Mail Index

• Thread Index

• [FD] Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking
  • From: Stefan Kanthak
• [FD] Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes!
  • From: Francisco Amato
• [FD] MitM Attack against KeePass 2's Update Check
  • From: Bogner Florian
• [FD] XSS in CMSimple <= v4.6.2
  • From: Manuel Garcia Cardenas
• [FD] Keystone Assembler Engine is out!
  • From: Nguyen Anh Quynh
• [FD] CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
  • From: Fernando Camara
• [FD] Joomla SecurityCheck extension - Multiple vulnerabilities
  • From: Gökmen GÜREŞÇİ
• [FD] SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
  • From: SEC Consult Vulnerability Lab
• [FD] Force allow access button to Bypass windows firewall
  • From: Raiden lol
• [FD] Nagios XI Multiple Vulnerabilities
  • From: Francesco Oddo
• [FD] Multiple XSS in Babylon
  • From: Francisco Javier Santiago Vázquez
• [FD] rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion
  • From: Gregory Pickett
• [FD] Mapbox (API) - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] Microsoft Education - Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] SQL Injection Vulnerabilities found in European Commisssion & European Parliament
  • From: Vulnerability Lab
• [FD] CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• [FD] FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability
  • From: Vulnerability Lab
• [FD] nagios phishing vector & xss
  • From: randomsec guy
• [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability
  • From: Benjamin Gnahm
• [FD] Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
  • From: ljj
• [FD] FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Java Deserialization in Solarwinds Virtualization Manager 6.3.1
  • From: Nate Kettlewell
• [FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager
  • From: Nate Kettlewell
• [FD] [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
  • From: Stefan Kanthak
• [FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager
  • From: Nate Kettlewell
• [FD] CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1
  • From: Nate Kettlewell
• [FD] Siklu EtherHaul Hidden ‘root’ Account
  • From: Ian Ling
• [FD] Face Authentication Bypassing – KeyLemon
  • From: omarbv
• [FD] Microsoft Visio multiple DLL side loading vulnerabilities
  • From: Securify B.V.
• [FD] Blindspot Advisory: HTTP Header Injection in Python urllib
  • From: Timothy D. Morgan
• [FD] Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)
  • From: Ian Ling
• [FD] HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] Stack Overflow in BLAT
  • From: vishnu raju
• [FD] CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager
  • From: Nate Kettlewell
• [FD] [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
  • From: Stefan Kanthak
• [FD] [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
  • From: ERPScan inc
• [FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
  • From: Remco Sprooten
• [FD] CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
  • From: Berend-Jan Wever
• [FD] APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7
  • From: Apple Product Security
• [FD] [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities
  • From: ERPScan inc
• [FD] CVE ID Request : Horsys v8 multiple vulnerabilities
  • From: Sysdream Labs
• [FD] [KIS-2016-03] SugarCRM <= 6.5.18 (SAML Authentication) XML External Entity Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure
  • From: SEC Consult Vulnerability Lab
• [FD] [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability
  • From: ERPScan inc
• [FD] Faraday v1.0.21 with our new GTK interface!
  • From: Francisco Amato
• [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them
  • From: Berend-Jan Wever
• Re: [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them
  • From: Berend-Jan Wever
• [FD] Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple Vulnerabilities
  • From: Karn Ganeshen
• Re: [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them
  • From: Berend-Jan Wever
• [FD] EdgeCore - ES3526XA Manager - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] #146416 Ruby:HTTP Header injection in 'net/http'
  • From: redrain root
• [FD] libical 0.47 SEGV on unknown address
  • From: Brandon Perry
• Re: [FD] [oss-security] libical 0.47 SEGV on unknown address
  • From: Alan Coopersmith
• Re: [FD] [oss-security] libical 0.47 SEGV on unknown address
  • From: Brandon Perry
• [FD] Panda Security Privilege Escalation
  • From: Ash
• [FD] Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities
  • From: Francesco Oddo
• [FD] Aramadito remote arbitrary file write in case of MiTM
  • From: thedeadcow
• [FD] Craft CMS affected by server side template injection
  • From: Securify B.V.
• [FD] Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability
  • From: Vulnerability Lab
• [FD] Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• [FD] Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
  • From: Egidio Romano
• [FD] KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution
  • From: KoreLogic Disclosures