Mail Index

• Thread Index

• [FD] SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom
  • From: SEC Consult Vulnerability Lab
• [FD] HTML5 Modern Day Attack And Defence Vectors
  • From: Rafay Baloch
• [FD] Iron Mountain doesn't take physical security seriously
  • From: freddielarge
• [FD] IDGuard v0.60
  • From: Gregory Pickett
• Re: [FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day)
  • From: Lukasz Biegaj
• Re: [FD] AV scan on read vs write debate....
  • From: Yoann Gini
• Re: [FD] AV scan on read vs write debate....
  • From: Carlos P
• [FD] BlackArch Linux: New ISOs and more.
  • From: Black Arch
• [FD] Project Saltstrap and Instance-Tor
  • From: Project Un1c0rn
• Re: [FD] Back To The Future: Unix Wildcards Gone Wild
  • From: Phil Pennock
• Re: [FD] Back To The Future: Unix Wildcards Gone Wild
  • From: Nick Lindridge
• Re: [FD] AV scan on read vs write debate....
  • From: Joe Brown
• Re: [FD] AV scan on read vs write debate....
  • From: Reindl Harald
• [FD] Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A)
  • From: Curesec Research Team
• [FD] Raritan IPMI vulnerability
  • From: "Jörg Kost"
• [FD] new pen-test tool!
  • From: Pete Herzog
• [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796)
  • From: Michail Strokin
• [FD] Finding page including parameters with google dorks
  • From: rai
• Re: [FD] AV scan on read vs write debate....
  • From: Victor Aguilar
• Re: [FD] Iron Mountain doesn't take physical security seriously
  • From: Hinky Dink
• Re: [FD] Iron Mountain doesn't take physical security seriously
  • From: Sanguinarious
• [FD] Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability
  • From: Vulnerability Lab
• [FD] Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability
  • From: Vulnerability Lab
• [FD] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• [FD] Resubmission of exploits
  • From: Akra Macha
• Re: [FD] Iron Mountain doesn't take physical security seriously
  • From: Todd Weiler
• Re: [FD] new pen-test tool!
  • From: Árpád Magosányi
• Re: [FD] new pen-test tool!
  • From: Keira Cran
• Re: [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796)
  • From: Cody Tarrant
• [FD] iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
  • From: Stefan Kanthak
• [FD] CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
  • From: Portcullis Advisories
• [FD] Root command injection in ext-pack name for Virtualbox because of GKSu
  • From: Brandon Perry
• Re: [FD] new pen-test tool!
  • From: Jim Credland
• [FD] InvGate Service Desk post-auth SQL injection as non-privileged user
  • From: Brandon Perry
• [FD] CVE-2014-3418 - OS Command Injection Infoblox Network Automation
  • From: Nate Kettlewell
• [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO)
  • From: Lee
• [FD] TxDOT fixes security issues with txtag.org
  • From: David Longenecker
• [FD] SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu
  • From: SEC Consult Vulnerability Lab
• [FD] Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment) Vulnerability
  • From: Vulnerability Lab
• [FD] Dell Scrutinizer 11.01 multiple vulnerabilities
  • From: Brandon Perry
• Re: [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO)
  • From: Nick Boyce
• [FD] Is the era of ezine txt files over?
  • From: rai
• [FD] Should it be better ...
  • From: Pablo
• Re: [FD] Should it be better ...
  • From: Fyodor
• Re: [FD] Is the era of ezine txt files over?
  • From: Matt Simmons
• Re: [FD] Is the era of ezine txt files over?
  • From: Scott Arciszewski
• Re: [FD] Is the era of ezine txt files over?
  • From: Aaron Peterson
• [FD] Improperly Issued Digital Certificates Could Allow Spoofing
  • From: Jeffrey Walton
• Re: [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO)
  • From: Brandon Perry
• Re: [FD] Should it be better ...
  • From: Brandon Perry
• [FD] Meta: List moderation
  • From: Dave Horsfall
• Re: [FD] Meta: List moderation
  • From: Fyodor
• [FD] QNAP TS-469U shadow file world readable
  • From: Melchior Limacher
• Re: [FD] QNAP TS-469U shadow file world readable
  • From: Joerg Mertin
• Re: [FD] QNAP TS-469U shadow file world readable
  • From: Erik Auerswald
• Re: [FD] Is the era of ezine txt files over?
  • From: Berend-Jan Wever
• Re: [FD] QNAP TS-469U shadow file world readable
  • From: David Kennedy
• Re: [FD] Is the era of ezine txt files over?
  • From: Daniel Miller
• Re: [FD] Is the era of ezine txt files over?
  • From: Chris Schmidt
• Re: [FD] Is the era of ezine txt files over?
  • From: Noah Axon
• [FD] XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress
  • From: MustLive
• [FD] United Airways(r) united.com Insecure Transmission of User Credentials
  • From: Michael Scheidell
• [FD] [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk
  • From: Rafay Baloch
• [FD] United Airways® united.com Insecure Transmission of User Credentials
  • From: Joshua Smith
• [FD] Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC.
