Full Disclosure: by thread
113 messages
starting Apr 03 17 and
ending Apr 30 17
Date index |
Thread index |
Author index
- SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab (Apr 03)
- Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber (Apr 03)
- CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik (Apr 03)
- CVE Request -- mapr: information disclosure vulnerability Mark Felder (Apr 03)
- Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09 pratik shah (Apr 03)
- APPLE-SA-2017-04-03-1 iOS 10.3.1 Apple Product Security (Apr 03)
- AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team (Apr 04)
- Dell OpenManage Server Administrator v8.4: CVE-2016-4004 Addendum Harrison Neal (Apr 04)
- CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories (Apr 04)
- ManageEngine Applications Manager Multiple Vulnerabilities ljj (Apr 04)
- Inchoo Facebook Connect Extension for Magento Parameter XSS Patrick Webster via Fulldisclosure (Apr 04)
- Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster via Fulldisclosure (Apr 04)
- AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster via Fulldisclosure (Apr 04)
- Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster via Fulldisclosure (Apr 04)
- Lotus Protector for Mail Security remote code execution Patrick Webster via Fulldisclosure (Apr 04)
- Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster via Fulldisclosure (Apr 04)
- Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster via Fulldisclosure (Apr 04)
- Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster via Fulldisclosure (Apr 04)
- SilverStripe CMS - Path Disclosure Patrick Webster via Fulldisclosure (Apr 04)
- SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster via Fulldisclosure (Apr 04)
- AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster via Fulldisclosure (Apr 04)
- Kaseya information disclosure vulnerability Patrick Webster via Fulldisclosure (Apr 04)
- iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster via Fulldisclosure (Apr 04)
- Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster via Fulldisclosure (Apr 04)
- DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode (Apr 04)
- Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx (Apr 06)
- Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber (Apr 06)
- QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359) Harry Sintonen (Apr 06)
- APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android Apple Product Security (Apr 06)
- CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Apr 06)
- [DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later) DefenseCode (Apr 06)
- SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab (Apr 07)
- DAVOSET v.1.3.1 MustLive (Apr 07)
- Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution Stefan Kanthak (Apr 07)
- LAquis SCADA Access Control Vulnerability Karn Ganeshen (Apr 07)
- Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution Karn Ganeshen (Apr 07)
- SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities Karn Ganeshen (Apr 07)
- Cambium SNMP Security Vulnerabilities Karn Ganeshen (Apr 07)
- Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities Karn Ganeshen (Apr 07)
- DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling (Apr 07)
- CVE Request:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4 Wester 95 (Apr 07)
- CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status Wester 95 (Apr 07)
- CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings Wester 95 (Apr 07)
- WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection Manuel Garcia Cardenas (Apr 09)
- CVE-Request:stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations Wester 95 (Apr 09)
- NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003 Rewanth Cool (Apr 09)
- NSE Script for exploiting Directory traversal vulnerability in Wordpress Rewanth Cool (Apr 09)
- NSE scripts for XSS and session hijacking in AsusWRT Rewanth Cool (Apr 09)
- NSE Script for CVE 2017-6527 Rewanth Cool (Apr 09)
- Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx (Apr 11)
- CVE-2017-7456 MXview v2.8 Denial Of Service hyp3rlinx (Apr 11)
- Moxa MX AOPC-Server v1.5 XML External Entity hyp3rlinx (Apr 11)
- CVE Request:CSRF in Serendipity allows attacker installs any themes Wester 95 (Apr 11)
- CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11) Wester 95 (Apr 11)
- CVE Request:Directory Traversal in smilie module(MyBB <1.8.11) Wester 95 (Apr 11)
- CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham (Apr 11)
- Re: CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham (Apr 12)
- SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities Maor Shwartz (Apr 11)
- [SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89) Matthias Deeg (Apr 11)
- [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Matthias Deeg (Apr 11)
- <Possible follow-ups>
- Re: [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Nick Boyce (Apr 17)
- ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research (Apr 11)
- Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V. (Apr 11)
- Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V. (Apr 11)
- c0c0n X August 17-19, 2017 Call for Papers Open Prajwal Panchmahalkar (Apr 12)
- Proxifier for Mac 2.19 local root privesc Mark Wadham (Apr 12)
- DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode (Apr 12)
- DefenseCode ThunderScan SAST Advisory: 53+ WordPress plugins by BestWebSoft Multiple Cross-Site Scripting (XSS) Vulnerabilities DefenseCode (Apr 12)
- DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode (Apr 12)
- Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation hyp3rlinx (Apr 14)
- Persistent Cross-Site Scripting in Scriptler Jenkins Plugin Securify B.V. (Apr 14)
- CVE-2017-0199 PoC David ROUTIN (Apr 17)
- Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx (Apr 17)
- SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation Maor Shwartz (Apr 18)
- Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (Apr 20)
- Unicorn Emulator v1.0.1 is out! Nguyen Anh Quynh (Apr 21)
- nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect Kyriakos Economou (Apr 21)
- [ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector ERPScan inc (Apr 21)
- [ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT ERPScan inc (Apr 21)
- [ERPSCAN-17-022] SSRF in PeopleSoft IMServlet ERPScan inc (Apr 21)
- SecretServerSecretStealer - An extraction utility for Thycotic Secret Server Denis Andzakovic (Apr 21)
- Code Injection through DLL Sideloading in 64bit Oracle Java Florian Bogner (Apr 21)
- CVE-2017-7991-SQL injection-Exponent CMS 404 Not Found (Apr 21)
- DefenseCode ThunderScan SAST Advisory: WordPress AccessPress Social Icons Plugin Multiple SQL injection Security Vulnerabilities DefenseCode (Apr 21)
- DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability DefenseCode (Apr 21)
- CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 25)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 21)
- Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Securify B.V. (Apr 22)
- Tales of SugarCRM Security Horrors Egidio Romano (Apr 23)
- KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path KoreLogic Disclosures (Apr 24)
- KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures (Apr 24)
- KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures (Apr 24)
- KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures (Apr 24)
- KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures (Apr 24)
- CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method Andrey B. Panfilov (Apr 25)
- OXATIS 'EMail' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
- Flyspray 'real_name' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
- Samsung Smart TV Wi-Fi Direct Improper Authentication Info (Apr 25)
- Dell Customer Connect 1.3.28.0 Privilege Escalation Kacper Szurek (Apr 25)
- SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities Maor Shwartz (Apr 25)
- SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation SEC Consult Vulnerability Lab (Apr 25)
- Security Issues in Alerton Webtalk (Auth Bypass, RCE) David Tomaschik via Fulldisclosure (Apr 27)
- Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab (Apr 28)
- Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V. (Apr 29)
- Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS Securify B.V. (Apr 29)
- SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)
- CVE-2017-7981: Tuleap Remote OS Command Injection Ben N (Apr 30)
- PRL and CSRF vulnerabilities in D-Link DAP-1360 MustLive (Apr 30)
- 360 security android app snoops data to China Unicom network via insecure HTTP seclists (Apr 30)