Mail Index

Thread Index

Re: [FD] Safari Address Spoofing (How We Got It)
- From: Michal Zalewski
[FD] [CFP] SOURCE Dublin, Sept 5-8, Trinity College
- From: Genevieve Southwick
[FD] Freebox OS Web interface 3.0.2 XSS, CSRF
- From: DAU Huy Ngoc
[FD] Call for Papers for 3rd Balkan Computer Congress – BalCCon2k15
- From: Milos Krasojevic
[FD] t2'15: Call for Papers 2015 (Helsinki / Finland)
- From: Tomi Tuominen
[FD] WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability
- From: Vulnerability Lab
Re: [FD] Safari Address Spoofing (How We Got It)
- From: David Leo
Re: [FD] Safari Address Spoofing (How We Got It)
- From: Michal Zalewski
Re: [FD] Safari Address Spoofing (How We Got It)
- From: Jeffrey Walton
[FD] [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
- From: Pedro Ribeiro
[FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite
- From: reek35
[FD] [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass
- From: The Security Factory
[FD] Broken, Abandoned, and Forgotten Code, Part 7
- From: Zach C
[FD] 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- From: Vulnerability Lab
[FD] 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- From: Vulnerability Lab
[FD] 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow
- From: Vulnerability Lab
[FD] NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues
- From: VMware Security Response Center
[FD] [call for paper] SIGIR workshop: privacy-preserving information retrieval
- From: Hongkai Wu
Re: [FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite
- From: Justin Burke
[FD] Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
- From: Larry W. Cashdollar
[FD] [CVE-2015-4342]SQL Injection and Location header injection from cdef id
- From: xin.wang
[FD] Broken, Abandoned, and Forgotten Code, Intermission
- From: Zach C
[FD] Fwd: Potentially critical buffer overflow in TinySRP
- From: Douglas Held
[FD] [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
- From: RedTeam Pentesting GmbH
[FD] [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
- From: RedTeam Pentesting GmbH
[FD] Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability
- From: Vulnerability Lab
[FD] This POODLE Bites: Exploiting The SSL 3.0 Fallback
- From: Bruno Luiz
[FD] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
- From: Larry W. Cashdollar
[FD] Authentication Bypass in Pandora FMS
- From: Manuel Mancera
[FD] 2 vulns 1 line in RNCryptor (PHP) + Call to Action
- From: Scott Arciszewski
[FD] [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
- From: Egidio Romano
[FD] [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
- From: Egidio Romano
[FD] [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
- From: Egidio Romano
[FD] Apache vulnerability program faulting module ntdll.dll
- From: Bruno Luiz
[FD] SAP Security Notes June 2015
- From: Darya Maenkova
[FD] 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities
- From: Jing Wang
[FD] FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities
- From: Jing Wang
[FD] Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
- From: Larry W. Cashdollar
[FD] D-Link DSP-W110 - multiple vulnerabilities
- From: Peter Adkins
[FD] XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
- From: Stas Volfus
[FD] The token order of OpVectorTimesScalar and OpMatrixTimesScalar which generated in glslangValidator isn't consistant with SPEC
- From: Aras Pranckevicius
[FD] Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS
- From: sec@xxxxxxxxxxxxx
[FD] OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability
- From: Bruno Luiz
[FD] E-Detective Lawful Interception System - multiple security vulnerabilities
- From: Mustafa Al-Bassam
[FD] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager
- From: RedTeam Pentesting GmbH
[FD] Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5
- From: Nitin Venkatesh
[FD] eBay Security Assessment
- From: cosmin0maier
Re: [FD] Announcing NorthSec 2015 - Montreal, May 21-24
- From: Pierre-d
[FD] [CVE-2015-4553]Dedecms variable coverage leads to getshell
- From: zise.shi
[FD] CVE-2015-4453 - Authentication bypass in OpenEMR
- From: Brian Hysell
[FD] SpiderOak.com - Disclousure of sensitive information
- From: Cosmin Maier
[FD] Broken, Abandoned, and Forgotten Code, Part 8
- From: Zach C
[FD] ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
- From: Vulnerability Lab
[FD] ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability
- From: Vulnerability Lab
[FD] Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability
- From: Vulnerability Lab
[FD] Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability
- From: Vulnerability Lab
[FD] Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability
- From: Vulnerability Lab
[FD] IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)
- From: MustLive
[FD] Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563
- From: Nitin Venkatesh
[FD] Tutanota Encrypted Email service - Malleable Ciphertext (AES-CBC with no MAC)
- From: Scott Arciszewski
[FD] [Survey] Help shape the future of IDSs
- From: Antonio Augusto Santos
[FD] ManageEngine Asset Explorer v6.1 - Persistent Vulnerability
- From: Vulnerability Lab
[FD] ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS
- From: Darya Maenkova
[FD] ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE
- From: Darya Maenkova
[FD] CVE-2015-4413 - Wordpress “Nextend Facebook Connect” Cross Site Scripting
- From: Liran Segal
[FD] CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting
- From: Liran Segal
[FD] New version: smalisca - Static Code Analysis tool for Smali files
- From: Levon Kayan
[FD] Minds.com - Several Issues
- From: Scott Arciszewski
[FD] XSS vulnerability in manage engine.
- From: Suraj Krishnaswami
[FD] Haka v0.3.0 release
- From: Mehdi Talbi
[FD] ROP 101 Blog
- From: Craig Young
[FD] Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP
- From: Darya Maenkova
[FD] CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004
- From: Marco Delai
[FD] Recomendation: Flaw in K9 Web Protection 4.4.268
- From: ICSS Security
[FD] SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS
- From: Raschin Ghanad-Tavakoli
[FD] SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences
- From: SEC Consult Vulnerability Lab
[FD] Remote file download vulnerability in download-zip-attachments v1.0
- From: Larry W. Cashdollar
[FD] Arbitrary File download in wordpress plugin wp-instance-rename v1.0
- From: Larry W. Cashdollar
[FD] Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System
- From: Mustafa Al-Bassam
Re: [FD] Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System
- From: Luke Walker
[FD] WedgeOS Multiple Vulnerabilities
- From: Daniel Jensen
[FD] Watchguard XCS Multiple Vulnerabilities
- From: Daniel Jensen
[FD] Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser
- From: Hanno Böck
[FD] CollabNet Subversion Edge Hook Script Privilege Escalation
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge Password Hash Leak
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge downloadHook local file inclusion
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge show local file inclusion
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge tail local file inclusion
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge insecure password change
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge missing brute force protection
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge autocomplete on
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge missing clickjacking protection
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge weak password policy
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge missing XSRF protection
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge weak password storage mechanism
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge missing single login restriction
- From: Oliver-Tobias Ripka
[FD] CollabNet Subversion Edge index local file inclusion
- From: Oliver-Tobias Ripka
[FD] XXE Injection in NetIQ Access
- From: MustLive

Mail converted by MHonArc