Mail Thread Index

• Date Index

• [FD] Humax Digital HG100R multiple vulnerabilities, The Gambler
• [FD] Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability, gregory draperi
• [FD] Schneider Electric Pro-Face WinGP – Runtime.exe – Insecure Library Loading Allows Code Execution, Karn Ganeshen
• [FD] ESA-2017-063: RSA Archer® GRC Platform Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] InsomniaX loader allows loading of arbitrary Kernel Extensions, Securify B.V. via Fulldisclosure
• [FD] [RT-SA-2017-011] Remote Command Execution in PDNS Manager, RedTeam Pentesting GmbH
• [FD] Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator, Securify B.V. via Fulldisclosure
• [FD] KL-001-2017-010 : Barracuda WAF Early Boot Root Shell, KoreLogic Disclosures
• [FD] KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure, KoreLogic Disclosures
• [FD] KL-001-2017-012 : Barracuda WAF Grub Password Complexity, KoreLogic Disclosures
• [FD] KL-001-2017-013 : Barracuda WAF Management Application Username and Session ID Leak, KoreLogic Disclosures
• [FD] KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack, KoreLogic Disclosures
• [FD] KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials, KoreLogic Disclosures
• [FD] SSD Advisory – Odoo CRM Code Execution, Maor Shwartz
• [FD] SSD Advisory – EMC IsilonSD Edge Command Injection, Maor Shwartz
• [FD] ESA-2017-075: EMC Data Protection Advisor Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] ESA-2017-011: EMC ESRS Policy Manager Undocumented Account Vulnerability, EMC Product Security Response Center
• [FD] Defense in depth -- the Microsoft way (part 48): privilege escalation for dummies -- they didn't make SUCH a stupid blunder?, Stefan Kanthak
• [FD] [CVE-2017-10798] ObjectPlanet Opinio 7.6.3 Cross-Site Scripting (XSS), Kasper Karlsson
• [FD] CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client, Florian Bogner
• [FD] DefenseCode Security Advisory: IBM Informix DB-Access Buffer Overflow, DefenseCode
• [FD] SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products, SEC Consult Vulnerability Lab
• [FD] ekoparty: Call for Papers 2017! Open!, Francisco Amato
• [FD] [CVE-2017-7726] - Missing SSL Certificate Validation in iSmartAlarm, Ilia Shnaidman
• [FD] [CVE-2017-7727] - SSRF vulnerability in iSmartAlarm, Ilia Shnaidman
• [FD] CVE-2017-11173 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests, Security Researcher
• [FD] ESA-2017-089: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Undocumented Accounts Vulnerability, EMC Product Security Response Center
• [FD] ESA-2017-084: RSA® Authentication Manager Self-Service Console Brute Force PIN-Guessing Vulnerability, EMC Product Security Response Center
• [FD] ESA-2017-076: RSA Identity Governance and Lifecycle Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] ESA-2017-068: RSA® Authentication Manager Stored Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• [FD] CVE request: Multiple vulnerabilities in Cisco DDR2200 Series, The Gambler
• [FD] [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm, Ilia Shnaidman
• [FD] PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities, Daniel Correa
• [FD] CVE-2017-7642 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.20, Mark Wadham
• [FD] [CVE-2017-7728] -Denial of Service in iSmartAlarm, Ilia Shnaidman
• [FD] Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities, InterN0T via Fulldisclosure
• [FD] SSD Advisory – Geneko Routers Unauthenticated Path Traversal, Maor Shwartz
• [FD] DotCMS /servlets/ajax_file_upload Arbitrary File Upload Vulnerability, xiaotian.wang@dbappsecurity.com.cn
• [FD] APPLE-SA-2017-07-19-1 iOS 10.3.3, Apple Product Security
• [FD] APPLE-SA-2017-07-19-2 macOS 10.12.6, Apple Product Security
• [FD] APPLE-SA-2017-07-19-3 watchOS 3.2.2, Apple Product Security
• [FD] APPLE-SA-2017-07-19-4 tvOS 10.2.2, Apple Product Security
• [FD] APPLE-SA-2017-07-19-5 Safari 10.1.2, Apple Product Security
• [FD] APPLE-SA-2017-07-19-6 iTunes 12.6.2, Apple Product Security
• [FD] APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2, Apple Product Security
• [FD] Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft), ERPScan inc
• [FD] Directory Traversal vulnerability in Integration Gateway (PSIGW), ERPScan inc
• [FD] File Upload in Integration Gateway (PSIGW), ERPScan inc
• [FD] Google’s Android News and Weather App Doesn’t Always Use SSL [CVE-2017-9245], Nightwatch Cybersecurity Research
• [FD] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance, RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
• [FD] CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation, Hal Martin
• [FD] SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities, Maor Shwartz
• [FD] Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform, Francisco Amato
• [FD] MEDHOST Connex contains hard-coded database credentials, Allen F
  • <Possible follow-ups>
  • Re: [FD] MEDHOST Connex contains hard-coded database credentials, Allen Franks
• [FD] DAVOSET v.1.3.5, MustLive
• [FD] SoundTouch multiple vulnerabilities, qflb.wu
• [FD] LAME multiple vulnerabilities, qflb.wu
• [FD] mpg123 buffer over-read vulnerability, qflb.wu
• [FD] libjpeg-turbo denial of service vulnerability, qflb.wu
• [FD] CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin (WordPress plugin), dxw Security
• [FD] Stop User Enumeration allows user enumeration via the REST API (WordPress plugin), dxw Security
• [FD] [RT-SA-2016-007] Cross-Site Scripting in TYPO3 Formhandler Extension, RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20170727-0 :: Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170727-1 :: Kathrein UFSconnect 916 multiple vulnerabilities, SEC Consult Vulnerability Lab
• [FD] MEDHOST Document Management System contains multiple hard-coded credentials, Allen Franks
• [FD] Broken mutual tls authentication on bluemix, Oscar Martinez
• [FD] Boozt Fashion Android App Didn’t Use SSL for Login [CVE-2017-11706], Nightwatch Cybersecurity Research
• [FD] Chrome for Android Didn’t Use FLAG_SECURE for Credit Card Prefill Settings [CVE-2017-5082], Nightwatch Cybersecurity Research
• [FD] CVE-2017-11743 MEDHOST Connex contains hard-coded Mirth Connect admin password, Allen Franks
• [FD] Links buffer over-read vulnerability, qflb.wu
• [FD] OpenExif multiple vulnerabilities, qflb.wu
• [FD] Nosefart denial of service vulnerability, qflb.wu
• [FD] DivFix++ denial of service vulnerability, qflb.wu
• [FD] vorbis-tools oggenc vulnerability, qflb.wu
• [FD] Sound eXchange (SoX) multiple vulnerabilities, qflb.wu
• [FD] libvorbis multiple vulnerabilities, qflb.wu
• [FD] TiMidity++ multiple vulnerabilities, qflb.wu
• [FD] libao memory corruption vulnerability, qflb.wu
• [FD] libid3tag multiple vulnerabilities, qflb.wu
• [FD] Spider Player 2.5.3 [ Unsafe DLL Loading Vulnerability ], Whatis Yourbug
• [FD] FTP Commander 8.02 [ Unsafe DLL Loading Vulnerability ], Whatis Yourbug
• [FD] SSD Advisory – McAfee Security Scan Plus Remote Command Execution, Maor Shwartz