Mail Index

• Thread Index

• [FD] Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network)
  • From: Vulnerability Lab
• [FD] Google Chrome Accessibility blink::Node corruption details
  • From: Berend-Jan Wever
• [FD] Opera foreignObject textNode::removeChild use-after-free details
  • From: Berend-Jan Wever
• [FD] [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues
  • From: FOXMOLE Advisories
• [FD] CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details
  • From: Berend-Jan Wever
• [FD] Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21
  • From: Pierre-David Oriol - Northsec Conference
• [FD] Eagle Speed USB MODEM SOFTWARE Privilege Escalation
  • From: Rio Sherri
• [FD] XSS in tooltip plugin of Zurb Foundation 5
  • From: Winni Neessen
• [FD] WinPower V4.9.0.4 Privilege Escalation
  • From: Kacper Szurek
• [FD] New CSRF vulnerabilities in D-Link DAP-1360
  • From: MustLive
• [FD] CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free
  • From: Berend-Jan Wever
• [FD] Microsoft Windows Media Center "ehshell.exe" XML External Entity
  • From: hyp3rlinx
• [FD] Microsoft Excel Starter 2010 XML External Entity
  • From: hyp3rlinx
• [FD] Microsoft Authorization Manager "azman" XML External Entity
  • From: hyp3rlinx
• [FD] Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
  • From: hyp3rlinx
• [FD] Microsoft Event Viewer v1.0 XML External Entity
  • From: hyp3rlinx
• [FD] CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption
  • From: Berend-Jan Wever
• [FD] CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
  • From: Eissing Stefan
• [FD] CFP - 31c0n - Feb 2017, New Zealand
  • From: 31c0n
• [FD] Insecure Transmission of Qualcomm Assisted-GPS Data [CVE-2016-5341]
  • From: Nightwatch Cybersecurity Research
• [FD] Microsoft PowerShell XML External Entity
  • From: hyp3rlinx
• [FD] DAVOSET v.1.2.9
  • From: MustLive
• Re: [FD] CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption
  • From: Berend-Jan Wever
• [FD] SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras
  • From: SEC Consult Vulnerability Lab
• [FD] AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
  • From: Asterisk Security Team
• [FD] AST-2016-009: <br>
  • From: Asterisk Security Team
• [FD] CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC
  • From: Berend-Jan Wever
• [FD] CVE-2013-1309:
  • From: Berend-Jan Wever
• [FD] CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details
  • From: Berend-Jan Wever
• [FD] Splunk Enterprise Server-Side Request Forgery
  • From: Francesco Oddo
• [FD] Gstreamer ID3v2 v1.0 - Out of Bounds Read
  • From: Joshua
• [FD] Roundcube 1.2.2: Command Execution via Email
  • From: Martin Bednorz
• [FD] Dual DHCP DNS Server 7.29 Buffer Overflow (Dos)
  • From: Rio Sherri
• [FD] [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security
  • From: ESNC Security
• [FD] MSIE 9 MSHTML CElement::Has­Flag memory corruption
  • From: Berend-Jan Wever
• [FD] Broken access control on bluemix containers
  • From: Oscar Martinez
• [FD] CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin)
  • From: dxw Security
• [FD] Reflected XSS in Social Pug – Easy Social Share Buttons could allow an attacker to do almost anything an admin user can (WordPress plugin)
  • From: dxw Security
• [FD] Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
  • From: [CXSEC]
• [FD] CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free
  • From: Berend-Jan Wever
• [FD] APPLE-SA-2016-12-12-1 iOS 10.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-12-2 watchOS 3.1.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-12-3 tvOS 10.1
  • From: Apple Product Security
• [FD] SQL injection in Joomla extension DT Register
  • From: Elar Lang
• [FD] Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability
  • From: hyp3rlinx
• [FD] MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free
  • From: Berend-Jan Wever
• [FD] APPLE-SA-2016-12-13-1 macOS 10.12.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-2 Safari 10.0.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-3 iTunes 12.5.4
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-4 iCloud for Windows v6.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1
  • From: Apple Product Security
• [FD] APPLE-SA-2016-12-13-8 Transporter 1.9.2
  • From: Apple Product Security
• [FD] Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin)
  • From: dxw Security
• [FD] CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free
  • From: Berend-Jan Wever
• [FD] Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]
  • From: Dawid Golunski
• [FD] Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566]
  • From: Dawid Golunski
• [FD] XenForo 1.5.x Unauthenticated Remote Code Injection
  • From: Vishal Mishra
• [FD] MSIE 9 IEFRAME CMarkup­Pointer::Move­To­Gap use-after-free
  • From: Berend-Jan Wever
• [FD] CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
  • From: Berend-Jan Wever
• Re: [FD] XenForo 1.5.x Unauthenticated Remote Code Injection
  • From: Julien Ahrens
• [FD] CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• Re: [FD] SQL injection in Joomla extension DT Register
  • From: Elar Lang
• [FD] CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR
  • From: Berend-Jan Wever
• [FD] Hotlinking Vulnerability in Glype (All Versions)
  • From: Celso Bento
• [FD] CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
  • From: Berend-Jan Wever
• [FD] New BlackArch Linux ISOs (2016.12.20) released!
  • From: Black Arch
• [FD] [ERPSCAN-16-035] SAP Solman - user accounts disclosure
  • From: ERPScan inc
• [FD] NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue
  • From: VMware Security Response Center
• [FD] CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow
  • From: Berend-Jan Wever
• [FD] [0-day] RCE and admin credential disclosure in NETGEAR WNR2000
  • From: Pedro Ribeiro
• [FD] copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin)
  • From: dxw Security
• [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
  • From: RedTeam Pentesting GmbH
• [FD] BlackArch Linux OVA Image released!
  • From: Black Arch
• [FD] Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)
  • From: dxw Security
• [FD] kernel vuln status question - how can I be protected
  • From: BENCSATH Boldizsar
• [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]
  • From: Dawid Golunski
• Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
  • From: gremlin
• [FD] PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]
  • From: Dawid Golunski
• [FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
  • From: Dawid Golunski
• Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
  • From: Tim
• Re: [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]
  • From: Luigi Rosa
• [FD] Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege
  • From: Stefan Kanthak
• Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
  • From: Erik Auerswald
• [FD] SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
  • From: Dawid Golunski
• Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
  • From: Tim