Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

98 messages starting Sep 21 17 and ending Sep 29 17
Date index | Thread index | Author index

Advisories

CSNC-2017-023: Buffer Overflow in Mongoose MQTT Broker Advisories (Sep 21)

Agostino Panico

BSides Roma Agostino Panico (Sep 15)

Apple Product Security

APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11 Apple Product Security (Sep 25)
APPLE-SA-2017-09-19-2 Safari 11 Apple Product Security (Sep 21)
APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11 Apple Product Security (Sep 25)
APPLE-SA-2017-09-20-2 watchOS 4 Apple Product Security (Sep 21)
APPLE-SA-2017-09-25-7 iTunes 12.7 Apple Product Security (Sep 25)
APPLE-SA-2017-09-25-9 macOS Server 5.4 Apple Product Security (Sep 25)
APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 Apple Product Security (Sep 25)
APPLE-SA-2017-09-25-8 iTunes 12.7 for Windows Apple Product Security (Sep 25)
APPLE-SA-2017-09-19-1 iOS 11 Apple Product Security (Sep 21)
APPLE-SA-2017-09-20-3 tvOS 11 Apple Product Security (Sep 21)
APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11 Apple Product Security (Sep 21)
APPLE-SA-2017-09-25-6 Additional information for APPLE-SA-2017-09-20-3 tvOS 11 Apple Product Security (Sep 25)
APPLE-SA-2017-09-25-2 iCloud for Windows 7 Apple Product Security (Sep 25)
APPLE-SA-2017-09-19-3 Xcode 9 Apple Product Security (Sep 21)
APPLE-SA-2017-09-25-5 Additional information for APPLE-SA-2017-09-20-2 watchOS 4 Apple Product Security (Sep 25)

Arvind Vishwakarma

ZK Time_Web Software 2.0 - Broken Authentication Arvind Vishwakarma (Sep 18)
ZKTime_Web Software 2.0 - Cross Site Request Forgery Arvind Vishwakarma (Sep 18)

Asterisk Security Team

AST-2017-008: RTP/RTCP information leak Asterisk Security Team (Sep 19)

Bhdresh

Exploit toolkit for CVE-2017-8759 - Microsoft .NET Framework RCE (Builder + listener + video tutorial) Bhdresh (Sep 15)

cfpbrussels2018

Recon Brussels 2018 Call For Papers - 0xD - Registration - Training - Conference - Submit! - PGP key cfpbrussels2018 (Sep 18)

dxw Security

CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin) dxw Security (Sep 26)

Eitan Caspi via Fulldisclosure

"VirusTotal Windows Uploader" poor design of privacy Eitan Caspi via Fulldisclosure (Sep 04)

EMC Product Security Response Center

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability EMC Product Security Response Center (Sep 26)
ESA-2017-099: EMC AppSync SQL Injection Vulnerability EMC Product Security Response Center (Sep 07)
ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability EMC Product Security Response Center (Sep 26)
ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Product Security Response Center (Sep 15)
ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities EMC Product Security Response Center (Sep 21)

Etnies

OpenText Documentum Administrator and Webtop - Open Redirection Etnies (Sep 25)
OpenText Documentum Administrator and Webtop - XML External Entity Injection Etnies (Sep 25)

hyp3rlinx

CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution hyp3rlinx (Sep 04)
Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities hyp3rlinx (Sep 21)
Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities hyp3rlinx (Sep 15)
Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection CVE-2017-14087 hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery hyp3rlinx (Sep 29)
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 hyp3rlinx (Sep 29)

James Hemmings (Security)

EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP) James Hemmings (Security) (Sep 07)

joernchen

Advisory: Git cvsserver OS Command Injection joernchen (Sep 26)

John Page

CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution John Page (Sep 07)

Joseph Harris

Hijacking .uk domains with eNom Joseph Harris (Sep 04)

KoreLogic Disclosures

KL-001-2017-016 : Solarwinds LEM Insecure Update Process KoreLogic Disclosures (Sep 25)

Levi Shahar

DNSMap.sh - 0.1 - enumerate DNS hostnames faster | release announcement. Levi Shahar (Sep 04)

luanjunchao

stack buffer overflow in openexif 2.1.4 luanjunchao (Sep 15)

Manuel Garcia Cardenas

WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection Manuel Garcia Cardenas (Sep 22)

