Mail Index

• Thread Index

• [FD] Unauthenticated remote command execution on Cisco Linksys x2000 routers
  • From: Lorenzo Pistone
• [FD] SQL Buddy 1.3.3: CSRF
  • From: Curesec Research Team (CRT)
• [FD] SQL Buddy 1.3.3: XSS
  • From: Curesec Research Team (CRT)
• [FD] Chyrp CMS 2.5.2: XSS
  • From: Curesec Research Team (CRT)
• [FD] CVE-2015-6498
  • From: csirt
• [FD] Cross-Site Scripting | Zeuscart V4
  • From: ITAS Team
• [FD] TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks
  • From: Jing Wang
• [FD] Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem
  • From: Jing Wang
• [FD] DAVOSET v.1.2.6
  • From: MustLive
• [FD] Winehat Security Conference
  • From: Lorenzo Primiterra
• [FD] [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [FD] New release: UFONet v0.6 - "Galactic OFFensive!"
  • From: psy
• Re: [FD] eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
  • From: Dawid Golunski
• [FD] MiniBB 3.1.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] MyWebSQL 3.6: CSRF
  • From: Curesec Research Team (CRT)
• [FD] OpenCart 2.0.3.1: CSRF
  • From: Curesec Research Team (CRT)
• [FD] Supercali Event Calendar 1.0.8: CSRF
  • From: Curesec Research Team (CRT)
• [FD] Supercali Event Calendar 1.0.8: XSS
  • From: Curesec Research Team (CRT)
• [FD] CubeCart 6.0.7: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] CubeCart 6.0.7: XSS
  • From: Curesec Research Team (CRT)
• [FD] Quick.Cart 6.6: CSRF
  • From: Curesec Research Team (CRT)
• [FD] Quick.Cart 6.6: Multiple XSS
  • From: Curesec Research Team (CRT)
• [FD] TheHostingTool 1.2.6: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] TheHostingTool 1.2.6: Multiple SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] TheHostingTool 1.2.6: Multiple XSS
  • From: Curesec Research Team (CRT)
• [FD] SQLiteManager 1.2.4: Multiple XSS
  • From: Curesec Research Team (CRT)
• [FD] First annual BloomCON CFP
  • From: Philip Polstra
• [FD] Broken, Abandoned, and Forgotten Code, Part 14
  • From: Zach Cutlip
• [FD] Google AdWords API PHP client library <= 6.2.0 Arbitrary PHP Code Execution
  • From: Dawid Golunski
• [FD] Google AdWords API client libraries - XML eXternal Entity Injection (XXE)
  • From: Dawid Golunski
• [FD] [Onapsis Security Advisory 2015-024-040] SAP HANA TrexNet Vulnerabilities
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-041] SAP HANA Remote Trace Disclosure
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-042] SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory corruption
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-043] SAP HANA Remote Code Execution (HTTP Login based)
  • From: Onapsis Research Team
• [FD] [Onapsis Security Advisory 2015-044] SAP HANA Remote Code Execution (SQL Login based)
  • From: Onapsis Research Team
• [FD] TestLink 1.9.14 Persistent XSS
  • From: Aravind
• [FD] TestLink 1.9.14 CSRF Vulnerability
  • From: Aravind
• [FD] Joomla CMS - Bad Cryptography - Multiple Vulnerabilities
  • From: Scott Arciszewski
• Re: [FD] SQLiteManager 1.2.4: Multiple XSS
  • From: Henri Salo
• [FD] D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability
  • From: Bhadresh Patel
• [FD] Huawei HG630a and HG630a-50 Modems Default SSH Admin Password
  • From: Murat Sahin
• [FD] OpenBSD package 'net-snmp' information disclosure
  • From: Pierre Kim
• [FD] ZTE ADSL modems - Multiple vulnerabilities
  • From: Karn Ganeshen
• [FD] XCart 5.2.6: XSS
  • From: Curesec Research Team (CRT)
• [FD] XCart 5.2.6: Path Traversal
  • From: Curesec Research Team (CRT)
• [FD] XCart 5.2.6: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] XCart 5.2.6: Code Execution Exploit
  • From: Curesec Research Team (CRT)
• [FD] TomatoCart v1.1.8.6.1: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] TomatoCart v1.1.8.6.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] Thelia 2.2.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] Sitemagic CMS 4.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] Open Source Social Network 3.5: XSS
