Mail Index

• Thread Index

• [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
  • From: Elar Lang
• [FD] Vulnerabilities in D-Link DIR-300
  • From: MustLive
• [FD] Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards
  • From: Vulnerability Lab
• Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
  • From: Brandon Perry
• [FD] MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]
  • From: Dawid Golunski
• [FD] CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS
  • From: Peter Lapp
• [FD] CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability
  • From: Peter Lapp
• [FD] CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability
  • From: Peter Lapp
• [FD] CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability
  • From: Peter Lapp
• [FD] Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
  • From: Berend-Jan Wever
• [FD] MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details
  • From: Berend-Jan Wever
• Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
  • From: Elar Lang
• [FD] Disclose [10 * cve] in Exponent CMS
  • From: Obfuscator
• [FD] Sparkjava Framework - Arbitrary File Read Vulnerability
  • From: aj
• [FD] MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read
  • From: Berend-Jan Wever
• Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'
  • From: Thomas Dickey
• Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'
  • From: Leo Famulari
• [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'
  • From: redrain root
• [FD] KL-001-2016-008 : Sophos Web Appliance Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
  • From: KoreLogic Disclosures
• [FD] MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read
  • From: Berend-Jan Wever
• [FD] MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
  • From: Dawid Golunski
• [FD] Bypass Imperva by confusing HTTP Pollution Normalization Engine
  • From: Nic Wiswat
• Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'
  • From: Thomas Dickey
• Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?'
  • From: Michal Zalewski
• [FD] Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation
  • From: Andrew Klaus
• [FD] WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
  • From: hyp3rlinx
• [FD] Axessh 4.2.2 Denial Of Service
  • From: hyp3rlinx
• [FD] Rapid PHP Editor CSRF Remote Command Execution
  • From: hyp3rlinx
• [FD] Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation
  • From: Vulnerability Lab
• [FD] [SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287)
  • From: Klaus Tichmann
• [FD] Several unpatched vulns in OwnCloud
  • From: Felix Matei
• [FD] [RootedCON 2017] Call for Papers open for RootedCON Madrid 2017!
  • From: Román Ramírez
• [FD] VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe)
  • From: Berend-Jan Wever
• [FD] [KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
  • From: Pedro Ribeiro
• [FD] Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723]
  • From: Nightwatch Cybersecurity Research
• [FD] Cross Site Scripting Vulnerability In Verint Impact 360
  • From: Sanehdeep Singh
• [FD] YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Calendar WordPress Plugin
  • From: Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin
  • From: Summer of Pwnage
• [FD] Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability (APSB16-35) [CVE-2016-7851]
  • From: Vulnerability Lab
• [FD] VBScript RegExpComp::PnodeParse out-of-bounds read details (MSIE 8-11, IIS, CScript.exe/WScript.exe)
  • From: Berend-Jan Wever
• [FD] Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM)
  • From: Rio Sherri
• [FD] MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details
  • From: Berend-Jan Wever
• [FD] WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
  • From: Berend-Jan Wever
• Re: [FD] WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
  • From: Berend-Jan Wever
• [FD] Vlany: A Linux (LD_PRELOAD) rootkit
  • From: eov eov
• [FD] CA20161109-02: Security Notice for CA Service Desk Manager
  • From: Williams, Ken
• [FD] CA20161109-01: Security Notice for CA Unified Infrastructure Management
  • From: Williams, Ken
• [FD] Release - Shellcode Compiler
  • From: Ionut Popescu
• [FD] MyBB 1.8.6: XSS
  • From: Curesec Research Team (CRT)
• [FD] e107 CMS <= 2.1.2 Privilege Escalation
  • From: Kacper Szurek
• [FD] [CT-2016-1110] Unauthenticated RCE in Observium network monitor
  • From: Ronald Volgers
• [FD] Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF
  • From: Summer of Pwnage
• [FD] Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin
  • From: Summer of Pwnage
• [FD] Information disclosure race condition in W3 Total Cache WordPress Plugin
  • From: Summer of Pwnage
• [FD] Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin
  • From: Summer of Pwnage
• [FD] Teradata Virtual Machine Community Edition v15.10 has insecure file permission
  • From: Larry W. Cashdollar
• [FD] Google Chrome blink Serializer::doSerialize bad cast details
  • From: Berend-Jan Wever
• [FD] Trango Systems hidden default root login (all models)
  • From: Ian Ling
• [FD] Unexpected behavior of cmd.exe while processing .bat files leads to potential command injection vulnerabilities
  • From: Julian Horoszkiewicz
• [FD] New VMSA-2016-0019 - VMware product updates address multiple information disclosure issues
  • From: VMware Security Response Center
• [FD] SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2
  • From: SEC Consult Vulnerability Lab
• [FD] CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details
  • From: Berend-Jan Wever
• [FD] Microsoft Edge edgehtml CAttr­Array::Destroy use-after-free details
  • From: Berend-Jan Wever
• [FD] CVE-2016-4484: - Cryptsetup Initrd root Shell
  • From: Hector Marco
• Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable
  • From: Hector Marco-Gisbert
• [FD] OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
  • From: Ralf Spenneberg
• [FD] OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl
  • From: Ralf Spenneberg
• Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
  • From: Leo Famulari
• [FD] New VMSA-2016-0020 - VMware product updates address multiple information disclosure issues
  • From: VMware Security Response Center
• [FD] Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)
  • From: Dawid Golunski
• [FD] Cross-Site Scripting in All In One WP Security & Firewall WordPress Plugin
  • From: Summer of Pwnage
