Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

121 messages starting Sep 27 15 and ending Sep 21 15
Date index | Thread index | Author index

1n3

Re: RomPager ShellShock RCE Vulnerability? 1n3 (Sep 27)
RomPager ShellShock RCE Vulnerability? 1n3 (Sep 25)

Adam Muntner

FuzzDB updated, relocated to Github Adam Muntner (Sep 15)

Ahrens, Julien

[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting Ahrens, Julien (Sep 15)

Antoine Neuenschwander

CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth Antoine Neuenschwander (Sep 23)

Apple Product Security

APPLE-SA-2015-09-16-4 OS X Server 5.0.3 Apple Product Security (Sep 16)
APPLE-SA-2015-09-21-1 watchOS 2 Apple Product Security (Sep 23)
APPLE-SA-2015-09-16-3 iTunes 12.3 Apple Product Security (Sep 16)
APPLE-SA-2015-09-16-1 iOS 9 Apple Product Security (Sep 16)
APPLE-SA-2015-09-16-2 Xcode 7.0 Apple Product Security (Sep 16)

Brandon Perry

Raritan PowerIQ default credentials Brandon Perry (Sep 10)

Christian Kujau

Re: Use After Free Vulnerabilities in unserialize() Christian Kujau (Sep 16)

CORE Advisories Team

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities CORE Advisories Team (Sep 01)

Craig Young

Obtaining LAN IP from JavaScript for CSRF Craig Young (Sep 22)

Curesec Research Team (CRT)

ZeusCart 4.0: SQL Injection - not fixed Curesec Research Team (CRT) (Sep 15)
ZeusCart 4.0: CSRF - not fixed Curesec Research Team (CRT) (Sep 15)
ZeusCart 4.0: Code Execution - not fixed Curesec Research Team (CRT) (Sep 15)
NibbleBlog 4.0.3 - CSRF - Not fixed Curesec Research Team (CRT) (Sep 02)
Serendipity 2.0.1 - Blind SQL Injection Curesec Research Team (CRT) (Sep 02)
Serendipity 2.0.1 - Code Execution Curesec Research Team (CRT) (Sep 02)
Anchor CMS 0.9.2 - XSS Curesec Research Team (CRT) (Sep 15)
Zen Cart 1.5.4 - Code Execution and Information Leak Curesec Research Team (CRT) (Sep 15)
ZeusCart 4.0 - XSS - not fixed Curesec Research Team (CRT) (Sep 15)
Serendipity 2.0.1 - Persistent XSS Curesec Research Team (CRT) (Sep 02)
NibbleBlog 4.0.3 - Code Execution - Not fixed Curesec Research Team (CRT) (Sep 02)

Daniel Jensen

Silver Peak VXOA Multiple Vulnerabilities Daniel Jensen (Sep 10)

Dau, Huy-Ngoc (FR - Paris)

Checkmarx CxQL Sandbox bypass (CVE-2014-8778) Dau, Huy-Ngoc (FR - Paris) (Sep 07)

David Coomber

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability David Coomber (Sep 07)
Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability David Coomber (Sep 07)

David Longenecker

An iOS oversight: exploiting device trust and backups David Longenecker (Sep 23)

Dawid Golunski

Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution Dawid Golunski (Sep 15)
Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal Dawid Golunski (Sep 15)

Denis Andzakovic

OpenLDAP ber_get_next Denial of Service Denis Andzakovic (Sep 10)

Dirk

New release of testssl.sh Dirk (Sep 19)

Dragos Ruiu

PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4 Dragos Ruiu (Sep 02)

dxw Security

Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Sep 02)
Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Sep 02)
CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin) dxw Security (Sep 02)

Egidio Romano

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability Egidio Romano (Sep 11)

Elliott Lewis

NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation Elliott Lewis (Sep 07)

ERPScan inc

[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials ERPScan inc (Sep 10)
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials ERPScan inc (Sep 10)
[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository ERPScan inc (Sep 10)

Fernando Camara

CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability Fernando Camara (Sep 10)

halfdog

Apport kernel_crashdump symlink vulnerability exploitation halfdog (Sep 27)

Hector Marco-Gisbert

Glibc Pointer guarding weakness Hector Marco-Gisbert (Sep 07)

Hypsurus

Weeman 1.1 HTTP server for phishing | release announcement Hypsurus (Sep 15)

INURL Brasil

(0day) IBOOKING CMS - SQL INJECTION INURL Brasil (Sep 15)

Jing Wang

VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue Jing Wang (Sep 25)

Julien Ahrens

[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow Julien Ahrens (Sep 07)

KoreLogic Disclosures

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation KoreLogic Disclosures (Sep 01)
KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 01)
KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation KoreLogic Disclosures (Sep 17)

Luis 'Pope' Gómez

Re: An iOS oversight: exploiting device trust and backups Luis 'Pope' Gómez (Sep 25)

