Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
100 messages
starting Jan 05 16 and
ending Jan 29 16
Date index |
Thread index |
Author index
Tuesday, 05 January
Alcatel Lucent Home Device Manager - Management Console Multiple XSS Uğur Cihan KOÇ
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through Eitan Caspi
Vulnerabilities in Office Document Reader for iOS MustLive
Confluence Vulnerabilities Sebastian Perez
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim
CALL FOR PAPERS - NUIT DU HACK - 02/03 july 2016 freeman
Buffer Overflow in Advanced Encryption Package Software vishnu raju
Buffer Overflow at password field in Advanced Encryption Package Software vishnu raju
Wednesday, 06 January
MediaAccess , unauthenticated file disclosure Ahmed Sultan
Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 CSW Research Lab
Unauthenticated remote code execution in OpenMRS Brian Hysell
Thursday, 07 January
[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images RedTeam Pentesting GmbH
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting GmbH
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials RedTeam Pentesting GmbH
Friday, 08 January
Security BSides Ljubljana 0x7E0 CFP - March 9, 2016 Andraz Sraka
[CVE-2015-8604] Cacti SQL injection in graphs_new.php changzhao.mao () dbappsecurity com cn
OpenCart Security Advisory - XSS Vulnerabiltiy - CVE-2015-4671 Onur Yilmaz
Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 Onur Yilmaz
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 Apple Product Security
Combining DLL hijacking with USB keyboard emulation based attacks Rodrigo Menezes
MobaXTerm before version 8.5 vulnerability in "jump host" functionality Thomas Bleier
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
Monday, 11 January
Multiple Cross Site Scripting in Netgear Router Version 1.0.0.24 CSW Research Lab
SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 operator8203
Google Chrome - Javascript Execution Via Default Search Engines metalkey net
Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24 CSW Research Lab
Broken Authentication & Improper Session Management in Netgear Router JNR1010 Version 1.0.0.24 CSW Research Lab
Exploiting XXE vulnerabilities in AMF libraries Nicolas Grégoire
Linux user namespaces overlayfs local root halfdog
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas
New BlackArch Linux ISOs (2016.01.10) released Black Arch
Re: Combining DLL hijacking with USB keyboard emulation gremlin
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Douglas Held
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Sarah Allen
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
Tuesday, 12 January
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems SEC Consult Vulnerability Lab
Wednesday, 13 January
Html injection Dolibarr 3.8.3 NaxoneZ .
EasyDNNnews Reflected XSS Peter Lapp
Friday, 15 January
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability Egidio Romano
[TOOL] The Metabrik Platform GomoR
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory
FreeBSD bsnmpd information disclosure Pierre Kim
Whatever happened with CVE-2015-0072? Patrick Toomey
CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers Scott Arciszewski
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Stefan Kanthak
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution Stefan Kanthak
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? Stefan Kanthak
Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege Michel Arboi
Re: Combining DLL hijacking with USB keyboard emulation Rodrigo Menezes
Saturday, 16 January
Correct answer Information Disclosure in TCExam <= 12.2.5 lists () antonioherraizs com lists () antonioherraizs com
It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski
Tuesday, 19 January
[CORE-2016-0001] - Intel Driver Update Utility MiTM CORE Advisories Team
Wednesday, 20 January
Administrator auto-logout design flaw in ASUS wireless routers David Longenecker
SeaWell Networks Spectrum - Multiple Vulnerabilities Karn Ganeshen
GRR <= 3.0.0-RC1 (all versions) file upload filter bypass (authenficated) Jean-Marie Bourbon
mobile.facebook.com is not on HSTS preload list or sending the Strict-Transport-Security header Ricardo Iramar dos Santos
LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability Onur Yilmaz
OpenCart users, switch to OpenCart-CE immediately Scott Arciszewski
Thursday, 21 January
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices SEC Consult Vulnerability Lab
Saturday, 23 January
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Securify B.V.
HP ToComMsg DLL side loading vulnerability Securify B.V.
HP LaserJet Fax Preview DLL side loading vulnerability Securify B.V.
Monday, 25 January
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities CORE Advisories Team
Wednesday, 27 January
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities Vulnerability Lab
Apple WatchOS v2.1 - Denial of Service Vulnerability Vulnerability Lab
Telegram (API) - Cross Site Request Forgery Vulnerabilities Vulnerability Lab
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability Vulnerability Lab
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities Vulnerability Lab
Classic Infomedia (Login) - Auth Bypass Web Vulnerability Vulnerability Lab
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability Vulnerability Lab
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability Vulnerability Lab
Netgear GS105Ev2 - Multiple Vulnerabilities Benedikt Westermann
Eclipse BIRT report viewer <= 4.5.0 Persistent XSS graphx
ZyXel WAP3205 V1 Multiple Persistent and Reflected XSS graphx
Eclipse BIRT Report Viewer <= 4.5.0 XSS graphx
Eclipse BIRT Viewer <= v4.5.0 Persistent XSS graphx
PHP-FPM fpm_log.c memory leak and buffer overflow Imre RAD
PHP LiteSpeed SAPI secret key improper disposal Imre RAD
PHP LiteSpeed SAPI out of boundaries read due to missing input validation Imre RAD
Authentication bypass in PHP File Manager 0.9.8 Imre Rad
SAP Hana Cloud 4 XSS Shahmeer Baloch
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi Hacking Corporation Sàrl
McAfee File Lock Driver - Kernel Memory Leak Kyriakos Economou
McAfee File Lock Driver - Kernel Memory Leak Kyriakos Economou
McAfee File Lock Driver - Kernel Stack Based BOF Kyriakos Economou
Recon 2016 Call For Papers - June 17 - 19, 2016 - Montreal, Canada cfp2016
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption ERPScan inc
Multiple security issues in MOVEit Managed File Transfer application Profundis Labs
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase Hacking Corporation Sàrl
Announcing nullcon HackIM 2016 Powered by EMC2 murtuja bharmal
CarolinaCon-12 - March 2016 - FINAL ANNOUNCEMENT Vic Vandal
Thursday, 28 January
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
New Era Company CMS - (id) SQL Injection Vulnerability Vulnerability Lab
Friday, 29 January
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability Vulnerability Lab