• Re: [FD] QUANTUMSQUIRREL - attrition.org unmasked as NSA TAO OP
  • From: jericho
• Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
  • From: Jason Cooper
• [FD] Apple iOS 10.1 - Multiple Access Permission Vulnerabilities
  • From: Vulnerability Lab
• [FD] Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability
  • From: Vulnerability Lab
• [FD] EditMe CMS - CSRF Privilege Escalate Web Vulnerability
  • From: Vulnerability Lab
• [FD] Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability
  • From: Vulnerability Lab
• [FD] CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call
  • From: 0xr0ot
• [FD] CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details
  • From: Berend-Jan Wever
• [FD] Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details
  • From: Berend-Jan Wever
• [FD] MyLittleForum 2.3.6.1: XSS & RPO
  • From: Curesec Research Team (CRT)
• [FD] SPIP 3.1: XSS & Host Header Injection
  • From: Curesec Research Team (CRT)
• [FD] Mezzanine 4.2.0: XSS
  • From: Curesec Research Team (CRT)
• [FD] MyLittleForum 2.3.6.1: CSRF
  • From: Curesec Research Team (CRT)
• [FD] MoinMoin 1.9.8: XSS
  • From: Curesec Research Team (CRT)
• [FD] Lepton 2.2.2: SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling
  • From: Curesec Research Team (CRT)
• [FD] Lepton 2.2.2: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] Jaws 1.1.1: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF
  • From: Curesec Research Team (CRT)
• [FD] Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags
  • From: Curesec Research Team (CRT)
• [FD] FUDforum 3.0.6: LFI
  • From: Curesec Research Team (CRT)
• [FD] [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET
  • From: ERPScan inc
• [FD] [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability
  • From: ERPScan inc
• [FD] Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp
  • From: Larry W. Cashdollar
• [FD] /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall
  • From: Larry W. Cashdollar
• [FD] SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin)
  • From: dxw Security
• [FD] Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin)
  • From: dxw Security
• [FD] Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)
  • From: dxw Security
• [FD] SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)
  • From: dxw Security
• [FD] Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
  • From: Stefan Kanthak
• [FD] Huawei Flybox B660 3G/4G Router - Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details
  • From: Berend-Jan Wever
• [FD] Tetris heap spraying: spraying the heap on a budget
  • From: Berend-Jan Wever
• [FD] Cross-Site Scripting in Check Email WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF
  • From: Summer of Pwnage
• [FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
  • From: Summer of Pwnage
• [FD] Joomla plugin K2 RCE via CSRF or WCI
  • From: Anti Räis
• Re: [FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
  • From: Larry W. Cashdollar
• Re: [FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
  • From: Summer of Pwnage
• [FD] [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
  • From: Julien Ahrens
• [FD] [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
  • From: Julien Ahrens
• [FD] [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
  • From: Julien Ahrens
• [FD] Multiple issues in OpManager 12100 & 12200
  • From: Michael Heydon
• [FD] Reflected XSS in WonderCMS <= v0.9.8
  • From: Manuel Garcia Cardenas
• [FD] PHDays VII Call for Papers: How to Stand Up at the Standoff
  • From: Alexander Lashkov
• [FD] MSIE8 MSHTML Ptls5::Ls­Find­Span­Visual­Boundaries memory corruption
  • From: Berend-Jan Wever
• [FD] [x33fcon] Call for Papers (and Trainers)
  • From: x33fcon.office
• [FD] [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability
  • From: ERPScan inc
• [FD] [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component
  • From: ERPScan inc
• [FD] [CVE-2016-7434] ntpd remote pre-auth DoS
  • From: Magnus Stubman
• [FD] [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities
  • From: CORE Advisories Team
• [FD] Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin
  • From: Summer of Pwnage
• [FD] [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler
  • From: RedTeam Pentesting GmbH
• [FD] MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis
  • From: Ajin Abraham
• [FD] CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details
  • From: Berend-Jan Wever
• [FD] CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details
  • From: Berend-Jan Wever
• [FD] Microsoft Internet Explorer 11 MSHTML CGeneratedContent::HasGeneratedSVGMarker type confusion
  • From: Berend-Jan Wever
• [FD] CVE-2013-3120 MSIE 10 MSHTML CEditAdorner::Detach use-after-free details
  • From: Berend-Jan Wever
• [FD] The HS-110 Smart Plug aka Projekt Kasa
  • From: Curesec Research Team (CRT)
• [FD] [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
  • From: Dawid Golunski
• [FD] Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform
  • From: Francisco Amato
• [FD] Red Hat JBoss EAP deserialization of untrusted data
  • From: Agazzini Maurizio
• [FD] [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
  • From: Matthias Deeg
• [FD] [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
  • From: Matthias Deeg
• [FD] NEW VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities
  • From: VMware Security Response Center
• [FD] NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability
  • From: VMware Security Response Center
• [FD] UCanCode multiple vulnerabilities
  • From: Carlo Di Dato
• [FD] Schoolhos CMS v2.29 - userberita SQL injection Vulnerability
  • From: Vulnerability Lab
• [FD] Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability
  • From: Vulnerability Lab
• [FD] Apple iOS 10.1 - Multiple Access Permission Vulnerabilities
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic
  • From: SEC Consult Vulnerability Lab
• [FD] CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details
  • From: Berend-Jan Wever
• [FD] [ndhXV] Call For Paper - 15th anniversary - 24-25 June 2017
  • From: Freeman
• [FD] CFP - BloomCON 0x02 - March 24-25, 2017 Bloomsburg, PA
  • From: Philip Polstra
• Re: [FD] Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability
  • From: Simon Waters (Surevine)
• [FD] Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin
  • From: Summer of Pwnage