Mail Index
- [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
- [FD] XSS vulnerability in In-Portal CMS
- [FD] [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central
- [FD] SSH host key fingerprint - through HTTPS
- [FD] [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security
- [FD] Few bugs in Wonderware Information Server
- [FD] Avira License Application - Cross Site Request Forgery Vulnerability
- [FD] WWW File Share Pro v7.0 - Denial of Service Vulnerability
- Re: [FD] SSH host key fingerprint - through HTTPS
- From: Stephanie Daugherty
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- [FD] Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability
- [FD] XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side
- From: Mauro Risonho de Paula Assumpção
- [FD] Wordpress Plugin Vulnerability Dump - Part 1
- [FD] Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
- [FD] Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook Messenger and Facebook App for iOS.
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] SSH host key fingerprint - through HTTPS
- [FD] [CORE-2014-0005] - Advantech WebAccess Vulnerabilities
- From: CORE Advisories Team
- [FD] Syslog LogAnalyzer persistent XSS injection CVE-2014-6070
- [FD] Uninit memory disclosure via truncated images in Firefox
- Re: [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
- Re: [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities
- [FD] Advanced Access Manager allows admin users to write arbitrary files and execute arbitrary php (WordPress plugin)
- Re: [FD] ntopng 1.2.0 XSS injection using monitored network traffic
- [FD] Mpay24 prestashop payment module multiple vulnerabilities
- Re: [FD] SSH host key fingerprint - through HTTPS
- [FD] Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
- [FD] ALCASAR <= 2.8 Remote Root Code Execution Vulnerability
- Re: [FD] SSH host key fingerprint - through HTTPS
- Re: [FD] ntopng 1.2.0 XSS injection using monitored network traffic
- [FD] WordPress Plugin Vulnerability Dump - Part 2
- [FD] Public WiFi Pcaps
- Re: [FD] Public WiFi Pcaps
- Re: [FD] Public WiFi Pcaps
- [FD] NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries
- From: VMware Security Response Center
- [FD] [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat
- [FD] rcrypt 1.5 public release and website
- [FD] Ammyy Admin 0day
- Re: [FD] Public WiFi Pcaps
- [FD] CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865)
- [FD] Photorange v1.0 iOS - File Include Web Vulnerability
- [FD] ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability
- [FD] NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
- From: VMware Security Response Center
- [FD] Fwd: Security Access
- [FD] Rooted SSH/SFTP Daemon Default Login Credentials
- From: Larry W. Cashdollar
- Re: [FD] Fwd: Security Access
- [FD] Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
- [FD] ALCASAR <= 2.8.1 Remote Root Code Execution Vulnerability
- Re: [FD] Fwd: Security Access
- [FD] SingleClick Connect
- [FD] Wordfence v5.2.3 (Wordpress Security Plugin) - Multiple Vulnerabilities
- [FD] libre office listening on port 1599
- [FD] USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability
- Re: [FD] libre office listening on port 1599
- Re: [FD] Wordfence v5.2.3 (Wordpress Security Plugin) - Multiple Vulnerabilities
- [FD] Vulnerabilities in In-Portal CMS
- [FD] [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect
- [FD] Laravel 2.1 Hash::make() bcrypt truncation
- [FD] [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
- From: CORE Advisories Team
- [FD] CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do (WordPress plugin)
- [FD] Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do (WordPress plugin)
- [FD] Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)
- Re: [FD] Laravel 2.1 Hash::make() bcrypt truncation
- [FD] Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net
- [FD] ccnet-server remote DoS (assert) seafile-server 3.1.5
- [FD] DoS seafile-server 3.1.5 ( ccnet-server - assert)
- [FD] CVE ID Syntax Change - Deadline Approaching
- From: Christey, Steven M.
- [FD] Oracle Corporation MyOracle - Persistent Vulnerability
- [FD] AST-2014-009: Remote crash based on malformed SIP subscription requests
- From: Asterisk Security Team
- [FD] AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
- From: Asterisk Security Team
- [FD] Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
- [FD] Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413)
- [FD] M/Monit - Account hijacking via CSRF
- Re: [FD] Fwd: Security Access
- [FD] Glype proxy cookie jar path traversal allows code execution
- [FD] Glype proxy privacy settings can be disabled via CSRF
- [FD] Glype proxy privacy settings can be disabled via CSRF
- [FD] Glype proxy local address filter bypass
- [FD] [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
- [FD] [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
- [FD] CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser
- [FD] TP-LINK WDR4300 - Stored XSS & DoS
- [FD] Strength and Weakness of Methods to Confirm SSH Host Key
- Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key
- Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key
- [FD] LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
- [FD] Critical bash vulnerability CVE-2014-6271
- [FD] [TOOL] Hakabana release
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- [FD] MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- [FD] GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability
- [FD] Oracle Corporation MyOracle - Persistent Vulnerability
- [FD] SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability
- [FD] Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability
- [FD] Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities
- Re: [FD] Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion)
- From: Ben Lincoln (F7EFC8C9 - FD)
- [FD] uni-konstanz.de subdomain, arbitrary file download
- Re: [FD] Critical bash vulnerability CVE-2014-6271
- [FD] XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)
- [FD] Openfiler DoS via CSRF (CVE-2014-7190)
- [FD] [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
- [FD] WPScan Vulnerability Database
- [FD] All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
- [FD] PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability
- [FD] PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability
Mail converted by MHonArc