Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

112 messages starting Jun 21 15 and ending Jun 17 15
Date index | Thread index | Author index

Antonio Augusto Santos

[Survey] Help shape the future of IDSs Antonio Augusto Santos (Jun 21)

Aras Pranckevicius

The token order of OpVectorTimesScalar and OpMatrixTimesScalar which generated in glslangValidator isn't consistant with SPEC Aras Pranckevicius (Jun 12)

Big Whale

Re: Google Chrome Address Spoofing (Request For Comment) Big Whale (Jun 30)

Blazej Adamczyk

ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability Blazej Adamczyk (Jun 30)

Brian Hysell

CVE-2015-4453 - Authentication bypass in OpenEMR Brian Hysell (Jun 18)

Bruno Luiz

OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability Bruno Luiz (Jun 13)
This POODLE Bites: Exploiting The SSL 3.0 Fallback Bruno Luiz (Jun 10)
Apache vulnerability program faulting module ntdll.dll Bruno Luiz (Jun 11)

cosmin0maier

eBay Security Assessment cosmin0maier (Jun 15)

Cosmin Maier

SpiderOak.com - Disclousure of sensitive information Cosmin Maier (Jun 18)

Craig Young

ROP 101 Blog Craig Young (Jun 24)

Daniel Jensen

WedgeOS Multiple Vulnerabilities Daniel Jensen (Jun 29)
Watchguard XCS Multiple Vulnerabilities Daniel Jensen (Jun 29)

Darya Maenkova

ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Darya Maenkova (Jun 23)
Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP Darya Maenkova (Jun 24)
ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Darya Maenkova (Jun 23)
ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE Darya Maenkova (Jun 23)
SAP Security Notes June 2015 Darya Maenkova (Jun 11)

DAU Huy Ngoc

Freebox OS Web interface 3.0.2 XSS, CSRF DAU Huy Ngoc (Jun 01)

David Leo

Google Chrome Address Spoofing (Request For Comment) David Leo (Jun 30)
Re: Safari Address Spoofing (How We Got It) David Leo (Jun 02)

Douglas Held

Fwd: Potentially critical buffer overflow in TinySRP Douglas Held (Jun 09)

Egidio Romano

[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability Egidio Romano (Jun 11)
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano (Jun 11)
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability Egidio Romano (Jun 11)

Fernando Muñoz

CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP Fernando Muñoz (Jun 30)

Fran

Siemens, Climatix BACnet/IP communication module, Vulnerabilities Fran (Jun 30)

Genevieve Southwick

[CFP] SOURCE Dublin, Sept 5-8, Trinity College Genevieve Southwick (Jun 01)

Hanno Böck

Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser Hanno Böck (Jun 29)

Hongkai Wu

[call for paper] SIGIR workshop: privacy-preserving information retrieval Hongkai Wu (Jun 09)

ICSS Security

Recomendation: Flaw in K9 Web Protection 4.4.268 ICSS Security (Jun 25)

Jeffrey Walton

Re: Safari Address Spoofing (How We Got It) Jeffrey Walton (Jun 02)

Jing Wang

6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities Jing Wang (Jun 11)
FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities Jing Wang (Jun 11)

Justin Burke

Re: [CVE-2015-1234] Tanium all versions arbitrary file overwrite Justin Burke (Jun 09)

Larry W. Cashdollar

Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar (Jun 11)
Remote file download vulnerability in download-zip-attachments v1.0 Larry W. Cashdollar (Jun 26)
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar (Jun 10)
Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Larry W. Cashdollar (Jun 26)
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar (Jun 09)

Levon Kayan

New version: smalisca - Static Code Analysis tool for Smali files Levon Kayan (Jun 23)

Liran Segal

CVE-2015-4413 - Wordpress “Nextend Facebook Connect” Cross Site Scripting Liran Segal (Jun 23)
CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting Liran Segal (Jun 23)

Luke Walker

Re: Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System Luke Walker (Jun 28)

Manuel Mancera

Authentication Bypass in Pandora FMS Manuel Mancera (Jun 10)

Marco Delai

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 Marco Delai (Jun 24)

