Mail Index

• Thread Index

• [FD] Announcement: CEnigma tool!
  • From: Nguyen Anh Quynh
• [FD] The Only Security Talk With Eurovision Videos?
  • From: Pete Herzog
• Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)
  • From: Łukasz Pilorz
• [FD] DEF CON nostalgia [was: going double cryptome at DEF CON 22]
  • From: coderman
• [FD] Legal Threats and Investigation
  • From: Trey Ford
• [FD] XXE Injection in HP Release Control
  • From: MustLive
• [FD] Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• [FD] C++11 <regex> insecure by default
  • From: [CXSEC]
• [FD] Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• [FD] FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall
  • From: Portcullis Advisories
• [FD] Superfish 7.x Minor Cross Site Scripting Vulnerability
  • From: Ubani Balogun
• [FD] Paypal Complete 2-Factor Authentication(2FA) Bypass Exploit. Working as of August 5th, 2014.
  • From: Joshua Rogers
• [FD] [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
  • From: Mike Antcliffe
• [FD] LinkedIn User Account Handling Vulnerability(s)
  • From: Kishor Sonawane
• [FD] HybridAuth <= 2.1.2 Remote Code Execution
  • From: Pichaya Morimoto
• [FD] Microsoft Exchange Multiple Vulnerabilities
  • From: Nathan Power
• Re: [FD] XXE Injection in HP Release Control
  • From: Douglas Held
• [FD] Outdated Software on Huffington Post
  • From: BM-2cUyyVgPPf214fLtM7Kj9NxMSmKpdkYnog
• [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]
  • From: coderman
• Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]
  • From: coderman
• Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]
  • From: coderman
• Re: [FD] XXE Injection in HP Release Control
  • From: Brandon Perry
• Re: [FD] Superfish 7.x Minor Cross Site Scripting Vulnerability
  • From: Greg Knaddison
• [FD] (kind of) new tool: american fuzzy lop
  • From: Michal Zalewski
• [FD] SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director
  • From: SEC Consult Vulnerability Lab
• [FD] (CVE-2014-3500/1/2) Apache Cordova for Android - Multiple Vulnerabilities
  • From: David Kaplan
• [FD] HybridAuth <= 2.2.2 Remote Code Execution (0-day again)
  • From: Pichaya Morimoto
• [FD] PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability
  • From: Vulnerability Lab
• [FD] PhotoSync v2.2 iOS - Command Inject Web Vulnerability
  • From: Vulnerability Lab
• [FD] TomatoCart v1.x (latest-stable) Multiple Vulnerabilities
  • From: Kenny Mathis
• [FD] Vulnerabilities in Vembu Backup and Disaster Recovery addressed
  • From: Len Srinivasan
• [FD] Outlook XML Bomb?
  • From: Melchior Limacher
• [FD] nullcon CFP is open
  • From: nullcon
• [FD] Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities
  • From: Vulnerability Lab
• [FD] Perverting Embedded Devices - ZKSoftware Fingerprint Reader (Part I)
  • From: Francisco Amato
• [FD] CS-Cart v4.2.0 Session Hijack and Other Vulnerabilities
  • From: Nik Cubrilovic
• [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header
  • From: Stefan Paletta
• [FD] Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
  • From: Stefan Kanthak
• [FD] CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service
  • From: Gregory Pickett
• [FD] Multiple Vulnerabilities in Disqus for Wordpress v2.7.5
  • From: Nik Cubrilovic
• Re: [FD] Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
  • From: Reindl Harald
• [FD] mind tricks and other hacks
  • From: Pete Herzog
• [FD] [TOOL] Haka v0.2 release!
  • From: Mehdi Talbi
• [FD] Optical Society of America's peer-review system can leaks reviewers' usernames
  • From: peter . wiedekind
• Re: [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header
  • From: Adam Dodson
• [FD] XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6
  • From: William Costa
• [FD] Reminder: CFP closes next week for PacSec.jp in Tokyo Nov12-13
  • From: Dragos Ruiu
• [FD] Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
  • From: Stefan Kanthak
• [FD] Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• [FD] Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
  • From: Stefan Kanthak
• [FD] CSRF in Disqus for Wordpress 2.77
  • From: Voxel@Night
• [FD] Outlook.com for Android fails to validate server certificates
  • From: Securify B.V.
• [FD] CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
  • From: Dirk-Willem van Gulik
• [FD] Hilariously Bad SQRL Implementation
  • From: Scott Arciszewski
• [FD] VISA USA VULNERABILITY
  • From: labz
• Re: [FD] Outlook XML Bomb? (Melchior Limacher)
  • From: Louis.Nadeau
• [FD] PRESS RELEASE :: Phuture Conference Denver OCT 11
  • From: stevyn prothero
• [FD] CVE-2014-4973 - Privilege Escalation in ESET Windows Products
  • From: Portcullis Advisories
• [FD] CVE-2014-5307 - Privilege Escalation in Panda Security Products
  • From: Portcullis Advisories
• [FD] Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin)
  • From: dxw Security
• [FD] [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)
  • From: Pedro Ribeiro
• [FD] WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5
  • From: surivaton surivaton
• [FD] [CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow
  • From: CORE Advisories Team
• Re: [FD] Hilariously Bad SQRL Implementation
  • From: Scott Arciszewski
• Re: [FD] Hilariously Bad SQRL Implementation
  • From: Travis Biehn
• Re: [FD] Hilariously Bad SQRL Implementation
  • From: Sanguinarious
• [FD] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
  • From: Fernando Gont
• [FD] Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707)
  • From: Vulnerability Lab
• [FD] Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)
  • From: Vulnerability Lab
• [FD] CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi.
  • From: J. Tozo
• [FD] ntopng 1.2.0 XSS injection using monitored network traffic
  • From: Steffen Bauch
• Re: [FD] Hilariously Bad SQRL Implementation
  • From: Scott Arciszewski
• [FD] MyBB 1.6 - MyAwards CSRF
  • From: surivaton surivaton
• [FD] RCE in dragonfly gem
  • From: leex
• [FD] CVE-2014-5119 glibc __gconv_translit_find() exploit
  • From: Tavis Ormandy
• [FD] LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification
  • From: advisories
• [FD] VMware vm-support multiple vulnerabilities
  • From: Dolev Farhi
• [FD] Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
  • From: Fernando Gont
• [FD] Mathematica10.0.0 on Linux /tmp/MathLink vulnerability
  • From: paul . szabo
• [FD] ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930]
  • From: Contarino, Rodrigo (LATCO - Buenos Aires)
• [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
  • From: Pedro Ribeiro
• Re: [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
  • From: Pedro Ribeiro
• [FD] PHP-Wiki Command Injection
  • From: Benjamin Harris
• [FD] XRMS SQLi to RCE 0day
  • From: Benjamin Harris
• [FD] Actual Analyzer Unauthenticated Command Execution
  • From: Benjamin Harris
• [FD] Aerohive Hive Manager and Hive OS Multiple Vulnerabilities
  • From: Disclosure
• [FD] SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting
  • From: SEC Consult Vulnerability Lab
• [FD] F5 Unauthenticated rsync access to Remote Root Code Execution
  • From: Thomas Hibbert
• [FD] [CVE-2014-5440] MX-SmartTimer SQL Injection
  • From: Seybold, Juan (LATCO - Buenos Aires)
• Re: [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
  • From: Pedro Ribeiro
• Re: [FD] [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)
  • From: Pedro Ribeiro