Mail Thread Index

• Date Index

• [FD] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability, Blazej Adamczyk
  • Message not available
    • Re: [FD] [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability, Password Manager Pro Support
• [FD] CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP, Fernando Muñoz
• [FD] Siemens, Climatix BACnet/IP communication module, Vulnerabilities, Fran
• [FD] Broken, Abandoned, and Forgotten Code, Part 9, Zach C
• [FD] Google Chrome Address Spoofing (Request For Comment), David Leo
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Big Whale
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Roney Gomes
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), David Leo
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Valentinas Bakaitis
    • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Big Whale
  • <Possible follow-ups>
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Mike K Gorski
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Mustafa Al-Bassam
  • Re: [FD] Google Chrome Address Spoofing (Request For Comment), Daniel Wood
• [FD] DAVOSET v.1.2.5, MustLive
• [FD] Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability, Vulnerability Lab
• [FD] Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability, Vulnerability Lab
• [FD] FCS Scanner v1.0 & v1.4 iOS - Command Inject Vulnerability, Vulnerability Lab
• [FD] Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models), Pierre Kim
• [FD] iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\..., Stefan Kanthak
• [FD] CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0, Alessandro Zala
• [FD] Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied, Kevin Beaumont
  • Re: [FD] Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied, Kevin Beaumont
    • Re: [FD] Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied, Stefan Kanthak
• Re: [FD] [oss-security] Re: Google Chrome Address Spoofing (Request For Comment), anidear
• [FD] Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
• [FD] SQL Injection in easy2map wordpress plugin v1.24, Larry W. Cashdollar
• [FD] ipTIME n104r3 vulnerable to CSRF and XSS attacks, Pierre Kim
• Re: [FD] Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied, Stefan Kanthak
• [FD] WK UDID v1.0.1 iOS - Command Inject Vulnerability, Vulnerability Lab
• [FD] Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability, Vulnerability Lab
• [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
  • Re: [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Gynvael Coldwind
• [FD] Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass, MustLive
• [FD] Open redirect vulnerability in StageShow Wordpress plugin v5.0.8, Nitin Venkatesh
• [FD] 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request, Pierre Kim
  • Re: [FD] 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request, Pierre Kim
• [FD] [CORE-2015-0012] - AirLive Multiple Products OS Command Injection, CORE Advisories Team
• [FD] WideImage Demo Code Cross Site Scripting (XSS), 47
• [FD] Auditing folders ACLs with Powershell, Darío B
• [FD] Orchard CMS - Persistent XSS vulnerability, Paris Zoumpouloglou
• [FD] WideImage Demo Code Cross Site Scripting (XSS), sikkandar.lynx
• [FD] Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root, David Jorm
• [FD] Google Chrome Address Spoofing - Google's Opinion, David Leo
• [FD] Fake links in Skype, Jaanus
  • Re: [FD] Fake links in Skype, Joshua Rogers
• [FD] Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5, Larry W. Cashdollar
• [FD] Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0, Larry W. Cashdollar
• [FD] [CFP] Hackito Ergo Sum 2015, tAd
• [FD] [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection, CORE Advisories Team
• [FD] NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability, VMware Security Response Center
• [FD] CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution, Kyriakos Economou
• [FD] J2Store 3.1.6 unauthenticated SQL injections, Brandon Perry
• [FD] SOPlanning - Simple Online Planning Tool multiple vulnerabilities, Dau, Huy-Ngoc (FR - Paris)
• [FD] Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution, Dau, Huy-Ngoc (FR - Paris)
• [FD] CVE-2014-7952, Android ADB backup APK injection vulnerability, Imre RAD
• [FD] Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777, Larry W. Cashdollar
• [FD] SQL Injection in easy2map-photos wordpress plugin v1.09, Larry W. Cashdollar
• [FD] CFP: Passwords 2015, Dec 7-9, Cambridge, UK, Per Thorsheim
• [FD] Local File Include vulnerability in GD bbPress Attachments allows attackers to include arbitrary PHP files (WordPress plugin), dxw Security
• [FD] Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5, Nitin Venkatesh
• [FD] Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution, xistence
• [FD] Broken, Abandoned, and Forgotten Code, Part 10, Zach C
• Re: [FD] Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm, Seamus Caveney
