Full Disclosure: by thread
139 messages
starting Aug 01 16 and
ending Aug 31 16
Date index |
Thread index |
Author index
- Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
- SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
- Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage (Aug 01)
- Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Summer of Pwnage (Aug 01)
- Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Aug 01)
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 01)
- <Possible follow-ups>
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 02)
- Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage (Aug 01)
- FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab (Aug 02)
- Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 02)
- Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab (Aug 02)
- Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 02)
- WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab (Aug 02)
- Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage (Aug 02)
- Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage (Aug 02)
- Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage (Aug 03)
- Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage (Aug 03)
- Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage (Aug 03)
- FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 04)
- FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab (Aug 04)
- Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage (Aug 04)
- Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
- Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage (Aug 04)
- Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab (Aug 05)
- Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 05)
- FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 05)
- DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V. (Aug 05)
- Cross-Site Scripting in Store Locator Plus for WordPress Summer of Pwnage (Aug 05)
- Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Aug 05)
- Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber (Aug 05)
- D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB Benjamin Daniel Mussler (Aug 05)
- [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection Klaus Eisentraut (SySS GmbH) (Aug 05)
- CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot (Aug 05)
- CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot (Aug 05)
- K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting Manuel Mancera (Aug 05)
- Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 05)
- Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro (Aug 05)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) Matthias Deeg (Aug 05)
- phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 08)
- Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage (Aug 08)
- Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab (Aug 09)
- FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab (Aug 09)
- Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab (Aug 09)
- Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V. (Aug 09)
- SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform SEC Consult Vulnerability Lab (Aug 10)
- [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team (Aug 10)
- Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab (Aug 11)
- QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab (Aug 11)
- NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability. VMware Security Response Center (Aug 12)
- Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege Stefan Kanthak (Aug 12)
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak (Aug 12)
- DDanchev's Blog Going Private - Request Access Ddanchev (Aug 12)
- Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin) dxw Security (Aug 12)
- [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro (Aug 12)
- CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski (Aug 12)
- Nagios Log Server Multiple Vulnerabilities Francesco Oddo (Aug 12)
- Nagios Network Analyzer Multiple Vulnerabilities Francesco Oddo (Aug 12)
- Nagios Incident Manager Multiple Vulnerabilities Francesco Oddo (Aug 12)
- Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org (Aug 12)
- Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3 (Aug 12)
- Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry (Aug 16)
- Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3 (Aug 16)
- Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry (Aug 16)
- Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3 (Aug 16)
- Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry (Aug 16)
- RCE in Teamspeak 3 server Hanz Jenson (Aug 12)
- Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab (Aug 15)
- PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab (Aug 15)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage (Aug 15)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage (Aug 15)
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage (Aug 15)
- Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage (Aug 15)
- Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage (Aug 15)
- Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage (Aug 15)
- Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage (Aug 15)
- Ajax Load More Local File Inclusion vulnerability Summer of Pwnage (Aug 15)
- Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage (Aug 15)
- Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage (Aug 15)
- Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage (Aug 15)
- Actiontec T2200H (Telus Modem) Root Reverse Shell Andrew Klaus (Aug 16)
- php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12 crashenator (Aug 16)
- Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege Stefan Kanthak (Aug 16)
- German Cable Provider Router (In)Security Sebastian Michel (Aug 16)
- Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass Reggie Dodd (Aug 16)
- Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information Onapsis Research (Aug 18)
- Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research (Aug 19)
- Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research (Aug 23)
- Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research (Aug 19)
- Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research (Aug 23)
- Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research (Aug 19)
- Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research (Aug 23)
- Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research (Aug 19)
- Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Gary Baribault (Aug 22)
- Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research (Aug 22)
- Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption Onapsis Research (Aug 19)
- Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Onapsis Research (Aug 19)
- <Possible follow-ups>
- Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Mevied, Matias (Aug 22)
- Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
- ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability Vulnerability Lab (Aug 22)
- AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Aug 22)
- phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability Vulnerability Lab (Aug 22)
- Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability Vulnerability Lab (Aug 22)
- New BlackArch Linux ISOs (2016.08.19) released Black Arch (Aug 22)
- Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 22)
- [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 22)
- The continuing problem of a third party resources in web applications. x ksi (Aug 22)
- New release: UFONet v0.7 - "Big Crunch!" psy (Aug 22)
- ObiHai ObiPhone - Multiple Vulnerabilities David Tomaschik (Aug 22)
- Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner (Aug 22)
- NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues VMware Security Response Center (Aug 23)
- Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193 Vulnerability Lab (Aug 24)
- Dotclear 2.9.1 Directory Download Vulnerability gen type (Aug 24)
- Dotclear 2.9.1 Malicious File Upload Restriction Bypass gen type (Aug 24)
- Dotclear 2.9.1 SSRF/XSPA Vulnerability gen type (Aug 24)
- [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting Julien Ahrens (Aug 24)
- nullcon 8-bit Call for Papers is open nullcon (Aug 24)
- SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure Onapsis Research (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown Onapsis Research (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users Onapsis Research (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS Onapsis Research (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS Onapsis Research (Aug 25)
- Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Onapsis Research (Aug 25)
- <Possible follow-ups>
- Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Matías Mevied (Aug 25)
- APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security (Aug 25)
- Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 [CXSEC] (Aug 26)
- Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439 Onapsis Research (Aug 30)
- Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436 Onapsis Research (Aug 30)
- Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437 Onapsis Research (Aug 30)
- Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438 Onapsis Research (Aug 30)
- SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker SEC Consult Vulnerability Lab (Aug 31)
- Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege Stefan Kanthak (Aug 31)