Mail Index

• Thread Index

• [FD] SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function
  • From: SEC Consult Vulnerability Lab
• [FD] Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)
  • From: David Coomber
• [FD] CVE Request -- mapr: information disclosure vulnerability
  • From: Mark Felder
• [FD] Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09
  • From: pratik shah
• [FD] APPLE-SA-2017-04-03-1 iOS 10.3.1
  • From: Apple Product Security
• [FD] AST-2017-001: Buffer overflow in CDR's set user
  • From: Asterisk Security Team
• [FD] Dell OpenManage Server Administrator v8.4: CVE-2016-4004 Addendum
  • From: Harrison Neal
• [FD] CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service
  • From: Advisories
• [FD] ManageEngine Applications Manager Multiple Vulnerabilities
  • From: ljj
• [FD] Inchoo Facebook Connect Extension for Magento Parameter XSS
  • From: Patrick Webster via Fulldisclosure
• [FD] Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure
  • From: Patrick Webster via Fulldisclosure
• [FD] AirWatch Self Service Portal Username Parameter LDAP Injection
  • From: Patrick Webster via Fulldisclosure
• [FD] Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
  • From: Patrick Webster via Fulldisclosure
• [FD] Lotus Protector for Mail Security remote code execution
  • From: Patrick Webster via Fulldisclosure
• [FD] Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
  • From: Patrick Webster via Fulldisclosure
• [FD] Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
  • From: Patrick Webster via Fulldisclosure
• [FD] Tweek!DM Document Management Authentication bypass, SQL injection
  • From: Patrick Webster via Fulldisclosure
• [FD] SilverStripe CMS - Path Disclosure
  • From: Patrick Webster via Fulldisclosure
• [FD] SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package
  • From: Patrick Webster via Fulldisclosure
• [FD] AcoraCMS browser redirect and Cross-site scripting vulnerabilities
  • From: Patrick Webster via Fulldisclosure
• [FD] Kaseya information disclosure vulnerability
  • From: Patrick Webster via Fulldisclosure
• [FD] iPlatinum iOneView Multiple Parameter Reflected XSS
  • From: Patrick Webster via Fulldisclosure
• [FD] Moodle URL Manipulation Remote Account Information Disclosure
  • From: Patrick Webster via Fulldisclosure
• [FD] DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal
  • From: DefenseCode
• [FD] Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload
  • From: hyp3rlinx
• [FD] Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)
  • From: David Coomber
• [FD] QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359)
  • From: Harry Sintonen
• [FD] APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android
  • From: Apple Product Security
• [FD] CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] [DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later)
  • From: DefenseCode
• [FD] SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum
  • From: SEC Consult Vulnerability Lab
• [FD] DAVOSET v.1.3.1
  • From: MustLive
• [FD] Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution
  • From: Stefan Kanthak
• [FD] LAquis SCADA Access Control Vulnerability
  • From: Karn Ganeshen
• [FD] Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] Cambium SNMP Security Vulnerabilities
  • From: Karn Ganeshen
• [FD] Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities
  • From: Karn Ganeshen
• [FD] DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions)
  • From: Ian Ling
• [FD] CVE Request:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4
  • From: Wester 95
• [FD] CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status
  • From: Wester 95
• [FD] CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings
  • From: Wester 95
• [FD] WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
  • From: Manuel Garcia Cardenas
• [FD] CVE-Request:stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations
  • From: Wester 95
• [FD] NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003
  • From: Rewanth Cool
• [FD] NSE Script for exploiting Directory traversal vulnerability in Wordpress
  • From: Rewanth Cool
• [FD] NSE scripts for XSS and session hijacking in AsusWRT
  • From: Rewanth Cool
• [FD] NSE Script for CVE 2017-6527
  • From: Rewanth Cool
• [FD] Moxa MXview v2.8 Remote Private Key Disclosure
  • From: hyp3rlinx
• [FD] CVE-2017-7456 MXview v2.8 Denial Of Service
  • From: hyp3rlinx
• [FD] Moxa MX AOPC-Server v1.5 XML External Entity
  • From: hyp3rlinx
• [FD] CVE Request:CSRF in Serendipity allows attacker installs any themes
  • From: Wester 95
• [FD] CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11)
  • From: Wester 95
• [FD] CVE Request:Directory Traversal in smilie module(MyBB <1.8.11)
  • From: Wester 95
• [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18
  • From: Mark Wadham
• [FD] SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
  • From: Maor Shwartz
• [FD] [SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89)
  • From: Matthias Deeg
• [FD] [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657)
  • From: Matthias Deeg
• [FD] ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode
  • From: Nightwatch Cybersecurity Research
• [FD] Multiple local privilege escalation vulnerabilities in Proxifier for Mac
  • From: Securify B.V.
• [FD] Microsoft Office OneNote 2007 DLL side loading vulnerability
  • From: Securify B.V.
• [FD] c0c0n X August 17-19, 2017 Call for Papers Open
  • From: Prajwal Panchmahalkar
• [FD] Proxifier for Mac 2.19 local root privesc
  • From: Mark Wadham
• Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18
  • From: Mark Wadham
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: 53+ WordPress plugins by BestWebSoft Multiple Cross-Site Scripting (XSS) Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)
  • From: DefenseCode
• [FD] Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation
  • From: hyp3rlinx
• [FD] Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
  • From: Securify B.V.
• [FD] CVE-2017-0199 PoC
  • From: David ROUTIN
• Re: [FD] [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657)
  • From: Nick Boyce
• [FD] Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
  • From: hyp3rlinx
• [FD] SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation
  • From: Maor Shwartz
• [FD] Cross-Site Request Forgery in WordPress Connection Information
  • From: Summer of Pwnage
• [FD] Unicorn Emulator v1.0.1 is out!
  • From: Nguyen Anh Quynh
• [FD] nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect
  • From: Kyriakos Economou
• [FD] [ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector
  • From: ERPScan inc
• [FD] [ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT
  • From: ERPScan inc
• [FD] [ERPSCAN-17-022] SSRF in PeopleSoft IMServlet
  • From: ERPScan inc
• [FD] SecretServerSecretStealer - An extraction utility for Thycotic Secret Server
  • From: Denis Andzakovic
• [FD] Code Injection through DLL Sideloading in 64bit Oracle Java
  • From: Florian Bogner
• [FD] CVE-2017-7991-SQL injection-Exponent CMS
  • From: 404 Not Found
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress AccessPress Social Icons Plugin Multiple SQL injection Security Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
  • From: DefenseCode
• [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Filippo Cavallarin
• Re: [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Dawid Golunski
• Re: [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Filippo Cavallarin
• Re: [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Dawid Golunski
• Re: [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Filippo Cavallarin
• [FD] Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
  • From: Securify B.V.
• [FD] Tales of SugarCRM Security Horrors
  • From: Egidio Romano
• [FD] KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials
  • From: KoreLogic Disclosures
• [FD] CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method
  • From: Andrey B. Panfilov
• [FD] OXATIS 'EMail' Cross Site Scripting Vulnerability
  • From: HTTPCS
• [FD] Flyspray 'real_name' Cross Site Scripting Vulnerability
  • From: HTTPCS
• Re: [FD] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Dawid Golunski
• [FD] Samsung Smart TV Wi-Fi Direct Improper Authentication
  • From: Info
• [FD] Dell Customer Connect 1.3.28.0 Privilege Escalation
  • From: Kacper Szurek
• [FD] SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation
  • From: SEC Consult Vulnerability Lab
• [FD] Security Issues in Alerton Webtalk (Auth Bypass, RCE)
  • From: David Tomaschik via Fulldisclosure
• [FD] Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
  • From: Vulnerability Lab
• [FD] Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X
  • From: Securify B.V.
• [FD] Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS
  • From: Securify B.V.
• [FD] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
  • From: Securify B.V.
• [FD] CVE-2017-7981: Tuleap Remote OS Command Injection
  • From: Ben N
• [FD] PRL and CSRF vulnerabilities in D-Link DAP-1360
  • From: MustLive
• [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
  • From: seclists