Full Disclosure: by thread
103 messages
starting Oct 03 16 and
ending Oct 30 16
Date index |
Thread index |
Author index
- Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP Onapsis Research (Oct 03)
- Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research (Oct 03)
- Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Onapsis Research (Oct 03)
- <Possible follow-ups>
- Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Matías Mevied (Oct 03)
- Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging Onapsis Research (Oct 03)
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 03)
- <Possible follow-ups>
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 26)
- Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop (Oct 03)
- <Possible follow-ups>
- Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva (Oct 03)
- Re: Critical Vulnerability in Ubiquiti UniFi Tim Schughart (Oct 03)
- Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop (Oct 04)
- Re: Critical Vulnerability in Ubiquiti UniFi Rob Thomas (Oct 11)
- Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva (Oct 19)
- Re: Critical Vulnerability in Ubiquiti UniFi kvnjs (Oct 19)
- Re: Critical Vulnerability in Ubiquiti UniFi Tim Schughart (Oct 03)
- [RootedHONGKONG 2016] Call for papers opened today! Román Ramírez Giménez (Oct 03)
- Aura Video Converter v1.6.3 - DLL Hijacking Exploit Vulnerability Lab (Oct 04)
- AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit Vulnerability Lab (Oct 04)
- FaceDancer 21 - New Universal Case for PenTests Vulnerability Lab (Oct 04)
- Sparkasse (Bank) - Service Security Advisory WB021 2016 Vulnerability Lab (Oct 04)
- Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities Vulnerability Lab (Oct 04)
- Clean Master v1.0 - Unquoted Path Privilege Escalation Vulnerability Lab (Oct 05)
- Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability Vulnerability Lab (Oct 05)
- Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability Vulnerability Lab (Oct 05)
- KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service KoreLogic Disclosures (Oct 05)
- KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials KoreLogic Disclosures (Oct 05)
- KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion KoreLogic Disclosures (Oct 05)
- KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access KoreLogic Disclosures (Oct 05)
- RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability Vulnerability Lab (Oct 06)
- [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability Egidio Romano (Oct 06)
- NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability VMware Security Response Center (Oct 06)
- SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) SEC Consult Vulnerability Lab (Oct 11)
- Facebook API v2.1 - RFC6749 Open Redirect Vulnerability Vulnerability Lab (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research (Oct 11)
- Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities admin () evolution-sec com (Oct 11)
- CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski (Oct 11)
- [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities Gergely Eberhardt (Oct 11)
- Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] Nightwatch Cybersecurity Research (Oct 11)
- Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 11)
- Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 11)
- [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg (Oct 11)
- [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg (Oct 11)
- <Possible follow-ups>
- [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg (Oct 11)
- [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks Matthias Deeg (Oct 11)
- IBM WebSphere deserialization of untrusted data Agazzini Maurizio (Oct 11)
- [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas (Oct 11)
- BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism Blue Frost Security Research Lab (Oct 11)
- Billion Router 7700NR4 Remote Root Command Execution Rio Sherri (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
- Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
- NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability VMware Security Response Center (Oct 11)
- [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability Matthias Deeg (Oct 12)
- [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack Matthias Deeg (Oct 12)
- New OpenSSL double-free and invalid free vulnerabilities in X509 parsing Guido Vranken (Oct 12)
- CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code Elar Lang (Oct 19)
- [ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability ERPScan inc (Oct 19)
- [ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value ERPScan inc (Oct 19)
- [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability ERPScan inc (Oct 19)
- cgiemail (included with cPanel) local file inclusion vulnerability Finbar Crago (Oct 19)
- Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles Bogner Florian (Oct 19)
- OpenSSL 1.1.0 remote client memory corruption Guido Vranken (Oct 19)
- CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs (Oct 19)
- CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs (Oct 19)
- CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs (Oct 19)
- CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs (Oct 19)
- CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs (Oct 19)
- Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update Stefan Kanthak (Oct 19)
- Evernote for Windows DLL Loading Remote Code Execution Himanshu Mehta (Oct 19)
- Ghostscript sadbox bypass lead ImageMagick to remote code execution redrain root (Oct 19)
- Multiple Vulnerabilities in Plone CMS Sebastian Perez (Oct 19)
- Ubiquiti Tim Schughart (Oct 19)
- Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory Stefan Kanthak (Oct 20)
- New release: UFONet v0.8 - "U-NATi0n!" psy (Oct 23)
- XSS on public PGP servers John Strander (Oct 23)
- Security Vulnerability : Cisco web site CSRF in change password lead to full account take over mohamed sayed (Oct 24)
- Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS [CXSEC] (Oct 24)
- APPLE-SA-2016-10-24-1 iOS 10.1 Apple Product Security (Oct 24)
- APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1 Apple Product Security (Oct 24)
- APPLE-SA-2016-10-24-3 Safari 10.0.1 Apple Product Security (Oct 24)
- APPLE-SA-2016-10-24-4 tvOS 10.0.1 Apple Product Security (Oct 24)
- APPLE-SA-2016-10-24-5 watchOS 3.1 Apple Product Security (Oct 24)
- daloRADIUS 0.9-9 - Multiple vulnerabilities leading to arbitrary shell execution fwagglechop (Oct 24)
- AST-2016-007: UPDATE Asterisk Security Team (Oct 25)
- New VMSA-2016-0017 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Oct 25)
- [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) Harry Sintonen (Oct 26)
- [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update Harry Sintonen (Oct 30)
- Wickr Inc - When honesty disappears behind the VCP Mountain Vulnerability Lab (Oct 28)
- APPLE-SA-2016-10-27-1 Xcode 8.1 Apple Product Security (Oct 28)
- APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 Apple Product Security (Oct 28)
- APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows Apple Product Security (Oct 28)
- [FOXMOLE SA 2016-07-20] Lupusec XT1 Alarm System - Multiple Issues FOXMOLE Advisories (Oct 28)