Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

89 messages starting Jul 12 16 and ending Jul 27 16
Date index | Thread index | Author index

0x3d5157636b525761 iddqd

RootExplorer remote code execution 0x3d5157636b525761 iddqd (Jul 12)

Alexander Korznikov

RCE by abusing NAC to gain Domain Persistence. Alexander Korznikov (Jul 12)

bashis

x-originating-ip: [25.162.68.132] bashis (Jul 15)

Benjamin Gnahm

Re: Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability Benjamin Gnahm (Jul 06)

Brandon Perry

PrinceXML PHP wrapper command injection Brandon Perry (Jul 06)
Re: [oss-security] libical 0.47 SEGV on unknown address Brandon Perry (Jul 06)

CFP

CODEBLUE.JP - Conference in Tokyo Calling for Papers by Aug.10 CFP (Jul 07)

David Coomber

Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber (Jul 07)

Dawid Golunski

GNU Wget < 1.18 Arbitrary File Upload Dawid Golunski (Jul 06)

Dirk-Willem van Gulik

CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 06)

Egidio Romano

[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano (Jul 07)

Elar Lang

Reflected XSS in LinkedIn Elar Lang (Jul 25)

ERPScan inc

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 15)
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 15)
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 15)

Gergely Eberhardt

[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 25)
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 25)
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt (Jul 25)
[SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities Gergely Eberhardt (Jul 25)
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt (Jul 25)
[SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt (Jul 25)

Hans Jerry Illikainen

CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 25)

Harari, Eddie

opensshd - user enumeration Harari, Eddie (Jul 15)

Hypsurus

Hpak - package manager for pentesters. Release announcement Hypsurus (Jul 12)

Imre RAD

missing input validation in pmount: arbitrary mount as non-root Imre RAD (Jul 15)

James McLean

Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities James McLean (Jul 25)

Joey Maresca

Re: RCE by abusing NAC to gain Domain Persistence. Joey Maresca (Jul 15)

Julien Ahrens

[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens (Jul 12)
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens (Jul 12)

Karn Ganeshen

CIMA DocuClass ECM - Multiple Vulnerabilities Karn Ganeshen (Jul 06)
RS232-NET Converter (JTC-200) - Multiple vulnerabilities Karn Ganeshen (Jul 06)

KoreLogic Disclosures

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures (Jul 01)

Kurt Buff

Re: RCE by abusing NAC to gain Domain Persistence. Kurt Buff (Jul 15)

Larry W. Cashdollar

XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 25)

Manuel Garcia Cardenas

Blind SQL Injection PivotX <= v2.3.11 Manuel Garcia Cardenas (Jul 15)

Nightwatch Cybersecurity

Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search Nightwatch Cybersecurity (Jul 25)

Paweł Gocyla

WSO2 SOA Enablement Server - Server Side Request Forgery Paweł Gocyla (Jul 12)
WSO2 SOA Enablement Server - Reflected Cross Site Scripting vulnerability Paweł Gocyla (Jul 12)
WSO2 SOA Enablement Server - XML External Entity Injection Paweł Gocyla (Jul 12)

Programa STIC

CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC (Jul 25)

Sachin Wagh

Putty (beta 0.67) DLL Hijacking Vulnerability Sachin Wagh (Jul 06)

SEC Consult Vulnerability Lab

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab (Jul 25)

Securify B.V.

Persistent Cross-Site Scripting in WP Live Chat Support plugin Securify B.V. (Jul 11)

Stefan Kanthak

[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak (Jul 12)
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak (Jul 25)
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak (Jul 25)
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak (Jul 06)

Summer of Pwnage

Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA Summer of Pwnage (Jul 31)
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP Summer of Pwnage (Jul 31)
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage (Jul 19)
Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage (Jul 26)
Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage (Jul 24)
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage (Jul 13)
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage (Jul 12)
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage (Jul 13)
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin Summer of Pwnage (Jul 31)
WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage (Jul 12)
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage (Jul 13)
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage (Jul 12)
Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage (Jul 11)
Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage (Jul 12)
Ultimate Member Local File Inclusion vulnerability Summer of Pwnage (Jul 09)
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage (Jul 20)
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage (Jul 09)
Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage (Jul 19)
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage (Jul 13)
Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage (Jul 19)
Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage (Jul 24)
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage (Jul 20)

Sysdream Labs

CVE ID Request : OpenFire multiple vulnerabilities Sysdream Labs (Jul 06)

Vulnerability Lab

ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jul 29)
Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab (Jul 06)
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab (Jul 27)
Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab (Jul 28)
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab (Jul 04)
BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab (Jul 08)
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
Zero-day flaw lets hackers tamper with your car through BMW portal Vulnerability Lab (Jul 07)
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab (Jul 06)
BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Jul 08)
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Jul 28)
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab (Jul 27)
IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab (Jul 06)
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab (Jul 28)
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab (Jul 28)
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab (Jul 19)
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jul 27)

Previous period

Next period