Full Disclosure: by date
88 messages
starting Dec 01 16 and
ending Dec 30 16
Date index |
Thread index |
Author index
Thursday, 01 December
Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network) Vulnerability Lab
Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever
Opera foreignObject textNode::removeChild use-after-free details Berend-Jan Wever
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories
CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details Berend-Jan Wever
Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Pierre-David Oriol - Northsec Conference
Eagle Speed USB MODEM SOFTWARE Privilege Escalation Rio Sherri
XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen
WinPower V4.9.0.4 Privilege Escalation Kacper Szurek
New CSRF vulnerabilities in D-Link DAP-1360 MustLive
Saturday, 03 December
CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free Berend-Jan Wever
Monday, 05 December
Microsoft Windows Media Center "ehshell.exe" XML External Entity hyp3rlinx
Microsoft Excel Starter 2010 XML External Entity hyp3rlinx
Microsoft Authorization Manager "azman" XML External Entity hyp3rlinx
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity hyp3rlinx
Microsoft Event Viewer v1.0 XML External Entity hyp3rlinx
CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used Eissing Stefan
CFP - 31c0n - Feb 2017, New Zealand 31c0n
Insecure Transmission of Qualcomm Assisted-GPS Data [CVE-2016-5341] Nightwatch Cybersecurity Research
Tuesday, 06 December
Microsoft PowerShell XML External Entity hyp3rlinx
DAVOSET v.1.2.9 MustLive
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever
SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras SEC Consult Vulnerability Lab
Thursday, 08 December
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus Asterisk Security Team
AST-2016-009: <br> Asterisk Security Team
Friday, 09 December
CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC Berend-Jan Wever
CVE-2013-1309: Berend-Jan Wever
CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details Berend-Jan Wever
Splunk Enterprise Server-Side Request Forgery Francesco Oddo
Gstreamer ID3v2 v1.0 - Out of Bounds Read Joshua
Roundcube 1.2.2: Command Execution via Email Martin Bednorz
Dual DHCP DNS Server 7.29 Buffer Overflow (Dos) Rio Sherri
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security ESNC Security
MSIE 9 MSHTML CElement::HasFlag memory corruption Berend-Jan Wever
Broken access control on bluemix containers Oscar Martinez
Saturday, 10 December
CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin) dxw Security
Reflected XSS in Social Pug – Easy Social Share Buttons could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security
Sunday, 11 December
Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability Summer of Pwnage
Monday, 12 December
Apple iOS/tvOS/watchOS Remote memory corruption through certificate file [CXSEC]
CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free Berend-Jan Wever
APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security
APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security
APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security
Tuesday, 13 December
SQL injection in Joomla extension DT Register Elar Lang
Wednesday, 14 December
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability hyp3rlinx
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free Berend-Jan Wever
APPLE-SA-2016-12-13-1 macOS 10.12.2 Apple Product Security
APPLE-SA-2016-12-13-2 Safari 10.0.2 Apple Product Security
APPLE-SA-2016-12-13-3 iTunes 12.5.4 Apple Product Security
APPLE-SA-2016-12-13-4 iCloud for Windows v6.1 Apple Product Security
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security
APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security
APPLE-SA-2016-12-13-8 Transporter 1.9.2 Apple Product Security
Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security
Thursday, 15 December
CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free Berend-Jan Wever
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski
Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Dawid Golunski
XenForo 1.5.x Unauthenticated Remote Code Injection Vishal Mishra
Friday, 16 December
MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free Berend-Jan Wever
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free Berend-Jan Wever
Re: XenForo 1.5.x Unauthenticated Remote Code Injection Julien Ahrens
CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security
Sunday, 18 December
Re: SQL injection in Joomla extension DT Register Elar Lang
Monday, 19 December
CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR Berend-Jan Wever
Hotlinking Vulnerability in Glype (All Versions) Celso Bento
Tuesday, 20 December
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free Berend-Jan Wever
New BlackArch Linux ISOs (2016.12.20) released! Black Arch
[ERPSCAN-16-035] SAP Solman - user accounts disclosure ERPScan inc
NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Response Center
Wednesday, 21 December
CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow Berend-Jan Wever
[0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro
copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin) dxw Security
Friday, 23 December
[RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto RedTeam Pentesting GmbH
Tuesday, 27 December
BlackArch Linux OVA Image released! Black Arch
Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin) dxw Security
kernel vuln status question - how can I be protected BENCSATH Boldizsar
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto gremlin
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Luigi Rosa
Thursday, 29 December
Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege Stefan Kanthak
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Erik Auerswald
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Dawid Golunski
Friday, 30 December
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim