Mail Index

• Thread Index

• [FD] Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034)
  • From: Dawid Golunski
• [FD] CINtruder v0.3 released...
  • From: psy
• [FD] Advisories Unsafe Dll in Audacity, telegram and Akamai
  • From: filipe
• [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
  • From: jlss
• [FD] 0-day: QNAP NAS Devices suffer of heap overflow
  • From: bashis
• Re: [FD] 0-day: QNAP NAS Devices suffer of heap overflow
  • From: bashis
• Re: [FD] 0-day: QNAP NAS Devices suffer of heap overflow
  • From: bashis
• [FD] Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege
  • From: Stefan Kanthak
• [FD] Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege
  • From: Stefan Kanthak
• Re: [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
  • From: Moritz Naumann
• [FD] Stop User Enumeration does not stop user enumeration (WordPress plugin)
  • From: dxw Security
• Re: [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
  • From: David Black
• Re: [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
  • From: jlss
• [FD] CarolinaCon-13 - May 2017 - Call for Papers/Presenters and Attendees
  • From: Vic Vandal
• [FD] Trango Altum AC600 Default root Login
  • From: Ian Ling
• [FD] YSTS 11th Edition - CFP
  • From: Luiz Eduardo
• [FD] BSides Las Vegas 2017 CFP is open.
  • From: Daemon Tamer
• [FD] Hotlinking Vulnerability in PHProxy 0.5b2
  • From: Celso Bento
• [FD] enigma2-plugin-extensions-webadmin Remote Code Execution (IoT)
  • From: Fabian Fingerle
• [FD] pev 0.80 released
  • From: Fernando Mercês
• [FD] CSRF/XSS in Responsive Poll allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] Docker 1.12.6 - Security Advisory
  • From: Nathan McCauley
• Re: [FD] [oss-security] Docker 1.12.6 - Security Advisory
  • From: Kurt Seifried
• [FD] Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Bit Defender #39 - Auth Token Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability
  • From: Vulnerability Lab
• [FD] Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability
  • From: Vulnerability Lab
• Re: [FD] [oss-security] Docker 1.12.6 - Security Advisory
  • From: Andreas Stieger
• [FD] [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions
  • From: Sysdream Labs
• [FD] Multiple vulnerabilities in cPanel <= 60.0.34
  • From: Open Security
• [FD] ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)
  • From: Fernando Gont
• [FD] Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]
  • From: Dawid Golunski
• [FD] Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege
  • From: Stefan Kanthak
• [FD] Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability
  • From: Vulnerability Lab
• [FD] Salesforce (Event Registration) - Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Apple (iTunes Notify) - Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Security BSides Ljubljana 0x7E1 CFP - March 10, 2017
  • From: Andraz Sraka
• [FD] New exploit for new vulnerability in WordPress Plugin + tutorial
  • From: Diego
• [FD] Multiple RCE in ZyXEL / Billion / TrueOnline routers
  • From: Pedro Ribeiro
• [FD] Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software
  • From: Roberto Soares
• [FD] EuskalHack Security Congress CFP
  • From: Joxean Koret
• [FD] SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page)
  • From: SEC Consult Vulnerability Lab
• [FD] Announce Keypatch v2.1, a better assembler for IDA Pro!
  • From: Nguyen Anh Quynh
• [FD] APPLE-SA-2017-01-18-1 GarageBand 10.1.5
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-18-2 Logic Pro X 10.3
  • From: Apple Product Security
• [FD] [ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE
  • From: ERPScan inc
• [FD] [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE
  • From: ERPScan inc
• [FD] CALL FOR PAPERS - br3aking c0de
  • From: Estación Informática
• [FD] Persistent XSS in Ghost 0.11.3
  • From: Patrick
• [FD] [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection
  • From: Julien Ahrens
• [FD] Tap 'n' Sniff
  • From: Curesec Research Team (CRT)
• [FD] Apple iOS 10.2 (Notify - iTunes) - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
  • From: Stefan Kanthak
• [FD] GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]
  • From: Taoguang Chen
• [FD] RVAsec 2017 Call for Presentations
  • From: Sullo
• [FD] [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300
  • From: ERPScan inc
• [FD] CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS
  • From: ERPScan inc
• [FD] APPLE-SA-2017-01-23-1 iOS 10.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-23-2 macOS 10.12.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-23-3 watchOS 3.1.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-23-4 tvOS 10.1.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-23-5 Safari 10.0.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1
  • From: Apple Product Security
• Re: [FD] Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
  • From: Ding Dong
• [FD] New mailing-list on IoT hacking
  • From: Fernando Gont
• [FD] WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass
  • From: Kacper Szurek
• [FD] APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5
  • From: Apple Product Security
• Re: [FD] Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
  • From: Stefan Kanthak
• [FD] Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] CMS Commander Client WordPress Plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] Call for Papers: DigitalSec2017 in Kuala Lumpur, Malaysia on July 11-13, 2017
  • From: Sandra Evans
• [FD] Digital Ocean ssh key authentication security risk -- password authentication is re-enabled
  • From: Daniel Elebash
• [FD] Privilege Escalation in VirtualBox (CVE-2017-3316)
  • From: Wolfgang
• [FD] Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification
  • From: Summer of Pwnage
• [FD] Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
  • From: Summer of Pwnage
• [FD] SEC Consult SA-20170130-0 :: XSS & CSRF in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [FD] New BlackArch Linux ISOs (2017.01.28) released!
  • From: Black Arch
• [FD] BSidesHannover 2017!
  • From: Daniel Busch
• [FD] secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines")
  • From: Simon Bieber
• Re: [FD] Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21
  • From: Olivier Bilodeau
• Re: [FD] Digital Ocean ssh key authentication security risk -- password authentication is re-enabled
  • From: gp
• Re: [FD] Digital Ocean ssh key authentication security risk -- password authentication is re-enabled
  • From: Daniel Elebash
• [FD] Free ebook to learn ethical hacking techniques
  • From: Sparc Flow
• [FD] Sophos Web Appliance - Block & Unblock IPs Remote Command Injection (CVE-2016-9553)
  • From: Russell Sanford
• Re: [FD] [0-day] RCE and admin credential disclosure in NETGEAR WNR2000
  • From: Pedro Ribeiro
• [FD] Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture
  • From: Jens Müller
• [FD] Hacking Printers Advisory 2/6: Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL
  • From: Jens Müller
• [FD] Hacking Printers Advisory 5/6: HP printers restoring factory defaults through PML commands
  • From: Jens Müller
• [FD] Hacking Printers Advisory 4/6: Multiple vendors buffer overflow in LPD daemon and PJL interpreter
  • From: Jens Müller
• [FD] Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands
  • From: Jens Müller
• [FD] Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands
  • From: Jens Müller
• [FD] PEAR Base System v1.10.1 Arbitrary File Download
  • From: hyp3rlinx
• [FD] [REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities
  • From: Matteo Beccati
• Re: [FD] [0-day] RCE and admin credential disclosure in NETGEAR WNR2000
  • From: Netgear Security
• [FD] Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking
  • From: Stefan Kanthak