Full Disclosure: by date
89 messages
starting Jul 01 16 and
ending Jul 31 16
Date index |
Thread index |
Author index
Friday, 01 July
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability KoreLogic Disclosures
Monday, 04 July
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability Vulnerability Lab
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability Vulnerability Lab
Wednesday, 06 July
IBM BlueMix Cloud - (API) Persistent Web Vulnerability Vulnerability Lab
Teampass 2.1.26 - Authenticated File Upload Vulnerability Vulnerability Lab
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Stefan Kanthak
Re: Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability Benjamin Gnahm
Re: [oss-security] libical 0.47 SEGV on unknown address Brandon Perry
Putty (beta 0.67) DLL Hijacking Vulnerability Sachin Wagh
PrinceXML PHP wrapper command injection Brandon Perry
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik
CVE ID Request : OpenFire multiple vulnerabilities Sysdream Labs
CIMA DocuClass ECM - Multiple Vulnerabilities Karn Ganeshen
RS232-NET Converter (JTC-200) - Multiple vulnerabilities Karn Ganeshen
GNU Wget < 1.18 Arbitrary File Upload Dawid Golunski
Thursday, 07 July
Zero-day flaw lets hackers tamper with your car through BMW portal Vulnerability Lab
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) David Coomber
CODEBLUE.JP - Conference in Tokyo Calling for Papers by Aug.10 CFP
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability Egidio Romano
Friday, 08 July
BMW - (Token) Client Side Cross Site Scripting Vulnerability Vulnerability Lab
BMW ConnectedDrive - (Update) VIN Session Vulnerability Vulnerability Lab
Saturday, 09 July
Ultimate Member Local File Inclusion vulnerability Summer of Pwnage
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin Summer of Pwnage
Monday, 11 July
Persistent Cross-Site Scripting in WP Live Chat Support plugin Securify B.V.
Persistent Cross-Site Scripting in WordPress Activity Log plugin Summer of Pwnage
Tuesday, 12 July
Cross-Site Scripting vulnerability in Email Users WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin Summer of Pwnage
WP Fastest Cache Member Local File Inclusion vulnerability Summer of Pwnage
Easy Forms for MailChimp Local File Inclusion vulnerability Summer of Pwnage
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Stefan Kanthak
RootExplorer remote code execution 0x3d5157636b525761 iddqd
RCE by abusing NAC to gain Domain Persistence. Alexander Korznikov
WSO2 SOA Enablement Server - Server Side Request Forgery Paweł Gocyla
WSO2 SOA Enablement Server - XML External Entity Injection Paweł Gocyla
WSO2 SOA Enablement Server - Reflected Cross Site Scripting vulnerability Paweł Gocyla
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries Julien Ahrens
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting Julien Ahrens
Hpak - package manager for pentesters. Release announcement Hypsurus
Wednesday, 13 July
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress Summer of Pwnage
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin Summer of Pwnage
Friday, 15 July
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc
Re: RCE by abusing NAC to gain Domain Persistence. Kurt Buff
missing input validation in pmount: arbitrary mount as non-root Imre RAD
Re: RCE by abusing NAC to gain Domain Persistence. Joey Maresca
Blind SQL Injection PivotX <= v2.3.11 Manuel Garcia Cardenas
opensshd - user enumeration Harari, Eddie
x-originating-ip: [25.162.68.132] bashis
Tuesday, 19 July
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) Vulnerability Lab
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery in Icegram WordPress Plugin Summer of Pwnage
Multiple SQL injection vulnerabilities in WordPress Video Player Summer of Pwnage
Wednesday, 20 July
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) Summer of Pwnage
Sunday, 24 July
Cross-Site Scripting in Contact Form to Email WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Code Snippets WordPress Plugin Summer of Pwnage
Monday, 25 July
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr SEC Consult Vulnerability Lab
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking Stefan Kanthak
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design Stefan Kanthak
[SEARCH-LAB advisory] UPC Hungary network problems Gergely Eberhardt
[SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities Gergely Eberhardt
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities Gergely Eberhardt
CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] Programa STIC
Reflected XSS in LinkedIn Elar Lang
CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen
Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search Nightwatch Cybersecurity
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities James McLean
Tuesday, 26 July
Cross-Site Scripting vulnerability in ColorWay WordPress Theme Summer of Pwnage
Wednesday, 27 July
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability Vulnerability Lab
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability Vulnerability Lab
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability Vulnerability Lab
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability Vulnerability Lab
Thursday, 28 July
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability Vulnerability Lab
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability Vulnerability Lab
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab
Saveya Bounty #1 - Bypass & Persistent Vulnerability Vulnerability Lab
Friday, 29 July
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities Vulnerability Lab
Sunday, 31 July
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin Summer of Pwnage
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA Summer of Pwnage