Mail Index

• Thread Index

• Re: [FD] Cisco AnyConnect elevation of privileges via DLL side loading
  • From: Securify B.V.
• Re: [FD] Cisco AnyConnect elevation of privileges via DMG install script
  • From: Securify B.V.
• [FD] Tool: Race condition chaser on windows
  • From: Alexander Georgiev
• [FD] CVE-2015-2342 VMware vCenter Remote Code Execution
  • From: David Stubley
• [FD] Telegram - Multiple Vulnerabilities
  • From: Eduardo Alves
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Gynvael Coldwind
• [FD] Shell Injection in Pygments FontManager._get_nix_font_path
  • From: Javantea
• [FD] Vulnerabilities in Callisto 821+R3 ADSL Router
  • From: MustLive
• [FD] Mac OS X local root (rsh/libmalloc)
  • From: Philip Pettersson
• [FD] APPLE-SA-2015-09-30-01 iOS 9.0.2
  • From: Apple Product Security
• [FD] APPLE-SA-2015-09-30-2 Safari 9
  • From: Apple Product Security
• [FD] APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
  • From: Apple Product Security
• [FD] Komento Joomla! component Persistent XSS
  • From: David Sopas
• [FD] Charter Spectrum Business HTTP MITM
  • From: Mark Felder
• [FD] Sicherheitslücke - Liferay Portal Enterprise Edition
  • From: Tim Schughart
• [FD] ManageEngine ServiceDesk Plus <= 9.1 build 9110 - Path Traversal
  • From: xistence
• [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Haifei Li
• [FD] Qualys Security Advisory - OpenSMTPD Audit Report
  • From: Qualys Security Advisory
• [FD] CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
  • From: Specto
• Re: [FD] Telegram - Multiple Vulnerabilities
  • From: Uni Sec
• [FD] Apple Safari URI spoofing (CVE-2015-5764)
  • From: Antonio Sanso
• [FD] WinRar Settings Import Command Execution
  • From: Rio Sherri
• [FD] Persistent XSS - Liferay Portal Enterprise Edition
  • From: Tim Schughart
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Hernan Moller
• [FD] Blind SQL Injection in admin panel PHP-Fusion <= v7.02.07
  • From: Manuel Garcia Cardenas
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Lee
• [FD] u-design wordpress theme DOM XSS
  • From: Kenan Gms
• [FD] DDos Attack To Drop The Internet
  • From: Jeffrey Roberts
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Stefan Kanthak
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Stefan Kanthak
• [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
  • From: Alexandre Herzog
• Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
  • From: Joe G
• Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
  • From: Alexandre Herzog
• [FD] [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
  • From: Matteo Beccati
• [FD] CSRF vulnerabilities in Callisto 821+R3 ADSL Router
  • From: MustLive
• [FD] TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
  • From: Onur Yilmaz
• [FD] TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
  • From: Onur Yilmaz
• [FD] CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.
  • From: Sandeep Kamble
• [FD] Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS
  • From: Sandeep Kamble
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Shawn McMahon
• [FD] A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE
  • From: Pierre Kim
• Re: [FD] DDos Attack To Drop The Internet
  • From: Phil Ashby
• Re: [FD] DDos Attack To Drop The Internet
  • From: James Hodgkinson
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Stefan Kanthak
• [FD] [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass
  • From: RedTeam Pentesting GmbH
• [FD] Veeam Backup & Replication Local Privilege Escalation Vulnerability
  • From: ascii
• [FD] Broken, Abandoned, and Forgotten Code, Part 13
  • From: Zach C
• [FD] WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability
  • From: Vulnerability Lab
• [FD] W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability
  • From: Vulnerability Lab
• [FD] FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Exploit NetUSB CVE-2015-3036
  • From: Adrián Ruiz
• [FD] DirectAdmin (1.44.3) CSRF Vulnerability
  • From: Necmettin COŞKUN
• [FD] Writing Cisco IOS Rootkits
  • From: Luca
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Stefan Kanthak
• [FD] JScript 5.7 (MSIE 8) RegExpBase::FBadHeader regular expression use-after-free
  • From: Berend-Jan Wever
• [FD] Buffer overflow in tiny-AES128-C
  • From: Pascal Cuoq
• [FD] Vantage Point Security Advisory 2015-003
  • From: Lyon Yang
• [FD] Vantage Point Security Advisory 2015-002
  • From: Lyon Yang
• [FD] IntelliSec Advisory - Multiple Vulnerabilities in Kerio Control Firewall
  • From: research
• [FD] Full Path Disclosure vulnerability in JM Twitter Cards reveals the location of the WordPress installation on the server (WordPress plugin)
  • From: dxw Security
• [FD] Mozilla extensions: a security nightmare (part 2)
  • From: Stefan Kanthak
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: lists
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Lee
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Stefan Kanthak
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Curtis Lee Bolin
• [FD] PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability
  • From: Vulnerability Lab
• [FD] Freemake Video Downloader 3.7.1 - Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] Unicorn CPU Emulator Framework is out!
  • From: Nguyen Anh Quynh
• [FD] hackercon berlin: hack4 the year is 2015
  • From: dash
• [FD] netis RealTek wireless router / ADSL modem Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] UISGCON11 CFP
  • From: Andrey Loginov
• [FD] CakePHP Xml class SSRF Vulnerability
  • From: Takeshi Terada
• [FD] APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
  • From: Apple Product Security
• Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
  • From: Shawn McMahon
• [FD] Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
  • From: Qualys Security Advisory
• [FD] Events Made Easy WordPress plugin CSRF + Persistent XSS
  • From: David Sopas
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access
  • From: ERPScan inc
• [FD] CarolinaCon-12 - March 2016 - Call for Speakers/Papers/Presenters/Demos
  • From: Vic Vandal
• [FD] Western Digital - My Passport / My Book self-encrypting external hard drive series - Multiple vulnerabilities
  • From: alendal
• [FD] Seagate Central NAS vulnerabilities
  • From: Eric Windisch
• Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Fernando Mercês
• [FD] Firefox FindMyDevice Critical ClickJacking Security Vulnerability
  • From: Mohamed A. Baset
• [FD] [SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42)
  • From: Security Explorations
• [FD] APPLE-SA-2015-10-21-1 iOS 9.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-2 watchOS 2.0.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-3 Safari 9.0.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-5 iTunes 12.3.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-7 Xcode 7.1
  • From: Apple Product Security
• [FD] APPLE-SA-2015-10-21-8 OS X Server 5.0.15
  • From: Apple Product Security
• [FD] SiteWIX - (edit_photo2.php id) SQL Injection Exploit
  • From: ZoRLu Bugrahan
• [FD] Simple PHP static code analysis for security researchers
  • From: Marcin Probola
• [FD] SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities
  • From: SEC Consult Vulnerability Lab
• [FD] Back to the future NTP attacks new attack vector
  • From: Jerome Athias
• [FD] Back to the future EMV attacks
  • From: Jerome Athias
• [FD] [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
  • From: ERPScan inc
• [FD] AoF and CSRF vulnerabilities in D-Link DCS-2103
  • From: MustLive
• [FD] Timing attack vulnerability in most Zeus server-sides
  • From: rotem kerner
• [FD] RootedCON 2016 CFP
  • From: omarbv
• [FD] CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
  • From: Portcullis Advisories
• [FD] CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
  • From: Portcullis Advisories
• [FD] eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
  • From: Dawid Golunski
• [FD] KeeFarce - A KeePass 2.x database extraction tool
  • From: Denis Andzakovic
• [FD] Pligg CMS 2.0.2: Code Execution & CSRF
  • From: CRT
• [FD] Pligg CMS 2.0.2: Directory Traversal
  • From: CRT
• [FD] Pligg CMS 2.0.2: Multiple SQL Injections
  • From: CRT
• [FD] [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• [FD] Xen VM Escape
  • From: Alan Hikerell
• [FD] Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
  • From: Stefan Kanthak