Mail Thread Index

• Date Index

• [FD] Announcement: CEnigma tool!, Nguyen Anh Quynh
• [FD] The Only Security Talk With Eurovision Videos?, Pete Herzog
• Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x), Łukasz Pilorz
• [FD] DEF CON nostalgia [was: going double cryptome at DEF CON 22], coderman
• [FD] Legal Threats and Investigation, Trey Ford
• [FD] XXE Injection in HP Release Control, MustLive
  • <Possible follow-ups>
  • Re: [FD] XXE Injection in HP Release Control, Douglas Held
    • Re: [FD] XXE Injection in HP Release Control, Brandon Perry
• [FD] Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
• [FD] C++11 <regex> insecure by default, [CXSEC]
• [FD] Video WiFi Transfer 1.01 - Directory Traversal Vulnerability, Vulnerability Lab
• [FD] FreeDisk v1.01 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability, Vulnerability Lab
• [FD] CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall, Portcullis Advisories
• [FD] Superfish 7.x Minor Cross Site Scripting Vulnerability, Ubani Balogun
  • Re: [FD] Superfish 7.x Minor Cross Site Scripting Vulnerability, Greg Knaddison
• [FD] Paypal Complete 2-Factor Authentication(2FA) Bypass Exploit. Working as of August 5th, 2014., Joshua Rogers
• [FD] [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities], Mike Antcliffe
• [FD] LinkedIn User Account Handling Vulnerability(s), Kishor Sonawane
• [FD] HybridAuth <= 2.1.2 Remote Code Execution, Pichaya Morimoto
• [FD] Microsoft Exchange Multiple Vulnerabilities, Nathan Power
• [FD] Outdated Software on Huffington Post, BM-2cUyyVgPPf214fLtM7Kj9NxMSmKpdkYnog
• [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing], coderman
  • Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing], coderman
  • Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing], coderman
• [FD] (kind of) new tool: american fuzzy lop, Michal Zalewski
• [FD] SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director, SEC Consult Vulnerability Lab
• [FD] (CVE-2014-3500/1/2) Apache Cordova for Android - Multiple Vulnerabilities, David Kaplan
• [FD] HybridAuth <= 2.2.2 Remote Code Execution (0-day again), Pichaya Morimoto
• [FD] PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability, Vulnerability Lab
• [FD] PhotoSync v2.2 iOS - Command Inject Web Vulnerability, Vulnerability Lab
• [FD] TomatoCart v1.x (latest-stable) Multiple Vulnerabilities, Kenny Mathis
• [FD] Vulnerabilities in Vembu Backup and Disaster Recovery addressed, Len Srinivasan
• [FD] Outlook XML Bomb?, Melchior Limacher
• [FD] nullcon CFP is open, nullcon
• [FD] Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities, Vulnerability Lab
• [FD] Perverting Embedded Devices - ZKSoftware Fingerprint Reader (Part I), Francisco Amato
• [FD] CS-Cart v4.2.0 Session Hijack and Other Vulnerabilities, Nik Cubrilovic
• [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header, Stefan Paletta
  • Message not available
    • Re: [FD] “Steganos Online Shield VPN” leaks the user’s hostname in the HTTP “Via” header, Adam Dodson
• [FD] Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files, Stefan Kanthak
  • Re: [FD] Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files, Reindl Harald
• [FD] CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service, Gregory Pickett
• [FD] Multiple Vulnerabilities in Disqus for Wordpress v2.7.5, Nik Cubrilovic
• [FD] mind tricks and other hacks, Pete Herzog
• [FD] [TOOL] Haka v0.2 release!, Mehdi Talbi
• [FD] Optical Society of America's peer-review system can leaks reviewers' usernames, peter . wiedekind
• [FD] XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6, William Costa
• [FD] Reminder: CFP closes next week for PacSec.jp in Tokyo Nov12-13, Dragos Ruiu
• [FD] Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs, Stefan Kanthak
• [FD] Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more), Stefan Kanthak
• [FD] Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more), Stefan Kanthak
• [FD] CSRF in Disqus for Wordpress 2.77, Voxel@Night
• [FD] Outlook.com for Android fails to validate server certificates, Securify B.V.
• [FD] CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack, Dirk-Willem van Gulik
• [FD] Hilariously Bad SQRL Implementation, Scott Arciszewski
  • Re: [FD] Hilariously Bad SQRL Implementation, Travis Biehn
    • Re: [FD] Hilariously Bad SQRL Implementation, Scott Arciszewski
  • Re: [FD] Hilariously Bad SQRL Implementation, Sanguinarious
    • Re: [FD] Hilariously Bad SQRL Implementation, Scott Arciszewski
• [FD] VISA USA VULNERABILITY, labz
• Re: [FD] Outlook XML Bomb? (Melchior Limacher), Louis.Nadeau
• [FD] PRESS RELEASE :: Phuture Conference Denver OCT 11, stevyn prothero
• [FD] CVE-2014-4973 - Privilege Escalation in ESET Windows Products, Portcullis Advisories
• [FD] CVE-2014-5307 - Privilege Escalation in Panda Security Products, Portcullis Advisories
• [FD] Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin), dxw Security
• [FD] [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included), Pedro Ribeiro
  • Re: [FD] [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included), Pedro Ribeiro
• [FD] WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5, surivaton surivaton
• [FD] [CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow, CORE Advisories Team
• [FD] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops, Fernando Gont
• [FD] Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707), Vulnerability Lab
• [FD] Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699), Vulnerability Lab
• [FD] CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi., J. Tozo
• [FD] ntopng 1.2.0 XSS injection using monitored network traffic, Steffen Bauch
• [FD] MyBB 1.6 - MyAwards CSRF, surivaton surivaton
• [FD] RCE in dragonfly gem, leex
• [FD] CVE-2014-5119 glibc __gconv_translit_find() exploit, Tavis Ormandy
• [FD] LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification, advisories
• [FD] VMware vm-support multiple vulnerabilities, Dolev Farhi
• [FD] Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks, Fernando Gont
• [FD] Mathematica10.0.0 on Linux /tmp/MathLink vulnerability, paul . szabo
• [FD] ManageEngine EventLog Analyzer 7 Reflective cross-site scripting Vulnerability [CVE-2014-4930], Contarino, Rodrigo (LATCO - Buenos Aires)
• [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert, Pedro Ribeiro
  • Re: [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert, Pedro Ribeiro
    • Message not available
      • Message not available
        • Re: [FD] [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert, Pedro Ribeiro
• [FD] PHP-Wiki Command Injection, Benjamin Harris
• [FD] XRMS SQLi to RCE 0day, Benjamin Harris
• [FD] Actual Analyzer Unauthenticated Command Execution, Benjamin Harris
• [FD] Aerohive Hive Manager and Hive OS Multiple Vulnerabilities, Disclosure
• [FD] SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting, SEC Consult Vulnerability Lab
• [FD] F5 Unauthenticated rsync access to Remote Root Code Execution, Thomas Hibbert
• [FD] [CVE-2014-5440] MX-SmartTimer SQL Injection, Seybold, Juan (LATCO - Buenos Aires)