Full Disclosure: by date

79 messages starting Mar 02 18 and ending Mar 30 18
Date index | Thread index | Author index

Friday, 02 March

DualDesk v20 "Proxy.exe" Server / Denial Of Service - CVE-2018-7583 hyp3rlinx
CVE-2018-7449 SEGGER embOS/IP FTP Server v3.22 / FTP CMDs Denial Of Service hyp3rlinx
Another TCP based IDS bypass technique. CVE-2018-6794 Kirill Shipulin
CSRF vulnerabilities in D-Link DGS-3000-10TC MustLive
Content Injection in Samsung Display Solutions Application for Android [CVE-2018-6019] Nightwatch Cybersecurity Research
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo via Fulldisclosure
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures

Tuesday, 06 March

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service KoreLogic Disclosures
Softros Network Time System Server v2.3.4 / Denial Of Service CVE-2018-7658 hyp3rlinx
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery Defense Code
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities Defense Code
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products Defense Code
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes Defense Code
Rapid Scada - 5.5.0 - Insecure Permissions filipe
DSA-2018-038: RSA Archer GRC Platform Multiple Vulnerabilities EMC Product Security Response Center
DSA-2018-011: RSA Identity Governance and Lifecycle Privilege Escalation Vulnerability EMC Product Security Response Center
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor spinfoo via Fulldisclosure

Thursday, 08 March

[RT-SA-2018-001] Arbitrary Redirect in Tuleap RedTeam Pentesting GmbH

Friday, 09 March

WebLog Expert Web Server Enterprise v9.4 / Authentication Bypass CVE-2018-7581 hyp3rlinx
WebLog Expert Web Server Enterprise v9.4 / Remote Denial Of Service CVE-2018-7582 hyp3rlinx
Tuleap SQL Injection Cristiano Maruti
10-Strike Network Monitor 5.4 - Unquoted Service Path filipe
BitDefender Total Security 2018 - Insecure Pipe Permissions filipe
Panda Global Security 17.0.1 - Unquoted service path filipe
Panda Global Security 17.0.1 - NULL DACL grants full access filipe
WPS Free Office 10.2.0.5978 - NULL DACL grants full access filipe
Hola VPN 1.79.859 - Insecure service permissions filipe
Multiple SQL injection vulnerabilities in Bacula-Web (CVE-2017-15367) Gustavo Sorondo
DSA-2018-020: Dell EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Product Security Response Center

Monday, 12 March

SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail SEC Consult Vulnerability Lab

Tuesday, 13 March

[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites RedTeam Pentesting GmbH
PayPal Inc - New Venmo Bug Bounty Program Vulnerability Lab
PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$ Vulnerability Lab
Re: BitDefender Total Security 2018 - Insecure Pipe Permissions Alex BALAN
SQL Injection in Textpattern <= 4.6.2 Manuel Garcia Cardenas
DEWESoft X3 SP1 (64-bit) installer / Remote Internal Command Access - CVE-2018-7756 hyp3rlinx
hardwear.io CFP is Open & New Security Training in Berlin! Yuliya Pliavaka

Wednesday, 14 March

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) SEC Consult Vulnerability Lab

Thursday, 15 March

[CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow Core Security Advisories Team

Sunday, 18 March

[CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability Sydream Labs
[CVE-2018-7422] Local File Inclusion (LFI) vulnerability in WordPress Site Editor Plugin nicolas.buzy-debat
c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops 2018 Open Prajwal Panchmahalkar
RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213) (RS) Tyler Schroder
DSA-2018-037: Dell EMC NetWorker Buffer Overflow Vulnerability EMC Product Security Response Center

Thursday, 22 March

New release: UFONet v1.0 "TachY0n!" psy
LDAP Account Manager (6.2) CVE-2018-8763, CVE-2018-8764 Michał Kędzior
Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation x ksi
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal x ksi
ModSecurity WAF 3.0 for Nginx - Denial of Service x ksi
ES2018-05 Kamailio heap overflow Sandro Gauci
DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities EMC Product Security Response Center

Friday, 23 March

BSidesMilano Event and CFP Agostino Panico

Saturday, 24 March

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links Securify B.V. via Fulldisclosure

Tuesday, 27 March

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability Vulnerability Lab
Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities Vulnerability Lab
Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities Vulnerability Lab
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability Vulnerability Lab
Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820) Hate Shape
ManageEngine Service Desk Plus < 9403 Cross-Site Scripting okan coskun
DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities EMC Product Security Response Center
DSA-2018-040: RSA® Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities EMC Product Security Response Center
new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland
Re: new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland
Re: new email; gw22067 () hotmail com | Double-free segfault bypass keliikoa kirland

Friday, 30 March

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center Williams, Ken
CA20180328-01: Security Notice for CA API Developer Portal Kotas, Kevin J
CVE-2018-5708 Kevin R
Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script Mohamed A. Baset
APPLE-SA-2018-3-29-1 iOS 11.3 Apple Product Security
APPLE-SA-2018-3-29-2 watchOS 4.3 Apple Product Security
APPLE-SA-2018-3-29-3 tvOS 11.3 Apple Product Security
APPLE-SA-2018-3-29-4 Xcode 9.3 Apple Product Security
APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan Apple Product Security
APPLE-SA-2018-3-29-6 Safari 11.1 Apple Product Security
APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows Apple Product Security
APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 Apple Product Security
SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 （CVE-2017-16614） service () baimaohui net
Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys WTS Research Team
Re: new email; gw22067 () hotmail com | Double-free segfault bypass Matthew Fernandez

Previous period

Next period