Mail Index

Thread Index

Re: [FD] GoAgent vulnerabilities: CA cert with known private key, TLS MITM
- From: David Fifield
[FD] Three out of bounds access issues in ImageMagick (CVE-2014-8354, CVE-2014-8355, CVE-2014-8562)
- From: Hanno Böck
[FD] CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core
- From: Portcullis Advisories
[FD] CNIL CookieViz XSS + SQL injection leading to user pwnage
- From: iliketurtles
[FD] KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read
- From: KoreLogic Disclosures
[FD] Vulnerabilities in D-Link DAP-1360
- From: MustLive
[FD] Cisco RV Series multiple vulnerabilities
- From: Securify B.V.
[FD] SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
- From: SEC Consult Vulnerability Lab
[FD] XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
- From: Larry W. Cashdollar
[FD] CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting Issues
- From: Luciano Pedreira
[FD] CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues
- From: Luciano Pedreira
[FD] DAVOSET v.1.2.2
- From: MustLive
[FD] [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
- From: Pedro Ribeiro
[FD] Wordpress bulletproof-security <=.51 multiple vulnerabilities
- From: Pietro Oliva
[FD] Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]
- From: Programa STIC
[FD] SeasonApps iTransfer 1.1 - Persistent UI Vulnerability
- From: Vulnerability Lab
[FD] BookFresh - Persistent Clients Invite Vulnerability
- From: Vulnerability Lab
[FD] PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability
- From: Vulnerability Lab
[FD] [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro
- From: Pedro Ribeiro
[FD] IL and CSRF vulnerabilities in D-Link DAP-1360
- From: MustLive
[FD] IP.Board <= 3.4.7 SQL Injection
- From: secthrowaway
[FD] [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360
- From: Pedro Ribeiro
[FD] PayPal Inc Bug Bounty #88 - Filter Bypass & Arbitrary Code Execution Vulnerability
- From: Vulnerability Lab
[FD] Piwigo <= v2.6.0 - Blind SQL Injection
- From: Manuel Garcia Cardenas
[FD] Lantronix xPrintServer Code execution and CSRF vulnerability
- From: Jim Bauwens
[FD] [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)
- From: ESNC Security
[FD] Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211]
- From: Programa STIC
[FD] CFP: AIPR2015 China - Artificial Intelligence and Pattern Recognition
- From: Hazel Ann
[FD] Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers
- From: Jing Wang
[FD] Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net
- From: Jing Wang
[FD] CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability
- From: Jing Wang
[FD] Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
- From: Programa STIC
[FD] CVE-2014-8681 Blind SQL Injection in Gogs label search
- From: Timo Schmid
[FD] CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs
- From: Timo Schmid
[FD] CVE-2014-8683 XSS in Gogs Markdown Renderer
- From: Timo Schmid
[FD] XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629)
- From: William Costa
[FD] xdg-open RCE
- From: joernchen
Re: [FD] Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net
- From: Nick Semenkovich
[FD] Reflected XSS in Nibbleblog <= v4.0.1
- From: Manuel Garcia Cardenas
[FD] XOOPS <= 2.5.6 - Blind SQL Injection
- From: Manuel Garcia Cardenas
[FD] 81% of Tor users can be de-anonymised by analysing router information, research indicates
- From: Ivan .Heca
Re: [FD] xdg-open RCE
- From: Brandon Perry
[FD] Vulnerabilities in D-Link DCS-2103
- From: MustLive
[FD] Proticaret E-Commerce Script v3.0 SQL Injection
- From: Onur Alanbel
[FD] WebsiteBaker <=2.8.3 - Multiple Vulnerabilities
- From: Manuel Garcia Cardenas
[FD] Zoph <= 0.9.1 - Multiple Vulnerabilities
- From: Manuel Garcia Cardenas
[FD] CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass
- From: Project Zero Labs
[FD] CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload
- From: Steffen Bauch
[FD] CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload
- From: Steffen Bauch
[FD] CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload
- From: Steffen Bauch
[FD] PHPFox XSS AdminCP
- From: Wesley Henrique
[FD] CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream
- From: Jann Horn
