Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

139 messages starting Aug 01 16 and ending Aug 31 16
Date index | Thread index | Author index

Monday, 01 August

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Summer of Pwnage
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage

Tuesday, 02 August

FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab
WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab
Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage

Wednesday, 03 August

Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage

Thursday, 04 August

FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage
Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage

Friday, 05 August

Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab
Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab
DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V.
Cross-Site Scripting in Store Locator Plus for WordPress Summer of Pwnage
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber
D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB Benjamin Daniel Mussler
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection Klaus Eisentraut (SySS GmbH)
CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot
CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot
K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting Manuel Mancera
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) Matthias Deeg

Monday, 08 August

phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage

Tuesday, 09 August

Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab
Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V.

Wednesday, 10 August

SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform SEC Consult Vulnerability Lab
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team

Thursday, 11 August

Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab

Friday, 12 August

NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability. VMware Security Response Center
Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege Stefan Kanthak
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak
DDanchev's Blog Going Private - Request Access Ddanchev
Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin) dxw Security
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro
CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski
Nagios Log Server Multiple Vulnerabilities Francesco Oddo
Nagios Network Analyzer Multiple Vulnerabilities Francesco Oddo
Nagios Incident Manager Multiple Vulnerabilities Francesco Oddo
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org
Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3
RCE in Teamspeak 3 server Hanz Jenson

Monday, 15 August

Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab
PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage
Ajax Load More Local File Inclusion vulnerability Summer of Pwnage
Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage

Tuesday, 16 August

Actiontec T2200H (Telus Modem) Root Reverse Shell Andrew Klaus
php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12 crashenator
Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege Stefan Kanthak
German Cable Provider Router (In)Security Sebastian Michel
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass Reggie Dodd
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry

Thursday, 18 August

Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information Onapsis Research

Friday, 19 August

Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Onapsis Research

Saturday, 20 August

Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage

Monday, 22 August

ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability Vulnerability Lab
AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability Vulnerability Lab
phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability Vulnerability Lab
Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability Vulnerability Lab
New BlackArch Linux ISOs (2016.08.19) released Black Arch
Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Gary Baribault
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Mevied, Matias
The continuing problem of a third party resources in web applications. x ksi
New release: UFONet v0.7 - "Big Crunch!" psy
ObiHai ObiPhone - Multiple Vulnerabilities David Tomaschik
Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research

Tuesday, 23 August

Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research
Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research
Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research
NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues VMware Security Response Center

Wednesday, 24 August

Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193 Vulnerability Lab
Dotclear 2.9.1 Directory Download Vulnerability gen type
Dotclear 2.9.1 Malicious File Upload Restriction Bypass gen type
Dotclear 2.9.1 SSRF/XSPA Vulnerability gen type
[RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting Julien Ahrens
nullcon 8-bit Call for Papers is open nullcon

Thursday, 25 August

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab
Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Onapsis Research
APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Matías Mevied

Friday, 26 August

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 [CXSEC]

Tuesday, 30 August

Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438 Onapsis Research

Wednesday, 31 August

SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker SEC Consult Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege Stefan Kanthak

Previous period

Next period