Mail Thread Index

• Date Index

• [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities, Advisories
  • Re: [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities, Pedro Ribeiro
    • Re: [FD] Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities, Pedro Ribeiro
• [FD] XSS vulnerability in In-Portal CMS, MustLive
• [FD] [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central, Pedro Ribeiro
• [FD] SSH host key fingerprint - through HTTPS, John Leo
  • Re: [FD] SSH host key fingerprint - through HTTPS, Stephanie Daugherty
    • Re: [FD] SSH host key fingerprint - through HTTPS, Jeroen van der Ham
    • Re: [FD] SSH host key fingerprint - through HTTPS, Jeroen van der Ham
    • Re: [FD] SSH host key fingerprint - through HTTPS, John Leo
  • Re: [FD] SSH host key fingerprint - through HTTPS, maxigas
    • Re: [FD] SSH host key fingerprint - through HTTPS, John Leo
      • Re: [FD] SSH host key fingerprint - through HTTPS, Busindre ™
    • Re: [FD] SSH host key fingerprint - through HTTPS, Árpád Magosányi
• [FD] [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security, Pedro Ribeiro
• [FD] Few bugs in Wonderware Information Server, SCADA StrangeLove
• [FD] Avira License Application - Cross Site Request Forgery Vulnerability, Vulnerability Lab
• [FD] WWW File Share Pro v7.0 - Denial of Service Vulnerability, Vulnerability Lab
• [FD] Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability, Vulnerability Lab
• [FD] XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side, Mauro Risonho de Paula Assumpção
• [FD] Wordpress Plugin Vulnerability Dump - Part 1, Voxel@Night
• [FD] Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames, Stefan Kanthak
• [FD] Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook Messenger and Facebook App for iOS., William Costa
• [FD] [CORE-2014-0005] - Advantech WebAccess Vulnerabilities, CORE Advisories Team
• [FD] Syslog LogAnalyzer persistent XSS injection CVE-2014-6070, Dolev Farhi
• [FD] Uninit memory disclosure via truncated images in Firefox, Michal Zalewski
• [FD] Advanced Access Manager allows admin users to write arbitrary files and execute arbitrary php (WordPress plugin), dxw Security
• Re: [FD] ntopng 1.2.0 XSS injection using monitored network traffic, Steffen Bauch
  • Re: [FD] ntopng 1.2.0 XSS injection using monitored network traffic, Luca Carettoni
• [FD] Mpay24 prestashop payment module multiple vulnerabilities, Wire Ghoul
• [FD] Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2], Stefan Kanthak
• [FD] ALCASAR <= 2.8 Remote Root Code Execution Vulnerability, john doe
• [FD] WordPress Plugin Vulnerability Dump - Part 2, Voxel@Night
• [FD] Public WiFi Pcaps, Bryan Bickford
  • Re: [FD] Public WiFi Pcaps, Eric Rand
  • Re: [FD] Public WiFi Pcaps, uname -a
  • Re: [FD] Public WiFi Pcaps, Wesley Spikes
• [FD] NEW VMSA-2014-0008 VMware vSphere product updates to third party libraries, VMware Security Response Center
• [FD] [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat, Mark Thomas
• [FD] rcrypt 1.5 public release and website, rage
• [FD] Ammyy Admin 0day, Matt Weeks
• [FD] CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865), William Costa
• [FD] Photorange v1.0 iOS - File Include Web Vulnerability, Vulnerability Lab
• [FD] ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability, Vulnerability Lab
• [FD] NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability, VMware Security Response Center
• [FD] Fwd: Security Access, Pedrov Jovovic
  • Re: [FD] Fwd: Security Access, Fernando Mercês
  • Re: [FD] Fwd: Security Access, Артур Истомин
    • Re: [FD] Fwd: Security Access, gold flake
• [FD] Rooted SSH/SFTP Daemon Default Login Credentials, Larry W. Cashdollar
• [FD] Briefcase 4.0 iOS - Code Execution & File Include Vulnerability, Vulnerability Lab
• [FD] ALCASAR <= 2.8.1 Remote Root Code Execution Vulnerability, john doe
• [FD] SingleClick Connect, Rob Fuller
• [FD] Wordfence v5.2.3 (Wordpress Security Plugin) - Multiple Vulnerabilities, Voxel@Night
  • Re: [FD] Wordfence v5.2.3 (Wordpress Security Plugin) - Multiple Vulnerabilities, Mark Maunder
• [FD] libre office listening on port 1599, Kemble Wagner
  • Re: [FD] libre office listening on port 1599, Brandon Vincent
• [FD] USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability, Vulnerability Lab
• [FD] Vulnerabilities in In-Portal CMS, MustLive
• [FD] [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect, Pietro Minniti
• [FD] Laravel 2.1 Hash::make() bcrypt truncation, Pichaya Morimoto
  • Re: [FD] Laravel 2.1 Hash::make() bcrypt truncation, beloumi
• [FD] [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow, CORE Advisories Team
• [FD] CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do (WordPress plugin), dxw Security
• [FD] Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do (WordPress plugin), dxw Security
• [FD] Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin), dxw Security
• [FD] Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net, BillV-Lists
• [FD] ccnet-server remote DoS (assert) seafile-server 3.1.5, nop nop
• [FD] DoS seafile-server 3.1.5 ( ccnet-server - assert), nop nop
• [FD] CVE ID Syntax Change - Deadline Approaching, Christey, Steven M.
