Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

126 messages starting Jul 06 15 and ending Jul 14 15
Date index | Thread index | Author index

47

WideImage Demo Code Cross Site Scripting (XSS) 47 (Jul 06)

Alessandro Zala

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 Alessandro Zala (Jul 02)

anidear

Re: [oss-security] Re: Google Chrome Address Spoofing (Request For Comment) anidear (Jul 03)

Berend-Jan Wever

1503A - Chrome - ui::AXTree::Unserialize use-after-free Berend-Jan Wever (Jul 17)

Big Whale

Re: Google Chrome Address Spoofing (Request For Comment) Big Whale (Jul 02)

bob secse

RainbowCrack Plugin for Oracle hashes (<=10g) bob secse (Jul 21)

Brandon Perry

J2Store 3.1.6 unauthenticated SQL injections Brandon Perry (Jul 10)

Brian Offenheim

Ashley Madison Hacked Brian Offenheim (Jul 21)

CORE Advisories Team

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection CORE Advisories Team (Jul 06)
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection CORE Advisories Team (Jul 08)

Dancho Danchev

Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report Dancho Danchev (Jul 29)

Daniel Wood

Re: Google Chrome Address Spoofing (Request For Comment) Daniel Wood (Jul 03)

Darío B

Auditing folders ACLs with Powershell Darío B (Jul 06)

Darya Maenkova

SAP Security Notes July 2015 Darya Maenkova (Jul 16)

Dau, Huy-Ngoc (FR - Paris)

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution Dau, Huy-Ngoc (FR - Paris) (Jul 10)
SOPlanning - Simple Online Planning Tool multiple vulnerabilities Dau, Huy-Ngoc (FR - Paris) (Jul 10)

Dave Horsfall

Re: Ashley Madison Hacked Dave Horsfall (Jul 21)

David Jorm

Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root David Jorm (Jul 07)

David Leo

Re: Google Chrome Address Spoofing (Request For Comment) David Leo (Jul 01)
Google Chrome Address Spoofing - Google's Opinion David Leo (Jul 07)

devel

Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)

Dirk-Willem van Gulik

Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Dirk-Willem van Gulik (Jul 21)

Douglas Held

UDID+ v2.5 iOS - Mail Command Inject Vulnerability Douglas Held (Jul 17)

dxw Security

Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin) dxw Security (Jul 13)
Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin) dxw Security (Jul 14)
Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security (Jul 13)
CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5 (WordPress plugin) dxw Security (Jul 14)
Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin) dxw Security (Jul 10)
Local File Include vulnerability in GD bbPress Attachments allows attackers to include arbitrary PHP files (WordPress plugin) dxw Security (Jul 10)
Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin) dxw Security (Jul 28)

Federico Fazzi

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 03)
Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 27)

Gynvael Coldwind

Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Gynvael Coldwind (Jul 05)

Henri Salo

Re: CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Henri Salo (Jul 21)

Imre RAD

CVE-2014-7952, Android ADB backup APK injection vulnerability Imre RAD (Jul 10)

Jaanus

Fake links in Skype Jaanus (Jul 07)

Jeffrey Walton

Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Jeffrey Walton (Jul 13)

jericho

Re: weblogin software cross site request jericho (Jul 18)

Joshua Rogers

Re: Fake links in Skype Joshua Rogers (Jul 10)

Joshua Wright

Re: 15 TOTOLINK router models vulnerable to multiple RCEs Joshua Wright (Jul 16)

Juan Martinez

weblogin software cross site request Juan Martinez (Jul 17)
Vulnerability in Apache Tomcat Juan Martinez (Jul 13)

Kasper Westphal Bertelsen

New CVE's to be released the 17th of June. Kasper Westphal Bertelsen (Jul 16)

Kevin Beaumont

Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont (Jul 02)
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont (Jul 03)

king cope

OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) king cope (Jul 17)

Kyriakos Economou

CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution Kyriakos Economou (Jul 10)

Larry W. Cashdollar

Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Larry W. Cashdollar (Jul 07)
SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar (Jul 03)
Re: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 07)
SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar (Jul 10)
Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar (Jul 13)
Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar (Jul 10)
Remote file download vulnerability in Wordpress Plugin image-export v1.1 Larry W. Cashdollar (Jul 13)
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)

Luciano Pedreira

Fwd: CVE_for_Vulnerability_theholidaycalendar Luciano Pedreira (Jul 29)

Mark Cross

CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)
CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)

Mark Thomas

Re: Vulnerability in Apache Tomcat Mark Thomas (Jul 14)

Mike K Gorski

Re: Google Chrome Address Spoofing (Request For Comment) Mike K Gorski (Jul 01)

