Mail Thread Index
- [FD] Cross-Site-Scripting (XSS) in tcllib's html::textarea,
Ben Fuhrmannek
- [FD] Piwik Downloads Updates over HTTP,
Taylor Hornby
- [FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities,
Jing Wang
- [FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities,
Jing Wang
- [FD] NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities,
Jing Wang
- [FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities,
Jing Wang
- [FD] XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617),
William Costa
- Re: [FD] Reflected File Download in AOL Search Website,
Ricardo Iramar dos Santos
- [FD] upstart logrotate privilege escalation in Ubuntu Vivid (development),
halfdog
- [FD] 0x08 SEC-T 2015: Call For Papers annoucement,
Matt
- [FD] D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities,
Peter Adkins
- [FD] GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server,
Ron Gutierrez
- [FD] Tor Browser 4.0.3 with websockets enabled by default?,
Pablo
- [FD] Vulnerabilities in Hikvision DS-7204HWI-SH,
MustLive
- [FD] CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication,
csirt
- [FD] Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities,
Scott Arciszewski
- [FD] RV4sec 2015 CFP Open!,
Sullo
- [FD] Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566),
Brandon Perry
- [FD] PHPMoAdmin Unauthorized Remote Code Execution (0-Day),
Pichaya Morimoto
- [FD] [Call for Papers] SOURCE Boston (May 27/28),
Squirrel Herder Productions
- [FD] CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin),
dxw Security
- [FD] Partial pointer leaks,
Christophe Hauser
- [FD] WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities,
Jing Wang
- [FD] WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] Webshop hun v1.062S Directory Traversal Security Vulnerabilities,
Jing Wang
- [FD] Webshop hun v1.062S SQL Injection Security Vulnerabilities,
Jing Wang
- [FD] Java 8u40 released: why?,
paul . szabo
- [FD] ProjectSend r561 - SQL injection vulnerability,
ITAS Team
- [FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities,
Jing Wang
- [FD] WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities,
Jing Wang
- [FD] NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities,
Jing Wang
- [FD] NetCat CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities,
Jing Wang
- [FD] Fw: Vulnerabilities in ASUS RT-G32,
MustLive
- [FD] Multiple vulnerabilities in Untangle NGFW 9-11,
Hutton
- [FD] OpenKM Platform Remote Reflected Cross Site Scripting,
Mohamed A. Baset
- [FD] MikroTik RouterOS Admin Password Change CSRF,
Mohamed A. Baset
- [FD] [CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting,
Mohamed A. Baset
- [FD] Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response.,
Marek Kroemeke
- [FD] SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities,
Jing Wang
- [FD] Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities,
Jing Wang
- [FD] Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation,
CORE Advisories Team
- [FD] Vulnerability in the Dropbox SDK for Android (CVE-2014-8889),
Roee Hay
- [FD] Capstone disassembly engine 3.0.2 is out!,
Nguyen Anh Quynh
- [FD] [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer,
Guang Gong
- [FD] [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission,
Guang Gong
- [FD] Community Gallery - Srored Corss-Site Scripting vulnerability,
ITAS Team
- [FD] Raritan PowerIQ known session secret,
Brandon Perry
- [FD] Vulnerabilities in the Samsung SNS Provider application for Android [STIC-2015-0511],
Programa STIC
- [FD] MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation,
Advisories
- [FD] WPML WordPress plug-in SQL injection etc.,
Jouko Pynnonen
- [FD] 'Rowhammer' - Software-triggered DRAM corruption,
Nick Boyce
- [FD] WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection,
Ryan Dewhurst
- [FD] Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities,
Rehan Ahmed
- [FD] [SE-2014-02] Google App Engine Java security sandbox bypasses (details),
Security Explorations
- [FD] Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities,
Jing Wang
- [FD] Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities,
Jing Wang
- [FD] 724CMS 5.01 Multiple Information Leakage Security Vulnerabilities,
Jing Wang
- [FD] 724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities,
Jing Wang
- [FD] 724CMS 5.01 Multiple SQL Injection Security Vulnerabilities,
Jing Wang
- [FD] 724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities,
Jing Wang
- [FD] Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro - x64,
Nick Prowse
- [FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64,
Nick Prowse
- [FD] Having fun with dmesg,
halfdog
- [FD] Defense in depth -- the Mozilla way: return and exit codes are dispensable,
Stefan Kanthak
- [FD] Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions,
Stefan Kanthak
- [FD] Defense in depth -- the Microsoft way (part 31): UAC is for binary planting,
Stefan Kanthak
- [FD] Jolla Phone tel URI Spoofing,
NSO Research
- [FD] Metasploit Project initial User Creation CSRF,
Mohamed A. Baset
- [FD] Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution,
Onur Alanbel
- [FD] A local application could cause a denial-of-service to the audio_policy app in Android,
Guang Gong
- [FD] D-RamPage: POC for zero-risk row-hammer exploitation,
halfdog
- [FD] Upcoming new OpenSSL version with "high severity" security issues,
Patrik Kernstock
- [FD] Regarding how can I request a CVE number?,
XiaopengZhang
- Re: [FD] Regarding how can I request a CVE number?,
Nick Boyce
[FD] Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting,
Securify B.V.
[FD] Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view,
Securify B.V.
[FD] Command injection vulnerability in network diagnostics tool of Websense Appliance Manager,
Securify B.V.
[FD] Source code disclosure of Websense Triton JSP files via double quote character,
Securify B.V.
[FD] Missing access control on Websense Explorer web folder,
Securify B.V.
[FD] Cross-Site Scripting vulnerability in Websense Data Security block page,
Securify B.V.
[FD] Cross-Site Scripting vulnerability in Websense Explorer report scheduler,
Securify B.V.
[FD] Multiple Cross-Site Scripting vulnerabilities in Websense Reporting,
Securify B.V.
[FD] Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting,
Securify B.V.
[FD] [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow,
CORE Advisories Team
[FD] EMC M&R (Watch4net) data storage collector credentials are not properly protected,
Securify B.V.
[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites,
Securify B.V.
[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console,
Securify B.V.
[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend,
Securify B.V.
[FD] Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser,
Securify B.V.
[FD] Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery,
Securify B.V.
[FD] Command injection vulnerability in EMC Secure Remote Services Virtual Edition,
Securify B.V.
[FD] EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection,
Securify B.V.
[FD] Mac OS X 10.10.2 IOHIDFamily.kext IOHIDSecurePromptClient Heap Overflow,
info
[FD] Mac OS X 10.10.2 Default KEXT heap overflow LPE,
Luca Todesco
[FD] Mac OS X 10.10.2 kernel extension heap overflow resulting in LPE,
Luca Todesco
[FD] Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections,
Brandon Perry
[FD] Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities,
Rehan Ahmed
[FD] Citrix Command Center allows downloading of configuration files,
Securify B.V.
[FD] Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users,
Securify B.V.
[FD] Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting,
Securify B.V.
[FD] Command injection vulnerability in Citrix NITRO SDK xen_hotfix page,
Securify B.V.
[FD] Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting,
Securify B.V.
[FD] [CFP] BSides Las Vegas August 2015,
BSidesLV Info
[FD] Google Analytics by Yoast stored XSS,
Jouko Pynnonen
[FD] Viber for Android exposes insecure Javascript interface,
Securify B.V.
[FD] Type Confusion Infoleak Vulnerabilities in SoapClient,
Taoguang Chen
[FD] Type Confusion Vulnerability in SoapClient,
Taoguang Chen
[FD] Use After Free Vulnerability in unserialize() with DateInterval,
Taoguang Chen
[FD] Use After Free Vulnerability in unserialize(),
Taoguang Chen
[FD] [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection),
Kevin Schaller
[FD] The Palinopsia Bug: Recovering framebuffers from VRAM,
Bastian
[FD] Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0,
Steffen Rösemann
[FD] Cisco Unified Computing System Manager (UCSM) username and password hashes sent via SYSLOG,
tom@xxxxxxxxxxxxx
[FD] CVE-2011-2461 is back!,
Mauro Gentile
[FD] Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open,
Ming
[FD] Windows Local WebDAV NTLM Reflection Elevation of Privilege,
James Forshaw
[FD] WAHCKon[2] - Perth - May 2nd and 3rd 2015,
WAHCKon CFP
[FD] Announcing NorthSec 2015 - Montreal, May 21-24,
Pierre-David / NorthSec Conference
[FD] CSRF in Realms Wiki,
Javantea
[FD] Remote Code Execution in Realms Wiki install.sh,
Javantea
[FD] 1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free,
Berend-Jan Wever
[FD] Insecure file upload in Berta CMS,
Simon Waters
[FD] (0DAY) WebDepo -SQL injection / INURL BRASIL,
INURL Brasil
[FD] Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1,
Matthew Daley
[FD] Advisory: CVE-2014-9708: Appweb Web Server,
Matthew Daley
[FD] [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow,
CORE Advisories Team
[FD] Stack overflow in libtasn1,
Hanno Böck
[FD] Vulnerabilities in multiple Hikvision IP cameras and DVR,
MustLive
[FD] New BlackArch Linux ISOs & installer,
Black Arch
Mail converted by MHonArc