Mail Thread Index

• Date Index

• [FD] Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability, Vulnerability Lab
• [FD] [SE-2012-01] Broken security fix in IBM Java 7/8, Security Explorations
  • Re: [FD] [SE-2012-01] Broken security fix in IBM Java 7/8, Security Explorations
• [FD] [CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability, xiaotian.wang@dbappsecurity.com.cn
• [FD] DotCMS injection Vulnerability, =?gb18030?b?cDB4MjAxNQ==?=
• [FD] Daily Edition theme for WordPress, MustLive
  • <Possible follow-ups>
  • [FD] Daily Edition theme for WordPress, MustLive
• [FD] APPLE-SA-2016-03-31-1 iBooks Author 2.4.1, Apple Product Security
• [FD] Unauthenticated CSRF reboot flaw in ARRIS (Motorola) SURFboard modems, David Longenecker
• [FD] Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...), Pierre Kim
• [FD] SQL Injection Vulnerability in DotCms v3.3, xiong piaox
• [FD] MeshCMS Command Execution Vulnerability, xiong piaox
• [FD] Pulse CMS Multiple Vulnerabilities, xiong piaox
• [FD] ManageEngine Password Manager Pro Multiple Vulnerabilities, Sebastian Perez
• [FD] CVE-2016-2191: optipng: invalid write, Hans Jerry Illikainen
• [FD] Reprint your I$ACA CPE's using Burp Suite! ( the no refund addition ! ), robert mccurdy
• [FD] Tradukka affected by Cross-Site Scripting, Francisco Javier Santiago Vázquez
• [FD] Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit, exploits4coins.com 2
• [FD] Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability, Vulnerability Lab
• [FD] MeshCMS 3.6 – Multiple vulnerabilities, xiong piaox
• [FD] Fireware XTM Web UI - Open Redirect, Manuel Mancera
• [FD] hardwear.io CFP 2016 - Hardware Security Conference Call for Papers, Hardwear Team
• [FD] Panda Security Multiple Business Products - Privilege Escalation, Kyriakos Economou
• [FD] Panda Security 2016 Home User Products - Privilege Escalation, Kyriakos Economou
• [FD] CVE-2016-3672 - Unlimiting the stack not longer disables ASLR, Hector Marco-Gisbert
• [FD] Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes!, Francisco Amato
• [FD] Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities, Vulnerability Lab
• [FD] Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability, Vulnerability Lab
• [FD] Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Monsta Box WebFTP 1.8.2 and below arbitrary file read and path traversal vulnerabilities, Imre RAD
• [FD] AccelSite Content Manager v1.0 - SQL Injection Vulnerability, Vulnerability Lab
• [FD] WP Multiple Meta Box v1.0 - SQL Injection Vulnerability, Vulnerability Lab
• [FD] [CVE-2016-3972]DotCMS Directory traversal vulnerability, xiong piaox
• [FD] [CVE-2016-3971]DotCMS xss vulnerability, xiong piaox
• [FD] Blind SQL injections in CivicRM, Simon Waters (Surevine)
• [FD] Express Zip <= 2.40 Path Traversal, Rio Sherri
• [FD] end of useable crypto in browsers?, Árpád Magosányi
  • Re: [FD] end of useable crypto in browsers?, Seth Arnold
  • Re: [FD] end of useable crypto in browsers?, Sebastian
    • Re: [FD] end of useable crypto in browsers?, Árpád Magosányi
      • Re: [FD] end of useable crypto in browsers?, Sebastian
        • Re: [FD] end of useable crypto in browsers?, Reindl Harald
          • Re: [FD] end of useable crypto in browsers?, Sebastian
  • Re: [FD] end of useable crypto in browsers?, Tony Arcieri
• [FD] Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability, Vulnerability Lab
• [FD] .NET Framework 4.6 allows side loading of Windows API Set DLL, Securify B.V.
• [FD] [SE-2012-01] Yet another broken security fix in IBM Java 7/8, Security Explorations
• [FD] Webline CMS (2016Q2) - SQL Injection Vulnerability, Vulnerability Lab
• [FD] Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] DAVOSET v.1.2.8, MustLive
• [FD] Call for Papers for 4th Balkan Computer Congress – BalCCon2k16, Milos Krasojevic
• [FD] AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk, Asterisk Security Team
• [FD] AST-2016-005: TCP denial of service in PJProject, Asterisk Security Team
• [FD] PfSense Community Edition Multiple Vulnerabilities, Francesco Oddo
• [FD] [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-002] SAP HANA - log injection and no size restriction, ERPScan inc
• [FD] [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues, ERPScan inc
• [FD] Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability, Sandro Poppi
• [FD] Announcing NorthSec 2016 - Montreal, May 19-22, Pierre-David / NorthSec Conference
• [FD] Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege, Stefan Kanthak
• [FD] [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability, ERPScan inc
• [FD] Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1, research@xxxxxxxxxx
• [FD] Lock Browser 5.3 (Browser Security, Open Source, Python), David Leo
• [FD] Avast SandBox Escape via IOCTL Requests, Kyriakos Economou
• [FD] Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9, Manuel Garcia Cardenas
• [FD] Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights), Sysdream Labs
• [FD] Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename), Sysdream Labs
• [FD] CVE-2016-3074: libgd: signedness vulnerability, Hans Jerry Illikainen
• [FD] SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator, SEC Consult Vulnerability Lab
• [FD] C & C++ for OS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] UBNT Bug Bounty #2 - XML External Entity Vulnerability, Vulnerability Lab
• [FD] Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] Negin Group CMS - (v) Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability, Vulnerability Lab
• [FD] Trend Micro (Account) - Email Spoofing Web Vulnerability, Vulnerability Lab
• [FD] Sophos XG Firewall (SF01V) - Persistent Web Vulnerability, Vulnerability Lab
• [FD] Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109), David Vieira-Kurz
• [FD] [CFP] GreHack 2016, Paget Philippe
• [FD] Request For Comment: Possible Flaw of Bypassing CAPTCHA in AWS Login?, David Leo
• [FD] Multiple Vulnerabilities in Voo branded Netgear CG3700b, dev
• [FD] Oracle Discoverer Viewer BI - Open Redirect Vulnerability, Vulnerability Lab
• [FD] EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection, Securify B.V.
• [FD] Bug bounty submission, test111 tesla
• [FD] Xerox Phaser 6700 - Remote Root-Exploits utilizing Clone Files, Raphael Ernst
• [FD] Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab