Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
99 messages
starting Jan 03 17 and
ending Jan 31 17
Date index |
Thread index |
Author index
Tuesday, 03 January
Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034) Dawid Golunski
CINtruder v0.3 released... psy
Advisories Unsafe Dll in Audacity, telegram and Akamai filipe
Persisted Cross-Site Scripting (XSS) in Confluence Jira Software jlss
0-day: QNAP NAS Devices suffer of heap overflow bashis
Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis
Re: 0-day: QNAP NAS Devices suffer of heap overflow bashis
Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege Stefan Kanthak
Wednesday, 04 January
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software Moritz Naumann
Stop User Enumeration does not stop user enumeration (WordPress plugin) dxw Security
Friday, 06 January
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software David Black
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software jlss
CarolinaCon-13 - May 2017 - Call for Papers/Presenters and Attendees Vic Vandal
Trango Altum AC600 Default root Login Ian Ling
YSTS 11th Edition - CFP Luiz Eduardo
Monday, 09 January
BSides Las Vegas 2017 CFP is open. Daemon Tamer
Hotlinking Vulnerability in PHProxy 0.5b2 Celso Bento
enigma2-plugin-extensions-webadmin Remote Code Execution (IoT) Fabian Fingerle
pev 0.80 released Fernando Mercês
Tuesday, 10 January
CSRF/XSS in Responsive Poll allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security
Docker 1.12.6 - Security Advisory Nathan McCauley
Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried
Wednesday, 11 January
Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability Vulnerability Lab
BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability Vulnerability Lab
Bit Defender #39 - Auth Token Bypass Vulnerability Vulnerability Lab
Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability Vulnerability Lab
Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability Vulnerability Lab
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability Vulnerability Lab
Re: [oss-security] Docker 1.12.6 - Security Advisory Andreas Stieger
Thursday, 12 January
[CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs
Multiple vulnerabilities in cPanel <= 60.0.34 Open Security
ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) Fernando Gont
Friday, 13 January
Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski
Sunday, 15 January
Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege Stefan Kanthak
Monday, 16 January
Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability Vulnerability Lab
Salesforce (Event Registration) - Persistent Vulnerability Vulnerability Lab
Apple (iTunes Notify) - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab
Tuesday, 17 January
Security BSides Ljubljana 0x7E1 CFP - March 10, 2017 Andraz Sraka
New exploit for new vulnerability in WordPress Plugin + tutorial Diego
Multiple RCE in ZyXEL / Billion / TrueOnline routers Pedro Ribeiro
Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software Roberto Soares
EuskalHack Security Congress CFP Joxean Koret
SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page) SEC Consult Vulnerability Lab
Wednesday, 18 January
Announce Keypatch v2.1, a better assembler for IDA Pro! Nguyen Anh Quynh
Thursday, 19 January
APPLE-SA-2017-01-18-1 GarageBand 10.1.5 Apple Product Security
APPLE-SA-2017-01-18-2 Logic Pro X 10.3 Apple Product Security
[ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE ERPScan inc
[ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE ERPScan inc
CALL FOR PAPERS - br3aking c0de Estación Informática
Persistent XSS in Ghost 0.11.3 Patrick
[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection Julien Ahrens
Tap 'n' Sniff Curesec Research Team (CRT)
Friday, 20 January
Apple iOS 10.2 (Notify - iTunes) - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Sunday, 22 January
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak
GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Taoguang Chen
Monday, 23 January
RVAsec 2017 Call for Presentations Sullo
[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 ERPScan inc
CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS ERPScan inc
APPLE-SA-2017-01-23-1 iOS 10.2.1 Apple Product Security
APPLE-SA-2017-01-23-2 macOS 10.12.3 Apple Product Security
APPLE-SA-2017-01-23-3 watchOS 3.1.3 Apple Product Security
APPLE-SA-2017-01-23-4 tvOS 10.1.1 Apple Product Security
APPLE-SA-2017-01-23-5 Safari 10.0.3 Apple Product Security
APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 Apple Product Security
Re: Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Ding Dong
New mailing-list on IoT hacking Fernando Gont
Tuesday, 24 January
WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Kacper Szurek
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 Apple Product Security
Re: Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution Stefan Kanthak
Wednesday, 25 January
Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage
Thursday, 26 January
Call for Papers: DigitalSec2017 in Kuala Lumpur, Malaysia on July 11-13, 2017 Sandra Evans
Friday, 27 January
Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash
Privilege Escalation in VirtualBox (CVE-2017-3316) Wolfgang
Saturday, 28 January
Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification Summer of Pwnage
Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin Summer of Pwnage
Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin Summer of Pwnage
Monday, 30 January
SEC Consult SA-20170130-0 :: XSS & CSRF in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab
New BlackArch Linux ISOs (2017.01.28) released! Black Arch
BSidesHannover 2017! Daniel Busch
secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") Simon Bieber
Re: Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Olivier Bilodeau
Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled gp
Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash
Free ebook to learn ethical hacking techniques Sparc Flow
Sophos Web Appliance - Block & Unblock IPs Remote Command Injection (CVE-2016-9553) Russell Sanford
Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro
Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture Jens Müller
Hacking Printers Advisory 2/6: Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL Jens Müller
Hacking Printers Advisory 5/6: HP printers restoring factory defaults through PML commands Jens Müller
Hacking Printers Advisory 4/6: Multiple vendors buffer overflow in LPD daemon and PJL interpreter Jens Müller
Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands Jens Müller
Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands Jens Müller
Tuesday, 31 January
PEAR Base System v1.10.1 Arbitrary File Download hyp3rlinx
[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati
Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Netgear Security
Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking Stefan Kanthak