Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

45 messages starting Sep 27 19 and ending Sep 23 19
Date index | Thread index | Author index

Apple Product Security via Fulldisclosure

APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-6 tvOS 13 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-9 Safari 13.0.1 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-4 Safari 13 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-1 iOS 12.4.2 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-7 Xcode 11.0 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-5 watchOS 6 Apple Product Security via Fulldisclosure (Sep 27)
APPLE-SA-2019-9-26-3 iOS 13 Apple Product Security via Fulldisclosure (Sep 27)

Asterisk Security Team

AST-2019-004: Crash when negotiating for T.38 with a declined stream Asterisk Security Team (Sep 05)
AST-2019-005: Remote Crash Vulnerability in audio transcoding Asterisk Security Team (Sep 05)

Bhdresh

Wolters Kluwer TeamMate+ – Cross-Site Request Forgery (CSRF) vulnerability Bhdresh (Sep 03)

CFP ZeroNights

ZeroNights 2019 CFP ZeroNights (Sep 03)

Daniel Bishtawi

Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1 Daniel Bishtawi (Sep 10)

Debashis Pal

FTPShell client 6.74 - Local Buffer Overflow (SEH) Debashis Pal (Sep 13)
Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow (SEH Unicode) Debashis Pal (Sep 09)

Elar Lang

CVE-2018-18809 Path traversal in Tibco JasperSoft Elar Lang (Sep 09)

flanker

[CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component flanker (Sep 25)
[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component flanker (Sep 25)

Georg Ph E Heise via Fulldisclosure

Reflected XSS – HRworks Login (v1.16.1) Georg Ph E Heise via Fulldisclosure (Sep 20)

hyp3rlinx

NtFileSins v2.1 / Windows NTFS Privileged File Access Enumeration Tool hyp3rlinx (Sep 09)
Windows NTFS / Privileged File Access Enumeration hyp3rlinx (Sep 06)
NtFileSins v2 / Windows NTFS Privileged File Access Enumeration Tool hyp3rlinx (Sep 09)

i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure

vBulletin 5.x 0day pre-auth RCE exploit i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure (Sep 24)

Info

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections Info (Sep 10)
[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS Info (Sep 10)

Kevin Kotas via Fulldisclosure

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA) Kevin Kotas via Fulldisclosure (Sep 09)

Manuel Garcia Cardenas

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery Manuel Garcia Cardenas (Sep 13)

Marcin Kozlowski

Re: CVE 2019-13224 (UAF in PHP and Ruby regex lib) Marcin Kozlowski (Sep 09)

Michael Eissele

DOM based XSS (Login page) in "GFI Kerio Control" Firewalls v9.3.0 / CVE-2019-16414 - working exploit attached Michael Eissele (Sep 27)

paw

Totaljs CMS Authenticated Code injection on widget creation paw (Sep 03)
Totaljs CMS Broken Access Control on the API call paw (Sep 03)
Re: Totaljs CMS authenticated path traversal (could lead to RCE) paw (Sep 06)
Totaljs CMS authenticated path traversal (could lead to RCE) paw (Sep 03)
Totaljs CMS Insecure Admin Session cookie paw (Sep 03)

psy

XSSer v.1.8[1] - "The Hive!" released psy (Sep 24)

rant

Piwigo - Version 2.9.5 [CVE-2019-13363, CVE-2019-13364 ] rant (Sep 13)

SEC Consult Vulnerability Lab

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF SEC Consult Vulnerability Lab (Sep 18)
SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade SEC Consult Vulnerability Lab (Sep 25)
SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X SEC Consult Vulnerability Lab (Sep 04)
SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey SEC Consult Vulnerability Lab (Sep 12)

Shlomi Fish

Insecure tmpdir() use in dbtoepub.rb in docbook / xslt10-stylesheets Shlomi Fish (Sep 13)

spicyitalian--- via Fulldisclosure

One Identity Defender - Insecure Cryptographic Storage spicyitalian--- via Fulldisclosure (Sep 03)

Vulnerability Lab

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability Vulnerability Lab (Sep 09)
Bug Bounty Competition 2019 Vulnerability Lab (Sep 23)

Previous period

Next period