Mail Thread Index
- [FD] FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities,
VMware Security Response Center
- [FD] Command-injection vulnerability in windows cmd scripts,
Ben Perry
- [FD] Epicor Enterprise vulnerabilities,
Fara Rustein fararustein@xxxxxxxxxxxxxxxx
- [FD] Multiple vulnerabilities in Refraction theme for WordPress,
MustLive
- [FD] FreePBX (All Versions) RCE,
Rob Thomas
- [FD] CVE-2014-2717 SCADA Privilege Escalation in Honeywell Falcon XLWEB,
Martin Jartelius
- [FD] Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product,
kvnjs
- [FD] CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS,
Portcullis Advisories
- [FD] Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin),
dxw Security
- [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278),
Michal Zalewski
- <Possible follow-ups>
- Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278),
Michael Bazzinotti
[FD] CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink,
Portcullis Advisories
[FD] CarolinaCon-11 call for papers/presenters,
Vic Vandal
[FD] BulletProof Security Wordpress v50.8 - POST Inject Vulnerability,
Vulnerability Lab
[FD] HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability,
Vulnerability Lab
[FD] PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability,
Vulnerability Lab
[FD] CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway,
Mirko Casadei
[FD] CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway,
Mirko Casadei
[FD] CVE-2014-4313 Epicor Procurement SQL Injection,
Martins, Luciano (LATCO - Buenos Aires)
[FD] Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities,
Vulnerability Lab
[FD] PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities,
Vulnerability Lab
[FD] CA20141001-01: Security Notice for Bash Shellshock Vulnerability,
Williams, James K
[FD] Nessus Web UI 2.3.3: Stored XSS,
The Security Factory
[FD] Adobe Acrobat XI on Uniguest Secured Advantage 7 privacy issue at Marriott et al,
Constantine A. Murenin
[FD] CVE-2014-4502 (Updated) : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow,
Mick Ayzenberg
[FD] CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work,
Mick Ayzenberg
[FD] Yahoo! hacked on October 5, 2014...,
Jonathan Hall
[FD] BlackArch Linux: New ISOs released,
Black Arch
[FD] Exploit for CVE-2014-5207,
Andrew Lutomirski
[FD] [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!,
Pedro Ribeiro
[FD] OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux,
Jann Horn
[FD] [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure,
Onapsis Research Labs
[FD] [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting,
Onapsis Research Labs
[FD] TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins,
Peter Thoeny
[FD] TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server,
Peter Thoeny
[FD] CSNC-2014-004 neuroML - Multiple Vulnerabilities,
Alexandre Herzog
[FD] SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer,
Alexandre Herzog
[FD] SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer,
Alexandre Herzog
[FD] SAP Security Note 1908531 - XXE in BusinessObjects Explorer,
Alexandre Herzog
[FD] CSP Bypass on Android prior to 4.4,
E Boogie
[FD] PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability,
Vulnerability Lab
[FD] CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.),
Dirk-Willem van Gulik
[FD] CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth),
oststrom (public)
[FD] CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth),
oststrom (public)
[FD] CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth),
oststrom (public)
[FD] OWASP OWTF 1.0 "Lionheart" released!,
Abraham Aranguren
[FD] Rooted CON 2015 - Call For Papers,
omarbv
Re: [FD] CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth),
oststrom (public)
[FD] two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other),
Michal Zalewski
[FD] [SE-2014-01] Breaking Oracle Database through Java exploits (details),
Security Explorations
[FD] PayPal Inc BB #98 MOS - Persistent Settings Vulnerability,
Vulnerability Lab
[FD] Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities,
Vulnerability Lab
[FD] Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability,
Vulnerability Lab
[FD] SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces,
SEC Consult Vulnerability Lab
[FD] CVE-2014-2230 - OpenX Open Redirect Vulnerability,
Jing Wang
[FD] New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected),
Jing Wang
[FD] Bypassing blacklists based on IPy,
Nicolas Grégoire
[FD] Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability,
Stefan Horst
[FD] [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability,
CORE Advisories Team
[FD] XSS vulnerabilities in Megapolis.Portal Manager,
MustLive
[FD] Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0,
yoloswag
[FD] Fonality trixbox CE remote root exploit,
Simo Ben youssef
[FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail,
Lord Tuskington
[FD] Cyanogenmod: multiple flaws in dependencies, including RCE,
Lord Tuskington
[FD] CVE request: remote code execution in Android CTS,
Lord Tuskington
Re: [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail,
Jeffrey Walton
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS,
David Daynard
[FD] CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability,
Jing Wang
[FD] Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains),
Jing Wang
[FD] AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability,
Asterisk Security Team
[FD] Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities,
Vulnerability Lab
[FD] FileBug v1.5.1 iOS - Path Traversal Web Vulnerability,
Vulnerability Lab
[FD] iFunBox Free v1.1 iOS - File Include Vulnerability,
Vulnerability Lab
[FD] File Manager v4.2.10 iOS - Code Execution Vulnerability,
Vulnerability Lab
[FD] Mulesoft ESB Authenticated Privilege Escalation,
Brandon Perry
[FD] Vulnerabilities in WordPress Database Manager v2.7.1,
Larry W. Cashdollar
[FD] Incredible PBX remote command execution exploit,
Simo Ben youssef
[FD] Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability,
Vulnerability Lab
[FD] CVE-2014-7180 - ElectricCommander Local Privilege Escalation,
Sean Wright
[FD] [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability,
Egidio Romano
[FD] [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness,
Egidio Romano
[FD] Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1,
Stefan Kanthak
[FD] iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries,
Stefan Kanthak
[FD] NoSuchCon 2014 - Schedule,
NoSuchCon
[FD] Yourls XSS Stored,
Alvaro Diaz
[FD] vulnerabilities in libbfd (CVE-2014-beats-me),
Michal Zalewski
[FD] iFileExplorer v6.51 iOS - File Include Web Vulnerability,
Vulnerability Lab
[FD] WebDisk+ v2.1 iOS - Code Execution Vulnerability,
Vulnerability Lab
[FD] Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability,
Vulnerability Lab
[FD] Folder Plus v2.5.1 iOS - Persistent Item Vulnerability,
Vulnerability Lab
[FD] Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration),
Vulnerability Lab
[FD] CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products,
Portcullis Advisories
[FD] CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap,
Portcullis Advisories
[FD] CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap,
Portcullis Advisories
[FD] CVE-2014-7178 - Remote Command Execution in Enalean Tuleap,
Portcullis Advisories
[FD] CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack,
David Longenecker
[FD] DAVOSET v.1.2.1,
MustLive
[FD] Go Home WP-API, You're Drunk...,
Scott Arciszewski
[FD] SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel,
SEC Consult Vulnerability Lab
[FD] SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme,
SEC Consult Vulnerability Lab
[FD] MS08-067 strikes again. Now ATM,
SCADA StrangeLove
[FD] CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP,
Portcullis Advisories
[FD] CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP,
Portcullis Advisories
Re: [FD] CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP,
Jeff Costlow
[FD] SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access,
SEC Consult Vulnerability Lab
[FD] [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU,
Security Explorations
Mail converted by MHonArc