Mehdi Talbi

Haka v0.3.0 release Mehdi Talbi (Jun 23)

Michal Zalewski

Re: Safari Address Spoofing (How We Got It) Michal Zalewski (Jun 02)

Milos Krasojevic

Call for Papers for 3rd Balkan Computer Congress – BalCCon2k15 Milos Krasojevic (Jun 01)

Mustafa Al-Bassam

E-Detective Lawful Interception System - multiple security vulnerabilities Mustafa Al-Bassam (Jun 14)
Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System Mustafa Al-Bassam (Jun 26)

MustLive

DAVOSET v.1.2.5 MustLive (Jun 30)
XXE Injection in NetIQ Access MustLive (Jun 29)
IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) MustLive (Jun 19)

Nitin Venkatesh

Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 Nitin Venkatesh (Jun 15)
Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 Nitin Venkatesh (Jun 19)

Oliver-Tobias Ripka

CollabNet Subversion Edge Password Hash Leak Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge weak password policy Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge show local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge insecure password change Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge autocomplete on Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge downloadHook local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing single login restriction Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing clickjacking protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing brute force protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge index local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge Hook Script Privilege Escalation Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing XSRF protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge weak password storage mechanism Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge tail local file inclusion Oliver-Tobias Ripka (Jun 29)

Pedro Ribeiro

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) Pedro Ribeiro (Jun 03)

Peter Adkins

D-Link DSP-W110 - multiple vulnerabilities Peter Adkins (Jun 11)

Pierre-d

Re: Announcing NorthSec 2015 - Montreal, May 21-24 Pierre-d (Jun 17)

Raschin Ghanad-Tavakoli

SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS Raschin Ghanad-Tavakoli (Jun 25)

RedTeam Pentesting GmbH

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager RedTeam Pentesting GmbH (Jun 15)
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery RedTeam Pentesting GmbH (Jun 10)
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID RedTeam Pentesting GmbH (Jun 10)

reek35

[CVE-2015-1234] Tanium all versions arbitrary file overwrite reek35 (Jun 04)

Roney Gomes

Re: Google Chrome Address Spoofing (Request For Comment) Roney Gomes (Jun 30)

Scott Arciszewski

Minds.com - Several Issues Scott Arciszewski (Jun 23)
2 vulns 1 line in RNCryptor (PHP) + Call to Action Scott Arciszewski (Jun 10)
Tutanota Encrypted Email service - Malleable Ciphertext (AES-CBC with no MAC) Scott Arciszewski (Jun 21)

SEC Consult Vulnerability Lab

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences SEC Consult Vulnerability Lab (Jun 26)

sec () inventropy us

Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS sec () inventropy us (Jun 12)

Stas Volfus

XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) Stas Volfus (Jun 11)

Suraj Krishnaswami

XSS vulnerability in manage engine. Suraj Krishnaswami (Jun 23)

The Security Factory

[CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass The Security Factory (Jun 04)

Tomi Tuominen

t2'15: Call for Papers 2015 (Helsinki / Finland) Tomi Tuominen (Jun 01)

VMware Security Response Center

NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues VMware Security Response Center (Jun 09)

Vulnerability Lab

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability Vulnerability Lab (Jun 22)
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Vulnerability Lab (Jun 19)
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability Vulnerability Lab (Jun 19)
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability Vulnerability Lab (Jun 19)
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jun 19)
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability Vulnerability Lab (Jun 19)
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability Vulnerability Lab (Jun 02)
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability Vulnerability Lab (Jun 10)

xin.wang

[CVE-2015-4342]SQL Injection and Location header injection from cdef id xin.wang (Jun 09)

Zach C

Broken, Abandoned, and Forgotten Code, Part 8 Zach C (Jun 18)
Broken, Abandoned, and Forgotten Code, Part 7 Zach C (Jun 04)
Broken, Abandoned, and Forgotten Code, Part 9 Zach C (Jun 30)
Broken, Abandoned, and Forgotten Code, Intermission Zach C (Jun 09)

zise . shi

[CVE-2015-4553]Dedecms variable coverage leads to getshell zise . shi (Jun 17)

Previous period

Next period