  • Re: [FD] Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm, Jeffrey Walton
• [FD] CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS, Portcullis Advisories
• [FD] CVE-2015-4426 - SQL Injection In Pimcore CMS, Portcullis Advisories
• [FD] CVE-2015-3621 - Privilege Escalation In SAP ECC, Portcullis Advisories
• [FD] CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe, Portcullis Advisories
• [FD] CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products, Portcullis Advisories
• [FD] Vulnerability in Apache Tomcat, Juan Martinez
  • Re: [FD] Vulnerability in Apache Tomcat, Mark Thomas
  • Re: [FD] Vulnerability in Apache Tomcat, ZhangTianqi
• [FD] [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect, Pedro Ribeiro
• [FD] Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3, Larry W. Cashdollar
• [FD] Remote file download vulnerability in Wordpress Plugin image-export v1.1, Larry W. Cashdollar
• [FD] Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029), William Costa
• [FD] Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin), dxw Security
• [FD] Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin), dxw Security
• [FD] CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5 (WordPress plugin), dxw Security
• [FD] Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3, Nitin Venkatesh
• [FD] Capstone disassembly engine 3.0.4 is out!, Nguyen Anh Quynh
• [FD] SAP Security Notes July 2015, Darya Maenkova
• [FD] 15 TOTOLINK router models vulnerable to multiple RCEs, Pierre Kim
  • Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs, Joshua Wright
• [FD] 4 TOTOLINK router models vulnerable to CSRF and XSS attacks, Pierre Kim
• [FD] Backdoor credentials found in 4 TOTOLINK router models, Pierre Kim
• [FD] Backdoor and RCE found in 8 TOTOLINK router models, Pierre Kim
• [FD] SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express, SEC Consult Vulnerability Lab
• [FD] New CVE's to be released the 17th of June., Kasper Westphal Bertelsen
• [FD] double free's in glibc (and tcmalloc/jemalloc), PIN
• [FD] Broken, Abandoned, and Forgotten Code, Part 11, Zach C
• [FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability, Douglas Held
• [FD] FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] AirDroid ID - Client Side JSONP Callback Vulnerability, Vulnerability Lab
• [FD] 1503A - Chrome - ui::AXTree::Unserialize use-after-free, Berend-Jan Wever
• [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin, Larry W. Cashdollar
  • Re: [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin, Larry W. Cashdollar
• [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), king cope
  • Re: [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), devel
    • Re: [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), Reed Loden
      • Re: [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), Dirk-Willem van Gulik
• [FD] weblogin software cross site request, Juan Martinez
  • <Possible follow-ups>
  • Re: [FD] weblogin software cross site request, jericho
• [FD] Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below, Nitin Venkatesh
• [FD] Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability, Vulnerability Lab
• [FD] Ashley Madison Hacked, Brian Offenheim
  • Re: [FD] Ashley Madison Hacked, Dave Horsfall
• [FD] Joomla! plugin Helpdesk Pro < 1.4.0, Simon Rawet
• [FD] CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti, Shi,Tong
  • Re: [FD] CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti, Henri Salo
• [FD] Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0, Nitin Venkatesh
• [FD] RainbowCrack Plugin for Oracle hashes (<=10g), bob secse
• [FD] Why Full Disclosure is the solution ? An example with RIPE, Pierre Kim
• [FD] ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser, Qualys Security Advisory
• [FD] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class, Securify B.V.
• [FD] CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS, Mark Cross
  • <Possible follow-ups>
  • [FD] CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS, Mark Cross
• [FD] Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14, Nitin Venkatesh
• [FD] Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6, Nitin Venkatesh
• [FD] Multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager, Sijmen Ruwhof
• [FD] Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability, Vulnerability Lab
• [FD] Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
• [FD] Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne, Samuel Lavitt - CVE-2015-0942
• [FD] SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities, SEC Consult Vulnerability Lab
• [FD] CSRF and XSS vulnerabilities in D-Link DCS-2103, MustLive
• [FD] Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin), dxw Security
• [FD] Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report, Dancho Danchev
• [FD] Fwd: CVE_for_Vulnerability_theholidaycalendar, Luciano Pedreira