Full Disclosure: by thread
121 messages
starting Sep 01 15 and
ending Sep 30 15
Date index |
Thread index |
Author index
- [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities CORE Advisories Team (Sep 01)
- KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation KoreLogic Disclosures (Sep 01)
- KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 01)
- PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability Vulnerability Lab (Sep 02)
- NibbleBlog 4.0.3 - CSRF - Not fixed Curesec Research Team (CRT) (Sep 02)
- NibbleBlog 4.0.3 - Code Execution - Not fixed Curesec Research Team (CRT) (Sep 02)
- Serendipity 2.0.1 - Code Execution Curesec Research Team (CRT) (Sep 02)
- Serendipity 2.0.1 - Persistent XSS Curesec Research Team (CRT) (Sep 02)
- Serendipity 2.0.1 - Blind SQL Injection Curesec Research Team (CRT) (Sep 02)
- PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4 Dragos Ruiu (Sep 02)
- Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Sep 02)
- CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin) dxw Security (Sep 02)
- Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Sep 02)
- Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities Vulnerability Lab (Sep 03)
- Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability David Coomber (Sep 07)
- Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability David Coomber (Sep 07)
- NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation Elliott Lewis (Sep 07)
- Checkmarx CxQL Sandbox bypass (CVE-2014-8778) Dau, Huy-Ngoc (FR - Paris) (Sep 07)
- Glibc Pointer guarding weakness Hector Marco-Gisbert (Sep 07)
- [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow Julien Ahrens (Sep 07)
- Just Don't Use or Trust Bullhorn Scott Arciszewski (Sep 07)
- Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability Praveen D (Sep 07)
- Re: Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability W Gillespie (Sep 10)
- Advantech WebAccess 8.0, 3.4.3 multiple Remote Code Execution Vulnerabilities Praveen D (Sep 07)
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation Stefan Kanthak (Sep 07)
- Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)
- Re: Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)
- Re: Use After Free Vulnerabilities in unserialize() Christian Kujau (Sep 16)
- Use After Free Vulnerabilities in Session Deserializer Taoguang Chen (Sep 07)
- Use After Free Vulnerability in unserialize() with GMP Taoguang Chen (Sep 07)
- Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen (Sep 07)
- Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen (Sep 07)
- Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Sep 08)
- Synology Video Station command injection and multiple SQL injection vulnerabilities Securify B.V. (Sep 09)
- Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Securify B.V. (Sep 09)
- Raritan PowerIQ default credentials Brandon Perry (Sep 10)
- Silver Peak VXOA Multiple Vulnerabilities Daniel Jensen (Sep 10)
- OpenLDAP ber_get_next Denial of Service Denis Andzakovic (Sep 10)
- Re: OpenLDAP ber_get_next Denial of Service Mark Koek (Sep 11)
- [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository ERPScan inc (Sep 10)
- [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials ERPScan inc (Sep 10)
- [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials ERPScan inc (Sep 10)
- CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability Fernando Camara (Sep 10)
- DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 Onur Yilmaz (Sep 10)
- Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations Stefan Kanthak (Sep 10)
- Nokia Solutions and Networks @vantage - Multiple Reflected XSS Uğur Cihan KOÇ (Sep 10)
- Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability Vulnerability Lab (Sep 11)
- Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability Vulnerability Lab (Sep 11)
- Magento Bug Bounty #19 - Persistent Filename Vulnerability Vulnerability Lab (Sep 11)
- PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability Vulnerability Lab (Sep 11)
- [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability Egidio Romano (Sep 11)
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak (Sep 11)
- Sunny WebBox CVE-2015-3964 Fix SCADA StrangeLove (Sep 14)
- Paypal Inc - Open Redirect Web Vulnerability Vulnerability Lab (Sep 15)
- Anchor CMS 0.9.2 - XSS Curesec Research Team (CRT) (Sep 15)
- Zen Cart 1.5.4 - Code Execution and Information Leak Curesec Research Team (CRT) (Sep 15)
- ZeusCart 4.0 - XSS - not fixed Curesec Research Team (CRT) (Sep 15)
- ZeusCart 4.0: SQL Injection - not fixed Curesec Research Team (CRT) (Sep 15)
- ZeusCart 4.0: Code Execution - not fixed Curesec Research Team (CRT) (Sep 15)
- ZeusCart 4.0: CSRF - not fixed Curesec Research Team (CRT) (Sep 15)
- Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution Dawid Golunski (Sep 15)
- Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal Dawid Golunski (Sep 15)
- Weeman 1.1 HTTP server for phishing | release announcement Hypsurus (Sep 15)
- (0day) IBOOKING CMS - SQL INJECTION INURL Brasil (Sep 15)
- [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting Ahrens, Julien (Sep 15)
- FuzzDB updated, relocated to Github Adam Muntner (Sep 15)
- ManageEngine EventLog Analyzer SQL query execution xistence (Sep 15)
- ManageEngine OpManager multiple vulnerabilities xistence (Sep 15)
- APPLE-SA-2015-09-16-1 iOS 9 Apple Product Security (Sep 16)
- APPLE-SA-2015-09-16-2 Xcode 7.0 Apple Product Security (Sep 16)
- APPLE-SA-2015-09-16-3 iTunes 12.3 Apple Product Security (Sep 16)
- APPLE-SA-2015-09-16-4 OS X Server 5.0.3 Apple Product Security (Sep 16)
- KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 17)
- On Huawei advisory for MBB (Mobile Broadband) product E3272s. SCADA StrangeLove (Sep 19)
- New release of testssl.sh Dirk (Sep 19)
- s/party/hack like it's 1999 up201407890 (Sep 19)
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... Stefan Kanthak (Sep 21)
- Broken, Abandoned, and Forgotten Code, Part 12 Zach C (Sep 21)
- Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 22)
- UDID v1.0 iOS - Persistent Mail Encode Vulnerability Vulnerability Lab (Sep 22)
- Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 22)
- Re: Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 30)
- [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption Onapsis Research Team (Sep 22)
- Obtaining LAN IP from JavaScript for CSRF Craig Young (Sep 22)
- Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability Vulnerability Lab (Sep 23)
- WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability Vulnerability Lab (Sep 23)
- UltraEdit v22.20 - Buffer Overflow Vulnerability Vulnerability Lab (Sep 23)
- Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 23)
- Re: Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 30)
- CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth Antoine Neuenschwander (Sep 23)
- An iOS oversight: exploiting device trust and backups David Longenecker (Sep 23)
- Re: An iOS oversight: exploiting device trust and backups Luis 'Pope' Gómez (Sep 25)
- APPLE-SA-2015-09-21-1 watchOS 2 Apple Product Security (Sep 23)
- Flowdock API Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab (Sep 24)
- CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
- RomPager ShellShock RCE Vulnerability? 1n3 (Sep 25)
- Message not available
- Re: RomPager ShellShock RCE Vulnerability? 1n3 (Sep 27)
- Message not available
- <Possible follow-ups>
- CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization Profundis Labs (Sep 25)