Mail Thread Index
- [FD] [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities,
CORE Advisories Team
- [FD] KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation,
KoreLogic Disclosures
- [FD] KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation,
KoreLogic Disclosures
- [FD] PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability,
Vulnerability Lab
- [FD] NibbleBlog 4.0.3 - CSRF - Not fixed,
Curesec Research Team (CRT)
- [FD] NibbleBlog 4.0.3 - Code Execution - Not fixed,
Curesec Research Team (CRT)
- [FD] Serendipity 2.0.1 - Code Execution,
Curesec Research Team (CRT)
- [FD] Serendipity 2.0.1 - Persistent XSS,
Curesec Research Team (CRT)
- [FD] Serendipity 2.0.1 - Blind SQL Injection,
Curesec Research Team (CRT)
- [FD] PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4,
Dragos Ruiu
- [FD] Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin),
dxw Security
- [FD] CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin),
dxw Security
- [FD] Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin),
dxw Security
- [FD] Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities,
Vulnerability Lab
- [FD] Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability,
David Coomber
- [FD] Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability,
David Coomber
- [FD] NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation,
Elliott Lewis
- [FD] Checkmarx CxQL Sandbox bypass (CVE-2014-8778),
Dau, Huy-Ngoc (FR - Paris)
- [FD] Glibc Pointer guarding weakness,
Hector Marco-Gisbert
- [FD] [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow,
Julien Ahrens
- [FD] Just Don't Use or Trust Bullhorn,
Scott Arciszewski
- [FD] Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability,
Praveen D
- [FD] Advantech WebAccess 8.0, 3.4.3 multiple Remote Code Execution Vulnerabilities,
Praveen D
- [FD] Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation,
Stefan Kanthak
- [FD] Use After Free Vulnerabilities in unserialize(),
Taoguang Chen
- [FD] Use After Free Vulnerabilities in Session Deserializer,
Taoguang Chen
- [FD] Use After Free Vulnerability in unserialize() with GMP,
Taoguang Chen
- [FD] Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage,
Taoguang Chen
- [FD] Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList,
Taoguang Chen
- Re: [FD] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class,
Securify B.V.
- [FD] Synology Video Station command injection and multiple SQL injection vulnerabilities,
Securify B.V.
- [FD] Multiple Cross-Site Scripting vulnerabilities in Synology Download Station,
Securify B.V.
- [FD] Raritan PowerIQ default credentials,
Brandon Perry
- [FD] Silver Peak VXOA Multiple Vulnerabilities,
Daniel Jensen
- [FD] OpenLDAP ber_get_next Denial of Service,
Denis Andzakovic
- [FD] [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository,
ERPScan inc
- [FD] [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials,
ERPScan inc
- [FD] [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials,
ERPScan inc
- [FD] CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability,
Fernando Camara
- [FD] DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584,
Onur Yilmaz
- [FD] Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations,
Stefan Kanthak
- [FD] Nokia Solutions and Networks @vantage - Multiple Reflected XSS,
Uğur Cihan KOÇ
- [FD] Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability,
Vulnerability Lab
- [FD] Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability,
Vulnerability Lab
- [FD] Magento Bug Bounty #19 - Persistent Filename Vulnerability,
Vulnerability Lab
- [FD] PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability,
Vulnerability Lab
- [FD] [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability,
Egidio Romano
- [FD] Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe,
Stefan Kanthak
- [FD] Sunny WebBox CVE-2015-3964 Fix,
SCADA StrangeLove
- [FD] Paypal Inc - Open Redirect Web Vulnerability,
Vulnerability Lab
- [FD] Anchor CMS 0.9.2 - XSS,
Curesec Research Team (CRT)
- [FD] Zen Cart 1.5.4 - Code Execution and Information Leak,
Curesec Research Team (CRT)
- [FD] ZeusCart 4.0 - XSS - not fixed,
Curesec Research Team (CRT)
- [FD] ZeusCart 4.0: SQL Injection - not fixed,
Curesec Research Team (CRT)
- [FD] ZeusCart 4.0: Code Execution - not fixed,
Curesec Research Team (CRT)
- [FD] ZeusCart 4.0: CSRF - not fixed,
Curesec Research Team (CRT)
- [FD] Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution,
Dawid Golunski
