Mail Thread Index

• Date Index

• [FD] Vulnerability Open Redirect LogicBoard CMS, Estación Informática
• [FD] Viscosity for Windows 1.6.7 Privilege Escalation, Kacper Szurek
• [FD] QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and "Heack Combo" to pwn, bashis
• [FD] Cross-Site Scripting vulnerability in Bitrix Site Manager, MustLive
• [FD] secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server, Tobias Glemser
  • <Possible follow-ups>
  • [FD] secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server, Tobias Glemser
• [FD] ZoneMinder - multiple vulnerabilities, John Marzella
• [FD] [KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability, Egidio Romano
• [FD] Teleopti WFM <= 7.1.0 Multiple Vulnerabilities, Graph-X
• [FD] IVPN Client for Windows 2.6.6120.33863 Privilege Escalation, Kacper Szurek
• [FD] Remote DoS against OpenBSD http server (up to 6.0), Pierre Kim
• [FD] interpreter bugs, Andrzej Dyjak
• [FD] Call for Papers: FIRST Amsterdam Technical Colloquium (TC) April 2017, Jeff Bollinger
• [FD] SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server, SEC Consult Vulnerability Lab
• [FD] Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion, Wiswat A
• [FD] Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege, Stefan Kanthak
• [FD] Authentication bypass vulnerability in Western Digital My Cloud, Securify B.V.
• [FD] TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules, Pierre Kim
• [FD] [Call for Papers] InfoSec2017 in Bratislava, Slovakia | June 29-July 1, 2017, Sandra Evans
• [FD] WordPress Plugin Easy Table 1.6 - Persistent Cross-Site Scripting, Manuel Garcia Cardenas
• [FD] CVE-2017-5670 : Riverbed RiOS insecure cryptographic storage, Sydream Labs
• [FD] CFP for Speaker Workshops at the Packet Hacking Village at DEF CON 25 Now Open, Ming
• [FD] [Kodi v17.1] - Local File Inclusion, Eric Flokstra
• [FD] ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation, Kacper Szurek
• [FD] Backdoored Web Application v.1.0.2, MustLive
• [FD] KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write, KoreLogic Disclosures
• [FD] KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability, KoreLogic Disclosures
• [FD] KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability, KoreLogic Disclosures
• [FD] Advisory X41-2017-002: Multiple Vulnerabilities in ytnef, X41 D-Sec GmbH Advisories
• [FD] Suricata IDS - IPv4 evasion, Jérémy BEAUME
• [FD] CVE-2017-5344 : dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1, Ben N
• [FD] QNAP QTS 4.2.x multiple vulnerabilities, Harry Sintonen
• [FD] Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS, Curesec Research Team (CRT)
• [FD] Elefant CMS 1.3.12-RC: CSRF, Curesec Research Team (CRT)
• [FD] Plone: XSS, Curesec Research Team (CRT)
• [FD] Elefant CMS 1.3.12-RC: Code Execution, Curesec Research Team (CRT)
  • <Possible follow-ups>
  • [FD] Elefant CMS 1.3.12-RC: Code Execution, Curesec Research Team (CRT)
• [FD] "long" filenames mishandled by Fujitsu's ScanSnap software, Stefan Kanthak
• [FD] Lithium Forum - (Compose Message) SSRF Vulnerability, Vulnerability Lab
• [FD] Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities, Vulnerability Lab
• [FD] PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] Album Lock v4.0 iOS - Directory Traversal Vulnerability, Vulnerability Lab
• [FD] Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass, hyp3rlinx
• [FD] PHPShell v2.4 Session Fixation, hyp3rlinx
• [FD] PHPShell v2.4 Cross Site Scripting, hyp3rlinx
• [FD] APPLE-SA-2017-02-21-1 GarageBand 10.1.6, Apple Product Security
• [FD] APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1, Apple Product Security
• [FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution, Kroppoloe
  • Re: [FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution, Kroppoloe
• [FD] Recon Montreal 2017 Call For Papers - June 16 - 18 - Montreal, Canada, cfpmontreal2017
• [FD] Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0), Ian Ling
• [FD] Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass, Timothy D. Morgan
• [FD] Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router, Indrajith AN
  • <Possible follow-ups>
  • [FD] Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router, Indrajith AN
• [FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks, Matthias Deeg
• [FD] Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability, Vulnerability Lab
• [FD] ProjectSend r754 - IDOR & Authentication Bypass Vulnerability, Vulnerability Lab
• [FD] Synology NAS "Auto Block IP" bypass and hide real IP in Synology logs, bashis
• [FD] EasyCom PHP API Stack Buffer Overflow, hyp3rlinx
• [FD] EasyCom SQL iPlug Denial Of Service, hyp3rlinx
• [FD] Teradici Management Console 2.2.0 - Privilege Escalation, Harrison Neal
• [FD] Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities, Vulnerability Lab
• [FD] Advisory X41-2017-004: Multiple Vulnerabilities in tnef, X41 D-Sec GmbH Advisories
• [FD] Unicorn Emulator v1.0 is out!, Nguyen Anh Quynh
• [FD] WordPress Plugin Kama Click Counter 3.4.9 - Blind SQL Injection, Manuel Garcia Cardenas
• [FD] CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6, Jason Geffner
• [FD] CVE-2017-6061 - SAP BusinessObjects XSS, NL Deloitte Zero Day (NL - Amsterdam)
• [FD] D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities, Felipe Soares de Souza