Mail Index

• Thread Index

• [FD] FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
  • From: VMware Security Response Center
• [FD] Command-injection vulnerability in windows cmd scripts
  • From: Ben Perry
• [FD] Epicor Enterprise vulnerabilities
  • From: Fara Rustein fararustein@xxxxxxxxxxxxxxxx
• [FD] Multiple vulnerabilities in Refraction theme for WordPress
  • From: MustLive
• [FD] FreePBX (All Versions) RCE
  • From: Rob Thomas
• [FD] CVE-2014-2717 SCADA Privilege Escalation in Honeywell Falcon XLWEB
  • From: Martin Jartelius
• [FD] Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product
  • From: kvnjs
• [FD] CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS
  • From: Portcullis Advisories
• [FD] Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin)
  • From: dxw Security
• [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
  • From: Michal Zalewski
• Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
  • From: Paul Vixie
• [FD] CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink
  • From: Portcullis Advisories
• Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
  • From: Michal Zalewski
• Re: [FD] CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink
  • From: Brandon Perry
• [FD] CarolinaCon-11 call for papers/presenters
  • From: Vic Vandal
• [FD] CVE-2014-3110 SCADA XSS and patch review of Honeywell Falcon XLWEB
  • From: Martin Jartelius
• [FD] BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
  • From: Vulnerability Lab
• [FD] HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability
  • From: Vulnerability Lab
• [FD] PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway
  • From: Mirko Casadei
• [FD] CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
  • From: Mirko Casadei
• [FD] CVE-2014-4313 Epicor Procurement SQL Injection
  • From: Martins, Luciano (LATCO - Buenos Aires)
• Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
  • From: Michael Bazzinotti
• [FD] Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] CA20141001-01: Security Notice for Bash Shellshock Vulnerability
  • From: Williams, James K
• [FD] Nessus Web UI 2.3.3: Stored XSS
  • From: The Security Factory
• [FD] Adobe Acrobat XI on Uniguest Secured Advantage 7 privacy issue at Marriott et al
  • From: Constantine A. Murenin
• [FD] CVE-2014-4502 (Updated) : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow
  • From: Mick Ayzenberg
• [FD] CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work
  • From: Mick Ayzenberg
• [FD] Yahoo! hacked on October 5, 2014...
  • From: Jonathan Hall
• Re: [FD] Yahoo! hacked on October 5, 2014...
  • From: Pål Nilsen
• [FD] BlackArch Linux: New ISOs released
  • From: Black Arch
• [FD] Exploit for CVE-2014-5207
  • From: Andrew Lutomirski
• [FD] [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
  • From: Pedro Ribeiro
• [FD] OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux
  • From: Jann Horn
• [FD] [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting
  • From: Onapsis Research Labs
• Re: [FD] Yahoo! hacked on October 5, 2014...
  • From: illwill
• [FD] TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins
  • From: Peter Thoeny
• [FD] TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server
  • From: Peter Thoeny
• Re: [FD] TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins
  • From: Michael Stroucken
• [FD] CSNC-2014-004 neuroML - Multiple Vulnerabilities
  • From: Alexandre Herzog
• [FD] SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer
  • From: Alexandre Herzog
• [FD] SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer
  • From: Alexandre Herzog
• [FD] SAP Security Note 1908531 - XXE in BusinessObjects Explorer
  • From: Alexandre Herzog
• [FD] CSP Bypass on Android prior to 4.4
  • From: E Boogie
• [FD] PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
  • From: Dirk-Willem van Gulik
• Re: [FD] CSP Bypass on Android prior to 4.4
  • From: E Boogie
• [FD] CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
  • From: oststrom (public)
• [FD] CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth)
  • From: oststrom (public)
• [FD] CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth)
  • From: oststrom (public)
• [FD] OWASP OWTF 1.0 "Lionheart" released!
