Mail Index

• Thread Index

• [FD] Vulnerability Open Redirect LogicBoard CMS
  • From: Estación Informática
• [FD] Viscosity for Windows 1.6.7 Privilege Escalation
  • From: Kacper Szurek
• [FD] QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and "Heack Combo" to pwn
  • From: bashis
• [FD] Cross-Site Scripting vulnerability in Bitrix Site Manager
  • From: MustLive
• [FD] secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
  • From: Tobias Glemser
• [FD] secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
  • From: Tobias Glemser
• [FD] ZoneMinder - multiple vulnerabilities
  • From: John Marzella
• [FD] [KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] Teleopti WFM <= 7.1.0 Multiple Vulnerabilities
  • From: Graph-X
• [FD] IVPN Client for Windows 2.6.6120.33863 Privilege Escalation
  • From: Kacper Szurek
• [FD] Remote DoS against OpenBSD http server (up to 6.0)
  • From: Pierre Kim
• [FD] interpreter bugs
  • From: Andrzej Dyjak
• [FD] Call for Papers: FIRST Amsterdam Technical Colloquium (TC) April 2017
  • From: Jeff Bollinger
• [FD] SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server
  • From: SEC Consult Vulnerability Lab
• [FD] Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion
  • From: Wiswat A
• [FD] Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege
  • From: Stefan Kanthak
• [FD] Authentication bypass vulnerability in Western Digital My Cloud
  • From: Securify B.V.
• [FD] TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules
  • From: Pierre Kim
• [FD] [Call for Papers] InfoSec2017 in Bratislava, Slovakia | June 29-July 1, 2017
  • From: Sandra Evans
• [FD] WordPress Plugin Easy Table 1.6 - Persistent Cross-Site Scripting
  • From: Manuel Garcia Cardenas
• [FD] CVE-2017-5670 : Riverbed RiOS insecure cryptographic storage
  • From: Sydream Labs
• [FD] CFP for Speaker Workshops at the Packet Hacking Village at DEF CON 25 Now Open
  • From: Ming
• [FD] [Kodi v17.1] - Local File Inclusion
  • From: Eric Flokstra
• [FD] ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation
  • From: Kacper Szurek
• [FD] Backdoored Web Application v.1.0.2
  • From: MustLive
• [FD] KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability
  • From: KoreLogic Disclosures
• [FD] Advisory X41-2017-002: Multiple Vulnerabilities in ytnef
  • From: X41 D-Sec GmbH Advisories
• [FD] Suricata IDS - IPv4 evasion
  • From: Jérémy BEAUME
• [FD] CVE-2017-5344 : dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1
  • From: Ben N
• [FD] QNAP QTS 4.2.x multiple vulnerabilities
  • From: Harry Sintonen
• [FD] Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS
  • From: Curesec Research Team (CRT)
• [FD] Elefant CMS 1.3.12-RC: CSRF
  • From: Curesec Research Team (CRT)
• [FD] Plone: XSS
  • From: Curesec Research Team (CRT)
• [FD] Elefant CMS 1.3.12-RC: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] Elefant CMS 1.3.12-RC: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] "long" filenames mishandled by Fujitsu's ScanSnap software
  • From: Stefan Kanthak
• [FD] Lithium Forum - (Compose Message) SSRF Vulnerability
  • From: Vulnerability Lab
• [FD] Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities
  • From: Vulnerability Lab
• [FD] PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] Album Lock v4.0 iOS - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• [FD] Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass
  • From: hyp3rlinx
• [FD] PHPShell v2.4 Session Fixation
  • From: hyp3rlinx
• [FD] PHPShell v2.4 Cross Site Scripting
  • From: hyp3rlinx
• [FD] APPLE-SA-2017-02-21-1 GarageBand 10.1.6
  • From: Apple Product Security
• [FD] APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
  • From: Apple Product Security
• [FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
  • From: Kroppoloe
• Re: [FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
  • From: Kroppoloe
• [FD] Recon Montreal 2017 Call For Papers - June 16 - 18 - Montreal, Canada
  • From: cfpmontreal2017
• [FD] Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0)
  • From: Ian Ling
• [FD] Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass
  • From: Timothy D. Morgan
• [FD] Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router
  • From: Indrajith AN
• [FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• [FD] ProjectSend r754 - IDOR & Authentication Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] Synology NAS "Auto Block IP" bypass and hide real IP in Synology logs
  • From: bashis
• [FD] EasyCom PHP API Stack Buffer Overflow
  • From: hyp3rlinx
• [FD] EasyCom SQL iPlug Denial Of Service
  • From: hyp3rlinx
• [FD] Teradici Management Console 2.2.0 - Privilege Escalation
  • From: Harrison Neal
• [FD] Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Advisory X41-2017-004: Multiple Vulnerabilities in tnef
  • From: X41 D-Sec GmbH Advisories
• [FD] Unicorn Emulator v1.0 is out!
  • From: Nguyen Anh Quynh
• [FD] Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router
  • From: Indrajith AN
• [FD] WordPress Plugin Kama Click Counter 3.4.9 - Blind SQL Injection
  • From: Manuel Garcia Cardenas
• [FD] CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
  • From: Jason Geffner
• [FD] CVE-2017-6061 - SAP BusinessObjects XSS
  • From: NL Deloitte Zero Day (NL - Amsterdam)
• [FD] D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
  • From: Felipe Soares de Souza