Full Disclosure: by thread
99 messages
starting Jan 03 17 and
ending Jan 31 17
Date index |
Thread index |
Author index
- Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034) Dawid Golunski (Jan 03)
- CINtruder v0.3 released... psy (Jan 03)
- Advisories Unsafe Dll in Audacity, telegram and Akamai filipe (Jan 03)
- Persisted Cross-Site Scripting (XSS) in Confluence Jira Software jlss (Jan 03)
- Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software Moritz Naumann (Jan 04)
- <Possible follow-ups>
- Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software David Black (Jan 06)
- 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
- Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
- Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
- Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
- Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege Stefan Kanthak (Jan 03)
- Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege Stefan Kanthak (Jan 03)
- Stop User Enumeration does not stop user enumeration (WordPress plugin) dxw Security (Jan 04)
- CarolinaCon-13 - May 2017 - Call for Papers/Presenters and Attendees Vic Vandal (Jan 06)
- Trango Altum AC600 Default root Login Ian Ling (Jan 06)
- YSTS 11th Edition - CFP Luiz Eduardo (Jan 06)
- BSides Las Vegas 2017 CFP is open. Daemon Tamer (Jan 09)
- Hotlinking Vulnerability in PHProxy 0.5b2 Celso Bento (Jan 09)
- enigma2-plugin-extensions-webadmin Remote Code Execution (IoT) Fabian Fingerle (Jan 09)
- pev 0.80 released Fernando Mercês (Jan 09)
- CSRF/XSS in Responsive Poll allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Jan 10)
- Docker 1.12.6 - Security Advisory Nathan McCauley (Jan 10)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
- Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability Vulnerability Lab (Jan 11)
- BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability Vulnerability Lab (Jan 11)
- Bit Defender #39 - Auth Token Bypass Vulnerability Vulnerability Lab (Jan 11)
- Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability Vulnerability Lab (Jan 11)
- Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability Vulnerability Lab (Jan 11)
- Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability Vulnerability Lab (Jan 11)
- [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs (Jan 12)
- Multiple vulnerabilities in cPanel <= 60.0.34 Open Security (Jan 12)
- ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) Fernando Gont (Jan 12)
- Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski (Jan 13)
- Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege Stefan Kanthak (Jan 15)
- Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability Vulnerability Lab (Jan 16)
- Salesforce (Event Registration) - Persistent Vulnerability Vulnerability Lab (Jan 16)
- Apple (iTunes Notify) - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Jan 16)
- Security BSides Ljubljana 0x7E1 CFP - March 10, 2017 Andraz Sraka (Jan 17)
- New exploit for new vulnerability in WordPress Plugin + tutorial Diego (Jan 17)
- Multiple RCE in ZyXEL / Billion / TrueOnline routers Pedro Ribeiro (Jan 17)
- Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software Roberto Soares (Jan 17)
- EuskalHack Security Congress CFP Joxean Koret (Jan 17)
- SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page) SEC Consult Vulnerability Lab (Jan 17)
- Announce Keypatch v2.1, a better assembler for IDA Pro! Nguyen Anh Quynh (Jan 18)
- APPLE-SA-2017-01-18-1 GarageBand 10.1.5 Apple Product Security (Jan 19)
- APPLE-SA-2017-01-18-2 Logic Pro X 10.3 Apple Product Security (Jan 19)
- [ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE ERPScan inc (Jan 19)
- [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE ERPScan inc (Jan 19)
- CALL FOR PAPERS - br3aking c0de Estación Informática (Jan 19)
- Persistent XSS in Ghost 0.11.3 Patrick (Jan 19)
- [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection Julien Ahrens (Jan 19)
- Tap 'n' Sniff Curesec Research Team (CRT) (Jan 19)
- Apple iOS 10.2 (Notify - iTunes) - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jan 20)
- Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak (Jan 22)
- GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Taoguang Chen (Jan 22)
- RVAsec 2017 Call for Presentations Sullo (Jan 23)
- [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 ERPScan inc (Jan 23)
- CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS ERPScan inc (Jan 23)
- APPLE-SA-2017-01-23-1 iOS 10.2.1 Apple Product Security (Jan 23)
- APPLE-SA-2017-01-23-2 macOS 10.12.3 Apple Product Security (Jan 23)
- APPLE-SA-2017-01-23-3 watchOS 3.1.3 Apple Product Security (Jan 23)
- APPLE-SA-2017-01-23-4 tvOS 10.1.1 Apple Product Security (Jan 23)
- APPLE-SA-2017-01-23-5 Safari 10.0.3 Apple Product Security (Jan 23)
- APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 Apple Product Security (Jan 23)
- New mailing-list on IoT hacking Fernando Gont (Jan 23)
- WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Kacper Szurek (Jan 24)
- APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 Apple Product Security (Jan 24)
- Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
- CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
- InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
- Call for Papers: DigitalSec2017 in Kuala Lumpur, Malaysia on July 11-13, 2017 Sandra Evans (Jan 26)
- Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash (Jan 27)
- Privilege Escalation in VirtualBox (CVE-2017-3316) Wolfgang (Jan 27)
- Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification Summer of Pwnage (Jan 28)
- Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin Summer of Pwnage (Jan 28)
- Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin Summer of Pwnage (Jan 28)
- SEC Consult SA-20170130-0 :: XSS & CSRF in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Jan 30)
- New BlackArch Linux ISOs (2017.01.28) released! Black Arch (Jan 30)
- BSidesHannover 2017! Daniel Busch (Jan 30)
- secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") Simon Bieber (Jan 30)
- Re: Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Olivier Bilodeau (Jan 30)
- Free ebook to learn ethical hacking techniques Sparc Flow (Jan 30)
- Sophos Web Appliance - Block & Unblock IPs Remote Command Injection (CVE-2016-9553) Russell Sanford (Jan 30)
- Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro (Jan 30)
- Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Netgear Security (Jan 31)
- Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture Jens Müller (Jan 30)
- Hacking Printers Advisory 2/6: Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL Jens Müller (Jan 30)
- Hacking Printers Advisory 5/6: HP printers restoring factory defaults through PML commands Jens Müller (Jan 30)
- Hacking Printers Advisory 4/6: Multiple vendors buffer overflow in LPD daemon and PJL interpreter Jens Müller (Jan 30)
- Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands Jens Müller (Jan 30)
- Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands Jens Müller (Jan 30)
- PEAR Base System v1.10.1 Arbitrary File Download hyp3rlinx (Jan 31)
- [REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Jan 31)
- Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking Stefan Kanthak (Jan 31)