Full Disclosure: by author
61 messages
starting Apr 27 18 and
ending Apr 13 18
Date index |
Thread index |
Author index
Andrew Mabbitt
[RCE] TP-Link Remote Code Execution CVE-2017-13772 v2 - >180, 000 affected devices Andrew Mabbitt (Apr 27)
Apple Product Security
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) Apple Product Security (Apr 24)
APPLE-SA-2018-04-24-1 iOS 11.3.1 Apple Product Security (Apr 24)
APPLE-SA-2018-04-24-2 Security Update 2018-001 Apple Product Security (Apr 24)
bashis
Re: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE bashis (Apr 10)
Buherátor
Re: CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass Buherátor (Apr 06)
Chris
Sitecore Directory Traversal Vulnerability Chris (Apr 24)
Cornelius Keck
Re: Massive Breach in Panera Bread Cornelius Keck (Apr 06)
dxw Security
Rating-Widget: Star Review System allows anybody to turn on debug mode and view errors and warnings (WordPress plugin) dxw Security (Apr 10)
WP Image Zoom allows anybody to cause denial of service (WordPress plugin) dxw Security (Apr 10)
SQLi in Relevanssi might allow an admin to read contents of database (WordPress plugin) dxw Security (Apr 10)
Like Button Rating ♥ LikeBtn allows anybody to set any option (WordPress plugin) dxw Security (Apr 10)
Eitan Caspi via Fulldisclosure
Microsoft account site using old cert Eitan Caspi via Fulldisclosure (Apr 13)
EMC Product Security Response Center
DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability EMC Product Security Response Center (Apr 06)
DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability EMC Product Security Response Center (Apr 27)
DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability EMC Product Security Response Center (Apr 24)
DSA-2018-071: Dell EMC ViPR Controller Information Exposure Vulnerability EMC Product Security Response Center (Apr 13)
Ethan Sweet
Unvalidated Redirect in Shibboleth component of Blackboard Learn Ethan Sweet (Apr 27)
hyp3rlinx
CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto hyp3rlinx (Apr 03)
[FIXED TYPO **] CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto hyp3rlinx (Apr 06)
[** FIX CODE TYPO] Microsoft (Win 10) InternetExplorer v11.371.16299.0 - Denial Of Service hyp3rlinx (Apr 27)
Microsoft (Win 10) InternetExplorer v11.371.16299.0 - Denial Of Service hyp3rlinx (Apr 20)
CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass hyp3rlinx (Apr 03)
Re: CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass hyp3rlinx (Apr 06)
IS Threat Team
Re: CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088 IS Threat Team (Apr 13)
Jack Beanstalk
Massive Breach in Panera Bread Jack Beanstalk (Apr 03)
John Menerick
Re: Massive Breach in Panera Bread John Menerick (Apr 03)
Justin Ferguson
Re: new email; gw22067 () hotmail com | Double-free segfault bypass Justin Ferguson (Apr 13)
Kacper Szurek
GitList 0.6 Unauthenticated RCE Kacper Szurek (Apr 27)
Karsten König
Re: Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 27)
Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 24)
keliikoa kirland
The first 8dayz of an Underground crew deemed Underground_Agency (~UA) 2018 keliikoa kirland (Apr 06)
ketamine
KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected. ketamine (Apr 13)
Kevin R
Re: CVE-2018-5708 Kevin R (Apr 03)
Kroppoloe via Fulldisclosure
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 Memory Corruption (PoC) Kroppoloe via Fulldisclosure (Apr 27)
Manuel Garcia Cardenas
Kodi <= 17.6 - Persistent Cross-Site Scripting Manuel Garcia Cardenas (Apr 17)
Matthew Fernandez
Re: new email; gw22067 () hotmail com | Double-free segfault bypass Matthew Fernandez (Apr 10)
Nahuel Grisolia
Authentication Bypass Vulnerability in the Auth0 Identity Platform Nahuel Grisolia (Apr 06)
Nightwatch Cybersecurity Research
Re: Auto-detection of Compressed Files in Apple’s macOS Nightwatch Cybersecurity Research (Apr 24)
Pedro Ribeiro
[CVE-2017-5641] - DrayTek Vigor ACS 2 Java Deserialisation RCE Pedro Ribeiro (Apr 19)
Rahimian
Directory Traversal Vulnerability in DNNarticle module for DNN Rahimian (Apr 03)
RedTeam Pentesting GmbH
[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure RedTeam Pentesting GmbH (Apr 09)
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution RedTeam Pentesting GmbH (Apr 09)
(RS) Tyler Schroder
Re: Massive Breach in Panera Bread (RS) Tyler Schroder (Apr 03)
Sean Buckley
Strong Password Generator - Biased Randomness Sean Buckley (Apr 13)
SEC Consult Vulnerability Lab
SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products SEC Consult Vulnerability Lab (Apr 24)
SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server SEC Consult Vulnerability Lab (Apr 24)
Security Explorations
[SE-2011-01] Security contact at Canal+ Group ? Security Explorations (Apr 03)
Re: [SE-2011-01] Security contact at Canal+ Group ? Security Explorations (Apr 03)
[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets Security Explorations (Apr 21)
service () baimaohui net
SSRF(Server Side Request Forgery) in Onethink All version (CVE-2017-14323) service () baimaohui net (Apr 06)
SSRF(Server Side Request Forgery) in Cockpit CMS 0.13.0 (CVE-2017-14611) service () baimaohui net (Apr 06)
Simon Bieber
secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application Simon Bieber (Apr 10)
secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application Simon Bieber (Apr 10)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH Stefan Kanthak (Apr 13)
Summer of Pwnage via Fulldisclosure
Seagate Media Server path traversal vulnerability Summer of Pwnage via Fulldisclosure (Apr 19)
Seagate Personal Cloud allows moving of arbitrary files Summer of Pwnage via Fulldisclosure (Apr 19)
Seagate Media Server stored Cross-Site Scripting vulnerability Summer of Pwnage via Fulldisclosure (Apr 19)
Vangelis Stykas
Hikvision hik-connect.com authentication vulnerability Vangelis Stykas (Apr 24)
Whatis Yourbug
Foxit Reader 8.3.1.21155 ( Unsafe DLL Loading Vulnerability ) Whatis Yourbug (Apr 20)
Yves Younan
Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) Yves Younan (Apr 13)