Full Disclosure: by date

PreviousPrevious period
Next periodNext

162 messages starting Nov 01 16 and ending Nov 29 16
Date index | Thread index | Author index

Tuesday, 01 November

Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang
Vulnerabilities in D-Link DIR-300 MustLive
Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards Vulnerability Lab
Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Brandon Perry
MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] Dawid Golunski
CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS Peter Lapp
CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability Peter Lapp
CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability Peter Lapp
CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability Peter Lapp
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever

Wednesday, 02 November

MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details Berend-Jan Wever
Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang
Disclose [10 * cve] in Exponent CMS Obfuscator
Sparkjava Framework - Arbitrary File Read Vulnerability aj

Friday, 04 November

MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read Berend-Jan Wever
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Leo Famulari
[oss-security] CVE request:Lynx invalid URL parsing with '?' redrain root
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures
MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read Berend-Jan Wever
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski
Bypass Imperva by confusing HTTP Pollution Normalization Engine Nic Wiswat
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey

Saturday, 05 November

Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski

Sunday, 06 November

Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation Andrew Klaus
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow hyp3rlinx
Axessh 4.2.2 Denial Of Service hyp3rlinx
Rapid PHP Editor CSRF Remote Command Execution hyp3rlinx

Monday, 07 November

Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability Vulnerability Lab
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab
Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation Vulnerability Lab
[SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287) Klaus Tichmann
Several unpatched vulns in OwnCloud Felix Matei
[RootedCON 2017] Call for Papers open for RootedCON Madrid 2017! Román Ramírez
VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever
[KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability Egidio Romano

Tuesday, 08 November

[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro
Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723] Nightwatch Cybersecurity Research
Cross Site Scripting Vulnerability In Verint Impact 360 Sanehdeep Singh
YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Summer of Pwnage

Wednesday, 09 November

Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability (APSB16-35) [CVE-2016-7851] Vulnerability Lab
VBScript RegExpComp::PnodeParse out-of-bounds read details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever
Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM) Rio Sherri

Thursday, 10 November

MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever
Re: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever
Vlany: A Linux (LD_PRELOAD) rootkit eov eov
CA20161109-02: Security Notice for CA Service Desk Manager Williams, Ken
CA20161109-01: Security Notice for CA Unified Infrastructure Management Williams, Ken
Release - Shellcode Compiler Ionut Popescu
MyBB 1.8.6: XSS Curesec Research Team (CRT)
e107 CMS <= 2.1.2 Privilege Escalation Kacper Szurek
[CT-2016-1110] Unauthenticated RCE in Observium network monitor Ronald Volgers
Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF Summer of Pwnage
Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin Summer of Pwnage
Information disclosure race condition in W3 Total Cache WordPress Plugin Summer of Pwnage
Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin Summer of Pwnage
Teradata Virtual Machine Community Edition v15.10 has insecure file permission Larry W. Cashdollar

Friday, 11 November

Google Chrome blink Serializer::doSerialize bad cast details Berend-Jan Wever
Trango Systems hidden default root login (all models) Ian Ling

Sunday, 13 November

Unexpected behavior of cmd.exe while processing .bat files leads to potential command injection vulnerabilities Julian Horoszkiewicz
New VMSA-2016-0019 - VMware product updates address multiple information disclosure issues VMware Security Response Center

Monday, 14 November

SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever

Tuesday, 15 November

Microsoft Edge edgehtml CAttr­Array::Destroy use-after-free details Berend-Jan Wever
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert
OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Ralf Spenneberg
OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl Ralf Spenneberg
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari
New VMSA-2016-0020 - VMware product updates address multiple information disclosure issues VMware Security Response Center

Wednesday, 16 November

Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Dawid Golunski
Cross-Site Scripting in All In One WP Security & Firewall WordPress Plugin Summer of Pwnage
Re: QUANTUMSQUIRREL - attrition.org unmasked as NSA TAO OP jericho
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper

Friday, 18 November

Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab
Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability Vulnerability Lab
EditMe CMS - CSRF Privilege Escalate Web Vulnerability Vulnerability Lab
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab
CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call 0xr0ot
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever
Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details Berend-Jan Wever
MyLittleForum 2.3.6.1: XSS & RPO Curesec Research Team (CRT)
SPIP 3.1: XSS & Host Header Injection Curesec Research Team (CRT)
Mezzanine 4.2.0: XSS Curesec Research Team (CRT)
MyLittleForum 2.3.6.1: CSRF Curesec Research Team (CRT)
MoinMoin 1.9.8: XSS Curesec Research Team (CRT)
Lepton 2.2.2: SQL Injection Curesec Research Team (CRT)
Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling Curesec Research Team (CRT)
Lepton 2.2.2: Code Execution Curesec Research Team (CRT)
Jaws 1.1.1: Code Execution Curesec Research Team (CRT)
FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF Curesec Research Team (CRT)
Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags Curesec Research Team (CRT)
FUDforum 3.0.6: LFI Curesec Research Team (CRT)
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc
Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Larry W. Cashdollar
/tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Larry W. Cashdollar
SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin) dxw Security
Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security
Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security
SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak
Huawei Flybox B660 3G/4G Router - Auth Bypass Vulnerability Vulnerability Lab
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever
Tetris heap spraying: spraying the heap on a budget Berend-Jan Wever

Saturday, 19 November

Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF Summer of Pwnage
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage

Sunday, 20 November

Joomla plugin K2 RCE via CSRF or WCI Anti Räis
Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Larry W. Cashdollar
Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens
Multiple issues in OpManager 12100 & 12200 Michael Heydon

Tuesday, 22 November

Reflected XSS in WonderCMS <= v0.9.8 Manuel Garcia Cardenas
PHDays VII Call for Papers: How to Stand Up at the Standoff Alexander Lashkov
MSIE8 MSHTML Ptls5::Ls­Find­Span­Visual­Boundaries memory corruption Berend-Jan Wever
[x33fcon] Call for Papers (and Trainers) x33fcon.office
[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability ERPScan inc
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc
[CVE-2016-7434] ntpd remote pre-auth DoS Magnus Stubman
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team

Wednesday, 23 November

Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin Summer of Pwnage

Thursday, 24 November

[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH

Friday, 25 November

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever
CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details Berend-Jan Wever
Microsoft Internet Explorer 11 MSHTML CGeneratedContent::HasGeneratedSVGMarker type confusion Berend-Jan Wever
CVE-2013-3120 MSIE 10 MSHTML CEditAdorner::Detach use-after-free details Berend-Jan Wever
The HS-110 Smart Plug aka Projekt Kasa Curesec Research Team (CRT)
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski
Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato
Red Hat JBoss EAP deserialization of untrusted data Agazzini Maurizio
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) Matthias Deeg
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks Matthias Deeg
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks Matthias Deeg
[SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks Matthias Deeg
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks Matthias Deeg
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) Matthias Deeg
NEW VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Response Center
NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability VMware Security Response Center
UCanCode multiple vulnerabilities Carlo Di Dato

Monday, 28 November

Schoolhos CMS v2.29 - userberita SQL injection Vulnerability Vulnerability Lab
Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability Vulnerability Lab
Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Vulnerability Lab
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab
CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details Berend-Jan Wever
[ndhXV] Call For Paper - 15th anniversary - 24-25 June 2017 Freeman
CFP - BloomCON 0x02 - March 24-25, 2017 Bloomsburg, PA Philip Polstra
Re: Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Simon Waters (Surevine)

Tuesday, 29 November

Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin Summer of Pwnage
PreviousPrevious period
Next periodNext