Full Disclosure: by author
126 messages
starting Jul 06 15 and
ending Jul 14 15
Date index |
Thread index |
Author index
47
WideImage Demo Code Cross Site Scripting (XSS) 47 (Jul 06)
Alessandro Zala
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 Alessandro Zala (Jul 02)
anidear
Re: [oss-security] Re: Google Chrome Address Spoofing (Request For Comment) anidear (Jul 03)
Berend-Jan Wever
1503A - Chrome - ui::AXTree::Unserialize use-after-free Berend-Jan Wever (Jul 17)
Big Whale
Re: Google Chrome Address Spoofing (Request For Comment) Big Whale (Jul 02)
bob secse
RainbowCrack Plugin for Oracle hashes (<=10g) bob secse (Jul 21)
Brandon Perry
J2Store 3.1.6 unauthenticated SQL injections Brandon Perry (Jul 10)
Brian Offenheim
Ashley Madison Hacked Brian Offenheim (Jul 21)
CORE Advisories Team
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection CORE Advisories Team (Jul 06)
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection CORE Advisories Team (Jul 08)
Dancho Danchev
Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report Dancho Danchev (Jul 29)
Daniel Wood
Re: Google Chrome Address Spoofing (Request For Comment) Daniel Wood (Jul 03)
Darío B
Auditing folders ACLs with Powershell Darío B (Jul 06)
Darya Maenkova
SAP Security Notes July 2015 Darya Maenkova (Jul 16)
Dau, Huy-Ngoc (FR - Paris)
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution Dau, Huy-Ngoc (FR - Paris) (Jul 10)
SOPlanning - Simple Online Planning Tool multiple vulnerabilities Dau, Huy-Ngoc (FR - Paris) (Jul 10)
Dave Horsfall
Re: Ashley Madison Hacked Dave Horsfall (Jul 21)
David Jorm
Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root David Jorm (Jul 07)
David Leo
Re: Google Chrome Address Spoofing (Request For Comment) David Leo (Jul 01)
Google Chrome Address Spoofing - Google's Opinion David Leo (Jul 07)
devel
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)
Dirk-Willem van Gulik
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Dirk-Willem van Gulik (Jul 21)
Douglas Held
UDID+ v2.5 iOS - Mail Command Inject Vulnerability Douglas Held (Jul 17)
dxw Security
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin) dxw Security (Jul 13)
Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin) dxw Security (Jul 14)
Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security (Jul 13)
CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5 (WordPress plugin) dxw Security (Jul 14)
Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin) dxw Security (Jul 10)
Local File Include vulnerability in GD bbPress Attachments allows attackers to include arbitrary PHP files (WordPress plugin) dxw Security (Jul 10)
Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin) dxw Security (Jul 28)
Federico Fazzi
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 03)
Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 27)
Gynvael Coldwind
Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Gynvael Coldwind (Jul 05)
Henri Salo
Re: CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Henri Salo (Jul 21)
Imre RAD
CVE-2014-7952, Android ADB backup APK injection vulnerability Imre RAD (Jul 10)
Jaanus
Fake links in Skype Jaanus (Jul 07)
Jeffrey Walton
Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Jeffrey Walton (Jul 13)
jericho
Re: weblogin software cross site request jericho (Jul 18)
Joshua Rogers
Re: Fake links in Skype Joshua Rogers (Jul 10)
Joshua Wright
Re: 15 TOTOLINK router models vulnerable to multiple RCEs Joshua Wright (Jul 16)
Juan Martinez
weblogin software cross site request Juan Martinez (Jul 17)
Vulnerability in Apache Tomcat Juan Martinez (Jul 13)
Kasper Westphal Bertelsen
New CVE's to be released the 17th of June. Kasper Westphal Bertelsen (Jul 16)
Kevin Beaumont
Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont (Jul 02)
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont (Jul 03)
king cope
OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) king cope (Jul 17)
Kyriakos Economou
CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution Kyriakos Economou (Jul 10)
Larry W. Cashdollar
Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Larry W. Cashdollar (Jul 07)
SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar (Jul 03)
Re: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 07)
SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar (Jul 10)
Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar (Jul 13)
Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar (Jul 10)
Remote file download vulnerability in Wordpress Plugin image-export v1.1 Larry W. Cashdollar (Jul 13)
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)
Luciano Pedreira
Fwd: CVE_for_Vulnerability_theholidaycalendar Luciano Pedreira (Jul 29)
Mark Cross
CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)
CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)
Mark Thomas
Re: Vulnerability in Apache Tomcat Mark Thomas (Jul 14)
Mike K Gorski
Re: Google Chrome Address Spoofing (Request For Comment) Mike K Gorski (Jul 01)
Mustafa Al-Bassam
Re: Google Chrome Address Spoofing (Request For Comment) Mustafa Al-Bassam (Jul 02)
MustLive
Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass MustLive (Jul 05)
