Mail Thread Index

• Date Index

• [FD] Alcatel Lucent Home Device Manager - Management Console Multiple XSS, Uğur Cihan KOÇ
• [FD] Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities, Stefan Kanthak
• [FD] Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through, Eitan Caspi
• [FD] Vulnerabilities in Office Document Reader for iOS, MustLive
• [FD] Confluence Vulnerabilities, Sebastian Perez
• [FD] CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak), Pierre Kim
• [FD] CALL FOR PAPERS - NUIT DU HACK - 02/03 july 2016, freeman
• [FD] Buffer Overflow in Advanced Encryption Package Software, vishnu raju
• [FD] Buffer Overflow at password field in Advanced Encryption Package Software, vishnu raju
• [FD] MediaAccess , unauthenticated file disclosure, Ahmed Sultan
• [FD] Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4, CSW Research Lab
• [FD] Unauthenticated remote code execution in OpenMRS, Brian Hysell
• [FD] [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials, RedTeam Pentesting GmbH
• [FD] Security BSides Ljubljana 0x7E0 CFP - March 9, 2016, Andraz Sraka
• [FD] [CVE-2015-8604] Cacti SQL injection in graphs_new.php, changzhao.mao@xxxxxxxxxxxxxxxxxxxx
• [FD] OpenCart Security Advisory - XSS Vulnerabiltiy - CVE-2015-4671, Onur Yilmaz
• [FD] Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603, Onur Yilmaz
• [FD] APPLE-SA-2016-01-07-1 QuickTime 7.7.9, Apple Product Security
• [FD] Combining DLL hijacking with USB keyboard emulation based attacks, Rodrigo Menezes
  • Re: [FD] Combining DLL hijacking with USB keyboard emulation, gremlin
    • Re: [FD] Combining DLL hijacking with USB keyboard emulation, Rodrigo Menezes
• [FD] MobaXTerm before version 8.5 vulnerability in "jump host" functionality, Thomas Bleier
• [FD] Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
  • Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Sarah Allen
    • Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
      • Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Michel Arboi
        • Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [FD] Multiple Cross Site Scripting in Netgear Router Version 1.0.0.24, CSW Research Lab
• [FD] SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7, operator8203
• [FD] Google Chrome - Javascript Execution Via Default Search Engines, metalkey net
• [FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24, CSW Research Lab
• [FD] Broken Authentication & Improper Session Management in Netgear Router JNR1010 Version 1.0.0.24, CSW Research Lab
• [FD] Exploiting XXE vulnerabilities in AMF libraries, Nicolas Grégoire
• [FD] Linux user namespaces overlayfs local root, halfdog
• [FD] CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer, Stelios Tsampas
• [FD] CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent, Stelios Tsampas
• [FD] New BlackArch Linux ISOs (2016.01.10) released, Black Arch
• Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Douglas Held
• [FD] SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems, SEC Consult Vulnerability Lab
• [FD] Html injection Dolibarr 3.8.3, NaxoneZ .
• [FD] EasyDNNnews Reflected XSS, Peter Lapp
• [FD] [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability, Egidio Romano
• [FD] [TOOL] The Metabrik Platform, GomoR
• [FD] Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778, Qualys Security Advisory
• [FD] FreeBSD bsnmpd information disclosure, Pierre Kim
• [FD] Whatever happened with CVE-2015-0072?, Patrick Toomey
• [FD] CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers, Scott Arciszewski
• [FD] [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ..., Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?, Stefan Kanthak
• [FD] Correct answer Information Disclosure in TCExam <= 12.2.5, lists@xxxxxxxxxxxxxxxxxxx lists@xxxxxxxxxxxxxxxxxxx
• [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt, Scott Arciszewski
• [FD] [CORE-2016-0001] - Intel Driver Update Utility MiTM, CORE Advisories Team
• [FD] Administrator auto-logout design flaw in ASUS wireless routers, David Longenecker
• [FD] SeaWell Networks Spectrum - Multiple Vulnerabilities, Karn Ganeshen
• [FD] GRR <= 3.0.0-RC1 (all versions) file upload filter bypass (authenficated), Jean-Marie Bourbon
• [FD] mobile.facebook.com is not on HSTS preload list or sending the Strict-Transport-Security header, Ricardo Iramar dos Santos
• [FD] LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability, Onur Yilmaz
• [FD] OpenCart users, switch to OpenCart-CE immediately, Scott Arciszewski
• [FD] SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices, SEC Consult Vulnerability Lab
• [FD] LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities, Securify B.V.
• [FD] HP ToComMsg DLL side loading vulnerability, Securify B.V.
• [FD] HP LaserJet Fax Preview DLL side loading vulnerability, Securify B.V.
• [FD] [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities, CORE Advisories Team
• [FD] Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities, Vulnerability Lab
• [FD] Apple WatchOS v2.1 - Denial of Service Vulnerability, Vulnerability Lab
• [FD] Telegram (API) - Cross Site Request Forgery Vulnerabilities, Vulnerability Lab
• [FD] Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability, Vulnerability Lab
• [FD] Kleefa v1.7 (IR) - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Classic Infomedia (Login) - Auth Bypass Web Vulnerability, Vulnerability Lab
• [FD] WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability, Vulnerability Lab
• [FD] los818 CMS 2016 Q1 - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] Netgear GS105Ev2 - Multiple Vulnerabilities, Benedikt Westermann
• [FD] Eclipse BIRT report viewer <= 4.5.0 Persistent XSS, graphx
• [FD] ZyXel WAP3205 V1 Multiple Persistent and Reflected XSS, graphx
• [FD] Eclipse BIRT Report Viewer <= 4.5.0 XSS, graphx
• [FD] Eclipse BIRT Viewer <= v4.5.0 Persistent XSS, graphx
• [FD] PHP-FPM fpm_log.c memory leak and buffer overflow, Imre RAD
• [FD] PHP LiteSpeed SAPI secret key improper disposal, Imre RAD
• [FD] PHP LiteSpeed SAPI out of boundaries read due to missing input validation, Imre RAD
• [FD] Authentication bypass in PHP File Manager 0.9.8, Imre Rad
• [FD] SAP Hana Cloud 4 XSS, Shahmeer Baloch
• [FD] HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi, Hacking Corporation Sàrl
• [FD] McAfee File Lock Driver - Kernel Memory Leak, Kyriakos Economou
  • <Possible follow-ups>
  • [FD] McAfee File Lock Driver - Kernel Memory Leak, Kyriakos Economou
• [FD] McAfee File Lock Driver - Kernel Stack Based BOF, Kyriakos Economou
• [FD] Recon 2016 Call For Papers - June 17 - 19, 2016 - Montreal, Canada, cfp2016
• [FD] [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption, ERPScan inc
• [FD] Multiple security issues in MOVEit Managed File Transfer application, Profundis Labs
• [FD] HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase, Hacking Corporation Sàrl
• [FD] Announcing nullcon HackIM 2016 Powered by EMC2, murtuja bharmal
• [FD] CarolinaCon-12 - March 2016 - FINAL ANNOUNCEMENT, Vic Vandal
• [FD] Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
• [FD] New Era Company CMS - (id) SQL Injection Vulnerability, Vulnerability Lab
• [FD] Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab