Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

79 messages starting Jun 27 16 and ending Jun 13 16
Date index | Thread index | Author index

Alan Coopersmith

Re: [oss-security] libical 0.47 SEGV on unknown address Alan Coopersmith (Jun 27)

Apple Product Security

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 Apple Product Security (Jun 21)

Ash

Panda Security Privilege Escalation Ash (Jun 27)

Benjamin Gnahm

Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability Benjamin Gnahm (Jun 13)

Berend-Jan Wever

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion Berend-Jan Wever (Jun 18)
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever (Jun 24)
Re: Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever (Jun 24)
Re: Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever (Jun 24)

Bogner Florian

MitM Attack against KeePass 2's Update Check Bogner Florian (Jun 01)

Brandon Perry

Re: [oss-security] libical 0.47 SEGV on unknown address Brandon Perry (Jun 27)
libical 0.47 SEGV on unknown address Brandon Perry (Jun 24)

Egidio Romano

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability Egidio Romano (Jun 23)
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities Egidio Romano (Jun 23)
[KIS-2016-03] SugarCRM <= 6.5.18 (SAML Authentication) XML External Entity Vulnerability Egidio Romano (Jun 23)
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability Egidio Romano (Jun 28)
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities Egidio Romano (Jun 28)
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities Egidio Romano (Jun 23)
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability Egidio Romano (Jun 23)
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities Egidio Romano (Jun 28)

ERPScan inc

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability ERPScan inc (Jun 18)
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability ERPScan inc (Jun 24)
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability ERPScan inc (Jun 18)
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability ERPScan inc (Jun 24)
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities ERPScan inc (Jun 21)
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability ERPScan inc (Jun 21)
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability ERPScan inc (Jun 18)

Fernando Camara

CVE-2016-3670 Stored Cross Site Scripting in Liferay CE Fernando Camara (Jun 01)

Francesco Oddo

Nagios XI Multiple Vulnerabilities Francesco Oddo (Jun 02)
Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Francesco Oddo (Jun 27)

Francisco Amato

Faraday v1.0.21 with our new GTK interface! Francisco Amato (Jun 24)
Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! Francisco Amato (Jun 01)

Francisco Javier Santiago Vázquez

Multiple XSS in Babylon Francisco Javier Santiago Vázquez (Jun 02)

Gökmen GÜREŞÇİ

Joomla SecurityCheck extension - Multiple vulnerabilities Gökmen GÜREŞÇİ (Jun 01)

Gregory Pickett

rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Gregory Pickett (Jun 02)

Ian Ling

Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) Ian Ling (Jun 16)
Siklu EtherHaul Hidden ‘root’ Account Ian Ling (Jun 15)

Karn Ganeshen

Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple Vulnerabilities Karn Ganeshen (Jun 24)
EdgeCore - ES3526XA Manager - Multiple Vulnerabilities Karn Ganeshen (Jun 24)
Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities Karn Ganeshen (Jun 16)
HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities Karn Ganeshen (Jun 16)

KoreLogic Disclosures

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution KoreLogic Disclosures (Jun 28)

ljj

CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder ljj (Jun 14)

Manuel Garcia Cardenas

XSS in CMSimple <= v4.6.2 Manuel Garcia Cardenas (Jun 01)

Nate Kettlewell

Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Nate Kettlewell (Jun 15)
CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Nate Kettlewell (Jun 15)
CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell (Jun 15)
CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager Nate Kettlewell (Jun 16)
CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell (Jun 15)

Nguyen Anh Quynh

Keystone Assembler Engine is out! Nguyen Anh Quynh (Jun 01)

omarbv

Face Authentication Bypassing – KeyLemon omarbv (Jun 15)

Raiden lol

Force allow access button to Bypass windows firewall Raiden lol (Jun 02)

randomsec guy

nagios phishing vector & xss randomsec guy (Jun 13)

redrain root

#146416 Ruby:HTTP Header injection in 'net/http' redrain root (Jun 24)

Remco Sprooten

Multiple vulnerabilities in squid 0.4.16_2 running on pfSense Remco Sprooten (Jun 18)

Sandro Gauci

XML External Entity XXE vulnerability in OpenID component of Liferay Sandro Gauci (Jun 02)

SEC Consult Vulnerability Lab

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure SEC Consult Vulnerability Lab (Jun 24)
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway SEC Consult Vulnerability Lab (Jun 02)

Securify B.V.

Microsoft Visio multiple DLL side loading vulnerabilities Securify B.V. (Jun 15)
Craft CMS affected by server side template injection Securify B.V. (Jun 27)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking Stefan Kanthak (Jun 01)
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers Stefan Kanthak (Jun 15)
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player Stefan Kanthak (Jun 18)

Sysdream Labs

CVE ID Request : Horsys v8 multiple vulnerabilities Sysdream Labs (Jun 21)

thedeadcow

Aramadito remote arbitrary file write in case of MiTM thedeadcow (Jun 27)

Timothy D. Morgan

Blindspot Advisory: HTTP Header Injection in Python urllib Timothy D. Morgan (Jun 16)

vishnu raju

Stack Overflow in BLAT vishnu raju (Jun 16)

Vulnerability Lab

Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability Vulnerability Lab (Jun 28)
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability Vulnerability Lab (Jun 28)
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability Vulnerability Lab (Jun 07)
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities Vulnerability Lab (Jun 28)
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Jun 15)
SQL Injection Vulnerabilities found in European Commisssion & European Parliament Vulnerability Lab (Jun 08)
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability Vulnerability Lab (Jun 07)
Mapbox (API) - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jun 07)
Microsoft Education - Code Execution Vulnerability Vulnerability Lab (Jun 07)
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab (Jun 14)
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability Vulnerability Lab (Jun 13)
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability Vulnerability Lab (Jun 28)
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability Vulnerability Lab (Jun 13)

Previous period

Next period