Full Disclosure: by date
103 messages
starting Feb 01 17 and
ending Feb 28 17
Date index |
Thread index |
Author index
Wednesday, 01 February
Vulnerability Open Redirect LogicBoard CMS Estación Informática
Viscosity for Windows 1.6.7 Privilege Escalation Kacper Szurek
QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and "Heack Combo" to pwn bashis
Cross-Site Scripting vulnerability in Bitrix Site Manager MustLive
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server Tobias Glemser
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server Tobias Glemser
Thursday, 02 February
Call for Speakers for CCCC17 in Copenhagen Peter Kruse
Re: Free ebook to learn ethical hacking techniques elendil el
Re: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) Pierre Kim
[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories
HP Printers Wi-Fi Direct Improper Access Control Info
Saturday, 04 February
ZoneMinder - multiple vulnerabilities John Marzella
Monday, 06 February
[KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability Egidio Romano
Teleopti WFM <= 7.1.0 Multiple Vulnerabilities Graph-X
IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Kacper Szurek
Remote DoS against OpenBSD http server (up to 6.0) Pierre Kim
Tuesday, 07 February
interpreter bugs Andrzej Dyjak
Call for Papers: FIRST Amsterdam Technical Colloquium (TC) April 2017 Jeff Bollinger
SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server SEC Consult Vulnerability Lab
Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion Wiswat A
Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege Stefan Kanthak
Wednesday, 08 February
Authentication bypass vulnerability in Western Digital My Cloud Securify B.V.
Thursday, 09 February
TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules Pierre Kim
Friday, 10 February
[Call for Papers] InfoSec2017 in Bratislava, Slovakia | June 29-July 1, 2017 Sandra Evans
Tuesday, 14 February
WordPress Plugin Easy Table 1.6 - Persistent Cross-Site Scripting Manuel Garcia Cardenas
CVE-2017-5670 : Riverbed RiOS insecure cryptographic storage Sydream Labs
CFP for Speaker Workshops at the Packet Hacking Village at DEF CON 25 Now Open Ming
[Kodi v17.1] - Local File Inclusion Eric Flokstra
ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation Kacper Szurek
Backdoored Web Application v.1.0.2 MustLive
Wednesday, 15 February
KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write KoreLogic Disclosures
KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability KoreLogic Disclosures
KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability KoreLogic Disclosures
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef X41 D-Sec GmbH Advisories
Suricata IDS - IPv4 evasion Jérémy BEAUME
CVE-2017-5344 : dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1 Ben N
QNAP QTS 4.2.x multiple vulnerabilities Harry Sintonen
Thursday, 16 February
Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS Curesec Research Team (CRT)
Elefant CMS 1.3.12-RC: CSRF Curesec Research Team (CRT)
Plone: XSS Curesec Research Team (CRT)
Elefant CMS 1.3.12-RC: Code Execution Curesec Research Team (CRT)
Elefant CMS 1.3.12-RC: Code Execution Curesec Research Team (CRT)
"long" filenames mishandled by Fujitsu's ScanSnap software Stefan Kanthak
Monday, 20 February
Lithium Forum - (Compose Message) SSRF Vulnerability Vulnerability Lab
Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities Vulnerability Lab
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability Vulnerability Lab
Album Lock v4.0 iOS - Directory Traversal Vulnerability Vulnerability Lab
Tuesday, 21 February
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass hyp3rlinx
PHPShell v2.4 Session Fixation hyp3rlinx
PHPShell v2.4 Cross Site Scripting hyp3rlinx
APPLE-SA-2017-02-21-1 GarageBand 10.1.6 Apple Product Security
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Apple Product Security
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Kroppoloe
Recon Montreal 2017 Call For Papers - June 16 - 18 - Montreal, Canada cfpmontreal2017
Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0) Ian Ling
Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan
Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router Indrajith AN
[SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks Matthias Deeg
Wednesday, 22 February
Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability Vulnerability Lab
ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Vulnerability Lab
Synology NAS "Auto Block IP" bypass and hide real IP in Synology logs bashis
EasyCom PHP API Stack Buffer Overflow hyp3rlinx
EasyCom SQL iPlug Denial Of Service hyp3rlinx
Teradici Management Console 2.2.0 - Privilege Escalation Harrison Neal
Thursday, 23 February
Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities Vulnerability Lab
Friday, 24 February
Advisory X41-2017-004: Multiple Vulnerabilities in tnef X41 D-Sec GmbH Advisories
Unicorn Emulator v1.0 is out! Nguyen Anh Quynh
Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router Indrajith AN
Monday, 27 February
WordPress Plugin Kama Click Counter 3.4.9 - Blind SQL Injection Manuel Garcia Cardenas
CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 Jason Geffner
CVE-2017-6061 - SAP BusinessObjects XSS NL Deloitte Zero Day (NL - Amsterdam)
Tuesday, 28 February
D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities Felipe Soares de Souza
CVE-2017-6189-Amazon Kindle for Windows Nitesh Shilpkar
Advisory X41-2017-001: Multiple Vulnerabilities in X.org X41 D-Sec GmbH Advisories
Multiple persistent Cross-Site Scripting vulnerabilities in osTicket Securify B.V.
Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field Summer of Pwnage
Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting Summer of Pwnage
Cross-Site Scripting vulnerability in Trust Form WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in WP-Filebase Download Manager WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in WP-SpamFree Anti-Spam WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery in File Manager WordPress plugin Summer of Pwnage
Cross-Site Request Forgery in Global Content Blocks WordPress Plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin Summer of Pwnage
Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Persistent Cross-Site Scripting in the WordPress NewStatPress plugin Summer of Pwnage
Cross-Site Scripting vulnerability in Tribulant Slideshow Galleries WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery in WordPress Download Manager Plugin Summer of Pwnage
Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery Summer of Pwnage
Cross-Site Request Forgery in Atahualpa WordPress Theme Summer of Pwnage
Cross-Site Scripting in Atahualpa WordPress Theme Summer of Pwnage
Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin Summer of Pwnage
Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin Summer of Pwnage
VaultPress - Remote Code Execution via Man in The Middle attack Summer of Pwnage
WordPress Adminer plugin allows public (local) database login Summer of Pwnage
Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery Summer of Pwnage
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin Summer of Pwnage
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin Summer of Pwnage
Re: Teradici Management Console 2.2.0 - Privilege Escalation Jack Cha
Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution Karn Ganeshen
Veritas NetBackup v6.x, v7.x, v8.0 and NetBackup appliances v2.x, v3.0 - Multiple Critical Vulnerabilities Sven Blumenstein