Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

103 messages starting Oct 11 16 and ending Oct 04 16
Date index | Thread index | Author index

admin () evolution-sec com

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities admin () evolution-sec com (Oct 11)

Agazzini Maurizio

IBM WebSphere deserialization of untrusted data Agazzini Maurizio (Oct 11)

Apple Product Security

APPLE-SA-2016-10-24-4 tvOS 10.0.1 Apple Product Security (Oct 24)
APPLE-SA-2016-10-27-1 Xcode 8.1 Apple Product Security (Oct 28)
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows Apple Product Security (Oct 28)
APPLE-SA-2016-10-24-3 Safari 10.0.1 Apple Product Security (Oct 24)
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 Apple Product Security (Oct 28)
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1 Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-1 iOS 10.1 Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-5 watchOS 3.1 Apple Product Security (Oct 24)

Asterisk Security Team

AST-2016-007: UPDATE Asterisk Security Team (Oct 25)

Blue Frost Security Research Lab

BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism Blue Frost Security Research Lab (Oct 11)

Bogner Florian

Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles Bogner Florian (Oct 19)

Carlos Silva

Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva (Oct 19)
Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva (Oct 03)

[CXSEC]

Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS [CXSEC] (Oct 24)

Dawid Golunski

CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski (Oct 11)
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 26)
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 03)

Egidio Romano

[KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability Egidio Romano (Oct 06)

Elar Lang

CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code Elar Lang (Oct 19)

ERPScan inc

[ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability ERPScan inc (Oct 19)
[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability ERPScan inc (Oct 19)
[ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value ERPScan inc (Oct 19)

Finbar Crago

cgiemail (included with cPanel) local file inclusion vulnerability Finbar Crago (Oct 19)

FOXMOLE Advisories

[FOXMOLE SA 2016-07-20] Lupusec XT1 Alarm System - Multiple Issues FOXMOLE Advisories (Oct 28)

fwagglechop

daloRADIUS 0.9-9 - Multiple vulnerabilities leading to arbitrary shell execution fwagglechop (Oct 24)

Gergely Eberhardt

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities Gergely Eberhardt (Oct 11)

Gregory Sloop

Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop (Oct 03)
Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop (Oct 04)

Guido Vranken

OpenSSL 1.1.0 remote client memory corruption Guido Vranken (Oct 19)
New OpenSSL double-free and invalid free vulnerabilities in X509 parsing Guido Vranken (Oct 12)

Harry Sintonen

[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update Harry Sintonen (Oct 30)
[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) Harry Sintonen (Oct 26)

Himanshu Mehta

Evernote for Windows DLL Loading Remote Code Execution Himanshu Mehta (Oct 19)

John Strander

XSS on public PGP servers John Strander (Oct 23)

KoreLogic Disclosures

KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access KoreLogic Disclosures (Oct 05)
KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion KoreLogic Disclosures (Oct 05)
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials KoreLogic Disclosures (Oct 05)
KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service KoreLogic Disclosures (Oct 05)

kvnjs

Re: Critical Vulnerability in Ubiquiti UniFi kvnjs (Oct 19)

Mark Thomas

[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas (Oct 11)

Matías Mevied

Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Matías Mevied (Oct 03)

Matthias Deeg

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg (Oct 11)
[SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability Matthias Deeg (Oct 12)
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg (Oct 11)
[SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack Matthias Deeg (Oct 12)
[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks Matthias Deeg (Oct 11)
[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg (Oct 11)

mohamed sayed

Security Vulnerability : Cisco web site CSRF in change password lead to full account take over mohamed sayed (Oct 24)

Nightwatch Cybersecurity Research

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] Nightwatch Cybersecurity Research (Oct 11)

Onapsis Research

Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP Onapsis Research (Oct 03)
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging Onapsis Research (Oct 03)
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Onapsis Research (Oct 03)
Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research (Oct 03)
Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption Onapsis Research (Oct 11)

psy

New release: UFONet v0.8 - "U-NATi0n!" psy (Oct 23)

redrain root

Ghostscript sadbox bypass lead ImageMagick to remote code execution redrain root (Oct 19)

Ricardo Iramar dos Santos

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 11)
Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 11)

Rio Sherri

Billion Router 7700NR4 Remote Root Command Execution Rio Sherri (Oct 11)

Rob Thomas

Re: Critical Vulnerability in Ubiquiti UniFi Rob Thomas (Oct 11)

Román Ramírez Giménez

[RootedHONGKONG 2016] Call for papers opened today! Román Ramírez Giménez (Oct 03)

Sebastian Perez

Multiple Vulnerabilities in Plone CMS Sebastian Perez (Oct 19)

SEC Consult Vulnerability Lab

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) SEC Consult Vulnerability Lab (Oct 11)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update Stefan Kanthak (Oct 19)
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory Stefan Kanthak (Oct 20)

Sysdream Labs

CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs (Oct 19)
CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs (Oct 19)
CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs (Oct 19)
CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs (Oct 19)
CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs (Oct 19)

Tim Schughart

Ubiquiti Tim Schughart (Oct 19)
Re: Critical Vulnerability in Ubiquiti UniFi Tim Schughart (Oct 03)

VMware Security Response Center

New VMSA-2016-0017 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Oct 25)
NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability VMware Security Response Center (Oct 06)
NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability VMware Security Response Center (Oct 11)

Vulnerability Lab

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability Vulnerability Lab (Oct 11)
Sparkasse (Bank) - Service Security Advisory WB021 2016 Vulnerability Lab (Oct 04)
Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability Vulnerability Lab (Oct 05)
Wickr Inc - When honesty disappears behind the VCP Mountain Vulnerability Lab (Oct 28)
Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities Vulnerability Lab (Oct 04)
Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability Vulnerability Lab (Oct 05)
RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability Vulnerability Lab (Oct 06)
FaceDancer 21 - New Universal Case for PenTests Vulnerability Lab (Oct 04)
Clean Master v1.0 - Unquoted Path Privilege Escalation Vulnerability Lab (Oct 05)
Aura Video Converter v1.6.3 - DLL Hijacking Exploit Vulnerability Lab (Oct 04)
AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit Vulnerability Lab (Oct 04)

Previous period

Next period