Mail Thread Index

• Date Index

• [FD] SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom, SEC Consult Vulnerability Lab
• [FD] HTML5 Modern Day Attack And Defence Vectors, Rafay Baloch
• [FD] Iron Mountain doesn't take physical security seriously, freddielarge
  • Re: [FD] Iron Mountain doesn't take physical security seriously, Hinky Dink
    • Re: [FD] Iron Mountain doesn't take physical security seriously, Sanguinarious
      • Re: [FD] Iron Mountain doesn't take physical security seriously, Todd Weiler
• [FD] IDGuard v0.60, Gregory Pickett
• Re: [FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day), Lukasz Biegaj
• Re: [FD] AV scan on read vs write debate...., Yoann Gini
  • Re: [FD] AV scan on read vs write debate...., Joe Brown
    • Re: [FD] AV scan on read vs write debate...., Reindl Harald
      • Re: [FD] AV scan on read vs write debate...., Victor Aguilar
  • <Possible follow-ups>
  • Re: [FD] AV scan on read vs write debate...., Carlos P
• [FD] BlackArch Linux: New ISOs and more., Black Arch
• [FD] Project Saltstrap and Instance-Tor, Project Un1c0rn
• Re: [FD] Back To The Future: Unix Wildcards Gone Wild, Phil Pennock
  • <Possible follow-ups>
  • Re: [FD] Back To The Future: Unix Wildcards Gone Wild, Nick Lindridge
• [FD] Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A), Curesec Research Team
• [FD] Raritan IPMI vulnerability, "Jörg Kost"
• [FD] new pen-test tool!, Pete Herzog
  • Re: [FD] new pen-test tool!, Árpád Magosányi
  • Re: [FD] new pen-test tool!, Keira Cran
  • Re: [FD] new pen-test tool!, Jim Credland
• [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796), Michail Strokin
  • Re: [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796), Cody Tarrant
• [FD] Finding page including parameters with google dorks, rai
• [FD] Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability, Vulnerability Lab
• [FD] Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability, Vulnerability Lab
• [FD] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability, Vulnerability Lab
• [FD] Resubmission of exploits, Akra Macha
• [FD] iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries, Stefan Kanthak
• [FD] CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX, Portcullis Advisories
• [FD] Root command injection in ext-pack name for Virtualbox because of GKSu, Brandon Perry
• [FD] InvGate Service Desk post-auth SQL injection as non-privileged user, Brandon Perry
• [FD] CVE-2014-3418 - OS Command Injection Infoblox Network Automation, Nate Kettlewell
• [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO), Lee
  • Re: [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO), Nick Boyce
    • Re: [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO), Brandon Perry
• [FD] TxDOT fixes security issues with txtag.org, David Longenecker
• [FD] SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu, SEC Consult Vulnerability Lab
• [FD] Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
• [FD] Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment) Vulnerability, Vulnerability Lab
• [FD] Dell Scrutinizer 11.01 multiple vulnerabilities, Brandon Perry
• [FD] Is the era of ezine txt files over?, rai
  • Re: [FD] Is the era of ezine txt files over?, Matt Simmons
    • Re: [FD] Is the era of ezine txt files over?, Alfie John
      • Re: [FD] Is the era of ezine txt files over?, surivaton surivaton
        • Re: [FD] Is the era of ezine txt files over?, Andy Bach
  • Re: [FD] Is the era of ezine txt files over?, Scott Arciszewski
  • Re: [FD] Is the era of ezine txt files over?, Aaron Peterson
    • Re: [FD] Is the era of ezine txt files over?, Berend-Jan Wever
      • Re: [FD] Is the era of ezine txt files over?, Daniel Miller
        • Re: [FD] Is the era of ezine txt files over?, Chris Schmidt
  • Re: [FD] Is the era of ezine txt files over?, Noah Axon
• [FD] Should it be better ..., Pablo
  • Re: [FD] Should it be better ..., Fyodor
    • Re: [FD] Should it be better ..., Brandon Perry
    • Re: [FD] Should it be better ..., Pablo
• [FD] Improperly Issued Digital Certificates Could Allow Spoofing, Jeffrey Walton
• [FD] Meta: List moderation, Dave Horsfall
  • Re: [FD] Meta: List moderation, Fyodor
• [FD] QNAP TS-469U shadow file world readable, Melchior Limacher
  • Re: [FD] QNAP TS-469U shadow file world readable, Joerg Mertin
    • Re: [FD] QNAP TS-469U shadow file world readable, Erik Auerswald
      • Re: [FD] QNAP TS-469U shadow file world readable, David Kennedy
• [FD] XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress, MustLive
• [FD] United Airways(r) united.com Insecure Transmission of User Credentials, Michael Scheidell
• [FD] [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability, Egidio Romano
• [FD] Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk, Rafay Baloch
• [FD] United Airways® united.com Insecure Transmission of User Credentials, Joshua Smith
• [FD] Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC., Mauro Risonho de Paula Assumpção
• [FD] KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• [FD] SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition, SEC Consult Vulnerability Lab
• [FD] A more robust POC for the ntp amplification dos, rai
• [FD] Jamming WiFi tracking beacons, Keira Cran
  • Re: [FD] Jamming WiFi tracking beacons, Eric Rand
