Mail Thread Index

• Date Index

• Re: [FD] Safari Address Spoofing (How We Got It), Michal Zalewski
  • Re: [FD] Safari Address Spoofing (How We Got It), David Leo
    • Re: [FD] Safari Address Spoofing (How We Got It), Michal Zalewski
  • <Possible follow-ups>
  • Re: [FD] Safari Address Spoofing (How We Got It), Jeffrey Walton
• [FD] [CFP] SOURCE Dublin, Sept 5-8, Trinity College, Genevieve Southwick
• [FD] Freebox OS Web interface 3.0.2 XSS, CSRF, DAU Huy Ngoc
• [FD] Call for Papers for 3rd Balkan Computer Congress – BalCCon2k15, Milos Krasojevic
• [FD] t2'15: Call for Papers 2015 (Helsinki / Finland), Tomi Tuominen
• [FD] WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc), Pedro Ribeiro
• [FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite, reek35
• [FD] [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass, The Security Factory
• [FD] Broken, Abandoned, and Forgotten Code, Part 7, Zach C
• [FD] 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
• [FD] 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
• [FD] NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues, VMware Security Response Center
• [FD] [call for paper] SIGIR workshop: privacy-preserving information retrieval, Hongkai Wu
• Re: [FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite, Justin Burke
• [FD] Xloner v3.1.2 wordpress plugin authenticated command execution and XSS, Larry W. Cashdollar
• [FD] [CVE-2015-4342]SQL Injection and Location header injection from cdef id, xin.wang
• [FD] Broken, Abandoned, and Forgotten Code, Intermission, Zach C
• [FD] Fwd: Potentially critical buffer overflow in TinySRP, Douglas Held
• [FD] [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery, RedTeam Pentesting GmbH
• [FD] Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability, Vulnerability Lab
• [FD] This POODLE Bites: Exploiting The SSL 3.0 Fallback, Bruno Luiz
• [FD] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin, Larry W. Cashdollar
• [FD] Authentication Bypass in Pandora FMS, Manuel Mancera
• [FD] 2 vulns 1 line in RNCryptor (PHP) + Call to Action, Scott Arciszewski
• [FD] [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability, Egidio Romano
• [FD] [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities, Egidio Romano
• [FD] [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability, Egidio Romano
• [FD] Apache vulnerability program faulting module ntdll.dll, Bruno Luiz
• [FD] SAP Security Notes June 2015, Darya Maenkova
• [FD] 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities, Jing Wang
• [FD] FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities, Jing Wang
• [FD] Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0, Larry W. Cashdollar
• [FD] D-Link DSP-W110 - multiple vulnerabilities, Peter Adkins
• [FD] XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ), Stas Volfus
• [FD] The token order of OpVectorTimesScalar and OpMatrixTimesScalar which generated in glslangValidator isn't consistant with SPEC, Aras Pranckevicius
• [FD] Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS, sec@xxxxxxxxxxxxx
• [FD] OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability, Bruno Luiz
• [FD] E-Detective Lawful Interception System - multiple security vulnerabilities, Mustafa Al-Bassam
• [FD] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager, RedTeam Pentesting GmbH
• [FD] Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5, Nitin Venkatesh
• [FD] eBay Security Assessment, cosmin0maier
• Re: [FD] Announcing NorthSec 2015 - Montreal, May 21-24, Pierre-d
• [FD] [CVE-2015-4553]Dedecms variable coverage leads to getshell, zise.shi
• [FD] CVE-2015-4453 - Authentication bypass in OpenEMR, Brian Hysell
• [FD] SpiderOak.com - Disclousure of sensitive information, Cosmin Maier
• [FD] Broken, Abandoned, and Forgotten Code, Part 8, Zach C
• [FD] ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities, Vulnerability Lab
• [FD] ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability, Vulnerability Lab
• [FD] Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability, Vulnerability Lab
• [FD] Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability, Vulnerability Lab
• [FD] IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981), MustLive
• [FD] Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563, Nitin Venkatesh
• [FD] Tutanota Encrypted Email service - Malleable Ciphertext (AES-CBC with no MAC), Scott Arciszewski
• [FD] [Survey] Help shape the future of IDSs, Antonio Augusto Santos
• [FD] ManageEngine Asset Explorer v6.1 - Persistent Vulnerability, Vulnerability Lab
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS, Darya Maenkova
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE, Darya Maenkova
• [FD] CVE-2015-4413 - Wordpress “Nextend Facebook Connect” Cross Site Scripting, Liran Segal
• [FD] CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting, Liran Segal
• [FD] New version: smalisca - Static Code Analysis tool for Smali files, Levon Kayan
• [FD] Minds.com - Several Issues, Scott Arciszewski
• [FD] XSS vulnerability in manage engine., Suraj Krishnaswami
• [FD] Haka v0.3.0 release, Mehdi Talbi
• [FD] ROP 101 Blog, Craig Young
• [FD] Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP, Darya Maenkova
• [FD] CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004, Marco Delai
• [FD] Recomendation: Flaw in K9 Web Protection 4.4.268, ICSS Security
• [FD] SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS, Raschin Ghanad-Tavakoli
• [FD] SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences, SEC Consult Vulnerability Lab
• [FD] Remote file download vulnerability in download-zip-attachments v1.0, Larry W. Cashdollar
• [FD] Arbitrary File download in wordpress plugin wp-instance-rename v1.0, Larry W. Cashdollar
• [FD] Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System, Mustafa Al-Bassam
  • Re: [FD] Response to Decision Group press release about security vulnerabilities in E-Detective Lawful Interception System, Luke Walker
• [FD] WedgeOS Multiple Vulnerabilities, Daniel Jensen
• [FD] Watchguard XCS Multiple Vulnerabilities, Daniel Jensen
• [FD] Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser, Hanno Böck
• [FD] CollabNet Subversion Edge Hook Script Privilege Escalation, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge Password Hash Leak, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge downloadHook local file inclusion, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge show local file inclusion, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge tail local file inclusion, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge insecure password change, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge missing brute force protection, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge autocomplete on, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge missing clickjacking protection, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge weak password policy, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge missing XSRF protection, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge weak password storage mechanism, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge missing single login restriction, Oliver-Tobias Ripka
• [FD] CollabNet Subversion Edge index local file inclusion, Oliver-Tobias Ripka
• [FD] XXE Injection in NetIQ Access, MustLive