  • From: Curesec Research Team (CRT)
• [FD] dotclear 2.8.1: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] dotclear 2.8.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: Code Execution Exploit
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: CSRF
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: Path Traversal
  • From: Curesec Research Team (CRT)
• [FD] ClipperCMS 1.3.0: XSS
  • From: Curesec Research Team (CRT)
• [FD] LiteCart 1.3.2: Multiple XSS
  • From: Curesec Research Team (CRT)
• [FD] AlegroCart 1.2.8: LFI/RFI
  • From: Curesec Research Team (CRT)
• [FD] AlegroCart 1.2.8: SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] Call For Papers - BSidesCharm (Baltimore, MD)
  • From: Brian Baskin
• [FD] Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths
  • From: Stefan Kanthak
• [FD] Port Scan v2.0 iOS - Command Inject Vulnerability
  • From: Vulnerability Lab
• [FD] LAN Scan HD v1.20 iOS - Command Inject Vulnerability
  • From: Vulnerability Lab
• [FD] Magento Bug Bounty #22 - (Profile) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] LineNity WP Premium Theme - File Include Vulnerability
  • From: Vulnerability Lab
• [FD] Murgent CMS - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Free WMA MP3 Converter - Buffer Overflow Exploit (SEH)
  • From: Vulnerability Lab
• [FD] Google AOSP Email App HTML Injection
  • From: Cláudio André
• [FD] CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability
  • From: Matthew Flanagan
• [FD] zTree v3 Security Advisory - XSS Vulnerability - CVE-2015-7348
  • From: Onur Yilmaz
• [FD] Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability
  • From: Vulnerability Lab
• [FD] LinkedIn - Persistent Cross-Site Scripting vulnerability(XSS)
  • From: Rohit Dua
• [FD] [CFP] No Big Thing Conference #2 San Francisco, December 5 2015
  • From: Jonathan Brossard
• Re: [FD] LiteCart 1.3.2: Multiple XSS
  • From: Henri Salo
• [FD] Cambium ePMP 1000 - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] Qualsoft Systems - (AddNewsDetails.php) Auth ByPass Vulnerability
  • From: ZoRLu Bugrahan
• [FD] List of Bug Bounty Programs INTERNATIONAL 427+ OFFICIAL - Bug Bounty Sheet
  • From: Vulnerability Lab
• [FD] CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability
  • From: SBA Research Advisory
• [FD] : CVE-2015-8299 RCE Vulnerability in the KNX management software ETS
  • From: SBA Research Advisory
• [FD] : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin
  • From: SBA Research Advisory
• [FD] Cross Site Scripting (XSS) 0day in SimpleViewer all versions
  • From: bugbasher
• Re: [FD] LiteCart 1.3.2: Multiple XSS
  • From: Curesec Research Team (CRT)
• [FD] Leak information on Huawei HG253s v2, Comtrend VG 8050 and ADB P.DGA4001N (HomeStation)
  • From: Daniel Díez
• [FD] [ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE
  • From: ERPScan inc
• [FD] [ERPSCAN-15-019] SAP Afaria - Stored XSS
  • From: ERPScan inc
• [FD] [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import
  • From: ERPScan inc
• [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS)
  • From: Manuel Mancera
• [FD] CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Google Translator affected by Cross-Site Scripting vulnerability
  • From: Francisco Javier Santiago Vázquez
• [FD] [CVE-2015-6942] CoreMail XT3.0 Stored XSS
  • From: shack.li
• [FD] Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers
  • From: Stefan Kanthak
• [FD] PRTG Network Monitor Tool – Multiple Cross-Site Scripting Vulnerability
  • From: Sachin Wagh
• [FD] BlackArch Linux: New ISOs and Guide released
  • From: Black Arch
• Re: [FD] Google Translator affected by Cross-Site Scripting vulnerability
  • From: Gynvael Coldwind
• [FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)
  • From: Manuel Mancera