Full Disclosure: by thread
56 messages
starting Dec 04 18 and
ending Dec 31 18
Date index |
Thread index |
Author index
- SolarWinds SFTP Vulnerabilities Alex Craggs (Dec 04)
- CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage hyp3rlinx (Dec 04)
- Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0 Daniel Bishtawi (Dec 04)
- Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Daniel Bishtawi (Dec 04)
- Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Daniel Bishtawi (Dec 04)
- Reflected Cross-site Scripting Vulnerability in Typesetter 5.1 Daniel Bishtawi (Dec 04)
- SQL Injection and Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Daniel Bishtawi (Dec 04)
- Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4 Daniel Bishtawi (Dec 04)
- Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0 Daniel Bishtawi (Dec 04)
- SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol SEC Consult Vulnerability Lab (Dec 05)
- Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877) Gustavo Sorondo (Dec 07)
- APPLE-SA-2018-12-05-1 iOS 12.1.1 Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-3 tvOS 12.1.1 Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-4 Safari 12.0.2 Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 Apple Product Security via Fulldisclosure (Dec 07)
- APPLE-SA-2018-12-06-1 watchOS 5.1.2 Apple Product Security via Fulldisclosure (Dec 07)
- [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method Rafael Pedrero (Dec 07)
- [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) Rafael Pedrero (Dec 07)
- Multiple vulnerabilities found in Trendnet routers and IP Cameras. Prashast Srivastava (Dec 09)
- [CFP] Security BSides Ljubljana 0x7E3 | March 16, 2019 Andraz Sraka (Dec 11)
- Vmware airwatch feature Jacek Lipkowski (Dec 11)
- Dynamic Loader Oriented Programming - Wiedergaenger PoC (Proof of Concept) on Ubuntu 16.04.5 LTS - 2018 Marcin Kozlowski (Dec 11)
- Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API. Murat Aydemir (Dec 11)
- CVE-2018-7690 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure (Dec 14)
- CVE-2018-7691 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure (Dec 14)
- Mikrotik RouterOS telnet arbitrary root file creation 0day Hacker Fantastic via Fulldisclosure (Dec 14)
- GNU inetutils <= 1.9.4 telnet.c multiple overflows Hacker Fantastic via Fulldisclosure (Dec 14)
- YSTS 13th Edition - CFP Luiz Eduardo (Dec 14)
- Tracking Linux Kernel Vulnerabilities Nicholas Luedtke (Dec 14)
- LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) zzt0907 (Dec 21)
- Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) Henri Salo (Dec 21)
- Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) zzt0907 (Dec 21)
- [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities advisories (Dec 21)
- [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities advisories (Dec 21)
- Capstone disassembler v4.0 is out! Nguyen Anh Quynh (Dec 21)
- Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API Murat Aydemir (Dec 21)
- Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section Murat Aydemir (Dec 21)
- Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section Murat Aydemir (Dec 21)
- New vulnerabilities in Transcend Wi-Fi SD Card MustLive (Dec 21)
- DAVOSET v.1.3.7 MustLive (Dec 21)
- CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631) Rafael Pedrero (Dec 21)
- CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 Rafael Pedrero (Dec 21)
- [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)
- [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)
- [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Dec 21)
- [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability Egidio Romano (Dec 31)
- [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability Egidio Romano (Dec 31)