Mail Index

• Thread Index

• [FD] [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
  • From: CORE Advisories Team
• [FD] KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability
  • From: Vulnerability Lab
• [FD] NibbleBlog 4.0.3 - CSRF - Not fixed
  • From: Curesec Research Team (CRT)
• [FD] NibbleBlog 4.0.3 - Code Execution - Not fixed
  • From: Curesec Research Team (CRT)
• [FD] Serendipity 2.0.1 - Code Execution
  • From: Curesec Research Team (CRT)
• [FD] Serendipity 2.0.1 - Persistent XSS
  • From: Curesec Research Team (CRT)
• [FD] Serendipity 2.0.1 - Blind SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4
  • From: Dragos Ruiu
• [FD] Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin)
  • From: dxw Security
• [FD] Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability
  • From: David Coomber
• [FD] Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability
  • From: David Coomber
• [FD] NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation
  • From: Elliott Lewis
• [FD] Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
  • From: Dau, Huy-Ngoc (FR - Paris)
• [FD] Glibc Pointer guarding weakness
  • From: Hector Marco-Gisbert
• [FD] [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
  • From: Julien Ahrens
• [FD] Just Don't Use or Trust Bullhorn
  • From: Scott Arciszewski
• [FD] Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability
  • From: Praveen D
• [FD] Advantech WebAccess 8.0, 3.4.3 multiple Remote Code Execution Vulnerabilities
  • From: Praveen D
• [FD] Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
  • From: Stefan Kanthak
• [FD] Use After Free Vulnerabilities in unserialize()
  • From: Taoguang Chen
• [FD] Use After Free Vulnerabilities in Session Deserializer
  • From: Taoguang Chen
• [FD] Use After Free Vulnerability in unserialize() with GMP
  • From: Taoguang Chen
• [FD] Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage
  • From: Taoguang Chen
• [FD] Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
  • From: Taoguang Chen
• Re: [FD] Use After Free Vulnerabilities in unserialize()
  • From: Taoguang Chen
• Re: [FD] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
  • From: Securify B.V.
• [FD] Synology Video Station command injection and multiple SQL injection vulnerabilities
  • From: Securify B.V.
• [FD] Multiple Cross-Site Scripting vulnerabilities in Synology Download Station
  • From: Securify B.V.
• [FD] Raritan PowerIQ default credentials
  • From: Brandon Perry
• [FD] Silver Peak VXOA Multiple Vulnerabilities
  • From: Daniel Jensen
• [FD] OpenLDAP ber_get_next Denial of Service
  • From: Denis Andzakovic
• [FD] [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository
  • From: ERPScan inc
• [FD] [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
  • From: ERPScan inc
• [FD] [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials
  • From: ERPScan inc
• [FD] CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability
  • From: Fernando Camara
• [FD] DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
  • From: Onur Yilmaz
• [FD] Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations
  • From: Stefan Kanthak
• [FD] Nokia Solutions and Networks @vantage - Multiple Reflected XSS
  • From: Uğur Cihan KOÇ
• Re: [FD] Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability
  • From: W Gillespie
• [FD] Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability
  • From: Vulnerability Lab
• [FD] Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Magento Bug Bounty #19 - Persistent Filename Vulnerability
  • From: Vulnerability Lab
• [FD] PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability
  • From: Vulnerability Lab
• [FD] [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
  • From: Egidio Romano
• Re: [FD] OpenLDAP ber_get_next Denial of Service
  • From: Mark Koek
• [FD] Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
  • From: Stefan Kanthak
• [FD] Sunny WebBox CVE-2015-3964 Fix
  • From: SCADA StrangeLove
• [FD] Paypal Inc - Open Redirect Web Vulnerability
  • From: Vulnerability Lab
• [FD] Anchor CMS 0.9.2 - XSS
  • From: Curesec Research Team (CRT)
• [FD] Zen Cart 1.5.4 - Code Execution and Information Leak
  • From: Curesec Research Team (CRT)
• [FD] ZeusCart 4.0 - XSS - not fixed
  • From: Curesec Research Team (CRT)
• [FD] ZeusCart 4.0: SQL Injection - not fixed
  • From: Curesec Research Team (CRT)
• [FD] ZeusCart 4.0: Code Execution - not fixed
  • From: Curesec Research Team (CRT)
• [FD] ZeusCart 4.0: CSRF - not fixed
  • From: Curesec Research Team (CRT)
• [FD] Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