Mustafa Al-Bassam

Re: Google Chrome Address Spoofing (Request For Comment) Mustafa Al-Bassam (Jul 02)

MustLive

Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass MustLive (Jul 05)
CSRF and XSS vulnerabilities in D-Link DCS-2103 MustLive (Jul 28)

Nguyen Anh Quynh

Capstone disassembly engine 3.0.4 is out! Nguyen Anh Quynh (Jul 16)

Nitin Venkatesh

Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Nitin Venkatesh (Jul 21)
Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh (Jul 10)
Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below Nitin Venkatesh (Jul 18)
Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 Nitin Venkatesh (Jul 05)
Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 Nitin Venkatesh (Jul 14)
Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Nitin Venkatesh (Jul 25)
Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Nitin Venkatesh (Jul 25)

Paris Zoumpouloglou

Orchard CMS - Persistent XSS vulnerability Paris Zoumpouloglou (Jul 06)

Password Manager Pro Support

Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability Password Manager Pro Support (Jul 03)

Pedro Ribeiro

[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect Pedro Ribeiro (Jul 13)

Per Thorsheim

CFP: Passwords 2015, Dec 7-9, Cambridge, UK Per Thorsheim (Jul 10)

Pierre Kim

Why Full Disclosure is the solution ? An example with RIPE Pierre Kim (Jul 21)
4 TOTOLINK router models vulnerable to CSRF and XSS attacks Pierre Kim (Jul 16)
Re: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 26)
ipTIME n104r3 vulnerable to CSRF and XSS attacks Pierre Kim (Jul 03)
Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Jul 16)
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) Pierre Kim (Jul 01)
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 05)
Backdoor credentials found in 4 TOTOLINK router models Pierre Kim (Jul 16)
15 TOTOLINK router models vulnerable to multiple RCEs Pierre Kim (Jul 16)

PIN

double free's in glibc (and tcmalloc/jemalloc) PIN (Jul 16)

Portcullis Advisories

CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products Portcullis Advisories (Jul 13)
CVE-2015-4426 - SQL Injection In Pimcore CMS Portcullis Advisories (Jul 13)
CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS Portcullis Advisories (Jul 13)
CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe Portcullis Advisories (Jul 13)
CVE-2015-3621 - Privilege Escalation In SAP ECC Portcullis Advisories (Jul 13)

Qualys Security Advisory

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)

Reed Loden

Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)

Samuel Lavitt - CVE-2015-0942

Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne Samuel Lavitt - CVE-2015-0942 (Jul 27)

Seamus Caveney

Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Seamus Caveney (Jul 11)

SEC Consult Vulnerability Lab

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities SEC Consult Vulnerability Lab (Jul 28)

Securify B.V.

Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Jul 25)

Shi,Tong

CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Shi,Tong (Jul 21)

Sijmen Ruwhof

Multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager Sijmen Ruwhof (Jul 26)

sikkandar.lynx

WideImage Demo Code Cross Site Scripting (XSS) sikkandar.lynx (Jul 06)

Simon Rawet

Joomla! plugin Helpdesk Pro < 1.4.0 Simon Rawet (Jul 21)

Stefan Kanthak

Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak (Jul 03)
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak (Jul 03)
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Jul 01)

tAd

[CFP] Hackito Ergo Sum 2015 tAd (Jul 07)

Valentinas Bakaitis

Re: Google Chrome Address Spoofing (Request For Comment) Valentinas Bakaitis (Jul 01)

VMware Security Response Center

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Response Center (Jul 09)

Vulnerability Lab

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability Vulnerability Lab (Jul 23)
Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability Vulnerability Lab (Jul 27)
Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability Vulnerability Lab (Jul 20)
UDID+ v2.5 iOS - Mail Command Inject Vulnerability Vulnerability Lab (Jul 17)
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability Vulnerability Lab (Jul 01)
AirDroid ID - Client Side JSONP Callback Vulnerability Vulnerability Lab (Jul 17)
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability Vulnerability Lab (Jul 01)
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 17)
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability Vulnerability Lab (Jul 01)
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability Vulnerability Lab (Jul 04)
WK UDID v1.0.1 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 04)
FCS Scanner v1.0 & v1.4 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 01)
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)

William Costa

Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029) William Costa (Jul 13)

xistence

Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution xistence (Jul 10)

Zach C

Broken, Abandoned, and Forgotten Code, Part 11 Zach C (Jul 16)
Broken, Abandoned, and Forgotten Code, Part 10 Zach C (Jul 10)

ZhangTianqi

Re: Vulnerability in Apache Tomcat ZhangTianqi (Jul 14)

Previous period

Next period