Full Disclosure: by thread
88 messages
starting Dec 01 16 and
ending Dec 30 16
Date index |
Thread index |
Author index
- Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network) Vulnerability Lab (Dec 01)
- Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever (Dec 01)
- Opera foreignObject textNode::removeChild use-after-free details Berend-Jan Wever (Dec 01)
- [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories (Dec 01)
- CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details Berend-Jan Wever (Dec 01)
- Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Pierre-David Oriol - Northsec Conference (Dec 01)
- Eagle Speed USB MODEM SOFTWARE Privilege Escalation Rio Sherri (Dec 01)
- XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen (Dec 01)
- WinPower V4.9.0.4 Privilege Escalation Kacper Szurek (Dec 01)
- New CSRF vulnerabilities in D-Link DAP-1360 MustLive (Dec 01)
- CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free Berend-Jan Wever (Dec 03)
- Microsoft Windows Media Center "ehshell.exe" XML External Entity hyp3rlinx (Dec 05)
- Microsoft Excel Starter 2010 XML External Entity hyp3rlinx (Dec 05)
- Microsoft Authorization Manager "azman" XML External Entity hyp3rlinx (Dec 05)
- Microsoft MSINFO32.EXE ".NFO" Files XML External Entity hyp3rlinx (Dec 05)
- Microsoft Event Viewer v1.0 XML External Entity hyp3rlinx (Dec 05)
- CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever (Dec 05)
- Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever (Dec 06)
- CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used Eissing Stefan (Dec 05)
- CFP - 31c0n - Feb 2017, New Zealand 31c0n (Dec 05)
- Insecure Transmission of Qualcomm Assisted-GPS Data [CVE-2016-5341] Nightwatch Cybersecurity Research (Dec 05)
- Microsoft PowerShell XML External Entity hyp3rlinx (Dec 06)
- DAVOSET v.1.2.9 MustLive (Dec 06)
- SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras SEC Consult Vulnerability Lab (Dec 06)
- AST-2016-008: Crash on SDP offer or answer from endpoint using Opus Asterisk Security Team (Dec 08)
- AST-2016-009: <br> Asterisk Security Team (Dec 08)
- CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC Berend-Jan Wever (Dec 09)
- CVE-2013-1309: Berend-Jan Wever (Dec 09)
- CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details Berend-Jan Wever (Dec 09)
- Splunk Enterprise Server-Side Request Forgery Francesco Oddo (Dec 09)
- Gstreamer ID3v2 v1.0 - Out of Bounds Read Joshua (Dec 09)
- Roundcube 1.2.2: Command Execution via Email Martin Bednorz (Dec 09)
- Dual DHCP DNS Server 7.29 Buffer Overflow (Dos) Rio Sherri (Dec 09)
- [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security ESNC Security (Dec 09)
- MSIE 9 MSHTML CElement::HasFlag memory corruption Berend-Jan Wever (Dec 09)
- Broken access control on bluemix containers Oscar Martinez (Dec 09)
- CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin) dxw Security (Dec 10)
- Reflected XSS in Social Pug – Easy Social Share Buttons could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Dec 10)
- Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability Summer of Pwnage (Dec 11)
- Apple iOS/tvOS/watchOS Remote memory corruption through certificate file [CXSEC] (Dec 12)
- CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free Berend-Jan Wever (Dec 12)
- APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 12)
- APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 12)
- APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security (Dec 12)
- SQL injection in Joomla extension DT Register Elar Lang (Dec 13)
- <Possible follow-ups>
- Re: SQL injection in Joomla extension DT Register Elar Lang (Dec 18)
- Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability hyp3rlinx (Dec 14)
- MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free Berend-Jan Wever (Dec 14)
- APPLE-SA-2016-12-13-1 macOS 10.12.2 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-2 Safari 10.0.2 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-3 iTunes 12.5.4 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-4 iCloud for Windows v6.1 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 14)
- APPLE-SA-2016-12-13-8 Transporter 1.9.2 Apple Product Security (Dec 14)
- Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Dec 14)
- CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free Berend-Jan Wever (Dec 15)
- Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski (Dec 15)
- Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Dawid Golunski (Dec 15)
- XenForo 1.5.x Unauthenticated Remote Code Injection Vishal Mishra (Dec 15)
- Re: XenForo 1.5.x Unauthenticated Remote Code Injection Julien Ahrens (Dec 16)
- MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free Berend-Jan Wever (Dec 16)
- CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free Berend-Jan Wever (Dec 16)
- CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Dec 16)
- CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR Berend-Jan Wever (Dec 19)
- Hotlinking Vulnerability in Glype (All Versions) Celso Bento (Dec 19)
- CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free Berend-Jan Wever (Dec 20)
- New BlackArch Linux ISOs (2016.12.20) released! Black Arch (Dec 20)
- [ERPSCAN-16-035] SAP Solman - user accounts disclosure ERPScan inc (Dec 20)
- NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Response Center (Dec 20)
- CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow Berend-Jan Wever (Dec 21)
- [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro (Dec 21)
- copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin) dxw Security (Dec 21)
- [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto RedTeam Pentesting GmbH (Dec 23)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto gremlin (Dec 27)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim (Dec 27)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Erik Auerswald (Dec 29)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim (Dec 30)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim (Dec 27)
- Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto gremlin (Dec 27)
- BlackArch Linux OVA Image released! Black Arch (Dec 27)
- Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin) dxw Security (Dec 27)
- kernel vuln status question - how can I be protected BENCSATH Boldizsar (Dec 27)
- PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Luigi Rosa (Dec 27)
- PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
- PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 27)
- Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege Stefan Kanthak (Dec 29)
- SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Dawid Golunski (Dec 29)