Mail Index

• Thread Index

• [FD] Cross-Site-Scripting (XSS) in tcllib's html::textarea
  • From: Ben Fuhrmannek
• [FD] Piwik Downloads Updates over HTTP
  • From: Taylor Hornby
• [FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities
  • From: Jing Wang
• [FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities
  • From: Jing Wang
• [FD] NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities
  • From: Jing Wang
• [FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities
  • From: Jing Wang
• [FD] XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617)
  • From: William Costa
• Re: [FD] Reflected File Download in AOL Search Website
  • From: Ricardo Iramar dos Santos
• [FD] upstart logrotate privilege escalation in Ubuntu Vivid (development)
  • From: halfdog
• [FD] 0x08 SEC-T 2015: Call For Papers annoucement
  • From: Matt
• [FD] D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities
  • From: Peter Adkins
• [FD] GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server
  • From: Ron Gutierrez
• [FD] Tor Browser 4.0.3 with websockets enabled by default?
  • From: Pablo
• [FD] Vulnerabilities in Hikvision DS-7204HWI-SH
  • From: MustLive
• [FD] CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication
  • From: csirt
• [FD] Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities
  • From: Scott Arciszewski
• [FD] RV4sec 2015 CFP Open!
  • From: Sullo
• [FD] Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566)
  • From: Brandon Perry
• [FD] PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
  • From: Pichaya Morimoto
• [FD] [Call for Papers] SOURCE Boston (May 27/28)
  • From: Squirrel Herder Productions
• [FD] CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)
  • From: dxw Security
• [FD] Partial pointer leaks
  • From: Christophe Hauser
• [FD] WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities
  • From: Jing Wang
• [FD] WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] Webshop hun v1.062S Directory Traversal Security Vulnerabilities
  • From: Jing Wang
• [FD] Webshop hun v1.062S SQL Injection Security Vulnerabilities
  • From: Jing Wang
• [FD] Java 8u40 released: why?
  • From: paul . szabo
• Re: [FD] Java 8u40 released: why?
  • From: Gsunde Orangen
• [FD] ProjectSend r561 - SQL injection vulnerability
  • From: ITAS Team
• Re: [FD] Partial pointer leaks
  • From: Robert Święcki
• Re: [FD] Java 8u40 released: why?
  • From: Guy Dawson
• Re: [FD] Java 8u40 released: why?
  • From: paul . szabo
• [FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities
  • From: Jing Wang
• [FD] WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities
  • From: Jing Wang
• [FD] NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities
  • From: Jing Wang
• [FD] NetCat CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities
  • From: Jing Wang
• [FD] Fw: Vulnerabilities in ASUS RT-G32
  • From: MustLive
• Re: [FD] Java 8u40 released: why?
  • From: Alan Coopersmith
• Re: [FD] Java 8u40 released: why?
  • From: Alexander Burke
• Re: [FD] Java 8u40 released: why?
  • From: James Hodgkinson
• Re: [FD] Java 8u40 released: why?
  • From: paul . szabo
• Re: [FD] Java 8u40 released: why?
  • From: Alan Coopersmith
• Re: [FD] Partial pointer leaks
  • From: Christophe Hauser
• Re: [FD] Java 8u40 released: why?
  • From: Nick FitzGerald
• [FD] Multiple vulnerabilities in Untangle NGFW 9-11
  • From: Hutton
• [FD] OpenKM Platform Remote Reflected Cross Site Scripting
  • From: Mohamed A. Baset
• [FD] MikroTik RouterOS Admin Password Change CSRF
  • From: Mohamed A. Baset
• Re: [FD] Partial pointer leaks
  • From: Gil Besso
• [FD] [CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting
  • From: Mohamed A. Baset
• [FD] Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response.
  • From: Marek Kroemeke
• Re: [FD] Java 8u40 released: why?
  • From: James Hodgkinson
• Re: [FD] Java 8u40 released: why?
