Full Disclosure: by author
99 messages
starting Jan 17 17 and
ending Jan 27 17
Date index |
Thread index |
Author index
Andraz Sraka
Security BSides Ljubljana 0x7E1 CFP - March 10, 2017 Andraz Sraka (Jan 17)
Andreas Stieger
Re: [oss-security] Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)
Apple Product Security
APPLE-SA-2017-01-23-2 macOS 10.12.3 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 Apple Product Security (Jan 24)
APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-4 tvOS 10.1.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-18-2 Logic Pro X 10.3 Apple Product Security (Jan 19)
APPLE-SA-2017-01-23-5 Safari 10.0.3 Apple Product Security (Jan 23)
APPLE-SA-2017-01-23-1 iOS 10.2.1 Apple Product Security (Jan 23)
APPLE-SA-2017-01-18-1 GarageBand 10.1.5 Apple Product Security (Jan 19)
APPLE-SA-2017-01-23-3 watchOS 3.1.3 Apple Product Security (Jan 23)
bashis
Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
0-day: QNAP NAS Devices suffer of heap overflow bashis (Jan 03)
Black Arch
New BlackArch Linux ISOs (2017.01.28) released! Black Arch (Jan 30)
Celso Bento
Hotlinking Vulnerability in PHProxy 0.5b2 Celso Bento (Jan 09)
Curesec Research Team (CRT)
Tap 'n' Sniff Curesec Research Team (CRT) (Jan 19)
Daemon Tamer
BSides Las Vegas 2017 CFP is open. Daemon Tamer (Jan 09)
Daniel Busch
BSidesHannover 2017! Daniel Busch (Jan 30)
Daniel Elebash
Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash (Jan 27)
Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash (Jan 30)
David Black
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software David Black (Jan 06)
Dawid Golunski
Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034) Dawid Golunski (Jan 03)
Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski (Jan 13)
Diego
New exploit for new vulnerability in WordPress Plugin + tutorial Diego (Jan 17)
Ding Dong
Re: Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Ding Dong (Jan 23)
dxw Security
CSRF/XSS in Responsive Poll allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Jan 10)
Stop User Enumeration does not stop user enumeration (WordPress plugin) dxw Security (Jan 04)
ERPScan inc
[ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE ERPScan inc (Jan 19)
[ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE ERPScan inc (Jan 19)
[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 ERPScan inc (Jan 23)
CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS ERPScan inc (Jan 23)
Estación Informática
CALL FOR PAPERS - br3aking c0de Estación Informática (Jan 19)
Fabian Fingerle
enigma2-plugin-extensions-webadmin Remote Code Execution (IoT) Fabian Fingerle (Jan 09)
Fernando Gont
ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) Fernando Gont (Jan 12)
New mailing-list on IoT hacking Fernando Gont (Jan 23)
Fernando Mercês
pev 0.80 released Fernando Mercês (Jan 09)
filipe
Advisories Unsafe Dll in Audacity, telegram and Akamai filipe (Jan 03)
gp
Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled gp (Jan 30)
hyp3rlinx
PEAR Base System v1.10.1 Arbitrary File Download hyp3rlinx (Jan 31)
Ian Ling
Trango Altum AC600 Default root Login Ian Ling (Jan 06)
Jens Müller
Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture Jens Müller (Jan 30)
Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands Jens Müller (Jan 30)
Hacking Printers Advisory 4/6: Multiple vendors buffer overflow in LPD daemon and PJL interpreter Jens Müller (Jan 30)
Hacking Printers Advisory 2/6: Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL Jens Müller (Jan 30)
Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands Jens Müller (Jan 30)
Hacking Printers Advisory 5/6: HP printers restoring factory defaults through PML commands Jens Müller (Jan 30)
jlss
Persisted Cross-Site Scripting (XSS) in Confluence Jira Software jlss (Jan 03)
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software jlss (Jan 06)
Joxean Koret
EuskalHack Security Congress CFP Joxean Koret (Jan 17)
Julien Ahrens
[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection Julien Ahrens (Jan 19)
Kacper Szurek
WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Kacper Szurek (Jan 24)
Kurt Seifried
Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
Luiz Eduardo
YSTS 11th Edition - CFP Luiz Eduardo (Jan 06)
Matteo Beccati
[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Jan 31)
Moritz Naumann
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software Moritz Naumann (Jan 04)
Nathan McCauley
Docker 1.12.6 - Security Advisory Nathan McCauley (Jan 10)
Netgear Security
Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Netgear Security (Jan 31)
Nguyen Anh Quynh
Announce Keypatch v2.1, a better assembler for IDA Pro! Nguyen Anh Quynh (Jan 18)
Olivier Bilodeau
Re: Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Olivier Bilodeau (Jan 30)
Open Security
Multiple vulnerabilities in cPanel <= 60.0.34 Open Security (Jan 12)
Patrick
Persistent XSS in Ghost 0.11.3 Patrick (Jan 19)
Pedro Ribeiro
Multiple RCE in ZyXEL / Billion / TrueOnline routers Pedro Ribeiro (Jan 17)
Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro (Jan 30)
psy
CINtruder v0.3 released... psy (Jan 03)
Roberto Soares
Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software Roberto Soares (Jan 17)
Russell Sanford
Sophos Web Appliance - Block & Unblock IPs Remote Command Injection (CVE-2016-9553) Russell Sanford (Jan 30)
Sandra Evans
Call for Papers: DigitalSec2017 in Kuala Lumpur, Malaysia on July 11-13, 2017 Sandra Evans (Jan 26)
SEC Consult Vulnerability Lab
SEC Consult SA-20170130-0 :: XSS & CSRF in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Jan 30)
SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page) SEC Consult Vulnerability Lab (Jan 17)
Simon Bieber
secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") Simon Bieber (Jan 30)
Sparc Flow
Free ebook to learn ethical hacking techniques Sparc Flow (Jan 30)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak (Jan 22)
Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege Stefan Kanthak (Jan 15)
Re: Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak (Jan 24)
Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege Stefan Kanthak (Jan 03)
Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege Stefan Kanthak (Jan 03)
Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking Stefan Kanthak (Jan 31)
Sullo
RVAsec 2017 Call for Presentations Sullo (Jan 23)
Summer of Pwnage
Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification Summer of Pwnage (Jan 28)
InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin Summer of Pwnage (Jan 28)
Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin Summer of Pwnage (Jan 28)
Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Jan 25)
Sysdream Labs
[CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs (Jan 12)
Taoguang Chen
GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Taoguang Chen (Jan 22)
Vic Vandal
CarolinaCon-13 - May 2017 - Call for Papers/Presenters and Attendees Vic Vandal (Jan 06)
Vulnerability Lab
Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability Vulnerability Lab (Jan 11)
Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability Vulnerability Lab (Jan 11)
BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability Vulnerability Lab (Jan 11)
Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability Vulnerability Lab (Jan 16)
Apple (iTunes Notify) - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab (Jan 16)
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability Vulnerability Lab (Jan 11)
Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability Vulnerability Lab (Jan 11)
Bit Defender #39 - Auth Token Bypass Vulnerability Vulnerability Lab (Jan 11)
Apple iOS 10.2 (Notify - iTunes) - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jan 20)
Salesforce (Event Registration) - Persistent Vulnerability Vulnerability Lab (Jan 16)
Wolfgang
Privilege Escalation in VirtualBox (CVE-2017-3316) Wolfgang (Jan 27)