Mail Index

• Thread Index

• [FD] KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
  • From: KoreLogic Disclosures
• [FD] KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• [FD] OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability
  • From: Vulnerability Lab
• [FD] IBM BlueMix Cloud - (API) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Teampass 2.1.26 - Authenticated File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
  • From: Stefan Kanthak
• Re: [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability
  • From: Benjamin Gnahm
• Re: [FD] [oss-security] libical 0.47 SEGV on unknown address
  • From: Brandon Perry
• [FD] Putty (beta 0.67) DLL Hijacking Vulnerability
  • From: Sachin Wagh
• [FD] PrinceXML PHP wrapper command injection
  • From: Brandon Perry
• [FD] CVE ID Request : OpenFire multiple vulnerabilities
  • From: Sysdream Labs
• [FD] CIMA DocuClass ECM - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] RS232-NET Converter (JTC-200) - Multiple vulnerabilities
  • From: Karn Ganeshen
• [FD] GNU Wget < 1.18 Arbitrary File Upload
  • From: Dawid Golunski
• [FD] Zero-day flaw lets hackers tamper with your car through BMW portal
  • From: Vulnerability Lab
• [FD] Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648)
  • From: David Coomber
• [FD] CODEBLUE.JP - Conference in Tokyo Calling for Papers by Aug.10
  • From: CFP
• [FD] [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] BMW - (Token) Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] BMW ConnectedDrive - (Update) VIN Session Vulnerability
  • From: Vulnerability Lab
• [FD] Ultimate Member Local File Inclusion vulnerability
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in WP Live Chat Support plugin
  • From: Securify B.V.
• [FD] Persistent Cross-Site Scripting in WordPress Activity Log plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Email Users WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
  • From: Summer of Pwnage
• [FD] WP Fastest Cache Member Local File Inclusion vulnerability
  • From: Summer of Pwnage
• [FD] Easy Forms for MailChimp Local File Inclusion vulnerability
  • From: Summer of Pwnage
• [FD] [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
  • From: Stefan Kanthak
• [FD] RootExplorer remote code execution
  • From: 0x3d5157636b525761 iddqd
• [FD] RCE by abusing NAC to gain Domain Persistence.
  • From: Alexander Korznikov
• [FD] WSO2 SOA Enablement Server - Server Side Request Forgery
  • From: Paweł Gocyla
• [FD] WSO2 SOA Enablement Server - XML External Entity Injection
  • From: Paweł Gocyla
• [FD] WSO2 SOA Enablement Server - Reflected Cross Site Scripting vulnerability
  • From: Paweł Gocyla
• [FD] [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries
  • From: Julien Ahrens
• [FD] [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting
  • From: Julien Ahrens
• [FD] Hpak - package manager for pentesters. Release announcement
  • From: Hypsurus
• [FD] Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
  • From: Summer of Pwnage
• [FD] [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability
  • From: ERPScan inc
• Re: [FD] RCE by abusing NAC to gain Domain Persistence.
  • From: Kurt Buff
• [FD] missing input validation in pmount: arbitrary mount as non-root
  • From: Imre RAD
• Re: [FD] RCE by abusing NAC to gain Domain Persistence.
  • From: Joey Maresca
• [FD] Blind SQL Injection PivotX <= v2.3.11
  • From: Manuel Garcia Cardenas
• [FD] opensshd - user enumeration
  • From: Harari, Eddie
• [FD] x-originating-ip: [25.162.68.132]
  • From: bashis
• [FD] Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)
  • From: Vulnerability Lab
• [FD] Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery in Icegram WordPress Plugin
  • From: Summer of Pwnage
• [FD] Multiple SQL injection vulnerabilities in WordPress Video Player
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Contact Form to Email WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Code Snippets WordPress Plugin
  • From: Summer of Pwnage
• [FD] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr
  • From: SEC Consult Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
  • From: Stefan Kanthak
• [FD] [SEARCH-LAB advisory] UPC Hungary network problems
  • From: Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
  • From: Gergely Eberhardt
• [FD] CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
  • From: Programa STIC
• [FD] Reflected XSS in LinkedIn
  • From: Elar Lang
• [FD] CVE-2016-5399: php: out-of-bounds write in bzread()
  • From: Hans Jerry Illikainen
• [FD] Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search
  • From: Nightwatch Cybersecurity
• [FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla
  • From: Larry W. Cashdollar
• [FD] Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities
  • From: James McLean
• [FD] Cross-Site Scripting vulnerability in ColorWay WordPress Theme
  • From: Summer of Pwnage
• [FD] Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Zortam Media Studio 20.60 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] Saveya Bounty #1 - Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP
  • From: Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin
  • From: Summer of Pwnage
• [FD] Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA
  • From: Summer of Pwnage