Mail Index
- [FD] [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
- [FD] [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
- [FD] [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
- [FD] [KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability
- [FD] [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
- [FD] [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
- [FD] 31C3 releases: SmartGrid & USB modems
- [FD] Windows 8 Privilege Escalation
- [FD] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
- [FD] Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- [FD] Mantis BugTracker 1.2.17 - Multiple security vulnerabilities.
- From: Popovici, Alejo (LATCO - Buenos Aires)
- [FD] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360
- Re: [FD] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
- [FD] ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities
- [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure
- [FD] SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0
- [FD] Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
- [FD] Reflecting XSS vulnerability in CMS Kajona v. 4.6
- Re: [FD] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360
- [FD] Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia
- [FD] CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
- [FD] Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada
- [FD] Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0
- [FD] Good for Enterprise Android HTML Injection (CVE-2014-4925)
- [FD] Reflecting XSS vulnerability in CMS e107 v. 1.0.4
- [FD] [Tool] SPARTA 1.0 BETA
- [FD] CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability
- [FD] CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability
- [FD] Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability
- [FD] Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect
- [FD] Reflecting XSS vulnerability in CMS Croogo v.2.2.0
- [FD] Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6
- [FD] Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
- [FD] Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability
- [FD] ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities
- [FD] Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability
- [FD] Blitz CMS Community - SQL Injection Web Vulnerability
- [FD] [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- [FD] CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0
- From: RedTeam Pentesting GmbH
- [FD] Corel Software DLL Hijacking
- From: CORE Advisories Team
- [FD] Corel Software DLL Hijacking
- From: CORE Advisories Team
- [FD] Corel Software DLL Hijacking
- From: CORE Security Technologies Advisories-team (jrv)
- [FD] Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection
- Re: [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure
- [FD] XSS Vulnerability in Fork CMS 3.8.3
- [FD] Snom SIP phones denial of service through HTTP
- From: kapejod@xxxxxxxxxxxxxx
- [FD] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- [FD] Lizard Stresser rekt
- Re: [FD] Snom SIP phones denial of service through HTTP
- [FD] [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager
- Re: [FD] Lizard Stresser rekt
- Re: [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure
- [FD] SQL Injection Vulnerability in Microweber 0.95
- [FD] MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
- [FD] Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0
- Re: [FD] Snom SIP phones denial of service through HTTP
- Re: [FD] Snom SIP phones denial of service through HTTP
- From: kapejod@xxxxxxxxxxxxxx
- [FD] SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
- From: SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
- From: SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi
- From: SEC Consult Vulnerability Lab
- [FD] Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities
- [FD] Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability
- [FD] ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities
- Re: [FD] SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
- From: kapejod@xxxxxxxxxxxxxx
- [FD] Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection
- [FD] Reflected XSS in Flash files of TechSmith Camtasia 8 & 7
- Re: [FD] Snom SIP phones denial of service through HTTP
- [FD] MS14-080 CVE-2014-6365 Code
- [FD] Alienvault OSSIM/USM Command Execution Vulnerability
- [FD] CatBot v0.4.2 (PHP) - SQL Injection Vulnerability
- [FD] VeryPhoto v3.0 iOS - Command Injection Vulnerability
- [FD] WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability
- [FD] File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities
- [FD] Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability
- [FD] Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
- From: admin@xxxxxxxxxxxxxxxxx
- [FD] McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass
- [FD] Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3
- [FD] N-central Remote Support Manager Multiple Vulnerabilities
- [FD] VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)
- [FD] SPSControl v1.2 iOS - (.spc) Persistent Vulnerability
- [FD] Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities
- [FD] MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities
- [FD] Barracuda Load Balancer ADC VM multiple vulnerabilities
- [FD] Hack In Paris 2015 Call For Papers / Call For Trainings
- [FD] vorbis-tools issues
- From: Paris Zoumpouloglou
- [FD] WebGUI 7.10.29 stable version Cross site scripting vulnerability
- From: SECUPENT Research Center
- [FD] Arbitrary File Upload in articleFR CMS 3.0.5
- [FD] SQL injection vulnerability in articleFR CMS 3.0.5
- [FD] CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.
- [FD] full name disclosure information leak in google drive
- Re: [FD] full name disclosure information leak in google drive
- Re: [FD] full name disclosure information leak in google drive
- [FD] SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP
- From: SEC Consult Vulnerability Lab
- [FD] Program-O v2.4.6 - Multiple Web Vulnerabilities
- [FD] PhotoSync 1.1.3 Android - Command Inject Vulnerability
- [FD] USAA mobile app gives away personal data; fix released
- Re: [FD] full name disclosure information leak in google drive
- [FD] CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities
- [FD] CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
- [FD] Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities
- [FD] Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha
- [FD] IT Hot Topics 2015 Call for Papers
- From: Squirrel Herder Productions
- [FD] XSS vulnerability in articleFR CMS 3.0.5
- [FD] SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability
- [FD] Mangallam CMS - SQL Injection Web Vulnerability
- [FD] [CORE-2015-0002] - Android WiFi-Direct Denial of Service
- From: CORE Advisories Team
- [FD] Barracuda Networks Cloud Series - Filter Bypass Vulnerability
- From: bkm@xxxxxxxxxxxxxxxxx
- [FD] [Call For Papers] Security BSides San Francisco April 2015
- [FD] [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities
- From: CORE Advisories Team
- [FD] NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues
- From: VMware Security Response Center
- [FD] [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability
- From: Amplia Security Advisories
- [FD] CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect')
- From: Popovici, Alejo (LATCO - Buenos Aires)
- [FD] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- From: Qualys Security Advisory
- [FD] Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE)
- [FD] Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability
- [FD] [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)
- Re: [FD] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- [FD] AST-2015-001: File descriptor leak when incompatible codecs are offered
- From: Asterisk Security Team
- [FD] AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
- From: Asterisk Security Team
- [FD] Vulnerabilities in HP LaserJet
- Re: [FD] CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.
- [FD] AirWatch Multiple Direct Object References
- [FD] Cisco Meraki Systems Manager Multiple Vulnerabilities
- [FD] Fortinet FortiAuthenticator Multiple Vulnerabilities
- [FD] Fortinet FortiClient Multiple Vulnerabilities
- [FD] Fortinet FortiOS Multiple Vulnerabilities
- [FD] Kaseya BYOD Gateway Multiple Vulnerabilities
- [FD] Kaseya Browser Android Path Traversal
- [FD] NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability
- From: VMware Security Response Center
- [FD] Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection
- [FD] Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385
- [FD] Facebook Malware that infected more than 110K and still on the rise
- From: Mohammad Reza Faghani
- [FD] Registration open for Rooted CON 2015
- [FD] Unrevealed Secrets of MAL-Drone
Mail converted by MHonArc