Mail Index

• Thread Index

• Re: [FD] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
  • From: Securify B.V.
• [FD] Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] Icecream v4.53 & Pro - File Permission Privilege Escalation
  • From: Vulnerability Lab
• [FD] Hola VPN v1.34 - Privilege Escalation Vulnerability
  • From: Vulnerability Lab
• [FD] Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability
  • From: Vulnerability Lab
• [FD] Zenario v7.6 - Persistent Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability
  • From: Vulnerability Lab
• Re: [FD] Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability
  • From: Brandon Perry
• Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
  • From: Daniel Wood
• [FD] [oss-security]Sourcetree arbitrary command execution
  • From: 洪宇
• [FD] [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15
  • From: Sysdream Labs
• [FD] [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin
  • From: Sysdream Labs
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability
  • From: DefenseCode
• [FD] SSD Advisory – Serviio Media Server Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] https://blogs.securiteam.com/index.php/archives/3171
  • From: Maor Shwartz
• [FD] Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563)
  • From: Roee Hay
• [FD] ES File Explorer android app snoops data to China Unicom network via insecure HTTP
  • From: seclists
• Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
  • From: seclists@email.tg
• [FD] Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege
  • From: Stefan Kanthak
• Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
  • From: Craig Young
• [FD] CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address
  • From: Zeng Wester
• [FD] Aleph Research: Google Nexus 9 SensorHub Firmware Downgrade Vulnerability (CVE-2017-0582)
  • From: Roee Hay
• Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
  • From: seclists
• [FD] CSRF/Stored XSS in MSMC – Redirect After Comment could allow unauthenticated individuals to do almost anything (WordPress plugin)
  • From: dxw Security
• [FD] Veritas Netbackup v8.0 - Multiple Vulnerabilities
  • From: Sven Blumenstein via Fulldisclosure
• [FD] SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager
  • From: SEC Consult Vulnerability Lab
• [FD] Numerous FreeTDS crashes fixed on master
  • From: Brandon Perry
• [FD] SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
  • From: SEC Consult Vulnerability Lab
• [FD] [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability
  • From: Core Security Advisories Team
• [FD] [FOXMOLE SA 2017-02-23] Dolibarr ERP & CRM - Multiple Issues
  • From: FOXMOLE Advisories
• Re: [FD] Numerous FreeTDS crashes fixed on master
  • From: Brandon Perry
• [FD] QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass
  • From: Kacper Szurek
• [FD] Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution
  • From: Majid Alqabandi
• [FD] Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]
  • From: Nightwatch Cybersecurity Research
• [FD] SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager
  • From: SEC Consult Vulnerability Lab
• Re: [FD] Numerous FreeTDS crashes fixed on master
  • From: Brandon Perry
• [FD] trashbilling.com and Trashflow 3.0.0 Multiple Issues
  • From: g00se--- via Fulldisclosure
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities
  • From: DefenseCode
• [FD] CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response
  • From: oststrom (public)
• [FD] Multiple crashes in OpenEXR
  • From: Brandon Perry
• [FD] Mimosa Wireless Radios - RCE, DoS, and Local File Disclosure Vulnerabilities
  • From: Ian Ling via Fulldisclosure
• [FD] Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains
  • From: hyp3rlinx
• [FD] APPLE-SA-2017-05-15-1 macOS 10.12.5
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-2 iOS 10.3.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-3 tvOS 10.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-4 watchOS 3.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-5 iCloud for Windows 6.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-6 iTunes 12.6.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-05-15-7 Safari 10.1.1
  • From: Apple Product Security
• [FD] [CVE-2017-7953] Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields
  • From: Yoroi - CVE report
• [FD] [CVE-2017-7952] SQL injection in INFOR EAM V11.0 Build 201410 search fields (web/base/..) via filtervalue parameter
  • From: Yoroi - CVE report
• [FD] Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages
  • From: Manuel Mancera
• [FD] PayPal Inc announces 2 new Bug Bounty Program Domains
  • From: Vulnerability Lab
• [FD] Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability
  • From: Vulnerability Lab
• [FD] MikroTik RouterBoard v6.38.5 - Denial of Service Vulnerability
  • From: Vulnerability Lab
• [FD] Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] Stealing Windows Credentials Using Google Chrome
  • From: DefenseCode
• [FD] Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability
  • From: geeknik via Fulldisclosure
• Re: [FD] Cross-Site Request Forgery in WordPress Connection Information
  • From: Summer of Pwnage
• [FD] SEC Consult SA-20170518-0 :: Multiple critical vulnerabilities in Western Digital TV Media Player
  • From: SEC Consult Vulnerability Lab
• [FD] Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption
  • From: David Tomaschik via Fulldisclosure
• Re: [FD] [oss-security] Dolibarr ERP & CRM - Multiple Issues
  • From: Stefan Pietsch
• Re: [FD] [oss-security] Dolibarr ERP & CRM - Multiple Issues
  • From: Brandon Perry
• [FD] [ERPSCAN-17-022] SSRF in PeopleSoft IMServlet
  • From: ERPScan inc
• [FD] Ceragon FibeAir IP-10 Hidden User Backdoor
  • From: Ian Ling via Fulldisclosure
• [FD] SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow
  • From: Maor Shwartz
• [FD] WhatsApp (Android) Privacy Issues with Handling of Media Files [CVE-2017-8769]
  • From: Nightwatch Cybersecurity Research
• [FD] HP SiteScope 11.32: Unauthenticated JMX Console RCE
  • From: Harrison Neal
• [FD] Google I/O 2017 Android App Doesn't Use SSL for Some Content [CVE-2017-9045]
  • From: Nightwatch Cybersecurity Research
• [FD] AST-2017-002: Buffer Overrun in PJSIP transaction layer
  • From: Asterisk Security Team
• [FD] AST-2017-003: Crash in PJSIP multi-part body parser
  • From: Asterisk Security Team
• [FD] AST-2017-004: Memory exhaustion on short SCCP packets
  • From: Asterisk Security Team
• [FD] CFP - WPES - 2017 Workshop on Privacy in the Electronic Society
  • From: Bill Garrison
• [FD] CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution
  • From: hyp3rlinx
• [FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
  • From: hyp3rlinx
• Re: [FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
  • From: hyp3rlinx
• [FD] CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
  • From: hyp3rlinx
• Re: [FD] [oss-security] Multiple crashes in OpenEXR
  • From: Brandon Perry
• [FD] HP SimplePass Local Privilege Escalation
  • From: Rehan Ahmed
• [FD] Out of bound memory access in PJSIP multipart parser crashes Asterisk
  • From: Sandro Gauci
• [FD] Asterisk Skinny memory exhaustion vulnerability leads to DoS
  • From: Sandro Gauci
• [FD] Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP
  • From: Sandro Gauci
• [FD] Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] HTTrack v3.x - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane
  • From: SEC Consult Vulnerability Lab
• [FD] [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation
  • From: Sydream Labs
• [FD] CVE-2017-8895 / VTS17-006: UAF in Veritas Backup Exec Remote Agent for Windows
  • From: Matthew Daley
• [FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Stored Cross-Site Scripting
  • From: Advisories
• [FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Reflected Cross-Site Scripting
  • From: Advisories
• [FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Session ID Enumeration
  • From: Advisories
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
  • From: DefenseCode
• [FD] Hacktivity 2017 Call For Papers
  • From: Attila Marosi
• [FD] Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform
  • From: Francisco Amato
• [FD] Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
  • From: Florian Bogner
• [FD] SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE
  • From: Maor Shwartz
• [FD] SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] [CVE-2017-8782]Libming readString denial of service
  • From: 吴栋
• [FD] Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent
  • From: Stefan Kanthak