Full Disclosure: by date

PreviousPrevious period
Next periodNext

54 messages starting Feb 01 19 and ending Feb 28 19
Date index | Thread index | Author index

Friday, 01 February

Multiple APIs Vulnerabilities in CUJO Firewall CUJ0 FAIL
Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Daniel Bishtawi
Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Daniel Bishtawi
[CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration Sysdream Labs
Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP Server Chris
Reflected XSS in n SolarWinds Serv-U FTP Server Chris

Tuesday, 05 February

SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government SEC Consult Vulnerability Lab
[Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root Pedro Ribeiro
DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability secure
Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin) Tim Coen
Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin) Tim Coen
Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin) Tim Coen
Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin) Tim Coen
Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) Tim Coen
Give 2.3.0 - Reflected XSS (WordPress Plugin) Tim Coen
CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal
KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) Tim Coen
NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) Tim Coen
wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) Tim Coen
WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) Tim Coen
YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) Tim Coen

Friday, 08 February

Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) David Coomber
APPLE-SA-2019-2-07-1 iOS 12.1.4 Apple Product Security via Fulldisclosure
APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update Apple Product Security via Fulldisclosure
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Apple Product Security via Fulldisclosure
[CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2 Rafael Pedrero
[CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3 Rafael Pedrero
[CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service Rafael Pedrero
[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
Content Injection in Amazon's FireOS [CVE-2019-7399] Nightwatch Cybersecurity Research

Tuesday, 12 February

KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. Kingkaustubh via Fulldisclosure
KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall Kingkaustubh via Fulldisclosure
KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products Kingkaustubh via Fulldisclosure
KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices Kingkaustubh via Fulldisclosure
KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices Kingkaustubh via Fulldisclosure
KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset Kingkaustubh via Fulldisclosure

Wednesday, 13 February

Re: [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations

Wednesday, 20 February

[SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset Adam Gowdiak

Thursday, 21 February

[SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities advisories
Open Redirection Vulnerability in GetSimpleCMS 3.3.13 Daniel Bishtawi
Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4 Daniel Bishtawi
Re: Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Henri Salo
CA20190212-01: Security Notice for CA Privileged Access Manager Kevin Kotas via Fulldisclosure
[CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous) Rafael Pedrero
[CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
[CVE-2018-18845] Cross Site Scripting in Advanced comment system v1.0 Rafael Pedrero
[CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17 Rafael Pedrero
Multiple issues in Teracue ENC-400 including pre-authenticated remote code execution Stephen Shkardoon
Kanboard 1.2.7 Multiple Vulnerabilities Will Boucher via Fulldisclosure

Friday, 22 February

CVE-2019-8939: XSS in Tautulli Geeknik Labs via Fulldisclosure

Tuesday, 26 February

CVE-2019-1000032: Memory corruption / DoS in nanosvg Sebastian Neef
[CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4) Rafael Pedrero
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence! Stefan Kanthak

Thursday, 28 February

AST-2019-001: Remote crash vulnerability with SDP protocol violation Asterisk Security Team
PreviousPrevious period
Next periodNext