Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

165 messages starting Mar 01 15 and ending Mar 31 15
Date index | Thread index | Author index

Sunday, 01 March

Cross-Site-Scripting (XSS) in tcllib's html::textarea Ben Fuhrmannek
Piwik Downloads Updates over HTTP Taylor Hornby
Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Jing Wang
NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Jing Wang
NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities Jing Wang
NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities Jing Wang
XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617) William Costa
Re: Reflected File Download in AOL Search Website Ricardo Iramar dos Santos
upstart logrotate privilege escalation in Ubuntu Vivid (development) halfdog
0x08 SEC-T 2015: Call For Papers annoucement Matt
D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities Peter Adkins
GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server Ron Gutierrez
Tor Browser 4.0.3 with websockets enabled by default? Pablo
Vulnerabilities in Hikvision DS-7204HWI-SH MustLive

Monday, 02 March

CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication csirt
Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities Scott Arciszewski
RV4sec 2015 CFP Open! Sullo

Tuesday, 03 March

Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566) Brandon Perry
PHPMoAdmin Unauthorized Remote Code Execution (0-Day) Pichaya Morimoto
[Call for Papers] SOURCE Boston (May 27/28) Squirrel Herder Productions

Wednesday, 04 March

CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin) dxw Security
Partial pointer leaks Christophe Hauser
WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities Jing Wang
WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Webshop hun v1.062S Directory Traversal Security Vulnerabilities Jing Wang
Webshop hun v1.062S SQL Injection Security Vulnerabilities Jing Wang
Java 8u40 released: why? paul . szabo

Thursday, 05 March

Re: Java 8u40 released: why? Gsunde Orangen
ProjectSend r561 - SQL injection vulnerability ITAS Team

Friday, 06 March

Re: Partial pointer leaks Robert Święcki
Re: Java 8u40 released: why? Guy Dawson
Re: Java 8u40 released: why? paul . szabo

Saturday, 07 March

WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities Jing Wang
WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities Jing Wang
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities Jing Wang
NetCat CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities Jing Wang
Fw: Vulnerabilities in ASUS RT-G32 MustLive
Re: Java 8u40 released: why? Alan Coopersmith
Re: Java 8u40 released: why? Alexander Burke
Re: Java 8u40 released: why? James Hodgkinson
Re: Java 8u40 released: why? paul . szabo
Re: Java 8u40 released: why? Alan Coopersmith
Re: Partial pointer leaks Christophe Hauser
Re: Java 8u40 released: why? Nick FitzGerald

Sunday, 08 March

Multiple vulnerabilities in Untangle NGFW 9-11 Hutton
OpenKM Platform Remote Reflected Cross Site Scripting Mohamed A. Baset
MikroTik RouterOS Admin Password Change CSRF Mohamed A. Baset
Re: Partial pointer leaks Gil Besso

Monday, 09 March

[CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting Mohamed A. Baset
Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke
Re: Java 8u40 released: why? James Hodgkinson
Re: Java 8u40 released: why? Dave Warren

Tuesday, 10 March

SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities Jing Wang
Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities Jing Wang
Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
[CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation CORE Advisories Team

Wednesday, 11 March

Vulnerability in the Dropbox SDK for Android (CVE-2014-8889) Roee Hay
Capstone disassembly engine 3.0.2 is out! Nguyen Anh Quynh
[CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer Guang Gong
[CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission Guang Gong
Community Gallery - Srored Corss-Site Scripting vulnerability ITAS Team
Raritan PowerIQ known session secret Brandon Perry
Re: [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission Guang Gong
Re: [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer Guang Gong
Vulnerabilities in the Samsung SNS Provider application for Android [STIC-2015-0511] Programa STIC

Thursday, 12 March

MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation Advisories
WPML WordPress plug-in SQL injection etc. Jouko Pynnonen
'Rowhammer' - Software-triggered DRAM corruption Nick Boyce
WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection Ryan Dewhurst
Re: MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation Advisories
Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities Rehan Ahmed
Re: 'Rowhammer' - Software-triggered DRAM corruption Aris Adamantiadis