  • From: Dave Warren
• [FD] SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities
  • From: Jing Wang
• [FD] Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities
  • From: Jing Wang
• [FD] Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation
  • From: CORE Advisories Team
• [FD] Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)
  • From: Roee Hay
• [FD] Capstone disassembly engine 3.0.2 is out!
  • From: Nguyen Anh Quynh
• [FD] [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer
  • From: Guang Gong
• [FD] [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission
  • From: Guang Gong
• [FD] Community Gallery - Srored Corss-Site Scripting vulnerability
  • From: ITAS Team
• [FD] Raritan PowerIQ known session secret
  • From: Brandon Perry
• Re: [FD] [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission
  • From: Guang Gong
• Re: [FD] [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer
  • From: Guang Gong
• [FD] Vulnerabilities in the Samsung SNS Provider application for Android [STIC-2015-0511]
  • From: Programa STIC
• [FD] MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation
  • From: Advisories
• [FD] WPML WordPress plug-in SQL injection etc.
  • From: Jouko Pynnonen
• [FD] 'Rowhammer' - Software-triggered DRAM corruption
  • From: Nick Boyce
• [FD] WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection
  • From: Ryan Dewhurst
• Re: [FD] MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation
  • From: Advisories
• [FD] Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities
  • From: Rehan Ahmed
• Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption
  • From: Aris Adamantiadis
• [FD] [SE-2014-02] Google App Engine Java security sandbox bypasses (details)
  • From: Security Explorations
• Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption
  • From: fulldisclosure
• Re: [FD] WPML WordPress plug-in SQL injection etc.
  • From: Jouko Pynnonen
• [FD] Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
  • From: Jing Wang
• [FD] Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities
  • From: Jing Wang
• [FD] 724CMS 5.01 Multiple Information Leakage Security Vulnerabilities
  • From: Jing Wang
• [FD] 724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities
  • From: Jing Wang
• [FD] 724CMS 5.01 Multiple SQL Injection Security Vulnerabilities
  • From: Jing Wang
• [FD] 724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities
  • From: Jing Wang
• [FD] Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro - x64
  • From: Nick Prowse
• [FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64
  • From: Nick Prowse
• [FD] Having fun with dmesg
  • From: halfdog
• [FD] Defense in depth -- the Mozilla way: return and exit codes are dispensable
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
  • From: Stefan Kanthak
• [FD] Jolla Phone tel URI Spoofing
  • From: NSO Research
• [FD] Metasploit Project initial User Creation CSRF
  • From: Mohamed A. Baset
• [FD] Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution
  • From: Onur Alanbel
• Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption
  • From: Nick Boyce
• [FD] A local application could cause a denial-of-service to the audio_policy app in Android
  • From: Guang Gong
• Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption
  • From: Dirk-Willem van Gulik
• [FD] D-RamPage: POC for zero-risk row-hammer exploitation
  • From: halfdog
• [FD] Upcoming new OpenSSL version with "high severity" security issues
  • From: Patrik Kernstock
• Re: [FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64
  • From: jericho
• [FD] Regarding how can I request a CVE number?
  • From: XiaopengZhang
• [FD] Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting
  • From: Securify B.V.
• [FD] Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view
  • From: Securify B.V.
• [FD] Command injection vulnerability in network diagnostics tool of Websense Appliance Manager
  • From: Securify B.V.
• [FD] Source code disclosure of Websense Triton JSP files via double quote character
  • From: Securify B.V.
• [FD] Missing access control on Websense Explorer web folder
  • From: Securify B.V.
• [FD] Cross-Site Scripting vulnerability in Websense Data Security block page
  • From: Securify B.V.
• [FD] Cross-Site Scripting vulnerability in Websense Explorer report scheduler
  • From: Securify B.V.
• [FD] Multiple Cross-Site Scripting vulnerabilities in Websense Reporting
  • From: Securify B.V.
• [FD] Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting
  • From: Securify B.V.
• [FD] [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow
  • From: CORE Advisories Team
• [FD] EMC M&R (Watch4net) data storage collector credentials are not properly protected
  • From: Securify B.V.
• [FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites
  • From: Securify B.V.
