Mail Thread Index

• Date Index

• [FD] Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
• [FD] SQL injection vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in Contact Bank WordPress Plugin, Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin, Summer of Pwnage
• [FD] Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability, Vulnerability Lab
• [FD] Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin, Summer of Pwnage
• [FD] FortiManager (Series) - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability, Vulnerability Lab
• [FD] Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] WinSaber - Unquoted Service Path Privilege Escalation, Vulnerability Lab
• [FD] Cross-Site Scripting in Uji Countdown WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in WangGuard WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in Activity Log WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in WordPress Landing Pages Plugin, Summer of Pwnage
• [FD] FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• [FD] FortiManager (Series) - (Bookmark) Persistent Vulnerability, Vulnerability Lab
• [FD] Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in FormBuilder WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting in Count per Day WordPress Plugin, Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin, Summer of Pwnage
• [FD] Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability, Vulnerability Lab
• [FD] Subrion v4.0.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
• [FD] FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] DLL side loading vulnerability in VMware Host Guest Client Redirector, Securify B.V.
• [FD] Cross-Site Scripting in Store Locator Plus for WordPress, Summer of Pwnage
• [FD] Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability, Summer of Pwnage
• [FD] Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231), David Coomber
• [FD] D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB, Benjamin Daniel Mussler
• [FD] [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection, Klaus Eisentraut (SySS GmbH)
• [FD] CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone, 0xr0ot
• [FD] CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone, 0xr0ot
• [FD] K2 (Joomla! Extension) < 2.7.1 - Reflected Cross Site Scripting, Manuel Mancera
• [FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
  • Re: [FD] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
• [FD] [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), Matthias Deeg
• [FD] phpCollab v2.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
• [FD] Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin, Summer of Pwnage
• [FD] Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability, Vulnerability Lab
• [FD] FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability, Vulnerability Lab
• [FD] Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] Internet Explorer iframe sandbox local file name disclosure vulnerability, Securify B.V.
• [FD] SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform, SEC Consult Vulnerability Lab
• [FD] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities, CORE Advisories Team
• [FD] Microsoft Education - Stored Cross Site Web Vulnerability, Vulnerability Lab
• [FD] QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] NEW VMSA-2016-0011 - vRealize Log Insight update addresses directory traversal vulnerability., VMware Security Response Center
• [FD] Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%, Stefan Kanthak
• [FD] DDanchev's Blog Going Private - Request Access, Ddanchev
• [FD] Stored XSS in Advanced Custom Fields: Table Field allows authenticated users to do almost anything an admin user can (WordPress plugin), dxw Security
• [FD] [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1, Pedro Ribeiro
• [FD] CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF), Dawid Golunski
• [FD] Nagios Log Server Multiple Vulnerabilities, Francesco Oddo
• [FD] Nagios Network Analyzer Multiple Vulnerabilities, Francesco Oddo
• [FD] Nagios Incident Manager Multiple Vulnerabilities, Francesco Oddo
• [FD] Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8), Rv3Lab.org
• [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability, 1n3
  • Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability, Brandon Perry
    • Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability, 1n3
      • Re: [FD] Zabbix 2.2.x, 3.0.x SQL Injection Vulnerability, Brandon Perry
• [FD] RCE in Teamspeak 3 server, Hanz Jenson
• [FD] Stash v1.0.3 CMS - SQL Injection Vulnerability, Vulnerability Lab
• [FD] PayPal Inc BB #127 - 2FA Bypass Vulnerability, Vulnerability Lab
• [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images, Summer of Pwnage
• [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries, Summer of Pwnage
• [FD] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images, Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Google Maps WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin, Summer of Pwnage
• [FD] Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin, Summer of Pwnage
• [FD] Ajax Load More Local File Inclusion vulnerability, Summer of Pwnage
• [FD] Cross-Site Scripting in Link Library WordPress Plugin, Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin, Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin, Summer of Pwnage
• [FD] Actiontec T2200H (Telus Modem) Root Reverse Shell, Andrew Klaus
• [FD] php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12, crashenator
• [FD] Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege, Stefan Kanthak
• [FD] German Cable Provider Router (In)Security, Sebastian Michel
• [FD] Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass, Reggie Dodd
• [FD] Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution, Onapsis Research
  • Re: [FD] Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal, Onapsis Research
  • Re: [FD] Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read, Onapsis Research
  • Re: [FD] Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write, Onapsis Research
  • Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write, Gary Baribault
  • Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT, Onapsis Research
  • <Possible follow-ups>
  • [FD] Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT, Mevied, Matias
• [FD] Path traversal vulnerability in WordPress Core Ajax handlers, Summer of Pwnage
• [FD] ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability, Vulnerability Lab
• [FD] AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability, Vulnerability Lab
• [FD] Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability, Vulnerability Lab
• [FD] New BlackArch Linux ISOs (2016.08.19) released, Black Arch
• [FD] Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform, Francisco Amato
• [FD] [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method, Justin Bull
• [FD] The continuing problem of a third party resources in web applications., x ksi
• [FD] New release: UFONet v0.7 - "Big Crunch!", psy
• [FD] ObiHai ObiPhone - Multiple Vulnerabilities, David Tomaschik
• [FD] Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client, Florian Bogner
• [FD] NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues, VMware Security Response Center
• [FD] Fortinet Product Series Vulnerabilities - CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193, Vulnerability Lab
• [FD] Dotclear 2.9.1 Directory Download Vulnerability, gen type
• [FD] Dotclear 2.9.1 Malicious File Upload Restriction Bypass, gen type
• [FD] Dotclear 2.9.1 SSRF/XSPA Vulnerability, gen type
• [FD] [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting, Julien Ahrens
• [FD] nullcon 8-bit Call for Papers is open, nullcon
• [FD] SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise, SEC Consult Vulnerability Lab
• [FD] Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure, Onapsis Research
  • <Possible follow-ups>
  • [FD] Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure, Matías Mevied
• [FD] APPLE-SA-2016-08-25-1 iOS 9.3.5, Apple Product Security
• [FD] Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2, [CXSEC]
• [FD] Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438, Onapsis Research
• [FD] SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker, SEC Consult Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege, Stefan Kanthak