Monday, 16 March

[SE-2014-02] Google App Engine Java security sandbox bypasses (details) Security Explorations
Re: 'Rowhammer' - Software-triggered DRAM corruption fulldisclosure
Re: WPML WordPress plug-in SQL injection etc. Jouko Pynnonen
Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities Jing Wang
Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Jing Wang
724CMS 5.01 Multiple Information Leakage Security Vulnerabilities Jing Wang
724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities Jing Wang
724CMS 5.01 Multiple SQL Injection Security Vulnerabilities Jing Wang
724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities Jing Wang
Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro - x64 Nick Prowse
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64 Nick Prowse
Having fun with dmesg halfdog
Defense in depth -- the Mozilla way: return and exit codes are dispensable Stefan Kanthak
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions Stefan Kanthak
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting Stefan Kanthak
Jolla Phone tel URI Spoofing NSO Research
Metasploit Project initial User Creation CSRF Mohamed A. Baset
Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Onur Alanbel
Re: 'Rowhammer' - Software-triggered DRAM corruption Nick Boyce
A local application could cause a denial-of-service to the audio_policy app in Android Guang Gong
Re: 'Rowhammer' - Software-triggered DRAM corruption Dirk-Willem van Gulik
D-RamPage: POC for zero-risk row-hammer exploitation halfdog

Wednesday, 18 March

Upcoming new OpenSSL version with "high severity" security issues Patrik Kernstock
Re: Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64 jericho
Regarding how can I request a CVE number? XiaopengZhang
Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting Securify B.V.
Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view Securify B.V.
Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Securify B.V.
Source code disclosure of Websense Triton JSP files via double quote character Securify B.V.
Missing access control on Websense Explorer web folder Securify B.V.
Cross-Site Scripting vulnerability in Websense Data Security block page Securify B.V.
Cross-Site Scripting vulnerability in Websense Explorer report scheduler Securify B.V.
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting Securify B.V.
Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting Securify B.V.
[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow CORE Advisories Team
EMC M&R (Watch4net) data storage collector credentials are not properly protected Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend Securify B.V.
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser Securify B.V.
Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery Securify B.V.
Command injection vulnerability in EMC Secure Remote Services Virtual Edition Securify B.V.
EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection Securify B.V.
Mac OS X 10.10.2 IOHIDFamily.kext IOHIDSecurePromptClient Heap Overflow info
Mac OS X 10.10.2 Default KEXT heap overflow LPE Luca Todesco
Mac OS X 10.10.2 kernel extension heap overflow resulting in LPE Luca Todesco
Re: Regarding how can I request a CVE number? James Hooker
Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections Brandon Perry
Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities Rehan Ahmed

Thursday, 19 March

Citrix Command Center allows downloading of configuration files Securify B.V.
Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users Securify B.V.
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting Securify B.V.
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page Securify B.V.
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting Securify B.V.
cve-assign delays Steven M. Christey
Re: Regarding how can I request a CVE number? Daniel Wood
Re: Regarding how can I request a CVE number? Peter Adkins
Re: Regarding how can I request a CVE number? Nick Boyce
[CFP] BSides Las Vegas August 2015 BSidesLV Info
Google Analytics by Yoast stored XSS Jouko Pynnonen

Friday, 20 March

Viber for Android exposes insecure Javascript interface Securify B.V.
Type Confusion Infoleak Vulnerabilities in SoapClient Taoguang Chen
Type Confusion Vulnerability in SoapClient Taoguang Chen
Use After Free Vulnerability in unserialize() with DateInterval Taoguang Chen
Use After Free Vulnerability in unserialize() Taoguang Chen

Sunday, 22 March

[CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection) Kevin Schaller
Re: D-RamPage: POC for zero-risk row-hammer exploitation halfdog
The Palinopsia Bug: Recovering framebuffers from VRAM Bastian
Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Steffen Rösemann
Cisco Unified Computing System Manager (UCSM) username and password hashes sent via SYSLOG tom () fadedcode net
CVE-2011-2461 is back! Mauro Gentile

Monday, 23 March

Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open Ming
Windows Local WebDAV NTLM Reflection Elevation of Privilege James Forshaw

Wednesday, 25 March

WAHCKon[2] - Perth - May 2nd and 3rd 2015 WAHCKon CFP
Announcing NorthSec 2015 - Montreal, May 21-24 Pierre-David / NorthSec Conference
CSRF in Realms Wiki Javantea
Remote Code Execution in Realms Wiki install.sh Javantea

Thursday, 26 March

1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free Berend-Jan Wever
Insecure file upload in Berta CMS Simon Waters

Friday, 27 March

(0DAY) WebDepo -SQL injection / INURL BRASIL INURL Brasil
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 Matthew Daley
Advisory: CVE-2014-9708: Appweb Web Server Matthew Daley

Monday, 30 March

[CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow CORE Advisories Team
Stack overflow in libtasn1 Hanno Böck
Vulnerabilities in multiple Hikvision IP cameras and DVR MustLive
New BlackArch Linux ISOs & installer Black Arch
Re: CVE-2011-2461 is back! Mauro Gentile

Tuesday, 31 March

mDNS VU#550620 dirt diggler

Previous period

Next period