Mail Index

• Thread Index

• [FD] PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug
  • From: Jing Wang
• [FD] Symantec Endpoint Protection
  • From: Markus Wulftange
• Re: [FD] Symantec Endpoint Protection
  • From: Brandon Perry
• [FD] Vulnerability in VirtueMart for Joomla
  • From: MustLive
• [FD] CODEBLUE.JP - Security Conference in Tokyo Calling for Papers by Sep.10
  • From: Kana Shinoda
• [FD] New BlackArch Linux ISOs (version 2015.07.31)
  • From: Black Arch
• Re: [FD] Symantec Endpoint Protection
  • From: Markus Wulftange
• [FD] Mozilla extensions: a security nightmare
  • From: Stefan Kanthak
• [FD] SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network
  • From: SEC Consult Vulnerability Lab
• Re: [FD] Mozilla extensions: a security nightmare
  • From: Mario Vilas
• [FD] Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments
  • From: dxw Security
• [FD] Security Advisory - "Cross-VM ASL INtrospection (CAIN)"
  • From: antonio
• [FD] Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
  • From: Stefan Kanthak
• Re: [FD] Security Advisory - "Cross-VM ASL INtrospection (CAIN)"
  • From: Артур Истомин
• [FD] SCADA with antenna
  • From: SCADA StrangeLove
• [FD] Ferrari - PHP CGI Argument Injection (RCE) Vulnerability
  • From: Vulnerability Lab
• [FD] Device Inspector v1.5 iOS - Command Inject Vulnerabilities
  • From: Vulnerability Lab
• [FD] Use After Free Vulnerability in unserialize() with SPL ArrayObject
  • From: Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
  • From: Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with SplObjectStorage
  • From: Taoguang Chen
• Re: [FD] Mozilla extensions: a security nightmare
  • From: Dave Horsfall
• [FD] Pineapple autopwn script 2.3.0 or lower versions.
  • From: Electric Mind
• [FD] T Mobile Business - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] Thomson Reuters FATCA - Arbitrary File Upload
  • From: Etnies
• [FD] BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities
  • From: Curesec Research Team
• Re: [FD] Mozilla extensions: a security nightmare
  • From: Thomas D.
• [FD] BigTree CMS 4.2.3 Multiple Sql Injections
  • From: Curesec Research Team
• [FD] CodoForum 3.3.1 Multiple Cross Site Scriptings
  • From: Curesec Research Team
• [FD] CodoForum 3.3.1 Multiple SQL Injections
  • From: Curesec Research Team
• [FD] CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation
  • From: Gregory Pickett
• [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
  • From: dxw Security
• [FD] Thomson Reuters FATCA - Local File Inclusion
  • From: Etnies
• [FD] php 7 use after free bug
  • From: 牛保龙
• [FD] Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin)
  • From: dxw Security
• [FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
  • From: Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
  • From: Onapsis Research Labs
• [FD] Open source tool for applying Google Chrome security updates
  • From: David Leo
• [FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
  • From: Blue Frost Security Research Lab
• Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
  • From: dxw Security
• [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
  • From: dxw Security
• Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
  • From: Scott Arciszewski
• [FD] Update: Backdoor and RCE found in 8 TOTOLINK router models
  • From: Pierre Kim
• [FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
  • From: Dawid Golunski
• [FD] Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
  • From: Vantage Point Security
• [FD] SAP Security Notes August 2015
  • From: ERPScan inc
• [FD] NetRipper - Smart traffic sniffing for penetration testers
  • From: Poyo VL
• [FD] APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
  • From: Apple Product Security
• [FD] APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
  • From: Apple Product Security
• [FD] APPLE-SA-2015-08-13-3 iOS 8.4.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-08-13-4 OS X Server v4.1.5
  • From: Apple Product Security
• [FD] BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
  • From: Blue Frost Security Research Lab
• [FD] [CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
  • From: xin.wang
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow
  • From: ERPScan inc
• [FD] Sandbox bypass through Google Admin WebView
  • From: Vahagn Vardanyan
• [FD] vBulletin x.x.x rce "0day"
  • From: Joshua Rogers
• [FD] Oracle CSO numbers, security hygiene and fixes at the same time
  • From: Security Explorations
• [FD] Insufficient certificate validation in EMC Secure Remote Services Virtual Edition
  • From: Securify B.V.
• [FD] Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal
  • From: Securify B.V.
• [FD] [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE
  • From: ERPScan inc
• Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
  • From: dxw Security
• [FD] Severe weakness in checkout provider Borderfree allows users to easily control the prices they pay on ecommerce websites
  • From: John Smith
• [FD] Phorum 5.2.19 - Reflected XSS and Open Redirect
  • From: Curesec Research Team (CRT)
• [FD] Bolt 2.2.4 - Code Execution
  • From: Curesec Research Team (CRT)
• [FD] ModX Revolution 2.3.5 - Reflected XSS
  • From: Curesec Research Team (CRT)
• [FD] UNIT4TETA TETA WEB - Authorization Bypass vulnerability
  • From: Lukasz Miedzinski
• [FD] Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
  • From: Vulnerability Lab
• [FD] PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] ChiefPDF Software v2.x - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] WebSolutions India Design CMS - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] UBNT Bug Bounty #3 - Persistent Filename Vulnerability
  • From: Vulnerability Lab
• Re: [FD] ModX Revolution 2.3.5 - Reflected XSS - Fixed Versions Released
  • From: Curesec Research Team (CRT)
• [FD] Blind boolean SQL injection vulnerability in ResourceSpace CMS
  • From: William Reyor
• Re: [FD] CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
  • From: paul . szabo
• [FD] UNIT4TETA TETA WEB - Session Fixation
  • From: Lukasz Miedzinski
• [FD] Google Analyticator Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-6328
  • From: Onur Yilmaz
• [FD] nullcon se7en CFP is open
  • From: nullcon
• [FD] AnchorCMS - PHP Object Injection (CVE-2015-5687) and More
  • From: Scott Arciszewski
• [FD] CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin)
  • From: dxw Security
• [FD] Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin)
  • From: dxw Security
• [FD] Dogma India dogmaindia CMS - Auth Bypass Session Vulnerability
  • From: Vulnerability Lab
• [FD] LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
  • From: Vulnerability Lab
• [FD] PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Photo Transfer (2) v1.0 iOS - Denial of Service Vulnerability
  • From: Vulnerability Lab
• Re: [FD] AnchorCMS - PHP Object Injection (CVE-2015-5687) and More
  • From: Scott Arciszewski
• [FD] KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • From: Jing Wang
• [FD] Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • From: Jing Wang