Mail Index

• Thread Index

• [FD] Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [FD] Vipps by DNB for Android - cryptographic vulnerabilities
  • From: alendal
• [FD] Browser Security Tool: HTTPS Only 2.1 (Major Release, Open Source, Python)
  • From: David Leo
• [FD] Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability
  • From: David Coomber
• [FD] Shakacon 2016 CFP - July 11-14 / Hawaii
  • From: Jonathan Brossard
• [FD] WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities
  • From: Karn Ganeshen
• [FD] Schneider Electric Building Operation Automation Server Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities
  • From: Matteo Beccati
• [FD] CVE Request: Fiyo CMS 2.0.6.1 - Multiple XSS Vulnerabilities
  • From: Himanshu Mehta
• [FD] Vulnerabilities in Mobile Safari
  • From: MustLive
• [FD] [CFP] EuskalHack (San Sebastian / Donostia) 2016
  • From: Ryan Dewhurst
• [FD] Hacking Magento eCommerce For Fun And 17.000 USD
  • From: Egidio Romano
• [FD] Hacking Magento eCommerce For Fun And 17.000 USD
  • From: Egidio Romano
• [FD] Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [FD] McAfee VirusScan Enterprise security restrictions bypass
  • From: Agazzini Maurizio
• Re: [FD] Netgear GS105Ev2 - Multiple Vulnerabilities
  • From: Nick Boyce
• [FD] Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
  • From: Vulnerability Lab
• [FD] Windows Mail Find People DLL side loading vulnerability
  • From: Securify B.V.
• [FD] LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities
  • From: LSE-Advisories
• Re: [FD] Windows Mail Find People DLL side loading vulnerability
  • From: Securify B.V.
• [FD] [CORE-2016-0003] - Samsung SW Update Tool MiTM
  • From: CORE Advisories Team
• [FD] [CORE-2016-0004] - SAP Download Manager Password Weak Encryption
  • From: CORE Advisories Team
• [FD] Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
  • From: X41 D-Sec GmbH Advisories
• [FD] CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf
  • From: oststrom (public)
• [FD] New Security Tool: MrLooquer - IPv6 Intelligence
  • From: Rafa Sanchez
• [FD] Thomson TWG850 Wireless Router Multiple Vulnerabilities
  • From: Sebastian Perez
• Re: [FD] Netgear GS105Ev2 - Multiple Vulnerabilities
  • From: Benedikt Westermann
• [FD] Security contact @ Gigabyte
  • From: Gustavo Sorondo
• [FD] Open Vulnerablity ID tracker instead of CVE. Maybe
  • From: op7ic \x00
• Re: [FD] Windows Mail Find People DLL side loading vulnerability
  • From: Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [FD] [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9
  • From: Security Explorations
• [FD] Exim < 4.86.2 Local Root Privilege Escalation
  • From: Dawid Golunski
• [FD] Kaltura Community Edition Multiple Vulnerabilities
  • From: Daniel Jensen
• [FD] Netgear ReadyNAS Surveillance: Unauthenticated Remote Command Execution
  • From: Sysdream Labs
• [FD] Wordpress Configuration Error on XDA-Developers.com led to full Web-Server Access and shut down website
  • From: Steffen Rogge
• [FD] Microsoft Edge CDOMTextNode::get_data type confusion
  • From: Berend-Jan Wever
• Re: [FD] Security contact @ Gigabyte
  • From: Mustafa Al-Bassam
• [FD] Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] ChitaSoft (Web-Application) - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability
  • From: Vulnerability Lab
• Re: [FD] Exim < 4.86.2 Local Root Privilege Escalation
  • From: loon
• Re: [FD] Security contact @ Gigabyte
  • From: Andrew Deck
• Re: [FD] Exim < 4.86.2 Local Root Privilege Escalation
  • From: Dawid Golunski
• Re: [FD] Exim < 4.86.2 Local Root Privilege Escalation
  • From: loon
• [FD] Releasing Mobile Security Framework (MobSF) v0.9
  • From: Ajin Abraham
• [FD] CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection
  • From: INTREST SEC
• [FD] CVE-2016-3116 - Dropbear SSH xauth injection
  • From: INTREST SEC
• [FD] Netgear CG3000 modem/router set password vulnerability
  • From: paul . szabo
• [FD] Latest Tegile security updates include tomcat examples package containing many security flaws.
  • From: Jesse Jacobs
• Re: [FD] Security contact @ Gigabyte
  • From: Jeffrey Walton
• Re: [FD] Security contact @ Gigabyte
  • From: Fyodor
• Re: [FD] Security contact @ Gigabyte
  • From: Gustavo Sorondo
• Re: [FD] Security contact @ Gigabyte
  • From: Jeffrey Walton
• [FD] [CFP] BSides Las Vegas
  • From: Genevieve Southwick
• [FD] NEW VMSA-2016-0003 - VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues
  • From: VMware Security Response Center
• [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
  • From: CORE Advisories Team
• [FD] OWASP AppSec USA 2016 Call for Papers Released
  • From: Weidenhamer, Andrew
• [FD] Zenphoto 1.4.11: RFI
  • From: Curesec Research Team (CRT)
• [FD] PivotX 2.3.11: Reflected XSS
  • From: Curesec Research Team (CRT)
• [FD] PivotX 2.3.11: Directory Traversal
  • From: Curesec Research Team (CRT)
• [FD] PivotX 2.3.11: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] BigTree 4.2.8: Object Injection & Improper Filename Sanitation
  • From: Curesec Research Team (CRT)
• [FD] Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
  • From: Stefan Kanthak
• [FD] WordPress Bulletproof Security Plugin Multiple Cross Site Scripting Vulnerabilities
  • From: Sachin Wagh
• [FD] server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
  • From: Laël Cellier
• [FD] New Security Tool: Enteletaor - Broker & MQ Injection tool
  • From: cr0hn
• Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
  • From: jungle Boogie
• [FD] FortiOS (Fortinet) - Open Redirect and Cross Site Scripting
  • From: Javier Nieto
• Re: [FD] server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
  • From: Laël Cellier
• [FD] AsusTEK asio.sys unsafe operation
  • From: 0x3d5157636b525761 iddqd
• [FD] Netgear DGNv2200 multiple vulnerabilities (Bezeq firmware)
  • From: 0x3d5157636b525761 iddqd
• [FD] DORG - Disc Organization System SQL Injection And Cross Site Scripting
  • From: SECUPENT Research Center
• [FD] A novel persistent injection to Windows machines
  • From: 0x3d5157636b525761 iddqd
• [FD] Achievo Cross Site Scripting vulnerability
  • From: SECUPENT Research Center
• [FD] [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2
  • From: RedTeam Pentesting GmbH
• [FD] Executable installers are vulnerable^WEVIL (case 32): Comodo's installers allow arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [FD] HTTPS Only 3.1 (Detailed Analysis, Browser Security, Open Source, Python)
  • From: David Leo
• [FD] Remote Code Execution in DVR affecting over 70 different vendors
  • From: rotem kerner
• [FD] Facebook Messenger (iOS) Certificate Validation Vulnerability
  • From: Sean Wright
• [FD] APPLE-SA-2016-03-21-1 iOS 9.3
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-2 watchOS 2.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-3 tvOS 9.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-4 Xcode 7.3
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-6 Safari 9.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-03-21-7 OS X Server 5.1
  • From: Apple Product Security
• [FD] PayPal Bug Bounty #121 - (Profile) Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Patron Info System - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Hi Technology & Services CMS - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Docker UI v0.10.0 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] Dorsa Web CMS - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability
  • From: Vulnerability Lab
• [FD] Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab