Mail Thread Index
- [FD] [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf,
RedTeam Pentesting GmbH
- [FD] [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire,
RedTeam Pentesting GmbH
- [FD] [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure,
RedTeam Pentesting GmbH
- [FD] [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components,
RedTeam Pentesting GmbH
- [FD] CVE-2014-9016 and CVE-2014-9034. Wordpress and Drupal DOS,
C0r3dump3d
- [FD] Yii framework CmsInput extension improper XSS sanitation,
A. W.
- [FD] hack4 is coming - hackercon in berlin - date: end of the year 2014,
dash
- [FD] less out of bounds read access - TFPA 002/2014,
Hanno Böck
- Re: [FD] CVE-2014-8610 Android < 5.0 SMS resend vulnerability,
Joshua Wright
- [FD] [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360,
Pedro Ribeiro
- [FD] XSS in WIX pages,
Devsec Security Departament
- [FD] CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4,
Stephan.Rickauer
- [FD] CSRF and XSS vulnerabilities in D-Link DAP-1360,
MustLive
- Re: [FD] XSS (in 20 chars) in Microsoft IIS 7.5 error message,
waysea
- [FD] BSidesHH 2014,
Daniel Busch
- [FD] Positive Hack Days V — Call for Papers,
Alexander Lashkov
- [FD] Offset2lib: bypassing full ASLR on 64bit Linux,
Hector Marco
- [FD] SpoofedMe - Social Login Impersonation Attack,
Or Peles
- [FD] NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities,
VMware Security Response Center
- [FD] CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR,
Portcullis Advisories
- [FD] NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability,
Vulnerability Lab
- [FD] [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google),
Security Explorations
- [FD] Sony: 22 Breaches and Counting,
Jeffrey Walton
- [FD] Coinbase User Enumeration,
stephen@xxxxxxxxxxxxxxxxxxxxxxx
- ***UNCHECKED*** [FD] Humhub SQL injection and multiple persistent XSS vulnerabilities,
A. W.
- ***UNCHECKED*** [FD] Interesting Backdoor,
Alfred Baroti
- [FD] NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability,
VMware Security Response Center
- [FD] CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability,
Jing Wang
- [FD] ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities,
Jing Wang
- [FD] Keurig 2.0 Genuine K-Cup Spoofing Vulnerability,
Kenneth Buckler
- [FD] Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities,
Simo Ben youssef
- [FD] Call for Presenters - B-Sides Vancouver 2015 - March 16-17, 2015 in Vancouver, Canada,
Colin Keigher
- [FD] Releasing PuttyRider - for penetration testers,
Adrian Furtuna
- [FD] Multiple vulnerabilities in InfiniteWP Admin Panel,
Walter Hop
- [FD] NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities,
VMware Security Response Center
- [FD] CVE-2014-8608 - Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys],
Portcullis Advisories
- [FD] CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys],
Portcullis Advisories
- [FD] CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys],
Portcullis Advisories
- [FD] AST-2014-019: Remote Crash Vulnerability in WebSocket Server,
Asterisk Security Team
- [FD] BMC TrackIt! Unauthenticated Arbitrary Local System User Password Change,
Brandon Perry
- [FD] RedCloth contains unfixed XSS vulnerability for 9 years,
Kousuke Ebihara
- [FD] Humhub insecure password validation and reset design,
A. W.
- [FD] Docker 1.3.3 - Security Advisory [11 Dec 2014],
Eric Windisch
- [FD] Rooted CON 2014 talks (dubbed into english) are now online,
omarbv
- [FD] Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...,
Stefan Kanthak
- [FD] CA20141215-01: Security Notice for CA LISA Release Automation,
Williams, Ken
- [FD] fulldisclosure:你的文件,
庄容如
- [FD] CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF),
Seth Art
- [FD] CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS),
Seth Art
- [FD] [SE-2014-02] Google App Engine Java security sandbox bypasses (status update),
Security Explorations
- [FD] [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA,
Onapsis Research Labs
- [FD] iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability,
Vulnerability Lab
- [FD] iWifi for Chat v1.1 iOS - Denial of Service Vulnerability,
Vulnerability Lab
- [FD] Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability,
Vulnerability Lab
- [FD] Elefant CMS v1.3.9 - Persistent Name Update Vulnerability,
Vulnerability Lab
- [FD] Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability,
Vulnerability Lab
- [FD] RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability,
Vulnerability Lab
- [FD] W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface,
Mazin Ahmed
- [FD] BOF(s) +SSRF in Honewell EPKS,
SCADA StrangeLove
- [FD] Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability,
Vulnerability Lab
- [FD] Morfy CMS v1.05 - Command Execution Vulnerability,
Vulnerability Lab
- [FD] Jease CMS v2.11 - Persistent UI Web Vulnerability,
Vulnerability Lab
- [FD] iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability,
Vulnerability Lab
- [FD] E-Journal CMS (ID) - Multiple Web Vulnerabilities,
Vulnerability Lab
- [FD] Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability,
Vulnerability Lab
- [FD] Apple iOS v8.x - Message Context & Privacy Vulnerability,
Vulnerability Lab
- [FD] SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA),
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager,
SEC Consult Vulnerability Lab
- [FD] Dictionary/brute-force attack against "kerberized" IIS service accounts without triggering account lockout,
Ben Lincoln (F7EFC8C9 - FD)
- [FD] The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED,
Ivan .Heca
- [FD] TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables,
Peter Thoeny
- [FD] TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch,
Peter Thoeny
- [FD] CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability,
Jing Wang
- [FD] CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability,
Jing Wang
- [FD] BF and XSS vulnerabilities in D-Link DCS-2103,
MustLive
- [FD] [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities,
Matteo Beccati
- [FD] The Misfortune Cookie Vulnerability,
Shahar Tal
- [FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities,
Jing Wang
- [FD] SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor,
SEC Consult Vulnerability Lab
- [FD] iBackup v10.0.0.45 - Privilege Escalation Vulnerability,
Vulnerability Lab
- [FD] Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 - Privilege Escalation Vulnerability,
Vulnerability Lab
- [FD] Facebook BB #18 - IDOR Issue & Privacy Vulnerability,
Vulnerability Lab
- [FD] Graylog2-Web LDAP Injection - CVE-2014-9217,
J. Tozo
- [FD] CVE-2014-9330: Libtiff integer overflow in bmp2tiff,
Project Zero Labs
- [FD] VP-2014-004 SysAid Server Arbitrary File Disclosure,
Vantage Point Security
- [FD] BBC about Ukrainian Cyber Forces,
MustLive
- [FD] Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable,
Stefan Kanthak
- [FD] Vulnerabilities in Samsung SyncThru Web Service,
MustLive
- [FD] ObSecure 360 unauthenticated SQL injection,
Patrick Webster
- [FD] Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1,
Steffen Rösemann
- [FD] CALL FOR PAPERS - NUIT DU HACK - 20/21 JUNE 2015,
freeman
- [FD] Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5,
Steffen Rösemann
- [FD] Facebook Bug Bounty #17 - Migrate Privacy Vulnerability,
Vulnerability Lab
- [FD] Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability,
Vulnerability Lab
- [FD] ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability,
Vulnerability Lab
- [FD] Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability,
Vulnerability Lab
- [FD] PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability,
Vulnerability Lab
- [FD] Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities,
Vulnerability Lab
- [FD] Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability,
Vulnerability Lab
- [FD] Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ...,
Stefan Kanthak
- [FD] Wordpress Frontend Uploader Cross Site Scripting(XSS),
SECUPENT Research Center
- [FD] XSS and CSRF vulnerabilities in CMS Pylot,
MustLive
- [FD] CSRF vulnerability in CMS e107 v.2 alpha2,
Steffen Rösemann
- [FD] CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability,
Jing Wang
- [FD] /usr/bin/a2p buffer overflow,
up201407890
- [FD] CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability,
Jing Wang
- [FD] CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities,
Jing Wang
- [FD] Reminder and Extension CanSecWest CFP deadline tomorrow, December 30th.,
Dragos Ruiu
- [FD] nullcon HackIM Challenge 9-11 Jan 2015,
nullcon
- [FD] Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS,
Steffen Rösemann
Mail converted by MHonArc