Mail Thread Index
- [FD] SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom,
SEC Consult Vulnerability Lab
- [FD] HTML5 Modern Day Attack And Defence Vectors,
Rafay Baloch
- [FD] Iron Mountain doesn't take physical security seriously,
freddielarge
- [FD] IDGuard v0.60,
Gregory Pickett
- Re: [FD] Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day),
Lukasz Biegaj
- Re: [FD] AV scan on read vs write debate....,
Yoann Gini
- [FD] BlackArch Linux: New ISOs and more.,
Black Arch
- [FD] Project Saltstrap and Instance-Tor,
Project Un1c0rn
- Re: [FD] Back To The Future: Unix Wildcards Gone Wild,
Phil Pennock
- [FD] Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A),
Curesec Research Team
- [FD] Raritan IPMI vulnerability,
"Jörg Kost"
- [FD] new pen-test tool!,
Pete Herzog
- [FD] Feed2JS/MagpieRSS 0day vulnerability (not really, it is actually CVE-2005-3330 / CVE-2008-4796),
Michail Strokin
- [FD] Finding page including parameters with google dorks,
rai
- [FD] Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- [FD] PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability,
Vulnerability Lab
- [FD] Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability,
Vulnerability Lab
- [FD] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability,
Vulnerability Lab
- [FD] Resubmission of exploits,
Akra Macha
- [FD] iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries,
Stefan Kanthak
- [FD] CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX,
Portcullis Advisories
- [FD] Root command injection in ext-pack name for Virtualbox because of GKSu,
Brandon Perry
- [FD] InvGate Service Desk post-auth SQL injection as non-privileged user,
Brandon Perry
- [FD] CVE-2014-3418 - OS Command Injection Infoblox Network Automation,
Nate Kettlewell
- [FD] FireFox: Lab Mouse Security: Remote Code Execution via Browser (LZO),
Lee
- [FD] TxDOT fixes security issues with txtag.org,
David Longenecker
- [FD] SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu,
SEC Consult Vulnerability Lab
- [FD] Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability,
Vulnerability Lab
- [FD] Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment) Vulnerability,
Vulnerability Lab
- [FD] Dell Scrutinizer 11.01 multiple vulnerabilities,
Brandon Perry
- [FD] Is the era of ezine txt files over?,
rai
- [FD] Should it be better ...,
Pablo
- [FD] Improperly Issued Digital Certificates Could Allow Spoofing,
Jeffrey Walton
- [FD] Meta: List moderation,
Dave Horsfall
- [FD] QNAP TS-469U shadow file world readable,
Melchior Limacher
- [FD] XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress,
MustLive
- [FD] United Airways(r) united.com Insecure Transmission of User Credentials,
Michael Scheidell
- [FD] [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability,
Egidio Romano
- [FD] Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk,
Rafay Baloch
- [FD] United Airways® united.com Insecure Transmission of User Credentials,
Joshua Smith
- [FD] Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC.,
Mauro Risonho de Paula Assumpção
- [FD] KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation,
KoreLogic Disclosures
- [FD] SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition,
SEC Consult Vulnerability Lab
- [FD] A more robust POC for the ntp amplification dos,
rai
- [FD] Jamming WiFi tracking beacons,
Keira Cran
- [FD] SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client",
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone,
SEC Consult Vulnerability Lab
- [FD] Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE,
Brandon Perry
- [FD] Mining website blacklists,
Paredes
- [FD] Oracle Data Redaction is Broken,
david
- [FD] Call for Paper - NOPcon 2014 - Istanbul, Turkey,
info
- [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily,
Ivan .Heca
- Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily,
devel
- Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily,
Olaf Rühenbeck
[FD] Ignore the amount customers confirm is no security vulnerability according to PayPal,
Jan Kechel
[FD] Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703),
Vulnerability Lab
[FD] Microsoft MSN HBE - Blind SQL Injection Vulnerability,
Vulnerability Lab
[FD] KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation,
KoreLogic Disclosures
[FD] KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation,
KoreLogic Disclosures
[FD] Strong Security Processes Require Strong Privacy Protections,
coderman
Re: [FD] Is the era of ezine txt files over?,
Kirk Durbin
[FD] Bitstamp - Possible breach,
Jeffrey Walton
[FD] IBM GCM16/32 v1.20.0.22575 vulnerabilities,
Alejandro Alvarez
[FD] Apache HTTPd - description of the CVE-2014-0226.,
funky . koval
[FD] Apache HTTPd - description of the CVE-2014-0117.,
funky . koval
[FD] CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol,
Mick Ayzenberg
[FD] CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow,
Mick Ayzenberg
[FD] CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service,
Mick Ayzenberg
[FD] MTS MBlaze 3G Plus Wi-Fi Dongle : Multiple Vulnerabilities,
Narendra Choyal
[FD] Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability,
Vulnerability Lab
[FD] Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
[FD] Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 (CVE-2014-5024),
William Costa
[FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF),
Seth Art
[FD] CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog,
Seth Art
[FD] CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml,
Seth Art
[FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account,
Stefan Kanthak
[FD] Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398,
Vulnerability Lab
[FD] Pligg 2.x SQLi / PWD disclosure / RCE,
BlackHawk
[FD] Barracuda Networks Firewall v6.1.5 - Filter Bypass & Persistent Vulnerabilities,
Vulnerability Lab
[FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method,
info
[FD] SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction),
info
[FD] Ground Zero Summit 13 - 16 November 2014, New Delhi | Call For Paper Open,
GroundZero Summit CFP
[FD] Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability,
Vulnerability Lab
[FD] New fixes in Siemens SIMATIC WinCC SCADA and DESCrypt on FPGA,
SCADA StrangeLove
[FD] WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
[FD] (BNSEC-1263) Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities,
Vulnerability Lab
[FD] [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4,
Onapsis Research Labs
[FD] Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529],
Programa STIC
[FD] Former NSA Chief: Why I'm Worth $1 Million a Month to Wall Street,
Ivan .Heca
[FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x),
heige
Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x),
Securify B.V.
[FD] TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities,
Vulnerability Lab
Mail converted by MHonArc