Mail Index
- [FD] Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
- [FD] SQL injection vulnerability in Booking Calendar WordPress Plugin
- [FD] Cross-Site Scripting in Contact Bank WordPress Plugin
- [FD] Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin
- [FD] Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
- [FD] Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- [FD] Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
- [FD] FortiManager (Series) - Multiple Web Vulnerabilities
- [FD] Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability
- [FD] Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- [FD] Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability
- [FD] Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities
- [FD] WinSaber - Unquoted Service Path Privilege Escalation
- [FD] Cross-Site Scripting in Uji Countdown WordPress Plugin
- [FD] Cross-Site Scripting in WangGuard WordPress Plugin
- [FD] Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin
- [FD] Cross-Site Scripting in Activity Log WordPress Plugin
- [FD] Cross-Site Scripting in WordPress Landing Pages Plugin
- [FD] FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability
- [FD] FortiManager (Series) - (Bookmark) Persistent Vulnerability
- [FD] Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
- [FD] Cross-Site Scripting in FormBuilder WordPress Plugin
- [FD] Cross-Site Scripting in Count per Day WordPress Plugin
- [FD] Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin
- [FD] Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability
- [FD] Subrion v4.0.5 CMS - SQL Injection Vulnerability
- [FD] FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities
- [FD] DLL side loading vulnerability in VMware Host Guest Client Redirector
- [FD] Cross-Site Scripting in Store Locator Plus for WordPress
- [FD] Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability
- [FD] Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)
- [FD] D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB
- From: Benjamin Daniel Mussler
- [FD] [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection
- From: Klaus Eisentraut (SySS GmbH)
- [FD] CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone
- [FD] CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone
- [FD] K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting
- [FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- Re: [FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- [FD] [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- [FD] phpCollab v2.5 CMS - SQL Injection Vulnerability
- [FD] Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin
- [FD] Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability
- [FD] FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability
- [FD] Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities
- [FD] Internet Explorer iframe sandbox local file name disclosure vulnerability
- [FD] SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform
- From: SEC Consult Vulnerability Lab
- [FD] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities
- From: CORE Advisories Team
- [FD] Microsoft Education - Stored Cross Site Web Vulnerability
- [FD] QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability
- [FD] NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability.
- From: VMware Security Response Center
- [FD] Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege
- [FD] Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- [FD] DDanchev's Blog Going Private - Request Access
- [FD] Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin)
- [FD] [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
- [FD] CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)
- [FD] Nagios Log Server Multiple Vulnerabilities
- [FD] Nagios Network Analyzer Multiple Vulnerabilities
- [FD] Nagios Incident Manager Multiple Vulnerabilities
- [FD] Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)
- [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability
- [FD] RCE in Teamspeak 3 server
- [FD] Stash v1.0.3 CMS - SQL Injection Vulnerability
- [FD] PayPal Inc BB #127 - 2FA Bypass Vulnerability
- [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images
- [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries
- [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images
- [FD] Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin
- [FD] Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
- [FD] Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
- [FD] Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin
- [FD] Ajax Load More Local File Inclusion vulnerability
- [FD] Cross-Site Scripting in Link Library WordPress Plugin
- [FD] Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
- [FD] Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
- [FD] Actiontec T2200H (Telus Modem) Root Reverse Shell
- [FD] php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12
- [FD] Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege
- [FD] German Cable Provider Router (In)Security
- [FD] Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass
- Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability
- Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability
- Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability
- [FD] Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information
- [FD] Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure
- [FD] Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution
- [FD] Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal
- [FD] Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read
- [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
- [FD] Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol
- [FD] Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests
- [FD] Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack
- [FD] Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure
- [FD] Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer
- [FD] Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution
- [FD] Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption
- [FD] Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution
- [FD] Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT
- [FD] Path traversal vulnerability in WordPress Core Ajax handlers
- [FD] ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability
- [FD] AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability
- [FD] phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability
- [FD] Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability
- [FD] New BlackArch Linux ISOs (2016.08.19) released
- [FD] Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform
- [FD] [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
- Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
- [FD] Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT
- [FD] The continuing problem of a third party resources in web applications.
- [FD] New release: UFONet v0.7 - "Big Crunch!"
- [FD] ObiHai ObiPhone - Multiple Vulnerabilities
- [FD] Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client
- Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
- Re: [FD] Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution
- Re: [FD] Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal
- Re: [FD] Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read
- [FD] NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues
- From: VMware Security Response Center
- [FD] Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193
- [FD] Dotclear 2.9.1 Directory Download Vulnerability
- [FD] Dotclear 2.9.1 Malicious File Upload Restriction Bypass
- [FD] Dotclear 2.9.1 SSRF/XSPA Vulnerability
- [FD] [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting
- [FD] nullcon 8-bit Call for Papers is open
- [FD] SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
- From: SEC Consult Vulnerability Lab
- [FD] Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure
- [FD] Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown
- [FD] Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users
- [FD] Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS
- [FD] Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS
- [FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
- [FD] APPLE-SA-2016-08-25-1 iOS 9.3.5
- From: Apple Product Security
- [FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
- [FD] Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
- [FD] Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439
- [FD] Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436
- [FD] Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437
- [FD] Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438
- [FD] SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker
- From: SEC Consult Vulnerability Lab
- [FD] Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege
Mail converted by MHonArc