Mail Thread Index

• Date Index

• [FD] LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection, advisories
• [FD] [SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7), Security Explorations
• [FD] [Advisory]LibRaw Multi Memory error[CVE-2015-8366 and CVE-2015-8367], ChenQin
• [FD] Brocade Fabric OS v6.3.1b Multiple Vulnerabilities, Karn Ganeshen
• [FD] Mutliple Vulnerabilities in ZurmoCRM 3.0.5, NaxoneZ .
• [FD] [CFP] BSides San Francisco - February 2016, BSides SF
• [FD] BF and CE vulnerabilities in ASUS RT-G32, MustLive
• [FD] Huawei Wimax routers vulnerable to multiple threats, Pierre Kim
• [FD] Multiple vulnerabilities in Huutopörssi's website (huutoporssi.fi), Wub TheCaptain
• [FD] KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass, KoreLogic Disclosures
• [FD] MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow, [CXSEC]
• [FD] [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference, CORE Advisories Team
• [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability, Sachin Wagh
  • Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability, Sachin Wagh
• [FD] [CVE-2015-8369] Cacti SQL injection in graph.php, changzhao.mao
• [FD] Announcing NorthSec 2016 CFP + Reg - Montreal, May 19-22, Pierre-David Oriol
• [FD] ntop-ng <= 2.0.151021 - Privilege Escalation, Dolev Farhi
• [FD] SQLMap Code Execute, Vex Woo
• [FD] 4images 1.7.12: XSS, Curesec Research Team (CRT)
• [FD] 4images 1.7.11: SQL Injection, Curesec Research Team (CRT)
• [FD] 4images 1.7.11: Path Traversal, Curesec Research Team (CRT)
• [FD] 4images 1.7.11: Code Execution Exploit, Curesec Research Team (CRT)
• [FD] 4images 1.7.11: Code Execution, Curesec Research Team (CRT)
• [FD] CodoForum 3.4: XSS, Curesec Research Team (CRT)
• [FD] phpwcms 1.7.9: CSRF, Curesec Research Team (CRT)
• [FD] phpwcms 1.7.9: Code Execution, Curesec Research Team (CRT)
• [FD] Geeklog 2.1.0: XSS, Curesec Research Team (CRT)
• [FD] Geeklog 2.1.0: Code Execution Exploit, Curesec Research Team (CRT)
• [FD] Geeklog 2.1.0: Code Execution, Curesec Research Team (CRT)
• [FD] redaxscript 2.5.0: XSS, Curesec Research Team (CRT)
• [FD] redaxscript 2.5.0: Code Execution, Curesec Research Team (CRT)
• [FD] appRain 4.0.3: XSS, Curesec Research Team (CRT)
• [FD] appRain 4.0.3: Path Traversal, Curesec Research Team (CRT)
• [FD] appRain 4.0.3: CSRF, Curesec Research Team (CRT)
• [FD] appRain 4.0.3: Code Execution, Curesec Research Team (CRT)
• [FD] Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege, Stefan Kanthak
• [FD] [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities, Vogt, Thomas
• [FD] LG Nortel ADSL modems - Multiple vulnerabilities, Karn Ganeshen
• [FD] APPLE-SA-2015-12-08-1 iOS 9.2, Apple Product Security
• [FD] APPLE-SA-2015-12-08-4 watchOS 2.1, Apple Product Security
• [FD] APPLE-SA-2015-12-08-5 Safari 9.0.2, Apple Product Security
• [FD] APPLE-SA-2015-12-08-6 Xcode 7.2, Apple Product Security
• [FD] APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008, Apple Product Security
• [FD] APPLE-SA-2015-12-08-2 tvOS 9.1, Apple Product Security
• [FD] GoAutoDial CE 3.3 Multiple SQL injections, Command Injection, Rio Sherri
• [FD] [CVE-2014-3260] Crypto implementation flaws in Pacom GMS System, XPD Advisories Team
• [FD] SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities, SEC Consult Vulnerability Lab
• [FD] BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability, Blue Frost Security Research Lab
• [FD] CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY – CVE-2015-4699, agotouning@xxxxxxxxx
• [FD] Polycom VVX-Series Business Media Phones Path Traversal Vulnerability, Jake Reynolds
• [FD] APPLE-SA-2015-12-11-1 iTunes 12.3.2, Apple Product Security
• [FD] COM+ Services DLL side loading vulnerability, Securify B.V.
• [FD] Event Viewer Snapin multiple DLL side loading vulnerabilities, Securify B.V.
• [FD] Windows Authentication UI DLL side loading vulnerability, Securify B.V.
