Mail Thread Index
- [FD] Defense in depth -- the Microsoft way (part 16): our developers and their QA dont follow our own security recommendations,
Stefan Kanthak
- [FD] LE, BF and IAA vulnerabilities in Catapulta I.W. Edition,
MustLive
- [FD] Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress,
Yarubo Security Research Team
- [FD] LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues,
advisories
- [FD] NG WifiTransfer Pro 1.1 - File Include Vulnerability,
Vulnerability Lab
- [FD] Files Desk Pro v1.4 iOS - File Include Web Vulnerability,
Vulnerability Lab
- [FD] Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability,
Vulnerability Lab
- [FD] TigerCom My Assistant v1.1 iOS - File Include Vulnerability,
Vulnerability Lab
- [FD] Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- [FD] CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2,
Portcullis Advisories
- [FD] iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability,
Vulnerability Lab
- [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM,
David Fifield
- [FD] CVE-2013-6876 s3dvt Root shell,
Hector Marco
- [FD] CVE-2013-6825 DCMTK Root Privilege escalation,
Hector Marco
- [FD] CVE-2014-1226 s3dvt Root shell (still),
Hector Marco
- [FD] Bug in bash <= 4.3 [security feature bypassed],
Hector Marco
- [FD] Is Your Antivirus Tracking You? You'd Be Surprised At What It Sends,
Ivan .Heca
- [FD] [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies,
Fran
- Re: [FD] TrueCrypt?,
Dave Howe
- Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point,
Dave Howe
- Re: [FD] TrueCrypt 7.1 repos on GitHub - forking starting point,
Greg Bromage
- [FD] IPSwitch IMail Server WEB client 12.4 persistent XSS,
fulldisclosure
- [FD] More /tmp fun (PHP, Lynis),
A B
- [FD] Linksys E4200 Authentication Bypass,
Jordan Bradley
- [FD] [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager,
RedTeam Pentesting GmbH
- [FD] More OpenSSL issues,
Jordan Urie
- [FD] Scrumworks Pro authenticated arbitrary password reset,
Brandon Perry
- [FD] PHPBTTracker+ 2.2 SQL Injection,
Enrico Cinquini
- [FD] Computer hackers face life in prison under new Government crackdown on cyber terrorism | Mail Online,
Ivan .Heca
- [FD] SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan,
SEC Consult Vulnerability Lab
- [FD] [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components,
Onapsis Research Labs
- [FD] [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering,
Onapsis Research Labs
- [FD] [Tool] Pcredz,
laurent gaffie
- [FD] Xornic Contact Us Form - Captcha Bypass / XSS,
Scott Arciszewski
- [FD] CVE-2014-3740 - SpiceWorks Cross-site scripting,
Dolev Farhi
- [FD] Responsible disclosure: terms and conditions,
Pedro Ribeiro
- Message not available
- <Possible follow-ups>
- Re: [FD] Responsible disclosure: terms and conditions,
codeinject.org
[FD] SCADA StrangeLove at PHDays IV,
scadastrangelove
[FD] Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289,
William Costa
[FD] [Tool] Responder v2.0.9,
laurent gaffie
[FD] CSRF in Featured Comments 1.2.1 allows an attacker to set and unset comment statuses (WordPress plugin),
dxw Security
[FD] CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin),
dxw Security
[FD] CSRF in JW Player for Flash & HTML5 Video 2.1.2 permits deletion of players (WordPress plugin),
dxw Security
[FD] PayPal supports terrorism,
MustLive
[FD] Multiple Vulns in Openfiler 2.99,
dsa dsa
[FD] Oracle Access Manager (OAM) Vulnerabilities (CVEs),
Jing Wang
[FD] Embeded Device Security Conference 2014 // CFP,
Michael Eddington
[FD] NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities,
"VMware Security Response Center"
[FD] CVE-2014-3977 - Privilege Escalation in IBM AIX,
Portcullis Advisories
[FD] XSS on Samsung Site,
Roberto Garcia Amoriz
[FD] CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones,
J. Oquendo
[FD] AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework,
Asterisk Security Team
[FD] AST-2014-006: Asterisk Manager User Unauthorized Shell Access,
Asterisk Security Team
[FD] AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections,
Asterisk Security Team
[FD] AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions,
Asterisk Security Team
[FD] [SE-2014-01] Security vulnerabilities in Oracle Database Java VM,
Security Explorations
[FD] T-Mobile webConnect Manager sysauth cookie leak in plain text via http request,
Americas Testkitchen
[FD] [Tool] XXE exploit automation - On The Outside, Reaching In 0.2,
Ben Lincoln (F7EFC8C9)
[FD] [CFP] Hacktivity 2014 CFP is open,
Ferenc Spala
[FD] chatcrypt.com insecure, bad setup for secure chat,
johan nestaas
[FD] Securing Ubuntu-Desktop From the Bad-Guys, and the Good-Guys.,
Joshua Rogers
[FD] Onnto RAID Master rev358 for OS X - multiple remote vulnerabilities,
Reed Black
[FD] Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable),
Kristian Erik Hermansen
[FD] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack,
pnig0spnig0s
[FD] Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability,
Vulnerability Lab
[FD] Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities,
Vulnerability Lab
[FD] Vulnerabilities in CDVI ACAC22 [2-Door Controller],
gassyjack
[FD] [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack,
pnig0spnig0s
[FD] XSS on Dell Site,
Roberto Garcia Amoriz
[FD] Call For Papers for 2nd Balkan Computer Congress - BalCCon2k14,
Milos Krasojevic
[FD] Project un1c0rn hits 70k hosts,
Project Un1c0rn
[FD] XSS on Panasonic site,
Roberto Garcia Amoriz
[FD] XSS on Epson site,
Roberto Garcia Amoriz
[FD] keybase.io,
Rikairchy
[FD] BF and XSS vulnerabilities in Zyxel P660RT2 EE,
MustLive
[FD] Fwd: CFP ekoparty 2014,
Juan Pablo Daniel
[FD] Android KeyStore Stack Buffer Overflow (CVE-2014-3100),
Roee Hay
[FD] Session Hijack Vulnerabilty on ebays german want ad?,
Christian K.
[FD] SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965,
William Costa
[FD] Boolean algebra and CSS history theft,
Michal Zalewski
[FD] CVE-2014-3868: ZeusCart 4.x Remote SQL Injection Vulnerability,
Kenny Mathis
[FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day),
Pichaya Morimoto
[FD] R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES,
Pablo A.
[FD] Exploiting Wildcard Expansion on Linux,
Stephen Chavez
[FD] [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery,
RedTeam Pentesting GmbH
[FD] [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting,
RedTeam Pentesting GmbH
[FD] CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014,
Portcullis Advisories
[FD] CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux),
Portcullis Advisories
[FD] HP Enterprise Maps 1.00 Authenticated XXE,
Brandon Perry
[FD] Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable,
Stefan Kanthak
[FD] FCC Net Neutrality,
laurent gaffie
[FD] XSS and CSRF vulnerabilities in Zyxel P660RT2 EE,
MustLive
[FD] Back To The Future: Unix Wildcards Gone Wild,
defensecode
[FD] Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities,
Onur Alanbel
[FD] CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin),
dxw Security
[FD] [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution,
RedTeam Pentesting GmbH
[FD] check_dhcp - Nagios Plugins = 2.0.2 Race Condition,
Dawid Golunski
[FD] Microsoft no longer sending e-mail based security notifications,
Reed Loden
[FD] SECV-05-1401 - Vulnerability on World of Tanks servers,
info
[FD] SECV-05-1402 - Reportico php admin credentials leak,
info
[FD] CSRF Vulnerability on LinkedIn,
Kishor Sonawane
[FD] openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability,
Ubani Balogun
[FD] openSIS 4.5 - 5.3 SQL Injection vulnerability,
Ubani Balogun
[FD] titcoin,
Vahagn Vardanyan
[FD] Fwd: Re: Microsoft no longer sending e-mail based security notifications,
Peter Nas
[FD] Horde Framework Unserialize PHP Code Execution - metasploit port / standalone exploit,
Akra Macha
[FD] Sun/Oracle GlassFish Server Authenticated Code Execution - metasploit port / Standalone exploit,
Akra Macha
[FD] Asterisk Phreaking How-To,
Akra Macha
[FD] Flussonic Media Server 4.3.3 Multiple Vulnerabilities,
Onur Alanbel
[FD] AV scan on read vs write debate....,
Exibar
[FD] Local File Inclusion in Theme My Login 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution (WordPress plugin),
dxw Security
Mail converted by MHonArc