Mail Thread Index

• Date Index

• [FD] PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug, Jing Wang
• [FD] Symantec Endpoint Protection, Markus Wulftange
  • Re: [FD] Symantec Endpoint Protection, Brandon Perry
    • Re: [FD] Symantec Endpoint Protection, Markus Wulftange
• [FD] Vulnerability in VirtueMart for Joomla, MustLive
• [FD] CODEBLUE.JP - Security Conference in Tokyo Calling for Papers by Sep.10, Kana Shinoda
• [FD] New BlackArch Linux ISOs (version 2015.07.31), Black Arch
• [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
  • Re: [FD] Mozilla extensions: a security nightmare, Mario Vilas
    • Re: [FD] Mozilla extensions: a security nightmare, Thomas D.
  • Message not available
    • Message not available
      • Message not available
        • Message not available
          • Message not available
            • Message not available
              • Message not available
                • Message not available
                  • Message not available
                    • Re: [FD] Mozilla extensions: a security nightmare, Dave Horsfall
• [FD] SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network, SEC Consult Vulnerability Lab
• [FD] Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments, dxw Security
• [FD] Security Advisory - "Cross-VM ASL INtrospection (CAIN)", antonio
  • Re: [FD] Security Advisory - "Cross-VM ASL INtrospection (CAIN)", Артур Истомин
• [FD] Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows, Stefan Kanthak
• [FD] SCADA with antenna, SCADA StrangeLove
• [FD] Ferrari - PHP CGI Argument Injection (RCE) Vulnerability, Vulnerability Lab
• [FD] Device Inspector v1.5 iOS - Command Inject Vulnerabilities, Vulnerability Lab
• [FD] Use After Free Vulnerability in unserialize() with SPL ArrayObject, Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with SplDoublyLinkedList, Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with SplObjectStorage, Taoguang Chen
• [FD] Pineapple autopwn script 2.3.0 or lower versions., Electric Mind
• [FD] T Mobile Business - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Thomson Reuters FATCA - Arbitrary File Upload, Etnies
• [FD] BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities, Curesec Research Team
• [FD] BigTree CMS 4.2.3 Multiple Sql Injections, Curesec Research Team
• [FD] CodoForum 3.3.1 Multiple Cross Site Scriptings, Curesec Research Team
• [FD] CodoForum 3.3.1 Multiple SQL Injections, Curesec Research Team
• [FD] CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation, Gregory Pickett
• [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin), dxw Security
  • Message not available
    • Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin), dxw Security
• [FD] Thomson Reuters FATCA - Local File Inclusion, Etnies
• [FD] php 7 use after free bug, 牛保龙
• [FD] Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin), dxw Security
• [FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability, Vulnerability Lab
• [FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery, Onapsis Research Labs
• [FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage, Onapsis Research Labs
• [FD] Open source tool for applying Google Chrome security updates, David Leo
• [FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability, Blue Frost Security Research Lab
• [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin), dxw Security
  • Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin), Scott Arciszewski
    • Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin), dxw Security
• [FD] Update: Backdoor and RCE found in 8 TOTOLINK router models, Pierre Kim
• [FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM, Dawid Golunski
• [FD] Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001), Vantage Point Security
• [FD] SAP Security Notes August 2015, ERPScan inc
• [FD] NetRipper - Smart traffic sniffing for penetration testers, Poyo VL
• [FD] APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8, Apple Product Security
• [FD] APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006, Apple Product Security
• [FD] APPLE-SA-2015-08-13-3 iOS 8.4.1, Apple Product Security
• [FD] APPLE-SA-2015-08-13-4 OS X Server v4.1.5, Apple Product Security
• [FD] BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities, Blue Frost Security Research Lab
• [FD] [CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid, xin.wang
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow, ERPScan inc
• [FD] Sandbox bypass through Google Admin WebView, Vahagn Vardanyan
• [FD] vBulletin x.x.x rce "0day", Joshua Rogers
• [FD] Oracle CSO numbers, security hygiene and fixes at the same time, Security Explorations
• [FD] Insufficient certificate validation in EMC Secure Remote Services Virtual Edition, Securify B.V.
• [FD] Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal, Securify B.V.
• [FD] [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE, ERPScan inc
• [FD] Severe weakness in checkout provider Borderfree allows users to easily control the prices they pay on ecommerce websites, John Smith
• [FD] Phorum 5.2.19 - Reflected XSS and Open Redirect, Curesec Research Team (CRT)
• [FD] Bolt 2.2.4 - Code Execution, Curesec Research Team (CRT)
• [FD] ModX Revolution 2.3.5 - Reflected XSS, Curesec Research Team (CRT)
  • Re: [FD] ModX Revolution 2.3.5 - Reflected XSS - Fixed Versions Released, Curesec Research Team (CRT)
• [FD] UNIT4TETA TETA WEB - Authorization Bypass vulnerability, Lukasz Miedzinski
• [FD] Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064), Vulnerability Lab
• [FD] PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] ChiefPDF Software v2.x - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] WebSolutions India Design CMS - SQL Injection Vulnerability, Vulnerability Lab
• [FD] UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] UBNT Bug Bounty #3 - Persistent Filename Vulnerability, Vulnerability Lab
• [FD] Blind boolean SQL injection vulnerability in ResourceSpace CMS, William Reyor
• Re: [FD] CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information, paul . szabo
• [FD] UNIT4TETA TETA WEB - Session Fixation, Lukasz Miedzinski
• [FD] Google Analyticator Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-6328, Onur Yilmaz
• [FD] nullcon se7en CFP is open, nullcon
• [FD] AnchorCMS - PHP Object Injection (CVE-2015-5687) and More, Scott Arciszewski
  • Re: [FD] AnchorCMS - PHP Object Injection (CVE-2015-5687) and More, Scott Arciszewski
• [FD] CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin), dxw Security
• [FD] Publicly exploitable XSS in WordPress plugin Navis Documentcloud (WordPress plugin), dxw Security
• [FD] Dogma India dogmaindia CMS - Auth Bypass Session Vulnerability, Vulnerability Lab
• [FD] LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability, Vulnerability Lab
• [FD] PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Photo Transfer (2) v1.0 iOS - Denial of Service Vulnerability, Vulnerability Lab
• [FD] KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug, Jing Wang
• [FD] Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug, Jing Wang