    • Re: [FD] Jamming WiFi tracking beacons, Rikairchy
      • Re: [FD] Jamming WiFi tracking beacons, Eric Rand
        • Re: [FD] Jamming WiFi tracking beacons, Rikairchy
          • Re: [FD] Jamming WiFi tracking beacons, Eric Rand
  • Re: [FD] Jamming WiFi tracking beacons, surivaton
  • <Possible follow-ups>
  • Re: [FD] Jamming WiFi tracking beacons, Dale Visser
• [FD] SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client", SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone, SEC Consult Vulnerability Lab
• [FD] Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE, Brandon Perry
• [FD] Mining website blacklists, Paredes
  • Re: [FD] Mining website blacklists, surivaton surivaton
• [FD] Oracle Data Redaction is Broken, david
• [FD] Call for Paper - NOPcon 2014 - Istanbul, Turkey, info
• [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Ivan .Heca
  • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Stephen Crane
    • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Ivan .Heca
      • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Liz Gossell
    • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Rikairchy
      • Message not available
        • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Ivan .Heca
  • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, devel
    • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Jack Morgan
  • Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily, Olaf Rühenbeck
• [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal, Jan Kechel
  • Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal, Glen Roberts
    • Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal, Jan Kechel
• [FD] Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703), Vulnerability Lab
• [FD] Microsoft MSN HBE - Blind SQL Injection Vulnerability, Vulnerability Lab
• [FD] KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• [FD] KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• [FD] Strong Security Processes Require Strong Privacy Protections, coderman
• Re: [FD] Is the era of ezine txt files over?, Kirk Durbin
  • Re: [FD] Is the era of ezine txt files over?, Scott Arciszewski
    • Re: [FD] Is the era of ezine txt files over?, Alfie John
• [FD] Bitstamp - Possible breach, Jeffrey Walton
  • Re: [FD] Bitstamp - Possible breach, Duarte Silva
    • Re: [FD] Bitstamp - Possible breach, Jeffrey Walton
      • Re: [FD] Bitstamp - Possible breach, Colin Keigher
  • Re: [FD] Bitstamp - Possible breach, Philip Cheong
• [FD] IBM GCM16/32 v1.20.0.22575 vulnerabilities, Alejandro Alvarez
• [FD] Apache HTTPd - description of the CVE-2014-0226., funky . koval
• [FD] Apache HTTPd - description of the CVE-2014-0117., funky . koval
• [FD] CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol, Mick Ayzenberg
• [FD] CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow, Mick Ayzenberg
• [FD] CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service, Mick Ayzenberg
• [FD] MTS MBlaze 3G Plus Wi-Fi Dongle : Multiple Vulnerabilities, Narendra Choyal
• [FD] Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability, Vulnerability Lab
• [FD] Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024), William Costa
• [FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF), Seth Art
  • Re: [FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF), Luca Carettoni
• [FD] CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog, Seth Art
• [FD] CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml, Seth Art
• [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
  • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Brandon Perry
    • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
      • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Gynvael Coldwind
        • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
          • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Gynvael Coldwind
            • Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account, Stefan Kanthak
• [FD] Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398, Vulnerability Lab
• [FD] Pligg 2.x SQLi / PWD disclosure / RCE, BlackHawk
• [FD] Barracuda Networks Firewall v6.1.5 - Filter Bypass & Persistent Vulnerabilities, Vulnerability Lab
• [FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method, info
• [FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction), info
• [FD] Ground Zero Summit 13 - 16 November 2014, New Delhi | Call For Paper Open, GroundZero Summit CFP
• [FD] Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability, Vulnerability Lab
• [FD] New fixes in Siemens SIMATIC WinCC SCADA and DESCrypt on FPGA, SCADA StrangeLove
• [FD] WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] (BNSEC-1263) Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities, Vulnerability Lab
• [FD] [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4, Onapsis Research Labs
• [FD] Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529], Programa STIC
• [FD] Former NSA Chief: Why I'm Worth $1 Million a Month to Wall Street, Ivan .Heca
• [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x), heige
• Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x), Securify B.V.
  • Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x), Securify B.V.
• [FD] TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities, Vulnerability Lab