  • From: Mauro Risonho de Paula Assumpção
• [FD] KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• Re: [FD] Is the era of ezine txt files over?
  • From: Alfie John
• [FD] SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
  • From: SEC Consult Vulnerability Lab
• [FD] A more robust POC for the ntp amplification dos
  • From: rai
• Re: [FD] Is the era of ezine txt files over?
  • From: surivaton surivaton
• [FD] Jamming WiFi tracking beacons
  • From: Keira Cran
• [FD] SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone
  • From: SEC Consult Vulnerability Lab
• [FD] Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE
  • From: Brandon Perry
• [FD] Mining website blacklists
  • From: Paredes
• [FD] Oracle Data Redaction is Broken
  • From: david
• Re: [FD] Is the era of ezine txt files over?
  • From: Andy Bach
• [FD] Call for Paper - NOPcon 2014 - Istanbul, Turkey
  • From: info
• [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Ivan .Heca
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Stephen Crane
• [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal
  • From: Jan Kechel
• Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal
  • From: Glen Roberts
• Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal
  • From: Jan Kechel
• Re: [FD] Jamming WiFi tracking beacons
  • From: Eric Rand
• Re: [FD] Jamming WiFi tracking beacons
  • From: surivaton
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: devel
• Re: [FD] Jamming WiFi tracking beacons
  • From: Dale Visser
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Ivan .Heca
• [FD] Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)
  • From: Vulnerability Lab
• [FD] Microsoft MSN HBE - Blind SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] Strong Security Processes Require Strong Privacy Protections
  • From: coderman
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Liz Gossell
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Olaf Rühenbeck
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Rikairchy
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Jack Morgan
• Re: [FD] Mining website blacklists
  • From: surivaton surivaton
• Re: [FD] Should it be better ...
  • From: Pablo
• Re: [FD] Jamming WiFi tracking beacons
  • From: Rikairchy
• Re: [FD] Jamming WiFi tracking beacons
  • From: Eric Rand
• Re: [FD] Jamming WiFi tracking beacons
  • From: Rikairchy
• Re: [FD] Jamming WiFi tracking beacons
  • From: Eric Rand
• Re: [FD] Is the era of ezine txt files over?
  • From: Kirk Durbin
• Re: [FD] Is the era of ezine txt files over?
  • From: Scott Arciszewski
• Re: [FD] Is the era of ezine txt files over?
  • From: Alfie John
• [FD] Bitstamp - Possible breach
  • From: Jeffrey Walton
• [FD] IBM GCM16/32 v1.20.0.22575 vulnerabilities
  • From: Alejandro Alvarez
• [FD] Apache HTTPd - description of the CVE-2014-0226.
  • From: funky . koval
• Re: [FD] Bitstamp - Possible breach
  • From: Duarte Silva
• Re: [FD] Bitstamp - Possible breach
  • From: Philip Cheong
• [FD] Apache HTTPd - description of the CVE-2014-0117.
  • From: funky . koval
• [FD] CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol
  • From: Mick Ayzenberg
• [FD] CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow
  • From: Mick Ayzenberg
• [FD] CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service
  • From: Mick Ayzenberg
• [FD] MTS MBlaze 3G Plus Wi-Fi Dongle : Multiple Vulnerabilities
  • From: Narendra Choyal
• Re: [FD] Bitstamp - Possible breach
  • From: Jeffrey Walton
• [FD] Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability
  • From: Vulnerability Lab
• [FD] Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024)
  • From: William Costa
• [FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF)
  • From: Seth Art
• [FD] CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog
  • From: Seth Art
• [FD] CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml
  • From: Seth Art
• Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily
  • From: Ivan .Heca
• [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Re: [FD] Bitstamp - Possible breach
  • From: Colin Keigher
• [FD] Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
  • From: Vulnerability Lab
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Brandon Perry
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Re: [FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF)
  • From: Luca Carettoni
• [FD] Pligg 2.x SQLi / PWD disclosure / RCE
  • From: BlackHawk
• [FD] Barracuda Networks Firewall v6.1.5 - Filter Bypass & Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method
  • From: info
• [FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction)
  • From: info
• [FD] Ground Zero Summit 13 - 16 November 2014, New Delhi | Call For Paper Open
  • From: GroundZero Summit CFP
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Gynvael Coldwind
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Gynvael Coldwind
• Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
  • From: Stefan Kanthak
• [FD] Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability
  • From: Vulnerability Lab
• [FD] New fixes in Siemens SIMATIC WinCC SCADA and DESCrypt on FPGA
  • From: SCADA StrangeLove
• [FD] WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] (BNSEC-1263) Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4
  • From: Onapsis Research Labs
• [FD] Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
  • From: Programa STIC
• [FD] Former NSA Chief: Why I'm Worth $1 Million a Month to Wall Street
  • From: Ivan .Heca
• [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)
  • From: heige
• Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)
  • From: Securify B.V.
• Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)
  • From: Securify B.V.
• [FD] TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab