Mail Index

• Thread Index

• [FD] CVE-2017-6189-Amazon Kindle for Windows
  • From: Nitesh Shilpkar
• [FD] Advisory X41-2017-001: Multiple Vulnerabilities in X.org
  • From: X41 D-Sec GmbH Advisories
• [FD] Multiple persistent Cross-Site Scripting vulnerabilities in osTicket
  • From: Securify B.V.
• [FD] Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field
  • From: Summer of Pwnage
• [FD] Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Trust Form WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in WP-Filebase Download Manager WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in WP-SpamFree Anti-Spam WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery in File Manager WordPress plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery in Global Content Blocks WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin
  • From: Summer of Pwnage
• [FD] Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability
  • From: Summer of Pwnage
• [FD] Persistent Cross-Site Scripting in the WordPress NewStatPress plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting vulnerability in Tribulant Slideshow Galleries WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery in WordPress Download Manager Plugin
  • From: Summer of Pwnage
• [FD] Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery in Atahualpa WordPress Theme
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Atahualpa WordPress Theme
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Magic Fields 1 WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin
  • From: Summer of Pwnage
• [FD] VaultPress - Remote Code Execution via Man in The Middle attack
  • From: Summer of Pwnage
• [FD] WordPress Adminer plugin allows public (local) database login
  • From: Summer of Pwnage
• [FD] Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery
  • From: Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
  • From: Summer of Pwnage
• [FD] Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
  • From: Summer of Pwnage
• [FD] Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin
  • From: Summer of Pwnage
• Re: [FD] Teradici Management Console 2.2.0 - Privilege Escalation
  • From: Jack Cha
• [FD] Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] Veritas NetBackup v6.x, v7.x, v8.0 and NetBackup appliances v2.x, v3.0 - Multiple Critical Vulnerabilities
  • From: Sven Blumenstein
• [FD] SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave
  • From: SEC Consult Vulnerability Lab
• [FD] New BlackArch Linux ISOs (2017.03.01) released!
  • From: Black Arch
• [FD] Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0
  • From: Larry W. Cashdollar
• [FD] Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe
  • From: Stefan Kanthak
• [FD] Call for Papers for 5th Balkan Computer Congress – BalCCon2k17
  • From: Milos Krasojevic
• [FD] CVE-2017-6443: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00
  • From: Michael Benich
• [FD] Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
  • From: Kyle Neideck
• [FD] 0-Day: Dahua backdoor Generation 2 and 3
  • From: bashis
• [FD] Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe
  • From: Stefan Kanthak
• Re: [FD] 0-Day: Dahua backdoor Generation 2 and 3
  • From: Chris Holland
• [FD] CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility
  • From: Aromal Raj
• [FD] OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)
  • From: Wolfgang
• [FD] CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility
  • From: Aromal Raj
• [FD] Cross-Site Request Forgery in WordPress Press This function allows DoS
  • From: Summer of Pwnage
• [FD] WordPress audio playlist functionality is affected by Cross-Site Scripting
  • From: Summer of Pwnage
• [FD] [Tool] Docker Scan: Security analysis tools for Docker Images and Docker Registries
  • From: cr0hn
• Re: [FD] Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe
  • From: fulldisclosure
• Re: [FD] 0-Day: Dahua backdoor Generation 2 and 3
  • From: bashis
• [FD] Western Digital My Cloud vulnerable to multiple command injection vulnerabilities
  • From: Securify B.V.
• [FD] SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud
  • From: SEC Consult Vulnerability Lab
• [FD] Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability
  • From: Securify B.V.
• [FD] Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution
  • From: Securify B.V.
• [FD] Bypassing Authentication on iball Baton Routers
  • From: Indrajith AN
• [FD] Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead
  • From: Pierre Kim
• [FD] SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint
  • From: SEC Consult Vulnerability Lab
• [FD] SICUNET Physical Access Controller - Multiple Vulnerabilities
  • From: Andrew Griffiths
• [FD] FTP Voyager Scheduler v16.2.0 CSRF Remote Command Execution
  • From: hyp3rlinx
• [FD] Bypassing Authentication on iball Baton Routers
  • From: Indrajith AN
• [FD] CVE-2017-6466 - Remote Code Execution under SYSTEM via MITM in F-Secure AV
  • From: Martin Kolárik
• [FD] Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application
  • From: Nicholas von Pechmann
• [FD] Hardwear.io Call For Papers 2017 is open!
  • From: Yuliya Pliavaka
• [FD] CVE-2017-6550: Kinsey Infor-Lawson - Multiple SQL Injections
  • From: Michael Benich
• [FD] DAVOSET v.1.3
  • From: MustLive
• [FD] KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery
  • From: KoreLogic Disclosures
• [FD] CVE-2017-6805 MobaXterm Personal Edition v9.4 Directory Traversal File Disclosure
  • From: hyp3rlinx
• [FD] Aleph Research: Attacking Nexus 9 with Malicious Headphones (CVE-2017-0510)
  • From: Roee Hay
• [FD] URL spoofing in UC browser.
  • From: x ksi
• [FD] Microsoft Edge Fetch API allows setting of arbitrary request headers
  • From: Securify B.V.
• [FD] SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [FD] Microsoft Windows "LoadUvsTable()" Buffer Overflow Vulnerability
  • From: Hossein Lotfi
• [FD] Windows DVD Maker XML External Entity File Disclosure
  • From: hyp3rlinx
• [FD] Axis Camera Multiple Vulnerabilities
  • From: David Wearing
• [FD] USB Pratirodh XML External Entity Injection Vulnerability
  • From: Sachin Wagh
• [FD] USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
  • From: Sachin Wagh
• [FD] Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)
  • From: Sachin Wagh
• [FD] phplist 3.2.6: SQL Injection
  • From: Curesec Research Team (CRT)
• [FD] phplist 3.2.6: XSS
  • From: Curesec Research Team (CRT)
• [FD] HumHub 1.0.1: XSS
  • From: Curesec Research Team (CRT)
• [FD] HumHub 0.20.1 / 1.0.0-beta.3: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] [CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
  • From: 陈彦羽
• [FD] TS Session Hijacking / Privilege escalation all windows versions
  • From: Alexander Korznikov
• [FD] CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
  • From: hyp3rlinx
• [FD] Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.
  • From: Indrajith AN
• Re: [FD] TS Session Hijacking / Privilege escalation all windows versions
  • From: Kevin Beaumont
• Re: [FD] 0-Day: Dahua backdoor Generation 2 and 3
  • From: bashis
• Re: [FD] SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
  • From: Carlos Silva
• Re: [FD] Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
  • From: Thomas Deutschmann
• [FD] Adium vulnerable to remote code execution via libpurple
  • From: erythronium23
• [FD] SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
  • From: SEC Consult Vulnerability Lab
• [FD] [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
  • From: ERPScan inc
• [FD] QNAP QTS Domain Privilege Escalation Vulnerability
  • From: Pasquale Fiorillo
• [FD] [CVE-2017-6087] EON 5.0 Remote Code Execution
  • From: Sydream Labs
• [FD] [CVE-2017-6088] EON 5.0 Multiple SQL Injection
  • From: Sydream Labs
• [FD] [CVE-2017-5869] Nuxeo Platform remote code execution
  • From: Sydream Labs
• [FD] APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-22-2 iTunes for Mac 12.6
  • From: Apple Product Security
• [FD] Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform
  • From: Francisco Amato
• [FD] Defense in depth -- the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier"
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
  • From: Stefan Kanthak
• [FD] [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal
  • From: Jens Regel
• [FD] [FOXMOLE SA 2017-01-25] inoERP - Multiple Issues
  • From: FOXMOLE Advisories
• [FD] pfsense 2.3.2: Code Execution
  • From: Curesec Research Team (CRT)
• [FD] pfsense 2.3.2: XSS
  • From: Curesec Research Team (CRT)
• [FD] pfsense 2.3.2: CSRF
  • From: Curesec Research Team (CRT)
• [FD] Vulnerabilities in Transcend Wi-Fi SD Card
  • From: MustLive
• [FD] APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
  • From: Apple Product Security
• [FD] CVE-2017-5900
  • From: Luke Symons
• [FD] DzSoft PHP Editor v4.2.7 File Enumeration [**UPDATED FIXED TYPO]
  • From: hyp3rlinx
• [FD] Outlook Remote Crashing Bug
  • From: Haifei Li
• Re: [FD] Vulnerabilities in Transcend Wi-Fi SD Card
  • From: Joey Kelly
• [FD] APPLE-SA-2017-03-27-2 Safari 10.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-27-4 iOS 10.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-27-5 watchOS 3.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-27-7 macOS Server 5.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
  • From: Apple Product Security
• Re: [FD] Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
  • From: Stefan Kanthak
• [FD] Hidden malicious modules in MS VBA (Visual Basic for Applications)
  • From: Thegrideon Software
• [FD] APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
  • From: Apple Product Security
• [FD] Splunk Enterprise Information Theft - CVE-2017-5607
  • From: hyp3rlinx
• Re: [FD] Hidden malicious modules in MS VBA (Visual Basic for Applications
  • From: Douglas Held