Mail Thread Index

Date Index

[FD] Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network), Vulnerability Lab
[FD] Google Chrome Accessibility blink::Node corruption details, Berend-Jan Wever
[FD] Opera foreignObject textNode::removeChild use-after-free details, Berend-Jan Wever
[FD] [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues, FOXMOLE Advisories
[FD] CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details, Berend-Jan Wever
[FD] Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21, Pierre-David Oriol - Northsec Conference
[FD] Eagle Speed USB MODEM SOFTWARE Privilege Escalation, Rio Sherri
[FD] XSS in tooltip plugin of Zurb Foundation 5, Winni Neessen
[FD] WinPower V4.9.0.4 Privilege Escalation, Kacper Szurek
[FD] New CSRF vulnerabilities in D-Link DAP-1360, MustLive
[FD] CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free, Berend-Jan Wever
[FD] Microsoft Windows Media Center "ehshell.exe" XML External Entity, hyp3rlinx
[FD] Microsoft Excel Starter 2010 XML External Entity, hyp3rlinx
[FD] Microsoft Authorization Manager "azman" XML External Entity, hyp3rlinx
[FD] Microsoft MSINFO32.EXE ".NFO" Files XML External Entity, hyp3rlinx
[FD] Microsoft Event Viewer v1.0 XML External Entity, hyp3rlinx
[FD] CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption, Berend-Jan Wever
- Re: [FD] CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption, Berend-Jan Wever
[FD] CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used, Eissing Stefan
[FD] CFP - 31c0n - Feb 2017, New Zealand, 31c0n
[FD] Insecure Transmission of Qualcomm Assisted-GPS Data [CVE-2016-5341], Nightwatch Cybersecurity Research
[FD] Microsoft PowerShell XML External Entity, hyp3rlinx
[FD] DAVOSET v.1.2.9, MustLive
[FD] SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras, SEC Consult Vulnerability Lab
[FD] AST-2016-008: Crash on SDP offer or answer from endpoint using Opus, Asterisk Security Team
[FD] AST-2016-009: <br>, Asterisk Security Team
[FD] CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC, Berend-Jan Wever
[FD] CVE-2013-1309:, Berend-Jan Wever
[FD] CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details, Berend-Jan Wever
[FD] Splunk Enterprise Server-Side Request Forgery, Francesco Oddo
[FD] Gstreamer ID3v2 v1.0 - Out of Bounds Read, Joshua
[FD] Roundcube 1.2.2: Command Execution via Email, Martin Bednorz
[FD] Dual DHCP DNS Server 7.29 Buffer Overflow (Dos), Rio Sherri
[FD] [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security, ESNC Security
[FD] MSIE 9 MSHTML CElement::HasFlag memory corruption, Berend-Jan Wever
[FD] Broken access control on bluemix containers, Oscar Martinez
[FD] CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin), dxw Security
[FD] Reflected XSS in Social Pug – Easy Social Share Buttons could allow an attacker to do almost anything an admin user can (WordPress plugin), dxw Security
[FD] Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability, Summer of Pwnage
[FD] Apple iOS/tvOS/watchOS Remote memory corruption through certificate file, [CXSEC]
[FD] CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free, Berend-Jan Wever
[FD] APPLE-SA-2016-12-12-1 iOS 10.2, Apple Product Security
[FD] APPLE-SA-2016-12-12-2 watchOS 3.1.1, Apple Product Security
[FD] APPLE-SA-2016-12-12-3 tvOS 10.1, Apple Product Security
[FD] SQL injection in Joomla extension DT Register, Elar Lang
- <Possible follow-ups>
- Re: [FD] SQL injection in Joomla extension DT Register, Elar Lang
[FD] Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability, hyp3rlinx
[FD] MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free, Berend-Jan Wever
[FD] APPLE-SA-2016-12-13-1 macOS 10.12.2, Apple Product Security
[FD] APPLE-SA-2016-12-13-2 Safari 10.0.2, Apple Product Security
[FD] APPLE-SA-2016-12-13-3 iTunes 12.5.4, Apple Product Security
[FD] APPLE-SA-2016-12-13-4 iCloud for Windows v6.1, Apple Product Security
[FD] APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2, Apple Product Security
[FD] APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1, Apple Product Security
[FD] APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1, Apple Product Security
[FD] APPLE-SA-2016-12-13-8 Transporter 1.9.2, Apple Product Security
[FD] Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin), dxw Security
[FD] CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free, Berend-Jan Wever
[FD] Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565], Dawid Golunski
[FD] Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566], Dawid Golunski
[FD] XenForo 1.5.x Unauthenticated Remote Code Injection, Vishal Mishra
- Re: [FD] XenForo 1.5.x Unauthenticated Remote Code Injection, Julien Ahrens
[FD] MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free, Berend-Jan Wever
[FD] CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free, Berend-Jan Wever
[FD] CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin), dxw Security
[FD] CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR, Berend-Jan Wever
[FD] Hotlinking Vulnerability in Glype (All Versions), Celso Bento
[FD] CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free, Berend-Jan Wever
[FD] New BlackArch Linux ISOs (2016.12.20) released!, Black Arch
[FD] [ERPSCAN-16-035] SAP Solman - user accounts disclosure, ERPScan inc
[FD] NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue, VMware Security Response Center
[FD] CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow, Berend-Jan Wever
[FD] [0-day] RCE and admin credential disclosure in NETGEAR WNR2000, Pedro Ribeiro
[FD] copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin), dxw Security
[FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto, RedTeam Pentesting GmbH
- Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto, gremlin
  - Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto, Tim
    - Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto, Erik Auerswald
      - Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto, Tim
[FD] BlackArch Linux OVA Image released!, Black Arch
[FD] Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin), dxw Security
[FD] kernel vuln status question - how can I be protected, BENCSATH Boldizsar
[FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033], Dawid Golunski
- Re: [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033], Luigi Rosa
[FD] PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033], Dawid Golunski
[FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch), Dawid Golunski
[FD] Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege, Stefan Kanthak
[FD] SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074), Dawid Golunski

Mail converted by MHonArc