Mail Thread Index
- Re: [FD] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options,
Securify B.V.
- [FD] Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability,
Vulnerability Lab
- [FD] Icecream v4.53 & Pro - File Permission Privilege Escalation,
Vulnerability Lab
- [FD] Hola VPN v1.34 - Privilege Escalation Vulnerability,
Vulnerability Lab
- [FD] Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability,
Vulnerability Lab
- [FD] Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability,
Vulnerability Lab
- [FD] Zenario v7.6 - Persistent Cross Site Scripting Vulnerability,
Vulnerability Lab
- [FD] Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability,
Vulnerability Lab
- Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP,
Daniel Wood
- [FD] [oss-security]Sourcetree arbitrary command execution,
洪宇
- [FD] [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15,
Sysdream Labs
- [FD] [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin,
Sysdream Labs
- [FD] DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability,
DefenseCode
- [FD] DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability,
DefenseCode
- [FD] DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability,
DefenseCode
- [FD] SSD Advisory – Serviio Media Server Multiple Vulnerabilities,
Maor Shwartz
- [FD] https://blogs.securiteam.com/index.php/archives/3171,
Maor Shwartz
- [FD] Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563),
Roee Hay
- [FD] ES File Explorer android app snoops data to China Unicom network via insecure HTTP,
seclists
- Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP,
seclists@email.tg
- [FD] Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege,
Stefan Kanthak
- Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP,
Craig Young
- [FD] CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address,
Zeng Wester
- [FD] Aleph Research: Google Nexus 9 SensorHub Firmware Downgrade Vulnerability (CVE-2017-0582),
Roee Hay
- [FD] CSRF/Stored XSS in MSMC – Redirect After Comment could allow unauthenticated individuals to do almost anything (WordPress plugin),
dxw Security
- [FD] Veritas Netbackup v8.0 - Multiple Vulnerabilities,
Sven Blumenstein via Fulldisclosure
- [FD] SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager,
SEC Consult Vulnerability Lab
- [FD] Numerous FreeTDS crashes fixed on master,
Brandon Perry
- [FD] SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App,
SEC Consult Vulnerability Lab
- [FD] [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability,
Core Security Advisories Team
- [FD] [FOXMOLE SA 2017-02-23] Dolibarr ERP & CRM - Multiple Issues,
FOXMOLE Advisories
- [FD] QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass,
Kacper Szurek
- [FD] Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite - Code Execution,
Majid Alqabandi
- [FD] Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892],
Nightwatch Cybersecurity Research
- [FD] SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager,
SEC Consult Vulnerability Lab
- [FD] trashbilling.com and Trashflow 3.0.0 Multiple Issues,
g00se--- via Fulldisclosure
- [FD] DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities,
DefenseCode
- [FD] DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability,
DefenseCode
- [FD] DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities,
DefenseCode
- [FD] CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response,
oststrom (public)
- [FD] Multiple crashes in OpenEXR,
Brandon Perry
[FD] Mimosa Wireless Radios - RCE, DoS, and Local File Disclosure Vulnerabilities,
Ian Ling via Fulldisclosure
[FD] Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains,
hyp3rlinx
[FD] APPLE-SA-2017-05-15-1 macOS 10.12.5,
Apple Product Security
[FD] APPLE-SA-2017-05-15-2 iOS 10.3.2,
Apple Product Security
[FD] APPLE-SA-2017-05-15-3 tvOS 10.2.1,
Apple Product Security
[FD] APPLE-SA-2017-05-15-4 watchOS 3.2.1,
Apple Product Security
[FD] APPLE-SA-2017-05-15-5 iCloud for Windows 6.2.1,
Apple Product Security
[FD] APPLE-SA-2017-05-15-6 iTunes 12.6.1,
Apple Product Security
[FD] APPLE-SA-2017-05-15-7 Safari 10.1.1,
Apple Product Security
[FD] [CVE-2017-7953] Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields,
