Mail Thread Index

• Date Index

• [FD] Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking, Stefan Kanthak
• [FD] Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes!, Francisco Amato
• [FD] MitM Attack against KeePass 2's Update Check, Bogner Florian
• [FD] XSS in CMSimple <= v4.6.2, Manuel Garcia Cardenas
• [FD] Keystone Assembler Engine is out!, Nguyen Anh Quynh
• [FD] CVE-2016-3670 Stored Cross Site Scripting in Liferay CE, Fernando Camara
• [FD] Joomla SecurityCheck extension - Multiple vulnerabilities, Gökmen GÜREŞÇİ
• [FD] SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway, SEC Consult Vulnerability Lab
• [FD] Force allow access button to Bypass windows firewall, Raiden lol
• [FD] Nagios XI Multiple Vulnerabilities, Francesco Oddo
• [FD] Multiple XSS in Babylon, Francisco Javier Santiago Vázquez
• [FD] rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion, Gregory Pickett
• [FD] Mapbox (API) - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability, Vulnerability Lab
• [FD] Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability, Vulnerability Lab
• [FD] Microsoft Education - Code Execution Vulnerability, Vulnerability Lab
• [FD] SQL Injection Vulnerabilities found in European Commisssion & European Parliament, Vulnerability Lab
• [FD] CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability, Vulnerability Lab
• [FD] nagios phishing vector & xss, randomsec guy
• [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability, Benjamin Gnahm
• [FD] Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability, Vulnerability Lab
• [FD] CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder, ljj
• [FD] FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability, Vulnerability Lab
• [FD] Java Deserialization in Solarwinds Virtualization Manager 6.3.1, Nate Kettlewell
• [FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager, Nate Kettlewell
  • <Possible follow-ups>
  • [FD] CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager, Nate Kettlewell
• [FD] [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers, Stefan Kanthak
• [FD] CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1, Nate Kettlewell
• [FD] Siklu EtherHaul Hidden ‘root’ Account, Ian Ling
• [FD] Face Authentication Bypassing – KeyLemon, omarbv
• [FD] Microsoft Visio multiple DLL side loading vulnerabilities, Securify B.V.
• [FD] Blindspot Advisory: HTTP Header Injection in Python urllib, Timothy D. Morgan
• [FD] Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0), Ian Ling
• [FD] HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities, Karn Ganeshen
• [FD] Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities, Karn Ganeshen
• [FD] Stack Overflow in BLAT, vishnu raju
• [FD] CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager, Nate Kettlewell
• [FD] [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player, Stefan Kanthak
• [FD] [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability, ERPScan inc
• [FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense, Remco Sprooten
• [FD] CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion, Berend-Jan Wever
• [FD] APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7, Apple Product Security
• [FD] [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities, ERPScan inc
• [FD] CVE ID Request : Horsys v8 multiple vulnerabilities, Sysdream Labs
• [FD] [KIS-2016-03] SugarCRM <= 6.5.18 (SAML Authentication) XML External Entity Vulnerability, Egidio Romano
• [FD] [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities, Egidio Romano
• [FD] [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities, Egidio Romano
• [FD] [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability, Egidio Romano
• [FD] [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability, Egidio Romano
• [FD] SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure, SEC Consult Vulnerability Lab
• [FD] [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability, ERPScan inc
• [FD] Faraday v1.0.21 with our new GTK interface!, Francisco Amato
• [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them, Berend-Jan Wever
  • Re: [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them, Berend-Jan Wever
    • Re: [FD] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them, Berend-Jan Wever
• [FD] Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple Vulnerabilities, Karn Ganeshen
• [FD] EdgeCore - ES3526XA Manager - Multiple Vulnerabilities, Karn Ganeshen
• [FD] #146416 Ruby:HTTP Header injection in 'net/http', redrain root
• [FD] libical 0.47 SEGV on unknown address, Brandon Perry
  • Re: [FD] [oss-security] libical 0.47 SEGV on unknown address, Alan Coopersmith
    • Re: [FD] [oss-security] libical 0.47 SEGV on unknown address, Brandon Perry
• [FD] Panda Security Privilege Escalation, Ash
• [FD] Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities, Francesco Oddo
• [FD] Aramadito remote arbitrary file write in case of MiTM, thedeadcow
• [FD] Craft CMS affected by server side template injection, Securify B.V.
• [FD] Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability, Vulnerability Lab
• [FD] Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability, Vulnerability Lab
• [FD] Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities, Egidio Romano
• [FD] [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities, Egidio Romano
• [FD] [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability, Egidio Romano
• [FD] KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution, KoreLogic Disclosures