Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
113 messages
starting Apr 21 17 and
ending Apr 07 17
Date index |
Thread index |
Author index
404 Not Found
CVE-2017-7991-SQL injection-Exponent CMS 404 Not Found (Apr 21)
Advisories
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service Advisories (Apr 04)
Andrey B. Panfilov
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method Andrey B. Panfilov (Apr 25)
Apple Product Security
APPLE-SA-2017-04-03-1 iOS 10.3.1 Apple Product Security (Apr 03)
APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android Apple Product Security (Apr 06)
Asterisk Security Team
AST-2017-001: Buffer overflow in CDR's set user Asterisk Security Team (Apr 04)
Ben N
CVE-2017-7981: Tuleap Remote OS Command Injection Ben N (Apr 30)
David Coomber
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) David Coomber (Apr 03)
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) David Coomber (Apr 06)
David ROUTIN
CVE-2017-0199 PoC David ROUTIN (Apr 17)
David Tomaschik via Fulldisclosure
Security Issues in Alerton Webtalk (Auth Bypass, RCE) David Tomaschik via Fulldisclosure (Apr 27)
Dawid Golunski
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 25)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 21)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 21)
DefenseCode
DefenseCode ThunderScan SAST Advisory: 53+ WordPress plugins by BestWebSoft Multiple Cross-Site Scripting (XSS) Vulnerabilities DefenseCode (Apr 12)
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) DefenseCode (Apr 12)
DefenseCode ThunderScan SAST Advisory: WordPress AccessPress Social Icons Plugin Multiple SQL injection Security Vulnerabilities DefenseCode (Apr 21)
[DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later) DefenseCode (Apr 06)
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities DefenseCode (Apr 12)
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal DefenseCode (Apr 04)
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability DefenseCode (Apr 21)
Denis Andzakovic
SecretServerSecretStealer - An extraction utility for Thycotic Secret Server Denis Andzakovic (Apr 21)
Dirk-Willem van Gulik
CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik (Apr 03)
dxw Security
CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Apr 06)
Egidio Romano
Tales of SugarCRM Security Horrors Egidio Romano (Apr 23)
ERPScan inc
[ERPSCAN-17-022] SSRF in PeopleSoft IMServlet ERPScan inc (Apr 21)
[ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector ERPScan inc (Apr 21)
[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT ERPScan inc (Apr 21)
Filippo Cavallarin
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 21)
Florian Bogner
Code Injection through DLL Sideloading in 64bit Oracle Java Florian Bogner (Apr 21)
Harrison Neal
Dell OpenManage Server Administrator v8.4: CVE-2016-4004 Addendum Harrison Neal (Apr 04)
Harry Sintonen
QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359) Harry Sintonen (Apr 06)
HTTPCS
Flyspray 'real_name' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
OXATIS 'EMail' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
hyp3rlinx
Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation hyp3rlinx (Apr 14)
CVE-2017-7456 MXview v2.8 Denial Of Service hyp3rlinx (Apr 11)
Moxa MXview v2.8 Remote Private Key Disclosure hyp3rlinx (Apr 11)
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload hyp3rlinx (Apr 06)
Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset hyp3rlinx (Apr 17)
Moxa MX AOPC-Server v1.5 XML External Entity hyp3rlinx (Apr 11)
Ian Ling
DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) Ian Ling (Apr 07)
Info
Samsung Smart TV Wi-Fi Direct Improper Authentication Info (Apr 25)
Kacper Szurek
Dell Customer Connect 1.3.28.0 Privilege Escalation Kacper Szurek (Apr 25)
Karn Ganeshen
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution Karn Ganeshen (Apr 07)
Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities Karn Ganeshen (Apr 07)
SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities Karn Ganeshen (Apr 07)
Cambium SNMP Security Vulnerabilities Karn Ganeshen (Apr 07)
LAquis SCADA Access Control Vulnerability Karn Ganeshen (Apr 07)
KoreLogic Disclosures
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures (Apr 24)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures (Apr 24)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures (Apr 24)
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path KoreLogic Disclosures (Apr 24)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures (Apr 24)
Kyriakos Economou
nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect Kyriakos Economou (Apr 21)
ljj
ManageEngine Applications Manager Multiple Vulnerabilities ljj (Apr 04)
Manuel Garcia Cardenas
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection Manuel Garcia Cardenas (Apr 09)
Maor Shwartz
SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation Maor Shwartz (Apr 18)
SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities Maor Shwartz (Apr 25)
SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities Maor Shwartz (Apr 11)
Mark Felder
CVE Request -- mapr: information disclosure vulnerability Mark Felder (Apr 03)
Mark Wadham
Proxifier for Mac 2.19 local root privesc Mark Wadham (Apr 12)
CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham (Apr 11)
Re: CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Mark Wadham (Apr 12)
Matthias Deeg
[SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89) Matthias Deeg (Apr 11)
[SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Matthias Deeg (Apr 11)
MustLive
PRL and CSRF vulnerabilities in D-Link DAP-1360 MustLive (Apr 30)
DAVOSET v.1.3.1 MustLive (Apr 07)
Nguyen Anh Quynh
Unicorn Emulator v1.0.1 is out! Nguyen Anh Quynh (Apr 21)
Nick Boyce
Re: [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657) Nick Boyce (Apr 17)
Nightwatch Cybersecurity Research
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode Nightwatch Cybersecurity Research (Apr 11)
Patrick Webster via Fulldisclosure
AcoraCMS browser redirect and Cross-site scripting vulnerabilities Patrick Webster via Fulldisclosure (Apr 04)
Inchoo Facebook Connect Extension for Magento Parameter XSS Patrick Webster via Fulldisclosure (Apr 04)
Kaseya information disclosure vulnerability Patrick Webster via Fulldisclosure (Apr 04)
iPlatinum iOneView Multiple Parameter Reflected XSS Patrick Webster via Fulldisclosure (Apr 04)
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Patrick Webster via Fulldisclosure (Apr 04)
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure Patrick Webster via Fulldisclosure (Apr 04)
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection Patrick Webster via Fulldisclosure (Apr 04)
Moodle URL Manipulation Remote Account Information Disclosure Patrick Webster via Fulldisclosure (Apr 04)
Lotus Protector for Mail Security remote code execution Patrick Webster via Fulldisclosure (Apr 04)
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities Patrick Webster via Fulldisclosure (Apr 04)
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package Patrick Webster via Fulldisclosure (Apr 04)
SilverStripe CMS - Path Disclosure Patrick Webster via Fulldisclosure (Apr 04)
AirWatch Self Service Portal Username Parameter LDAP Injection Patrick Webster via Fulldisclosure (Apr 04)
Tweek!DM Document Management Authentication bypass, SQL injection Patrick Webster via Fulldisclosure (Apr 04)
Prajwal Panchmahalkar
c0c0n X August 17-19, 2017 Call for Papers Open Prajwal Panchmahalkar (Apr 12)
pratik shah
Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09 pratik shah (Apr 03)
Rewanth Cool
NSE scripts for XSS and session hijacking in AsusWRT Rewanth Cool (Apr 09)
NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003 Rewanth Cool (Apr 09)
NSE Script for exploiting Directory traversal vulnerability in Wordpress Rewanth Cool (Apr 09)
NSE Script for CVE 2017-6527 Rewanth Cool (Apr 09)
SEC Consult Vulnerability Lab
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum SEC Consult Vulnerability Lab (Apr 07)
SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation SEC Consult Vulnerability Lab (Apr 25)
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function SEC Consult Vulnerability Lab (Apr 03)
seclists
360 security android app snoops data to China Unicom network via insecure HTTP seclists (Apr 30)
Securify B.V.
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V. (Apr 29)
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Securify B.V. (Apr 22)
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin Securify B.V. (Apr 14)
Multiple local privilege escalation vulnerabilities in Proxifier for Mac Securify B.V. (Apr 11)
Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS Securify B.V. (Apr 29)
Microsoft Office OneNote 2007 DLL side loading vulnerability Securify B.V. (Apr 11)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution Stefan Kanthak (Apr 07)
Summer of Pwnage
Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (Apr 20)
Vulnerability Lab
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab (Apr 28)
Wester 95
CVE-Request:stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations Wester 95 (Apr 09)
CVE Request:Directory Traversal in smilie module(MyBB <1.8.11) Wester 95 (Apr 11)
CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11) Wester 95 (Apr 11)
CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings Wester 95 (Apr 07)
CVE Request:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4 Wester 95 (Apr 07)
CVE Request:CSRF in Serendipity allows attacker installs any themes Wester 95 (Apr 11)
CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status Wester 95 (Apr 07)