Maor Shwartz

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App Maor Shwartz (Sep 07)
SSD Advisory – Polycom Memory Disclosure Maor Shwartz (Sep 07)
SSD Advisory – NEXXT Authentication Bypass Maor Shwartz (Sep 18)
Hack2Win – Code Blue 3rd Edition Maor Shwartz (Sep 07)
SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution Maor Shwartz (Sep 07)
SSD Advisory – WiseGiga NAS Multiple Vulnerabilities Maor Shwartz (Sep 07)
SSD Advisory – Sentora / ZPanel Password Reset Vulnerability Maor Shwartz (Sep 25)
SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change Maor Shwartz (Sep 11)
SSD Advisory – ScrumWorks Pro Remote Code Execution Maor Shwartz (Sep 07)
SSD Advisory – FLIR Systems Multiple Vulnerabilities Maor Shwartz (Sep 25)
SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS Maor Shwartz (Sep 07)

Marcin Kozlowski

First public BlueBorne (Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow) DEMO/Proof of Concept exploit Marcin Kozlowski (Sep 25)

Marcin Wołoszyn

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Arbitrary File Read Marcin Wołoszyn (Sep 29)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - XML External Entity Marcin Wołoszyn (Sep 29)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Marcin Wołoszyn (Sep 29)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Marcin Wołoszyn (Sep 29)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Cross-Site Scripting Marcin Wołoszyn (Sep 29)
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Cross-Site Scripting Marcin Wołoszyn (Sep 29)

mattias bååth via Fulldisclosure

SEC-T 0x0Anniversary Con next week mattias bååth via Fulldisclosure (Sep 04)

Monte Crypto

Access control bypass in Hikvision IP Cameras Monte Crypto (Sep 11)

MustLive

Vulnerabilities in D-Link DGS-3000-10TC MustLive (Sep 18)
How Apple fixed my 2008's hole in their browser after 9 years MustLive (Sep 11)

netizen 01k

SAP Enterprise Portal and Clients Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks netizen 01k (Sep 29)

Nightwatch Cybersecurity Research

Zoho Site24x7 for Android Didn’t Properly Validate SSL Nightwatch Cybersecurity Research (Sep 29)
Updated advisory for CVE-2017-8769 - WhatsApp Issues with Media Files Nightwatch Cybersecurity Research (Sep 15)

Oleg Puzanov

Faleemi FSC-880 Multiple Security Vulnerabilities Oleg Puzanov (Sep 29)

Peter Weidenbach

Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-) Peter Weidenbach (Sep 04)

Pierre Kim

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol Pierre Kim (Sep 07)
Re: Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol Pierre Kim (Sep 21)

Qualys Security Advisory

Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory (Sep 26)

Sandro Gauci

Asterisk vulnerable to RTP Bleed Sandro Gauci (Sep 04)

Sandro "guly" Zaccarini

Aerohive HiveManager Classic privilege escalation and auth code execution vulnerability Sandro "guly" Zaccarini (Sep 07)

SEC Consult Vulnerability Lab

SEC Consult SA-20170914-1 :: Persistent Cross-Site Scripting in SilverStripe CMS SEC Consult Vulnerability Lab (Sep 14)
SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key SEC Consult Vulnerability Lab (Sep 14)
SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting SEC Consult Vulnerability Lab (Sep 12)
SEC Consult SA-20170913-0 :: Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage SEC Consult Vulnerability Lab (Sep 13)
SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app SEC Consult Vulnerability Lab (Sep 13)

service () baimaohui net

Pixie image Editor SSRF vulnerability for CVE-2017-12905 service () baimaohui net (Sep 21)

Stefan Kanthak

R.I.P. Kaspersky Privacy Cleaner: withdrawn due to multiple begiinner's errors which allow escalation of privilege Stefan Kanthak (Sep 11)

Sysdream Labs

[CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation Sysdream Labs (Sep 29)
[CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape Sysdream Labs (Sep 29)
[CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated) Sysdream Labs (Sep 29)
[CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated) Sysdream Labs (Sep 29)

Vulnerability Lab

WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities Vulnerability Lab (Sep 04)
Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability Vulnerability Lab (Sep 04)
Internet Security Conference 2017 in China by 360 Qihoo Vulnerability Lab (Sep 17)
Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability Vulnerability Lab (Sep 04)

Willem de Groot

Zyxel P-2812HNU-F1 DSL router - command injection Willem de Groot (Sep 29)

Previous period

Next period