• [FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console
  • From: Securify B.V.
• [FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend
  • From: Securify B.V.
• [FD] Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser
  • From: Securify B.V.
• [FD] Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery
  • From: Securify B.V.
• [FD] Command injection vulnerability in EMC Secure Remote Services Virtual Edition
  • From: Securify B.V.
• [FD] EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection
  • From: Securify B.V.
• [FD] Mac OS X 10.10.2 IOHIDFamily.kext IOHIDSecurePromptClient Heap Overflow
  • From: info
• [FD] Mac OS X 10.10.2 Default KEXT heap overflow LPE
  • From: Luca Todesco
• [FD] Mac OS X 10.10.2 kernel extension heap overflow resulting in LPE
  • From: Luca Todesco
• Re: [FD] Regarding how can I request a CVE number?
  • From: James Hooker
• [FD] Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections
  • From: Brandon Perry
• [FD] Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities
  • From: Rehan Ahmed
• [FD] Citrix Command Center allows downloading of configuration files
  • From: Securify B.V.
• [FD] Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users
  • From: Securify B.V.
• [FD] Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
  • From: Securify B.V.
• [FD] Command injection vulnerability in Citrix NITRO SDK xen_hotfix page
  • From: Securify B.V.
• [FD] Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
  • From: Securify B.V.
• [FD] cve-assign delays
  • From: Steven M. Christey
• Re: [FD] Regarding how can I request a CVE number?
  • From: Daniel Wood
• Re: [FD] Regarding how can I request a CVE number?
  • From: Peter Adkins
• Re: [FD] Regarding how can I request a CVE number?
  • From: Nick Boyce
• [FD] [CFP] BSides Las Vegas August 2015
  • From: BSidesLV Info
• [FD] Google Analytics by Yoast stored XSS
  • From: Jouko Pynnonen
• [FD] Viber for Android exposes insecure Javascript interface
  • From: Securify B.V.
• [FD] Type Confusion Infoleak Vulnerabilities in SoapClient
  • From: Taoguang Chen
• [FD] Type Confusion Vulnerability in SoapClient
  • From: Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with DateInterval
  • From: Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize()
  • From: Taoguang Chen
• [FD] [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)
  • From: Kevin Schaller
• Re: [FD] D-RamPage: POC for zero-risk row-hammer exploitation
  • From: halfdog
• [FD] The Palinopsia Bug: Recovering framebuffers from VRAM
  • From: Bastian
• [FD] Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0
  • From: Steffen Rösemann
• [FD] Cisco Unified Computing System Manager (UCSM) username and password hashes sent via SYSLOG
  • From: tom@xxxxxxxxxxxxx
• [FD] CVE-2011-2461 is back!
  • From: Mauro Gentile
• [FD] Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open
  • From: Ming
• [FD] Windows Local WebDAV NTLM Reflection Elevation of Privilege
  • From: James Forshaw
• [FD] WAHCKon[2] - Perth - May 2nd and 3rd 2015
  • From: WAHCKon CFP
• [FD] Announcing NorthSec 2015 - Montreal, May 21-24
  • From: Pierre-David / NorthSec Conference
• [FD] CSRF in Realms Wiki
  • From: Javantea
• [FD] Remote Code Execution in Realms Wiki install.sh
  • From: Javantea
• [FD] 1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free
  • From: Berend-Jan Wever
• [FD] Insecure file upload in Berta CMS
  • From: Simon Waters
• [FD] (0DAY) WebDepo -SQL injection / INURL BRASIL
  • From: INURL Brasil
• [FD] Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1
  • From: Matthew Daley
• [FD] Advisory: CVE-2014-9708: Appweb Web Server
  • From: Matthew Daley
• [FD] [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow
  • From: CORE Advisories Team
• [FD] Stack overflow in libtasn1
  • From: Hanno Böck
• [FD] Vulnerabilities in multiple Hikvision IP cameras and DVR
  • From: MustLive
• [FD] New BlackArch Linux ISOs & installer
  • From: Black Arch
• Re: [FD] CVE-2011-2461 is back!
  • From: Mauro Gentile