Mail Thread Index

• Date Index

• Re: [FD] libao memory corruption vulnerability, Henri Salo
• [FD] CIPH-2017-1: Advisory for StashCat, Karsten König
• [FD] CSRF vulnerabilities in D-Link DVG-5402SP, MustLive
• [FD] libmad memory corruption vulnerability, qflb.wu
• [FD] Stored XSS in Salutation Responsive WordPress + BuddyPress Theme could allow logged-in users to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] PaulShop CMS - Sql Injection and stored XSS, tamqm
• [FD] CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.23, Mark Wadham
• [FD] CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api, Gabriele Gristina
• [FD] [No CVE assigned] SMBLoris Windows/Samba SMB service DoS PoC, Hector Martin "marcan"
• [FD] [CVE-2017-11320] Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337, Geolado giolado
• [FD] Format Factory DLL Hijacking Vulnerability, kyaw thiha
• [FD] t2'17: Challenge – a break from tradition, Tomi Tuominen
• [FD] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename(), Vladis Dronov
• [FD] SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection, SEC Consult Vulnerability Lab
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities, DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Podlove Podcast Publisher Plugin Security Vulnerability, DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress PressForward Plugin Security Vulnerability, DefenseCode
• [FD] SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution, Maor Shwartz
• [FD] wildmidi multiple vulnerabilities, qflb.wu
• [FD] minidjvu multiple vulnerabilities, qflb.wu
• [FD] BSides Bordeaux Call For Papers (CFP), Ryan Dewhurst
• [FD] SQL Injection in TheoCMS <= 2.0, Manuel Garcia Cardenas
• [FD] Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698), geeknik via Fulldisclosure
• [FD] SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest), Maor Shwartz
• [FD] SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow, Maor Shwartz
• [FD] SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution, Maor Shwartz
  • Re: [FD] SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution, Maor Shwartz
• [FD] Xamarin Studio for Mac API documentation update affected by local privilege escalation, Securify B.V. via Fulldisclosure
• [FD] QuantaStor Software Define Storage mmultiple vulnerabilities, advisories
• [FD] Apple iOS 10.3 - UI SMS Access Permission Vulnerability, Vulnerability Lab
• [FD] Microsoft Resnet - DNS Configuration Web Vulnerability, Vulnerability Lab
• [FD] NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities, Francois Goichon via Fulldisclosure
  • Re: [FD] NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities, Francois Goichon via Fulldisclosure
• [FD] SSD Advisory – Chrome Turbofan Remote Code Execution, Maor Shwartz
• [FD] CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE, Philip Pettersson
• [FD] NetRipper - Smart Traffic Sniffing - Support for x64, Poyo VL via Fulldisclosure
• [FD] Executable installers are vulnerable^WEVIL (case 53): escalation of privilege with QNAP's installers for Windows, Stefan Kanthak
• [FD] [RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification, RedTeam Pentesting GmbH
• [FD] [RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates, RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20170822-0 :: Multiple vulnerabilities in Progress Sitefinity CMS, SEC Consult Vulnerability Lab
• [FD] Backdrop CMS <= 1.7.1 - Persistent Cross-Site Scripting, Manuel Garcia Cardenas
• [FD] BlackBoard LMS (9.1.140152.0) Stored XSS/Arbitrary File Upload, Ismail Doe
• [FD] libgig-LinuxSampler multiple vulnerabilities, qflb.wu
• [FD] Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference, Patrick Webster
• [FD] CVE-2017-13671 - MISP Stored XSS, NL Deloitte Zero Day (NL - Amsterdam)
• [FD] ConnMan #ConnManDo Vulnerability, "Daisuke Noguchi[NRIセキュア　野口]"