Full Disclosure: by author
102 messages
starting Jan 17 18 and
ending Jan 22 18
Date index |
Thread index |
Author index
Alexander Lashkov
Positive Hack Days 8 CFP is now open Alexander Lashkov (Jan 17)
Apple Product Security
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security (Jan 24)
APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security (Jan 24)
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security (Jan 09)
APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security (Jan 09)
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security (Jan 24)
APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security (Jan 09)
APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security (Jan 24)
APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security (Jan 24)
APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security (Jan 24)
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security (Jan 24)
Blazej Adamczyk
Multiple vulnerabilities in all versions of ASUS routers Blazej Adamczyk (Jan 16)
Cfir Cohen via Fulldisclosure
Re: AMD-PSP: fTPM Remote Code Execution via crafted EK certificate Cfir Cohen via Fulldisclosure (Jan 09)
AMD-PSP: fTPM Remote Code Execution via crafted EK certificate Cfir Cohen via Fulldisclosure (Jan 05)
Dave Horsfall
Re: "." (period) in file extension(s) in windows Dave Horsfall (Jan 02)
debug
"." (period) in file extension(s) in windows debug (Jan 01)
DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode (Jan 11)
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 11)
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode (Jan 23)
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode (Jan 11)
EMC Product Security Response Center
ESA-2018-002: RSA® Authentication Manager SQL Injection Vulnerability EMC Product Security Response Center (Jan 23)
ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities EMC Product Security Response Center (Jan 05)
Esteban Dauksis
FAQin congress CFP Esteban Dauksis (Jan 01)
filipe
Handy Password 4.9.3 Buffer Overflow filipe (Jan 09)
Freeman
Call For Paper - Nuit du Hack - June 30th - July 1st, 2018 Freeman (Jan 09)
Gynvael Coldwind
Re: "." (period) in file extension(s) in windows Gynvael Coldwind (Jan 02)
halfdog
Gain Access to SSH Group via ssh-agent and OpenSSL halfdog (Jan 02)
hyp3rlinx
Adminer <= v4.3.1 Server Side Request Forgery hyp3rlinx (Jan 16)
Ibad Shah
FiberHome MIFI LM53Q1 Multiple Vulnerabilities Ibad Shah (Jan 09)
Jeffrey Walton
Re: Banknotes Misproduction security & biometric weakness Jeffrey Walton (Jan 30)
KoreLogic Disclosures
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures (Jan 26)
Kurtis
[Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Kurtis (Jan 13)
[CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Kurtis (Jan 11)
Kyaw Min Thein
CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] Kyaw Min Thein (Jan 23)
CMS Made Simple 2.2.5 [Stored Cross-Site Scripting] Kyaw Min Thein (Jan 23)
CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] Kyaw Min Thein (Jan 23)
Manuel Garcia Cardenas
PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH) Manuel Garcia Cardenas (Jan 13)
Maor Shwartz
SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities Maor Shwartz (Jan 05)
SSD Advisory – GitStack Unauthenticated Remote Code Execution Maor Shwartz (Jan 16)
SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Maor Shwartz (Jan 01)
SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Maor Shwartz (Jan 23)
SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Maor Shwartz (Jan 11)
SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities Maor Shwartz (Jan 01)
SSD Advisory – iBall Multiple Vulnerabilities Maor Shwartz (Jan 30)
beVX Security Conference - Call For Papers / Workshops Maor Shwartz (Jan 09)
SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access Maor Shwartz (Jan 09)
Matthias Deeg
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg (Jan 30)
Mustafa Kaan Demirhan
HACKTRICK'18 | Case Study Summit Mustafa Kaan Demirhan (Jan 23)
MustLive
XSS and CSRF vulnerabilities in ASUS RT-N10 MustLive (Jan 30)
nicolas.buzy-debat
[CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin nicolas.buzy-debat (Jan 26)
Nicolas SURRIBAS
Wapiti 3.0.0 released! Web vulnerability scanner Nicolas SURRIBAS (Jan 09)
Nightwatch Cybersecurity Research
RCE in DuoLingo’s TinyCards App for Android [CVE-2017-16905] Nightwatch Cybersecurity Research (Jan 05)
ChromeOS Doesn’t Always Use SSL During Startup [CVE-2017-15397] Nightwatch Cybersecurity Research (Jan 02)
NinTechNet
WordPress LearnDash LMS: Unauthenticated arbitrary file upload NinTechNet (Jan 09)
oststrom (public)
CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass oststrom (public) (Jan 09)
Panagiotis Vagenas
CMS Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 09)
WordPress Download Manager [CSRF] Panagiotis Vagenas (Jan 09)
Social Media Widget by Acurax [CSRF] Panagiotis Vagenas (Jan 09)
Admin Menu Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas (Jan 09)
Paweł Gocyla
EMC xDashboard - SQL Injection Vulnerability Paweł Gocyla (Jan 02)
Pedro Ribeiro
[CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4 Pedro Ribeiro (Jan 26)
Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Pedro Ribeiro (Jan 26)
RedTeam Pentesting GmbH
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH (Jan 15)
Rodrigo Menezes
Re: [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes (Jan 16)
[CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes (Jan 16)
[v2] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes (Jan 16)
SEC Consult Vulnerability Lab
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab (Jan 22)
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab (Jan 30)
Securify B.V. via Fulldisclosure
Authentication bypass in Kaseya VSA Securify B.V. via Fulldisclosure (Jan 13)
Arbitrary file read in Kaseya VSA Securify B.V. via Fulldisclosure (Jan 13)
Code execution in Kaseya VSA Securify B.V. via Fulldisclosure (Jan 13)
Security Team Appsecco
Sangoma SBC Remote Command Execution - CVE-2017–17430 Security Team Appsecco (Jan 09)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak (Jan 30)
Summer of Pwnage via Fulldisclosure
Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage via Fulldisclosure (Jan 13)
Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage via Fulldisclosure (Jan 13)
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage via Fulldisclosure (Jan 13)
Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage via Fulldisclosure (Jan 13)
Sydream Labs
[CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability Sydream Labs (Jan 05)
[CVE-2017-7997] Gespage SQL Injection vulnerability Sydream Labs (Jan 05)
Vulnerability Lab
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab (Jan 19)
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 06)
Banknotes Misproduction security & biometric weakness Vulnerability Lab (Jan 30)
Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab (Jan 12)
Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab (Jan 15)
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities Vulnerability Lab (Jan 06)
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab (Jan 19)
Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty Vulnerability Lab (Jan 06)
Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab (Jan 12)
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab (Jan 21)
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab (Jan 12)
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 12)
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab (Jan 12)
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab (Jan 15)
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab (Jan 13)
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab (Jan 19)
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Vulnerability Lab (Jan 04)
Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab (Jan 12)
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jan 12)
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab (Jan 19)
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability Vulnerability Lab (Jan 04)
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab (Jan 22)