• [FD] XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247, Aravind
• [FD] SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability, CSW Research Lab
• [FD] OcPortal CMS 9.0.20 – Cross-Site Scripting Vulnerability, CSW Research Lab
• [FD] OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability, CSW Research Lab
• [FD] Bedita 3.6.0 – Cross-Site Scripting Vulnerability, CSW Research Lab
• [FD] Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities, CSW Research Lab
• [FD] DAVOSET v.1.2.7, MustLive
• [FD] [CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability, xiaotian.wang@dbappsecurity.com.cn
• [FD] Shutdown UX DLL side loading vulnerability, Securify B.V.
• [FD] Shockwave Flash Object DLL side loading vulnerability, Securify B.V.
• [FD] OLE DB Provider for Oracle multiple DLL side loading vulnerabilities, Securify B.V.
• [FD] [CFP] Speak About Your Cyberwar at PHDays VI, Alexander Lashkov
• [FD] [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability, ERPScan inc
• [FD] ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS, ERPScan inc
• [FD] #BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook, Haifei Li
• [FD] Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370], Hector Marco-Gisbert
• [FD] libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506), Hans Jerry Illikainen
• [FD] libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507), Hans Jerry Illikainen
• [FD] Two bytes change and you have a zero day, Hossein Lotfi
• [FD] User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness, halfdog
• [FD] Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta), Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13, Stefan Kanthak
  • Re: [FD] Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13, imposter imp
• [FD] Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege, Stefan Kanthak
• [FD] PFSense <= 2.2.5 Directory Traversal, Rio Sherri
  • Re: [FD] PFSense <= 2.2.5 Directory Traversal, Bacon Zombie
• [FD] Samsung softap weak random generated password, Augusto Pereyra
• [FD] KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password, KoreLogic Disclosures
• [FD] KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address, KoreLogic Disclosures
• [FD] Notepad ++ NPPFtp Plugin Buffer Overflow, Rio Sherri
• [FD] giflib: heap overflow in giffix (CVE-2015-7555), Hans Jerry Illikainen
• [FD] Call for Papers -YSTS X - Information Security Conference, Brazil, Luiz Eduardo
• [FD] Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege, Stefan Kanthak
• [FD] Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin), Francisco Amato
• [FD] [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality, RedTeam Pentesting GmbH
• [FD] Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution, Stefan Kanthak
• [FD] DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability, Vulnerability Lab
• [FD] Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] WP Content Text Slider on Post 6.8 - Persistent Vulnerability, Vulnerability Lab
• [FD] Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability, Vulnerability Lab
  • Re: [FD] Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability, Ryan Dewhurst
• [FD] Lithium Forum - (previewImages) Persistent Vulnerability, Vulnerability Lab
• [FD] Switch v4.68 - Code Execution Vulnerability, Vulnerability Lab
• [FD] POP Peeper 4.0.1 - Persistent Code Execution Vulnerability, Vulnerability Lab
• [FD] Aeris Calandar v2.1 - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] SIPROTEC 4 and SIPROTEC Compact FAQ #5, SCADA StrangeLove
• [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
  • Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Shawn McMahon
    • Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, NaxoneZ .
      • Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Justin Ferguson
    • Re: [FD] Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
      • Re: [FD] Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege, lists
        • Re: [FD] Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege, Stefan Kanthak
• [FD] PhpSocial v2.0.0304: XSS, Curesec Research Team (CRT)
• [FD] PhpSocial v2.0.0304: CSRF, Curesec Research Team (CRT)
• [FD] Arastta 1.1.5: XSS, Curesec Research Team (CRT)
• [FD] Arastta 1.1.5: SQL Injection, Curesec Research Team (CRT)
• [FD] Grawlix 1.0.3: XSS, Curesec Research Team (CRT)
• [FD] Grawlix 1.0.3: CSRF, Curesec Research Team (CRT)
• [FD] Grawlix 1.0.3: Code Execution, Curesec Research Team (CRT)
• [FD] CouchCMS 1.4.5: XSS & Open Redirect, Curesec Research Team (CRT)
• [FD] CouchCMS 1.4.5: Code Execution, Curesec Research Team (CRT)
• [FD] esoTalk 1.0.0g4: XSS, Curesec Research Team (CRT)
• [FD] XZERES 442SR Wind Turbine XSS, Karn Ganeshen
• [FD] Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS, Karn Ganeshen
• [FD] eWON sa Industrial router - Multiple Vulnerabilities, Karn Ganeshen
• [FD] libtiff: invalid write (CVE-2015-7554), Hans Jerry Illikainen
  • <Possible follow-ups>
  • Re: [FD] libtiff: invalid write (CVE-2015-7554), Martin Kühne
• [FD] EasyCafe Server <= 2.2.14 Remote File Read, Rio Sherri
• [FD] Local root vulnerability in DeleGate v9.9.13, Larry W. Cashdollar
• [FD] Vulnerabilities in Mobile Safari, MustLive
• [FD] Netduma R1 Router CSRF, Josh Chaney
• [FD] Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution, Stefan Kanthak