Manuel Garcia Cardenas

Stored XSS in 4images <= v1.7.11 Manuel Garcia Cardenas (Sep 25)

Mark Koek

Re: OpenLDAP ber_get_next Denial of Service Mark Koek (Sep 11)

Onapsis Research Team

[Onapsis Security Advisory 2015-023] SAP HANA Drop Credentials SQL injection Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-016] SAP HANA SQL injection in _newUser function Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-019] SAP HANA XSS in role deletion through Web-based development workbench Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-021] SAP HANA XSS in user creation through Web-based development workbench Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-020] SAP HANA Trace configuration SQL injection Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-009] SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-022] SAP HANA SQL injection in getSqlTraceConfiguration function Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption Onapsis Research Team (Sep 22)
[Onapsis Security Advisory 2015-017] SAP HANA XSJS Code Injection in test-net.xsjs Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-018] SAP HANA SQL injection in, setTraceLevelsForXsApps function Onapsis Research Team (Sep 29)
[Onapsis Security Advisory 2015-015] SAP HANA SQL injection in _modifyUser function Onapsis Research Team (Sep 29)

Onur Yilmaz

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 Onur Yilmaz (Sep 10)

Portcullis Advisories

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine Portcullis Advisories (Sep 25)

Praveen D

Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability Praveen D (Sep 07)
Advantech WebAccess 8.0, 3.4.3 multiple Remote Code Execution Vulnerabilities Praveen D (Sep 07)

Profundis Labs

CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization Profundis Labs (Sep 25)
CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization Profundis Labs (Sep 25)

SCADA StrangeLove

Sunny WebBox CVE-2015-3964 Fix SCADA StrangeLove (Sep 14)
On Huawei advisory for MBB (Mobile Broadband) product E3272s. SCADA StrangeLove (Sep 19)

Scott Arciszewski

Just Don't Use or Trust Bullhorn Scott Arciszewski (Sep 07)

Securify B.V.

Synology Video Station command injection and multiple SQL injection vulnerabilities Securify B.V. (Sep 09)
Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 22)
Re: Cisco AnyConnect elevation of privileges via DLL side loading Securify B.V. (Sep 30)
Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Securify B.V. (Sep 09)
Re: Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 30)
Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Sep 08)
Cisco AnyConnect elevation of privileges via DMG install script Securify B.V. (Sep 23)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe Stefan Kanthak (Sep 11)
Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations Stefan Kanthak (Sep 10)
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation Stefan Kanthak (Sep 07)
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... Stefan Kanthak (Sep 21)

Taoguang Chen

Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)
Use After Free Vulnerability in unserialize() with GMP Taoguang Chen (Sep 07)
Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage Taoguang Chen (Sep 07)
Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen (Sep 07)
Use After Free Vulnerabilities in Session Deserializer Taoguang Chen (Sep 07)
Re: Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)

Uğur Cihan KOÇ

Nokia Solutions and Networks @vantage - Multiple Reflected XSS Uğur Cihan KOÇ (Sep 10)

up201407890

s/party/hack like it's 1999 up201407890 (Sep 19)

vishnu raju

Unauthorized Data Manipulation Vulnerability in Orange HRM vishnu raju (Sep 27)

Vulnerability Lab

WinRAR SFX v5.21 - Remote Code Execution Vulnerability Vulnerability Lab (Sep 28)
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability Vulnerability Lab (Sep 28)
Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability Vulnerability Lab (Sep 11)
Magento Bug Bounty #19 - Persistent Filename Vulnerability Vulnerability Lab (Sep 11)
My.WiFi USB Drive v1.0 iOS - File Include Vulnerability Vulnerability Lab (Sep 28)
UDID v1.0 iOS - Persistent Mail Encode Vulnerability Vulnerability Lab (Sep 22)
IconLover v5.4.5 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Sep 28)
Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 22)
UltraEdit v22.20 - Buffer Overflow Vulnerability Vulnerability Lab (Sep 23)
PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability Vulnerability Lab (Sep 02)
Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability Vulnerability Lab (Sep 11)
Paypal Inc - Open Redirect Web Vulnerability Vulnerability Lab (Sep 15)
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability Vulnerability Lab (Sep 23)
Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability Vulnerability Lab (Sep 23)
Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability Vulnerability Lab (Sep 28)
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities Vulnerability Lab (Sep 03)
Flowdock API Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab (Sep 24)
Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability Vulnerability Lab (Sep 28)
PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability Vulnerability Lab (Sep 11)

W Gillespie

Re: Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability W Gillespie (Sep 10)

xistence

ManageEngine OpManager multiple vulnerabilities xistence (Sep 15)
ManageEngine EventLog Analyzer SQL query execution xistence (Sep 15)

Zach C

Broken, Abandoned, and Forgotten Code, Part 12 Zach C (Sep 21)

Previous period

Next period