CSRF and XSS vulnerabilities in D-Link DCS-2103 MustLive (Jul 28)
Nguyen Anh Quynh
Capstone disassembly engine 3.0.4 is out! Nguyen Anh Quynh (Jul 16)
Nitin Venkatesh
Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Nitin Venkatesh (Jul 21)
Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh (Jul 10)
Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below Nitin Venkatesh (Jul 18)
Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 Nitin Venkatesh (Jul 05)
Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 Nitin Venkatesh (Jul 14)
Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Nitin Venkatesh (Jul 25)
Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Nitin Venkatesh (Jul 25)
Paris Zoumpouloglou
Orchard CMS - Persistent XSS vulnerability Paris Zoumpouloglou (Jul 06)
Password Manager Pro Support
Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability Password Manager Pro Support (Jul 03)
Pedro Ribeiro
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect Pedro Ribeiro (Jul 13)
Per Thorsheim
CFP: Passwords 2015, Dec 7-9, Cambridge, UK Per Thorsheim (Jul 10)
Pierre Kim
Why Full Disclosure is the solution ? An example with RIPE Pierre Kim (Jul 21)
4 TOTOLINK router models vulnerable to CSRF and XSS attacks Pierre Kim (Jul 16)
Re: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 26)
ipTIME n104r3 vulnerable to CSRF and XSS attacks Pierre Kim (Jul 03)
Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Jul 16)
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) Pierre Kim (Jul 01)
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 05)
Backdoor credentials found in 4 TOTOLINK router models Pierre Kim (Jul 16)
15 TOTOLINK router models vulnerable to multiple RCEs Pierre Kim (Jul 16)
PIN
double free's in glibc (and tcmalloc/jemalloc) PIN (Jul 16)
Portcullis Advisories
CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products Portcullis Advisories (Jul 13)
CVE-2015-4426 - SQL Injection In Pimcore CMS Portcullis Advisories (Jul 13)
CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS Portcullis Advisories (Jul 13)
CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe Portcullis Advisories (Jul 13)
CVE-2015-3621 - Privilege Escalation In SAP ECC Portcullis Advisories (Jul 13)
Qualys Security Advisory
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)
Reed Loden
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)
Samuel Lavitt - CVE-2015-0942
Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne Samuel Lavitt - CVE-2015-0942 (Jul 27)
Seamus Caveney
Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Seamus Caveney (Jul 11)
SEC Consult Vulnerability Lab
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express SEC Consult Vulnerability Lab (Jul 16)
SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities SEC Consult Vulnerability Lab (Jul 28)
Securify B.V.
Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Jul 25)
Shi,Tong
CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Shi,Tong (Jul 21)
Sijmen Ruwhof
Multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager Sijmen Ruwhof (Jul 26)
sikkandar.lynx
WideImage Demo Code Cross Site Scripting (XSS) sikkandar.lynx (Jul 06)
Simon Rawet
Joomla! plugin Helpdesk Pro < 1.4.0 Simon Rawet (Jul 21)
Stefan Kanthak
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak (Jul 03)
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak (Jul 03)
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Jul 01)
tAd
[CFP] Hackito Ergo Sum 2015 tAd (Jul 07)
Valentinas Bakaitis
Re: Google Chrome Address Spoofing (Request For Comment) Valentinas Bakaitis (Jul 01)
VMware Security Response Center
NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Response Center (Jul 09)
Vulnerability Lab
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability Vulnerability Lab (Jul 23)
Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability Vulnerability Lab (Jul 27)
Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability Vulnerability Lab (Jul 20)
UDID+ v2.5 iOS - Mail Command Inject Vulnerability Vulnerability Lab (Jul 17)
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability Vulnerability Lab (Jul 01)
AirDroid ID - Client Side JSONP Callback Vulnerability Vulnerability Lab (Jul 17)
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability Vulnerability Lab (Jul 01)
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 17)
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability Vulnerability Lab (Jul 01)
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability Vulnerability Lab (Jul 04)
WK UDID v1.0.1 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 04)
FCS Scanner v1.0 & v1.4 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 01)
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
William Costa
Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029) William Costa (Jul 13)
xistence
Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution xistence (Jul 10)
Zach C
Broken, Abandoned, and Forgotten Code, Part 11 Zach C (Jul 16)
Broken, Abandoned, and Forgotten Code, Part 10 Zach C (Jul 10)
ZhangTianqi
Re: Vulnerability in Apache Tomcat ZhangTianqi (Jul 14)