  • From: Dawid Golunski
• [FD] Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
  • From: Dawid Golunski
• [FD] Weeman 1.1 HTTP server for phishing | release announcement
  • From: Hypsurus
• [FD] (0day) IBOOKING CMS - SQL INJECTION
  • From: INURL Brasil
• [FD] [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
  • From: Ahrens, Julien
• [FD] FuzzDB updated, relocated to Github
  • From: Adam Muntner
• [FD] ManageEngine EventLog Analyzer SQL query execution
  • From: xistence
• [FD] ManageEngine OpManager multiple vulnerabilities
  • From: xistence
• [FD] APPLE-SA-2015-09-16-1 iOS 9
  • From: Apple Product Security
• [FD] APPLE-SA-2015-09-16-2 Xcode 7.0
  • From: Apple Product Security
• [FD] APPLE-SA-2015-09-16-3 iTunes 12.3
  • From: Apple Product Security
• [FD] APPLE-SA-2015-09-16-4 OS X Server 5.0.3
  • From: Apple Product Security
• Re: [FD] Use After Free Vulnerabilities in unserialize()
  • From: Christian Kujau
• [FD] KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] On Huawei advisory for MBB (Mobile Broadband) product E3272s.
  • From: SCADA StrangeLove
• [FD] New release of testssl.sh
  • From: Dirk
• [FD] s/party/hack like it's 1999
  • From: up201407890
• [FD] Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
  • From: Stefan Kanthak
• [FD] Broken, Abandoned, and Forgotten Code, Part 12
  • From: Zach C
• [FD] Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] UDID v1.0 iOS - Persistent Mail Encode Vulnerability
  • From: Vulnerability Lab
• [FD] Cisco AnyConnect elevation of privileges via DLL side loading
  • From: Securify B.V.
• [FD] [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption
  • From: Onapsis Research Team
• [FD] Obtaining LAN IP from JavaScript for CSRF
  • From: Craig Young
• [FD] Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability
  • From: Vulnerability Lab
• [FD] UltraEdit v22.20 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Cisco AnyConnect elevation of privileges via DMG install script
  • From: Securify B.V.
• [FD] CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
  • From: Antoine Neuenschwander
• [FD] An iOS oversight: exploiting device trust and backups
  • From: David Longenecker
• [FD] APPLE-SA-2015-09-21-1 watchOS 2
  • From: Apple Product Security
• [FD] Flowdock API Bug Bounty #2 - Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• [FD] CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• [FD] CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• [FD] RomPager ShellShock RCE Vulnerability?
  • From: 1n3
• [FD] Stored XSS in 4images <= v1.7.11
  • From: Manuel Garcia Cardenas
• [FD] VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue
  • From: Jing Wang
• Re: [FD] An iOS oversight: exploiting device trust and backups
  • From: Luis 'Pope' Gómez
• [FD] CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization
  • From: Profundis Labs
• [FD] CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization
  • From: Profundis Labs
• Re: [FD] RomPager ShellShock RCE Vulnerability?
  • From: 1n3
• [FD] Apport kernel_crashdump symlink vulnerability exploitation
  • From: halfdog
• [FD] Unauthorized Data Manipulation Vulnerability in Orange HRM
  • From: vishnu raju
• [FD] My.WiFi USB Drive v1.0 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• [FD] Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
  • From: Vulnerability Lab
• [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] IconLover v5.4.5 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] [Onapsis Security Advisory 2015-009] SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-015] SAP HANA SQL injection in _modifyUser function
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-016] SAP HANA SQL injection in _newUser function
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-017] SAP HANA XSJS Code Injection in test-net.xsjs
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-018] SAP HANA SQL injection in, setTraceLevelsForXsApps function
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-019] SAP HANA XSS in role deletion through Web-based development workbench
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-020] SAP HANA Trace configuration SQL injection
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-021] SAP HANA XSS in user creation through Web-based development workbench
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-022] SAP HANA SQL injection in getSqlTraceConfiguration function
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-023] SAP HANA Drop Credentials SQL injection
  • From: Onapsis Research Team