Mail Thread Index

• Date Index

• [FD] KL-001-2016-003 : SQLite Tempdir Selection Vulnerability, KoreLogic Disclosures
• [FD] KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability, Vulnerability Lab
• [FD] IBM BlueMix Cloud - (API) Persistent Web Vulnerability, Vulnerability Lab
• [FD] Teampass 2.1.26 - Authenticated File Upload Vulnerability, Vulnerability Lab
• [FD] Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability, Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking, Stefan Kanthak
• Re: [FD] Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability, Benjamin Gnahm
• Re: [FD] [oss-security] libical 0.47 SEGV on unknown address, Brandon Perry
• [FD] Putty (beta 0.67) DLL Hijacking Vulnerability, Sachin Wagh
• [FD] PrinceXML PHP wrapper command injection, Brandon Perry
• [FD] CVE ID Request : OpenFire multiple vulnerabilities, Sysdream Labs
• [FD] CIMA DocuClass ECM - Multiple Vulnerabilities, Karn Ganeshen
• [FD] RS232-NET Converter (JTC-200) - Multiple vulnerabilities, Karn Ganeshen
• [FD] GNU Wget < 1.18 Arbitrary File Upload, Dawid Golunski
• [FD] Zero-day flaw lets hackers tamper with your car through BMW portal, Vulnerability Lab
• [FD] Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648), David Coomber
• [FD] CODEBLUE.JP - Conference in Tokyo Calling for Papers by Aug.10, CFP
• [FD] [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability, Egidio Romano
• [FD] BMW - (Token) Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] BMW ConnectedDrive - (Update) VIN Session Vulnerability, Vulnerability Lab
• [FD] Ultimate Member Local File Inclusion vulnerability, Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin, Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in WP Live Chat Support plugin, Securify B.V.
• [FD] Persistent Cross-Site Scripting in WordPress Activity Log plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Email Users WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Master Slider WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin, Summer of Pwnage
• [FD] WP Fastest Cache Member Local File Inclusion vulnerability, Summer of Pwnage
• [FD] Easy Forms for MailChimp Local File Inclusion vulnerability, Summer of Pwnage
• [FD] [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers, Stefan Kanthak
• [FD] RootExplorer remote code execution, 0x3d5157636b525761 iddqd
• [FD] RCE by abusing NAC to gain Domain Persistence., Alexander Korznikov
  • Re: [FD] RCE by abusing NAC to gain Domain Persistence., Kurt Buff
  • Re: [FD] RCE by abusing NAC to gain Domain Persistence., Joey Maresca
• [FD] WSO2 SOA Enablement Server - Server Side Request Forgery, Paweł Gocyla
• [FD] WSO2 SOA Enablement Server - XML External Entity Injection, Paweł Gocyla
• [FD] WSO2 SOA Enablement Server - Reflected Cross Site Scripting vulnerability, Paweł Gocyla
• [FD] [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries, Julien Ahrens
• [FD] [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting, Julien Ahrens
• [FD] Hpak - package manager for pentesters. Release announcement, Hypsurus
• [FD] Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Google Forms WordPress Plugin, Summer of Pwnage
• [FD] [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability, ERPScan inc
• [FD] missing input validation in pmount: arbitrary mount as non-root, Imre RAD
• [FD] Blind SQL Injection PivotX <= v2.3.11, Manuel Garcia Cardenas
• [FD] opensshd - user enumeration, Harari, Eddie
• [FD] x-originating-ip: [25.162.68.132], bashis
• [FD] Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186), Vulnerability Lab
• [FD] Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Request Forgery in Icegram WordPress Plugin, Summer of Pwnage
• [FD] Multiple SQL injection vulnerabilities in WordPress Video Player, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin, Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF), Summer of Pwnage
• [FD] Cross-Site Scripting in Contact Form to Email WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in Code Snippets WordPress Plugin, Summer of Pwnage
• [FD] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr, SEC Consult Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design, Stefan Kanthak
• [FD] [SEARCH-LAB advisory] UPC Hungary network problems, Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities, Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities, Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities, Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities, Gergely Eberhardt
• [FD] [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities, Gergely Eberhardt
• [FD] CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603], Programa STIC
• [FD] Reflected XSS in LinkedIn, Elar Lang
• [FD] CVE-2016-5399: php: out-of-bounds write in bzread(), Hans Jerry Illikainen
• [FD] Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search, Nightwatch Cybersecurity
• [FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla, Larry W. Cashdollar
• [FD] Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities, James McLean
• [FD] Cross-Site Scripting vulnerability in ColorWay WordPress Theme, Summer of Pwnage
• [FD] Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability, Vulnerability Lab
• [FD] DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] Zortam Media Studio 20.60 - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability, Vulnerability Lab
• [FD] Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] Saveya Bounty #1 - Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
• [FD] Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP, Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin, Summer of Pwnage
• [FD] Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA, Summer of Pwnage