Mail Index

• Thread Index

• [FD] Humax Digital HG100R multiple vulnerabilities
  • From: The Gambler
• [FD] Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability
  • From: gregory draperi
• [FD] Schneider Electric Pro-Face WinGP – Runtime.exe – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] ESA-2017-063: RSA Archer® GRC Platform Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] InsomniaX loader allows loading of arbitrary Kernel Extensions
  • From: Securify B.V. via Fulldisclosure
• [FD] [RT-SA-2017-011] Remote Command Execution in PDNS Manager
  • From: RedTeam Pentesting GmbH
• [FD] Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator
  • From: Securify B.V. via Fulldisclosure
• [FD] KL-001-2017-010 : Barracuda WAF Early Boot Root Shell
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-012 : Barracuda WAF Grub Password Complexity
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-013 : Barracuda WAF Management Application Username and Session ID Leak
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials
  • From: KoreLogic Disclosures
• [FD] SSD Advisory – Odoo CRM Code Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – EMC IsilonSD Edge Command Injection
  • From: Maor Shwartz
• [FD] ESA-2017-075: EMC Data Protection Advisor Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] ESA-2017-011: EMC ESRS Policy Manager Undocumented Account Vulnerability
  • From: EMC Product Security Response Center
• [FD] Defense in depth -- the Microsoft way (part 48): privilege escalation for dummies -- they didn't make SUCH a stupid blunder?
  • From: Stefan Kanthak
• [FD] [CVE-2017-10798] ObjectPlanet Opinio 7.6.3 Cross-Site Scripting (XSS)
  • From: Kasper Karlsson
• [FD] CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client
  • From: Florian Bogner
• [FD] DefenseCode Security Advisory: IBM Informix DB-Access Buffer Overflow
  • From: DefenseCode
• [FD] SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products
  • From: SEC Consult Vulnerability Lab
• [FD] ekoparty: Call for Papers 2017! Open!
  • From: Francisco Amato
• [FD] [CVE-2017-7726] - Missing SSL Certificate Validation in iSmartAlarm
  • From: Ilia Shnaidman
• [FD] [CVE-2017-7727] - SSRF vulnerability in iSmartAlarm
  • From: Ilia Shnaidman
• [FD] CVE-2017-11173 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests
  • From: Security Researcher
• [FD] ESA-2017-089: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Undocumented Accounts Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-084: RSA® Authentication Manager Self-Service Console Brute Force PIN-Guessing Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-076: RSA Identity Governance and Lifecycle Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] ESA-2017-068: RSA® Authentication Manager Stored Cross-Site Scripting Vulnerability
  • From: EMC Product Security Response Center
• [FD] CVE request: Multiple vulnerabilities in Cisco DDR2200 Series
  • From: The Gambler
• [FD] [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm
  • From: Ilia Shnaidman
• [FD] PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities
  • From: Daniel Correa
• [FD] CVE-2017-7642 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.20
  • From: Mark Wadham
• [FD] [CVE-2017-7728] -Denial of Service in iSmartAlarm
  • From: Ilia Shnaidman
• [FD] Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities
  • From: InterN0T via Fulldisclosure
• [FD] SSD Advisory – Geneko Routers Unauthenticated Path Traversal
  • From: Maor Shwartz
• [FD] DotCMS /servlets/ajax_file_upload Arbitrary File Upload Vulnerability
  • From: xiaotian.wang@dbappsecurity.com.cn
• [FD] APPLE-SA-2017-07-19-1 iOS 10.3.3
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-2 macOS 10.12.6
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-3 watchOS 3.2.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-4 tvOS 10.2.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-5 Safari 10.1.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-6 iTunes 12.6.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2
  • From: Apple Product Security
• [FD] Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
  • From: ERPScan inc
• [FD] Directory Traversal vulnerability in Integration Gateway (PSIGW)
  • From: ERPScan inc
• [FD] File Upload in Integration Gateway (PSIGW)
  • From: ERPScan inc
• [FD] Google’s Android News and Weather App Doesn’t Always Use SSL [CVE-2017-9245]
  • From: Nightwatch Cybersecurity Research
• [FD] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance
  • From: RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [FD] CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation
  • From: Hal Martin
• [FD] SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform
  • From: Francisco Amato
• [FD] MEDHOST Connex contains hard-coded database credentials
  • From: Allen F
• Re: [FD] MEDHOST Connex contains hard-coded database credentials
  • From: Allen Franks
• [FD] DAVOSET v.1.3.5
  • From: MustLive
• [FD] SoundTouch multiple vulnerabilities
  • From: qflb.wu
• [FD] LAME multiple vulnerabilities
  • From: qflb.wu
• [FD] mpg123 buffer over-read vulnerability
  • From: qflb.wu
• [FD] libjpeg-turbo denial of service vulnerability
  • From: qflb.wu
• [FD] CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin (WordPress plugin)
  • From: dxw Security
• [FD] Stop User Enumeration allows user enumeration via the REST API (WordPress plugin)
  • From: dxw Security
• [FD] [RT-SA-2016-007] Cross-Site Scripting in TYPO3 Formhandler Extension
  • From: RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20170727-0 :: Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170727-1 :: Kathrein UFSconnect 916 multiple vulnerabilities
  • From: SEC Consult Vulnerability Lab
• [FD] MEDHOST Document Management System contains multiple hard-coded credentials
  • From: Allen Franks
• [FD] Broken mutual tls authentication on bluemix
  • From: Oscar Martinez
• [FD] Boozt Fashion Android App Didn’t Use SSL for Login [CVE-2017-11706]
  • From: Nightwatch Cybersecurity Research
• [FD] Chrome for Android Didn’t Use FLAG_SECURE for Credit Card Prefill Settings [CVE-2017-5082]
  • From: Nightwatch Cybersecurity Research
• [FD] CVE-2017-11743 MEDHOST Connex contains hard-coded Mirth Connect admin password
  • From: Allen Franks
• [FD] Links buffer over-read vulnerability
  • From: qflb.wu
• [FD] OpenExif multiple vulnerabilities
  • From: qflb.wu
• [FD] Nosefart denial of service vulnerability
  • From: qflb.wu
• [FD] DivFix++ denial of service vulnerability
  • From: qflb.wu
• [FD] vorbis-tools oggenc vulnerability
  • From: qflb.wu
• [FD] Sound eXchange (SoX) multiple vulnerabilities
  • From: qflb.wu
• [FD] libvorbis multiple vulnerabilities
  • From: qflb.wu
• [FD] TiMidity++ multiple vulnerabilities
  • From: qflb.wu
• [FD] libao memory corruption vulnerability
  • From: qflb.wu
• [FD] libid3tag multiple vulnerabilities
  • From: qflb.wu
• [FD] Spider Player 2.5.3 [ Unsafe DLL Loading Vulnerability ]
  • From: Whatis Yourbug
• [FD] FTP Commander 8.02 [ Unsafe DLL Loading Vulnerability ]
  • From: Whatis Yourbug
• [FD] SSD Advisory – McAfee Security Scan Plus Remote Command Execution
  • From: Maor Shwartz