- [FD] Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal,
Dawid Golunski
- [FD] Weeman 1.1 HTTP server for phishing | release announcement,
Hypsurus
- [FD] (0day) IBOOKING CMS - SQL INJECTION,
INURL Brasil
- [FD] [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting,
Ahrens, Julien
- [FD] FuzzDB updated, relocated to Github,
Adam Muntner
- [FD] ManageEngine EventLog Analyzer SQL query execution,
xistence
- [FD] ManageEngine OpManager multiple vulnerabilities,
xistence
- [FD] APPLE-SA-2015-09-16-1 iOS 9,
Apple Product Security
- [FD] APPLE-SA-2015-09-16-2 Xcode 7.0,
Apple Product Security
- [FD] APPLE-SA-2015-09-16-3 iTunes 12.3,
Apple Product Security
- [FD] APPLE-SA-2015-09-16-4 OS X Server 5.0.3,
Apple Product Security
- [FD] KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation,
KoreLogic Disclosures
- [FD] On Huawei advisory for MBB (Mobile Broadband) product E3272s.,
SCADA StrangeLove
- [FD] New release of testssl.sh,
Dirk
- [FD] s/party/hack like it's 1999,
up201407890
- [FD] Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...,
Stefan Kanthak
- [FD] Broken, Abandoned, and Forgotten Code, Part 12,
Zach C
- [FD] Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability,
Vulnerability Lab
- [FD] UDID v1.0 iOS - Persistent Mail Encode Vulnerability,
Vulnerability Lab
- [FD] Cisco AnyConnect elevation of privileges via DLL side loading,
Securify B.V.
- [FD] [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption,
Onapsis Research Team
- [FD] Obtaining LAN IP from JavaScript for CSRF,
Craig Young
- [FD] Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability,
Vulnerability Lab
- [FD] WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability,
Vulnerability Lab
- [FD] UltraEdit v22.20 - Buffer Overflow Vulnerability,
Vulnerability Lab
- [FD] Cisco AnyConnect elevation of privileges via DMG install script,
Securify B.V.
- [FD] CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth,
Antoine Neuenschwander
- [FD] An iOS oversight: exploiting device trust and backups,
David Longenecker
- [FD] APPLE-SA-2015-09-21-1 watchOS 2,
Apple Product Security
- [FD] Flowdock API Bug Bounty #2 - Persistent Web Vulnerability,
Vulnerability Lab
- [FD] CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine,
Portcullis Advisories
- [FD] CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine,
Portcullis Advisories
- [FD] CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine,
Portcullis Advisories
- [FD] RomPager ShellShock RCE Vulnerability?,
1n3
[FD] Stored XSS in 4images <= v1.7.11,
Manuel Garcia Cardenas
[FD] VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue,
Jing Wang
[FD] CVE-2015-7323 - Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization,
Profundis Labs
[FD] Apport kernel_crashdump symlink vulnerability exploitation,
halfdog
[FD] Unauthorized Data Manipulation Vulnerability in Orange HRM,
vishnu raju
[FD] My.WiFi USB Drive v1.0 iOS - File Include Vulnerability,
Vulnerability Lab
[FD] Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability,
Vulnerability Lab
[FD] NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability,
Vulnerability Lab
[FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability,
Vulnerability Lab
[FD] Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability,
Vulnerability Lab
[FD] IconLover v5.4.5 - Stack Buffer Overflow Vulnerability,
Vulnerability Lab
[FD] [Onapsis Security Advisory 2015-009] SAP HANA hdbsql Multiple Memory Corruption Vulnerabilities,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-015] SAP HANA SQL injection in _modifyUser function,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-016] SAP HANA SQL injection in _newUser function,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-017] SAP HANA XSJS Code Injection in test-net.xsjs,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-018] SAP HANA SQL injection in, setTraceLevelsForXsApps function,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-019] SAP HANA XSS in role deletion through Web-based development workbench,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-020] SAP HANA Trace configuration SQL injection,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-021] SAP HANA XSS in user creation through Web-based development workbench,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-022] SAP HANA SQL injection in getSqlTraceConfiguration function,
Onapsis Research Team
[FD] [Onapsis Security Advisory 2015-023] SAP HANA Drop Credentials SQL injection,
Onapsis Research Team
Mail converted by MHonArc