Mail Index

• Thread Index

• [FD] Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
  • From: Larry W. Cashdollar
• [FD] [SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345)
  • From: Matthias Deeg
• [FD] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)
  • From: Matthias Deeg
• [FD] [SYSS-2016-061] PERIDUO-710W - Insufficient Verification of Data Authenticity (CWE-345)
  • From: Matthias Deeg
• [FD] Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice
  • From: Matthias Deeg
• [FD] Multiple exposures in Sophos UTM
  • From: Tim Schughart
• [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Tim Schughart
• [FD] CompTIA Security+ and its insecure support system
  • From: user09990
• [FD] Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging
  • From: Onapsis Research
• [FD] CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
  • From: Dawid Golunski
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Gregory Sloop
• [FD] Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
  • From: Matías Mevied
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Carlos Silva
• [FD] [RootedHONGKONG 2016] Call for papers opened today!
  • From: Román Ramírez Giménez
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Tim Schughart
• [FD] AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit
  • From: Vulnerability Lab
• [FD] FaceDancer 21 - New Universal Case for PenTests
  • From: Vulnerability Lab
• [FD] Aura Video Converter v1.6.3 - DLL Hijacking Exploit
  • From: Vulnerability Lab
• [FD] Sparkasse (Bank) - Service Security Advisory WB021 2016
  • From: Vulnerability Lab
• [FD] Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities
  • From: Vulnerability Lab
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Gregory Sloop
• [FD] Clean Master v1.0 - Unquoted Path Privilege Escalation
  • From: Vulnerability Lab
• [FD] Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability
  • From: Vulnerability Lab
• [FD] Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service
  • From: KoreLogic Disclosures
• [FD] KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
  • From: KoreLogic Disclosures
• [FD] KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion
  • From: KoreLogic Disclosures
• [FD] KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access
  • From: KoreLogic Disclosures
• [FD] RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability
  • From: Egidio Romano
• [FD] NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability
  • From: VMware Security Response Center
• [FD] SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)
  • From: SEC Consult Vulnerability Lab
• [FD] Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
  • From: Vulnerability Lab
• [FD] Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
  • From: Onapsis Research
• [FD] Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities
  • From: admin@xxxxxxxxxxxxxxxxx
• [FD] CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.)
  • From: Dawid Golunski
• [FD] [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities
  • From: Gergely Eberhardt
• [FD] Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]
  • From: Nightwatch Cybersecurity Research
• Re: [FD] IE11 is not following CORS specification for local files
  • From: Ricardo Iramar dos Santos
• Re: [FD] IE11 is not following CORS specification for local files
  • From: Ricardo Iramar dos Santos
• [FD] [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: Matthias Deeg
• [FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] IBM WebSphere deserialization of untrusted data
  • From: Agazzini Maurizio
• [FD] [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
  • From: Mark Thomas
• [FD] BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism
  • From: Blue Frost Security Research Lab
• [FD] Billion Router 7700NR4 Remote Root Command Execution
  • From: Rio Sherri
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Rob Thomas
• [FD] Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS)
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS)
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS)
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS)
  • From: Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS)
  • From: Onapsis Research
• [FD] NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability
  • From: VMware Security Response Center
• [FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability
  • From: Matthias Deeg
• [FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack
  • From: Matthias Deeg
• [FD] New OpenSSL double-free and invalid free vulnerabilities in X509 parsing
  • From: Guido Vranken
• [FD] CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code
  • From: Elar Lang
• [FD] [ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value
  • From: ERPScan inc
• [FD] [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability
  • From: ERPScan inc
• [FD] cgiemail (included with cPanel) local file inclusion vulnerability
  • From: Finbar Crago
• [FD] Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles
  • From: Bogner Florian
• [FD] OpenSSL 1.1.0 remote client memory corruption
  • From: Guido Vranken
• [FD] CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery
  • From: Sysdream Labs
• [FD] CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting
  • From: Sysdream Labs
• [FD] CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal
  • From: Sysdream Labs
• [FD] CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution
  • From: Sysdream Labs
• [FD] CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery
  • From: Sysdream Labs
• [FD] Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
  • From: Stefan Kanthak
• [FD] Evernote for Windows DLL Loading Remote Code Execution
  • From: Himanshu Mehta
• [FD] Ghostscript sadbox bypass lead ImageMagick to remote code execution
  • From: redrain root
• [FD] Multiple Vulnerabilities in Plone CMS
  • From: Sebastian Perez
• [FD] Ubiquiti
  • From: Tim Schughart
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: Carlos Silva
• Re: [FD] Critical Vulnerability in Ubiquiti UniFi
  • From: kvnjs
• [FD] Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
  • From: Stefan Kanthak
• [FD] New release: UFONet v0.8 - "U-NATi0n!"
  • From: psy
• [FD] XSS on public PGP servers
  • From: John Strander
• [FD] Security Vulnerability : Cisco web site CSRF in change password lead to full account take over
  • From: mohamed sayed
• [FD] Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
  • From: [CXSEC]
• [FD] APPLE-SA-2016-10-24-1 iOS 10.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-24-3 Safari 10.0.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-24-4 tvOS 10.0.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-24-5 watchOS 3.1
  • From: Apple Product Security
• [FD] daloRADIUS 0.9-9 - Multiple vulnerabilities leading to arbitrary shell execution
  • From: fwagglechop
• [FD] AST-2016-007: UPDATE
  • From: Asterisk Security Team
• [FD] New VMSA-2016-0017 - VMware product updates address multiple information disclosure issues
  • From: VMware Security Response Center
• [FD] CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
  • From: Dawid Golunski
• [FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
  • From: Harry Sintonen
• [FD] Wickr Inc - When honesty disappears behind the VCP Mountain
  • From: Vulnerability Lab
• [FD] APPLE-SA-2016-10-27-1 Xcode 8.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
  • From: Apple Product Security
• [FD] [FOXMOLE SA 2016-07-20] Lupusec XT1 Alarm System - Multiple Issues
  • From: FOXMOLE Advisories
• [FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update
  • From: Harry Sintonen