Mail Thread Index

• Date Index

• [FD] Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6, Larry W. Cashdollar
• [FD] [SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345), Matthias Deeg
• [FD] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345), Matthias Deeg
• [FD] [SYSS-2016-061] PERIDUO-710W - Insufficient Verification of Data Authenticity (CWE-345), Matthias Deeg
• [FD] Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice, Matthias Deeg
• [FD] Multiple exposures in Sophos UTM, Tim Schughart
• [FD] Critical Vulnerability in Ubiquiti UniFi, Tim Schughart
  • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Gregory Sloop
  • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Carlos Silva
    • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Tim Schughart
      • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Gregory Sloop
        • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Rob Thomas
          • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, Carlos Silva
          • Re: [FD] Critical Vulnerability in Ubiquiti UniFi, kvnjs
• [FD] CompTIA Security+ and its insecure support system, user09990
• [FD] Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV, Onapsis Research
  • <Possible follow-ups>
  • [FD] Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV, Matías Mevied
• [FD] Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging, Onapsis Research
• [FD] CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation, Dawid Golunski
  • <Possible follow-ups>
  • [FD] CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation, Dawid Golunski
• [FD] [RootedHONGKONG 2016] Call for papers opened today!, Román Ramírez Giménez
• [FD] AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit, Vulnerability Lab
• [FD] FaceDancer 21 - New Universal Case for PenTests, Vulnerability Lab
• [FD] Aura Video Converter v1.6.3 - DLL Hijacking Exploit, Vulnerability Lab
• [FD] Sparkasse (Bank) - Service Security Advisory WB021 2016, Vulnerability Lab
• [FD] Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities, Vulnerability Lab
• [FD] Clean Master v1.0 - Unquoted Path Privilege Escalation, Vulnerability Lab
• [FD] Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability, Vulnerability Lab
• [FD] Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability, Vulnerability Lab
• [FD] KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service, KoreLogic Disclosures
• [FD] KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials, KoreLogic Disclosures
• [FD] KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion, KoreLogic Disclosures
• [FD] KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access, KoreLogic Disclosures
• [FD] RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] [KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability, Egidio Romano
• [FD] NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability, VMware Security Response Center
• [FD] SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT), SEC Consult Vulnerability Lab
• [FD] Facebook API v2.1 - RFC6749 Open Redirect Vulnerability, Vulnerability Lab
• [FD] Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG, Onapsis Research
• [FD] Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities, admin@xxxxxxxxxxxxxxxxx
• [FD] CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.), Dawid Golunski
• [FD] [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities, Gergely Eberhardt
• [FD] Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348], Nightwatch Cybersecurity Research
• Re: [FD] IE11 is not following CORS specification for local files, Ricardo Iramar dos Santos
  • Re: [FD] IE11 is not following CORS specification for local files, Ricardo Iramar dos Santos
• [FD] [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), Matthias Deeg
• [FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks, Matthias Deeg
  • <Possible follow-ups>
  • [FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks, Matthias Deeg
• [FD] [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks, Matthias Deeg
• [FD] IBM WebSphere deserialization of untrusted data, Agazzini Maurizio
• [FD] [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow, Mark Thomas
• [FD] BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism, Blue Frost Security Research Lab
• [FD] Billion Router 7700NR4 Remote Root Command Execution, Rio Sherri
• [FD] Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption, Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS), Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS), Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS), Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS), Onapsis Research
• [FD] Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS), Onapsis Research
• [FD] NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability, VMware Security Response Center
• [FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability, Matthias Deeg
• [FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack, Matthias Deeg
• [FD] New OpenSSL double-free and invalid free vulnerabilities in X509 parsing, Guido Vranken
• [FD] CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code, Elar Lang
• [FD] [ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability, ERPScan inc
• [FD] [ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value, ERPScan inc
• [FD] [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability, ERPScan inc
• [FD] cgiemail (included with cPanel) local file inclusion vulnerability, Finbar Crago
• [FD] Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles, Bogner Florian
• [FD] OpenSSL 1.1.0 remote client memory corruption, Guido Vranken
• [FD] CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery, Sysdream Labs
• [FD] CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting, Sysdream Labs
• [FD] CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal, Sysdream Labs
• [FD] CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution, Sysdream Labs
• [FD] CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery, Sysdream Labs
• [FD] Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update, Stefan Kanthak
• [FD] Evernote for Windows DLL Loading Remote Code Execution, Himanshu Mehta
• [FD] Ghostscript sadbox bypass lead ImageMagick to remote code execution, redrain root
• [FD] Multiple Vulnerabilities in Plone CMS, Sebastian Perez
• [FD] Ubiquiti, Tim Schughart
• [FD] Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory, Stefan Kanthak
• [FD] New release: UFONet v0.8 - "U-NATi0n!", psy
• [FD] XSS on public PGP servers, John Strander
• [FD] Security Vulnerability : Cisco web site CSRF in change password lead to full account take over, mohamed sayed
• [FD] Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS, [CXSEC]
• [FD] APPLE-SA-2016-10-24-1 iOS 10.1, Apple Product Security
• [FD] APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1, Apple Product Security
• [FD] APPLE-SA-2016-10-24-3 Safari 10.0.1, Apple Product Security
• [FD] APPLE-SA-2016-10-24-4 tvOS 10.0.1, Apple Product Security
• [FD] APPLE-SA-2016-10-24-5 watchOS 3.1, Apple Product Security
• [FD] daloRADIUS 0.9-9 - Multiple vulnerabilities leading to arbitrary shell execution, fwagglechop
• [FD] AST-2016-007: UPDATE, Asterisk Security Team
• [FD] New VMSA-2016-0017 - VMware product updates address multiple information disclosure issues, VMware Security Response Center
• [FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321), Harry Sintonen
  • [FD] [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update, Harry Sintonen
• [FD] Wickr Inc - When honesty disappears behind the VCP Mountain, Vulnerability Lab
• [FD] APPLE-SA-2016-10-27-1 Xcode 8.1, Apple Product Security
• [FD] APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1, Apple Product Security
• [FD] APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows, Apple Product Security
• [FD] [FOXMOLE SA 2016-07-20] Lupusec XT1 Alarm System - Multiple Issues, FOXMOLE Advisories