[FD] CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise
- From: Portcullis Advisories
[FD] Bootkit via SMS
- From: SCADA StrangeLove
[FD] CVE-2014-8600 - Insufficient Input Validation By IO Slaves In KDE e.V. KDE
- From: Portcullis Advisories
[FD] CVE-2014-2630 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux
- From: Portcullis Advisories
[FD] CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM
- From: Portcullis Advisories
[FD] [CORE-2014-0008] - Advantech AdamView Buffer Overflow
- From: CORE Advisories Team
[FD] [CORE-2014-0009] - Advantech EKI-6340 Command Injection
- From: CORE Advisories Team
[FD] [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow
- From: CORE Advisories Team
[FD] Capstone disassembly engine 3.0 released!
- From: Nguyen Anh Quynh
[FD] CVE-2014-8349 LIFERAY Portal Stored XSS
- From: Garcia, Ariel (LATCO - Buenos Aires)
[FD] WordPress 3 persistent script injection
- From: Jouko Pynnonen
[FD] DAVOSET v.1.2.3
- From: MustLive
[FD] Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ...
- From: Stefan Kanthak
[FD] AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.
- From: Asterisk Security Team
[FD] AST-2014-013: PJSIP ACLs are not loaded on startup
- From: Asterisk Security Team
[FD] AST-2014-014: High call load may result in hung channels in ConfBridge.
- From: Asterisk Security Team
[FD] AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver
- From: Asterisk Security Team
[FD] AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
- From: Asterisk Security Team
[FD] AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>
- From: Asterisk Security Team
[FD] AST-2014-018: AMI permission escalation through DB dialplan function
- From: Asterisk Security Team
[FD] Supr Shopsystem - Persistent UI Vulnerability
- From: Vulnerability Lab
[FD] FluxBB <= 1.5.6 SQL Injection
- From: secthrowaway
[FD] on Linux, 'less' can probably get you owned
- From: Michal Zalewski
[FD] Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
- From: Larry W. Cashdollar
Re: [FD] FluxBB <= 1.5.6 SQL Injection
- From: secthrowaway
[FD] DataSoft Nova Anti-reconnaissance System 13.10.0 || Stored XSS
- From: static rez
[FD] Slider Revolution/Showbiz Pro shell upload exploit
- From: Simo Ben youssef
[FD] Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data
- From: Stefan Kanthak
[FD] Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates
- From: Stefan Kanthak
[FD] MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution Vulnerability
- From: Taoguang Chen
[FD] phpBB <= 3.1.1 deregister_globals() Function Bypass
- From: Taoguang Chen
[FD] CVE-2014-8609 Android Settings application privilege leakage vulnerability
- From: Wang,Tao(Scloud)
[FD] device42 DCIM authenticated remote root via appliance manager
- From: Brandon Perry
[FD] CVE-2014-8610 Android < 5.0 SMS resend vulnerability
- From: Wang,Tao(Scloud)
[FD] CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager
- From: Wang,Tao(Scloud)
[FD] FileVista < v6.0.8.0 Insecure zip file handling
- From: DS MailingList
[FD] CVE-2014-5439 - Root shell on Sniffit [with exploit]
- From: Hector Marco
[FD] The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks
- From: Jing Wang
[FD] CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability
- From: Jing Wang
[FD] CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation
- From: Jing Wang
[FD] All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks
- From: Jing Wang
[FD] Agafi/ROP v1.0 released !
- From: Nicolas A. Economou
Re: [FD] Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates
- From: Susan Bradley
Re: [FD] Slider Revolution/Showbiz Pro shell upload exploit
- From: Ryan Dewhurst
Re: [FD] Slider Revolution/Showbiz Pro shell upload exploit
- From: Simo Ben youssef
[FD] XSS (in 20 chars) in Microsoft IIS 7.5 error message
- From: A Z
Re: [FD] Slider Revolution/Showbiz Pro shell upload exploit
- From: Lukasz Biegaj
[FD] [Tool] Responder v2.1.3
- From: laurent gaffie
[FD] CSRF and XSS vulnerabilities in D-Link DAP-1360
- From: MustLive
[FD] [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
- From: Egidio Romano
[FD] Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
- From: Stefan Kanthak

Mail converted by MHonArc