  • From: Abraham Aranguren
• Re: [FD] CSP Bypass on Android prior to 4.4
  • From: E Boogie
• [FD] Rooted CON 2015 - Call For Papers
  • From: omarbv
• Re: [FD] CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
  • From: Dirk-Willem van Gulik
• Re: [FD] CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
  • From: Florian Weimer
• Re: [FD] CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
  • From: Henri Salo
• Re: [FD] CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
  • From: oststrom (public)
• [FD] Fwd: Re: CSP Bypass on Android prior to 4.4
  • From: Vitor Ventura
• [FD] two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)
  • From: Michal Zalewski
• [FD] [SE-2014-01] Breaking Oracle Database through Java exploits (details)
  • From: Security Explorations
• [FD] PayPal Inc BB #98 MOS - Persistent Settings Vulnerability
  • From: Vulnerability Lab
• [FD] Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
  • From: SEC Consult Vulnerability Lab
• [FD] CVE-2014-2230 - OpenX Open Redirect Vulnerability
  • From: Jing Wang
• [FD] New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)
  • From: Jing Wang
• [FD] Bypassing blacklists based on IPy
  • From: Nicolas Grégoire
• [FD] Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
  • From: Stefan Horst
• [FD] [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
  • From: CORE Advisories Team
• [FD] XSS vulnerabilities in Megapolis.Portal Manager
  • From: MustLive
• [FD] Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0
  • From: yoloswag
• [FD] Fonality trixbox CE remote root exploit
  • From: Simo Ben youssef
• [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail
  • From: Lord Tuskington
• [FD] Cyanogenmod: multiple flaws in dependencies, including RCE
  • From: Lord Tuskington
• Re: [FD] Cyanogenmod: multiple flaws in dependencies, including RCE
  • From: Артур Истомин
• [FD] CVE request: remote code execution in Android CTS
  • From: Lord Tuskington
• Re: [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail
  • From: Lord Tuskington
• Re: [FD] CVE request: remote code execution in Android CTS
  • From: Lord Tuskington
• Re: [FD] [oss-security] CVE request: remote code execution in Android CTS
  • From: Nick Kralevich
• Re: [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail
  • From: Jeffrey Walton
• Re: [FD] [oss-security] CVE request: remote code execution in Android CTS
  • From: Grond
• Re: [FD] [oss-security] CVE request: remote code execution in Android CTS
  • From: David Daynard
• Re: [FD] CVE request: remote code execution in Android CTS
  • From: Jann Horn
• [FD] CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability
  • From: Jing Wang
• [FD] Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains)
  • From: Jing Wang
• [FD] AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
  • From: Asterisk Security Team
• [FD] Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] FileBug v1.5.1 iOS - Path Traversal Web Vulnerability
  • From: Vulnerability Lab
• [FD] iFunBox Free v1.1 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• [FD] File Manager v4.2.10 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] Mulesoft ESB Authenticated Privilege Escalation
  • From: Brandon Perry
• [FD] Vulnerabilities in WordPress Database Manager v2.7.1
  • From: Larry W. Cashdollar
• Re: [FD] [oss-security] CVE request: remote code execution in Android CTS
  • From: Mario Vilas
• [FD] Incredible PBX remote command execution exploit
  • From: Simo Ben youssef
• [FD] Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] File Manager v4.2.10 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2014-7180 - ElectricCommander Local Privilege Escalation
  • From: Sean Wright
• [FD] [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
  • From: Egidio Romano
• Re: [FD] Mulesoft ESB Authenticated Privilege Escalation
  • From: Barak Engel
• [FD] Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
  • From: Stefan Kanthak
• [FD] iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
  • From: Stefan Kanthak
• [FD] NoSuchCon 2014 - Schedule
  • From: NoSuchCon
• [FD] Yourls XSS Stored
  • From: Alvaro Diaz
• [FD] vulnerabilities in libbfd (CVE-2014-beats-me)
  • From: Michal Zalewski
• [FD] iFileExplorer v6.51 iOS - File Include Web Vulnerability
  • From: Vulnerability Lab
• [FD] WebDisk+ v2.1 iOS - Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability
  • From: Vulnerability Lab
• [FD] Folder Plus v2.5.1 iOS - Persistent Item Vulnerability
  • From: Vulnerability Lab
• [FD] Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)
  • From: Vulnerability Lab
• [FD] CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products
  • From: Portcullis Advisories
• [FD] CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap
  • From: Portcullis Advisories
• [FD] CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap
  • From: Portcullis Advisories
• [FD] CVE-2014-7178 - Remote Command Execution in Enalean Tuleap
  • From: Portcullis Advisories
• [FD] CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack
  • From: David Longenecker
• [FD] DAVOSET v.1.2.1
  • From: MustLive
• [FD] Go Home WP-API, You're Drunk...
  • From: Scott Arciszewski
• [FD] SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme
  • From: SEC Consult Vulnerability Lab
• [FD] MS08-067 strikes again. Now ATM
  • From: SCADA StrangeLove
• [FD] CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP
  • From: Portcullis Advisories
• [FD] CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP
  • From: Portcullis Advisories
• Re: [FD] CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP
  • From: Jeff Costlow
• Re: [FD] Go Home WP-API, You're Drunk...
  • From: Nahuel Grisolía
• Re: [FD] Go Home WP-API, You're Drunk...
  • From: Scott Arciszewski
• [FD] SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access
  • From: SEC Consult Vulnerability Lab
• [FD] [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
  • From: Security Explorations