Full Disclosure: by date
139 messages
starting Aug 01 16 and
ending Aug 31 16
Date index |
Thread index |
Author index
Monday, 01 August
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Summer of Pwnage
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage
Tuesday, 02 August
FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab
WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab
Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage
Wednesday, 03 August
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Activity Log WordPress Plugin Summer of Pwnage
Cross-Site Scripting in WordPress Landing Pages Plugin Summer of Pwnage
Thursday, 04 August
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab
FortiManager (Series) - (Bookmark) Persistent Vulnerability Vulnerability Lab
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin Summer of Pwnage
Cross-Site Scripting in FormBuilder WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Count per Day WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Summer of Pwnage
Friday, 05 August
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability Vulnerability Lab
Subrion v4.0.5 CMS - SQL Injection Vulnerability Vulnerability Lab
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities Vulnerability Lab
DLL side loading vulnerability in VMware Host Guest Client Redirector Securify B.V.
Cross-Site Scripting in Store Locator Plus for WordPress Summer of Pwnage
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) David Coomber
D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB Benjamin Daniel Mussler
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection Klaus Eisentraut (SySS GmbH)
CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot
CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone 0xr0ot
K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting Manuel Mancera
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance Pedro Ribeiro
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) Matthias Deeg
Monday, 08 August
phpCollab v2.5 CMS - SQL Injection Vulnerability Vulnerability Lab
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Summer of Pwnage
Tuesday, 09 August
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability Vulnerability Lab
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability Vulnerability Lab
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities Vulnerability Lab
Internet Explorer iframe sandbox local file name disclosure vulnerability Securify B.V.
Wednesday, 10 August
SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform SEC Consult Vulnerability Lab
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities CORE Advisories Team
Thursday, 11 August
Microsoft Education - Stored Cross Site Web Vulnerability Vulnerability Lab
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability Vulnerability Lab
Friday, 12 August
NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability. VMware Security Response Center
Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege Stefan Kanthak
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Stefan Kanthak
DDanchev's Blog Going Private - Request Access Ddanchev
Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin) dxw Security
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 Pedro Ribeiro
CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski
Nagios Log Server Multiple Vulnerabilities Francesco Oddo
Nagios Network Analyzer Multiple Vulnerabilities Francesco Oddo
Nagios Incident Manager Multiple Vulnerabilities Francesco Oddo
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org
Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3
RCE in Teamspeak 3 server Hanz Jenson
Monday, 15 August
Stash v1.0.3 CMS - SQL Injection Vulnerability Vulnerability Lab
PayPal Inc BB #127 - 2FA Bypass Vulnerability Vulnerability Lab
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin Summer of Pwnage
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin Summer of Pwnage
Ajax Load More Local File Inclusion vulnerability Summer of Pwnage
Cross-Site Scripting in Link Library WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage
Tuesday, 16 August
Actiontec T2200H (Telus Modem) Root Reverse Shell Andrew Klaus
php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12 crashenator
Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege Stefan Kanthak
German Cable Provider Router (In)Security Sebastian Michel
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass Reggie Dodd
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability 1n3
Re: Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability Brandon Perry
Thursday, 18 August
Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information Onapsis Research
Friday, 19 August
Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Onapsis Research
Saturday, 20 August
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage
Monday, 22 August
ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability Vulnerability Lab
AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability Vulnerability Lab
phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability Vulnerability Lab
Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability Vulnerability Lab
New BlackArch Linux ISOs (2016.08.19) released Black Arch
Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Gary Baribault
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Mevied, Matias
The continuing problem of a third party resources in web applications. x ksi
New release: UFONet v0.7 - "Big Crunch!" psy
ObiHai ObiPhone - Multiple Vulnerabilities David Tomaschik
Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner
Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research
Tuesday, 23 August
Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research
Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research
Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research
NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues VMware Security Response Center
Wednesday, 24 August
Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193 Vulnerability Lab
Dotclear 2.9.1 Directory Download Vulnerability gen type
Dotclear 2.9.1 Malicious File Upload Restriction Bypass gen type
Dotclear 2.9.1 SSRF/XSPA Vulnerability gen type
[RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting Julien Ahrens
nullcon 8-bit Call for Papers is open nullcon
Thursday, 25 August
SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise SEC Consult Vulnerability Lab
Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Onapsis Research
APPLE-SA-2016-08-25-1 iOS 9.3.5 Apple Product Security
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure Matías Mevied
Friday, 26 August
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 [CXSEC]
Tuesday, 30 August
Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437 Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438 Onapsis Research
Wednesday, 31 August
SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker SEC Consult Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege Stefan Kanthak