• [FD] Oracle Corporation MyOracle - Persistent Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] Oracle Corporation MyOracle - Persistent Vulnerability, Vulnerability Lab
• [FD] AST-2014-009: Remote crash based on malformed SIP subscription requests, Asterisk Security Team
• [FD] AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations, Asterisk Security Team
• [FD] Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw, VSR Advisories
• [FD] Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413), William Costa
• [FD] M/Monit - Account hijacking via CSRF, Dolev Farhi
• [FD] Glype proxy cookie jar path traversal allows code execution, Securify B.V.
• [FD] Glype proxy privacy settings can be disabled via CSRF, Securify B.V.
  • <Possible follow-ups>
  • [FD] Glype proxy privacy settings can be disabled via CSRF, Securify B.V.
• [FD] Glype proxy local address filter bypass, Securify B.V.
• [FD] [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability, Egidio Romano
• [FD] [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability, Egidio Romano
• [FD] CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser, Steffen Bauch
• [FD] TP-LINK WDR4300 - Stored XSS & DoS, Oz Elisyan
• [FD] Strength and Weakness of Methods to Confirm SSH Host Key, John Leo
  • Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key, Gunnar Wolf
    • Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key, Paul Vixie
• [FD] LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow, advisories
• [FD] Critical bash vulnerability CVE-2014-6271, Philip Cheong
  • Re: [FD] Critical bash vulnerability CVE-2014-6271, Michal Zalewski
    • Re: [FD] Critical bash vulnerability CVE-2014-6271, Tony Arcieri
      • Re: [FD] Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion), Ben Lincoln (F7EFC8C9 - FD)
        • Re: [FD] Critical bash vulnerability CVE-2014-6271, Matt Hazinski
  • Re: [FD] Critical bash vulnerability CVE-2014-6271, Paul Vixie
    • Re: [FD] Critical bash vulnerability CVE-2014-6271, Yvan Janssens
    • Re: [FD] Critical bash vulnerability CVE-2014-6271, g@xxxxxxx
  • Re: [FD] Critical bash vulnerability CVE-2014-6271, Evan Teitelman
    • Re: [FD] Critical bash vulnerability CVE-2014-6271, Godin, Erik
    • Re: [FD] Critical bash vulnerability CVE-2014-6271, Tim
      • Re: [FD] Critical bash vulnerability CVE-2014-6271, Paul Vixie
        • Re: [FD] Critical bash vulnerability CVE-2014-6271, Seth Arnold
          • Re: [FD] Critical bash vulnerability CVE-2014-6271, Paul Vixie
        • Message not available
          • Re: [FD] Critical bash vulnerability CVE-2014-6271, Paul Vixie
• [FD] [TOOL] Hakabana release, Mehdi Talbi
• [FD] MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012), Advisories
• [FD] GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability, Vulnerability Lab
• [FD] SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability, Vulnerability Lab
• [FD] Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
• [FD] Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] uni-konstanz.de subdomain, arbitrary file download, b4mbi
• [FD] XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158), William Costa
• [FD] Openfiler DoS via CSRF (CVE-2014-7190), Dolev Farhi
• [FD] [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360, Pedro Ribeiro
• [FD] WPScan Vulnerability Database, Ryan Dewhurst
• [FD] All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability, Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability, Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability, Vulnerability Lab