denis Andzakovic (Jan 28)
- Kaseya Browser Android Path Traversal Denis Andzakovic (Jan 28)
- NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability VMware Security Response Center (Jan 29)
- Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection Paul Craig (Jan 29)
- Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 Onur Yilmaz (Jan 29)
- Facebook Malware that infected more than 110K and still on the rise Mohammad Reza Faghani (Jan 29)
- Registration open for Rooted CON 2015 omarbv (Jan 29)
- Unrevealed Secrets of MAL-Drone jack ana (Jan 30)