Yoroi - CVE report
[FD] [CVE-2017-7952] SQL injection in INFOR EAM V11.0 Build 201410 search fields (web/base/..) via filtervalue parameter,
Yoroi - CVE report
[FD] Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages,
Manuel Mancera
[FD] PayPal Inc announces 2 new Bug Bounty Program Domains,
Vulnerability Lab
[FD] Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability,
Vulnerability Lab
[FD] MikroTik RouterBoard v6.38.5 - Denial of Service Vulnerability,
Vulnerability Lab
[FD] Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities,
Vulnerability Lab
[FD] Stealing Windows Credentials Using Google Chrome,
DefenseCode
[FD] Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability,
geeknik via Fulldisclosure
Re: [FD] Cross-Site Request Forgery in WordPress Connection Information,
Summer of Pwnage
[FD] SEC Consult SA-20170518-0 :: Multiple critical vulnerabilities in Western Digital TV Media Player,
SEC Consult Vulnerability Lab
[FD] Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption,
David Tomaschik via Fulldisclosure
Re: [FD] [oss-security] Dolibarr ERP & CRM - Multiple Issues,
Stefan Pietsch
[FD] [ERPSCAN-17-022] SSRF in PeopleSoft IMServlet,
ERPScan inc
[FD] SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow,
Maor Shwartz
[FD] WhatsApp (Android) Privacy Issues with Handling of Media Files [CVE-2017-8769],
Nightwatch Cybersecurity Research
[FD] HP SiteScope 11.32: Unauthenticated JMX Console RCE,
Harrison Neal
[FD] Google I/O 2017 Android App Doesn't Use SSL for Some Content [CVE-2017-9045],
Nightwatch Cybersecurity Research
[FD] AST-2017-002: Buffer Overrun in PJSIP transaction layer,
Asterisk Security Team
[FD] AST-2017-003: Crash in PJSIP multi-part body parser,
Asterisk Security Team
[FD] AST-2017-004: Memory exhaustion on short SCCP packets,
Asterisk Security Team
[FD] CFP - WPES - 2017 Workshop on Privacy in the Electronic Society,
Bill Garrison
[FD] CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution,
hyp3rlinx
[FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal,
hyp3rlinx
[FD] CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection,
hyp3rlinx
[FD] HP SimplePass Local Privilege Escalation,
Rehan Ahmed
[FD] Out of bound memory access in PJSIP multipart parser crashes Asterisk,
Sandro Gauci
[FD] Asterisk Skinny memory exhaustion vulnerability leads to DoS,
Sandro Gauci
[FD] Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP,
Sandro Gauci
[FD] Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability,
Vulnerability Lab
[FD] Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability,
Vulnerability Lab
[FD] HTTrack v3.x - Stack Buffer Overflow Vulnerability,
Vulnerability Lab
[FD] SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane,
SEC Consult Vulnerability Lab
[FD] [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities,
Core Security Advisories Team
[FD] [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation,
Sydream Labs
[FD] CVE-2017-8895 / VTS17-006: UAF in Veritas Backup Exec Remote Agent for Windows,
Matthew Daley
[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Stored Cross-Site Scripting,
Advisories
[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Reflected Cross-Site Scripting,
Advisories
[FD] Sunell IPR54/14AKDN(II)/13 IP Camera - Session ID Enumeration,
Advisories
[FD] DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability,
DefenseCode
[FD] DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability,
DefenseCode
[FD] DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability,
DefenseCode
[FD] Hacktivity 2017 Call For Papers,
Attila Marosi
[FD] Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform,
Francisco Amato
[FD] Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11,
Florian Bogner
[FD] SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities,
Maor Shwartz
[FD] SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE,
Maor Shwartz
[FD] SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities,
Maor Shwartz
[FD] [CVE-2017-8782]Libming readString denial of service,
吴栋
[FD] Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent,
Stefan Kanthak
Mail converted by MHonArc