Mail Index

• Thread Index

• [FD] AST-2017-005: Media takeover in RTP stack
  • From: Asterisk Security Team
• [FD] AST-2017-006: Shell access command injection in app_minivm
  • From: Asterisk Security Team
• [FD] AST-2017-007: Remote Crash Vulerability in res_pjsip
  • From: Asterisk Security Team
• [FD] Lexmark Scan to Network (SNF) printer application <= 3.2.9 Information Exposure
  • From: Daniel Correa
• [FD] New BlackArch Linux ISOs (2017.08.30) released!
  • From: Black Arch
• [FD] [ICS] Schneider Electric Pro-Face WinGP – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] [ICS] Solar Controls WATTConfig M Software – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] [ICS] Solar Controls Heating Control Downloader – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] [ICS] SIMPlight SCADA software – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] [ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability
  • From: Karn Ganeshen
• [FD] [ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow Vulnerability
  • From: Karn Ganeshen
• [FD] [ICS] Schneider Electric Trio TView – vulnerable JRE versions in use
  • From: Karn Ganeshen
• [FD] [ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• [FD] [ICS] AzeoTech DAQFactory – Insecure Default Permissions and Insecure Library Loading Allows Code Execution
  • From: Karn Ganeshen
• Re: [FD] libmad memory corruption vulnerability
  • From: Timo Teras
• [FD] WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability
  • From: Vulnerability Lab
• [FD] Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability
  • From: Vulnerability Lab
• [FD] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution
  • From: hyp3rlinx
• [FD] DNSMap.sh - 0.1 - enumerate DNS hostnames faster | release announcement.
  • From: Levi Shahar
• [FD] "VirusTotal Windows Uploader" poor design of privacy
  • From: Eitan Caspi via Fulldisclosure
• [FD] Hijacking .uk domains with eNom
  • From: Joseph Harris
• [FD] SEC-T 0x0Anniversary Con next week
  • From: mattias bååth via Fulldisclosure
• [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)
  • From: Peter Weidenbach
• [FD] Asterisk vulnerable to RTP Bleed
  • From: Sandro Gauci
• [FD] Aerohive HiveManager Classic privilege escalation and auth code execution vulnerability
  • From: Sandro "guly" Zaccarini
• [FD] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution
  • From: John Page
• [FD] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
  • From: Pierre Kim
• [FD] EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP)
  • From: James Hemmings (Security)
• [FD] ESA-2017-099: EMC AppSync SQL Injection Vulnerability
  • From: EMC Product Security Response Center
• [FD] SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS
  • From: Maor Shwartz
• [FD] SSD Advisory – Remote Command Execution in Western Digital with Dropbox App
  • From: Maor Shwartz
• [FD] SSD Advisory – ScrumWorks Pro Remote Code Execution
  • From: Maor Shwartz
• [FD] Hack2Win – Code Blue 3rd Edition
  • From: Maor Shwartz
• [FD] SSD Advisory – Polycom Memory Disclosure
  • From: Maor Shwartz
• [FD] SSD Advisory – WiseGiga NAS Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change
  • From: Maor Shwartz
• [FD] Access control bypass in Hikvision IP Cameras
  • From: Monte Crypto
• [FD] How Apple fixed my 2008's hole in their browser after 9 years
  • From: MustLive
• [FD] R.I.P. Kaspersky Privacy Cleaner: withdrawn due to multiple begiinner's errors which allow escalation of privilege
  • From: Stefan Kanthak
• [FD] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170913-0 :: Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20170914-1 :: Persistent Cross-Site Scripting in SilverStripe CMS
  • From: SEC Consult Vulnerability Lab
• [FD] BSides Roma
  • From: Agostino Panico
• [FD] Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities
  • From: hyp3rlinx
• [FD] Exploit toolkit for CVE-2017-8759 - Microsoft .NET Framework RCE (Builder + listener + video tutorial)
  • From: Bhdresh
• [FD] stack buffer overflow in openexif 2.1.4
  • From: luanjunchao
• [FD] Updated advisory for CVE-2017-8769 - WhatsApp Issues with Media Files
  • From: Nightwatch Cybersecurity Research
• [FD] ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability
  • From: EMC Product Security Response Center
• [FD] Internet Security Conference 2017 in China by 360 Qihoo
  • From: Vulnerability Lab
• [FD] ZKTime_Web Software 2.0 - Cross Site Request Forgery
  • From: Arvind Vishwakarma
• [FD] ZK Time_Web Software 2.0 - Broken Authentication
  • From: Arvind Vishwakarma
• [FD] Recon Brussels 2018 Call For Papers - 0xD - Registration - Training - Conference - Submit! - PGP key
  • From: cfpbrussels2018
• [FD] SSD Advisory – NEXXT Authentication Bypass
  • From: Maor Shwartz
• [FD] Vulnerabilities in D-Link DGS-3000-10TC
  • From: MustLive
• [FD] AST-2017-008: RTP/RTCP information leak
  • From: Asterisk Security Team
• [FD] APPLE-SA-2017-09-19-1 iOS 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-19-2 Safari 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-19-3 Xcode 9
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-20-2 watchOS 4
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-20-3 tvOS 11
  • From: Apple Product Security
• [FD] ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] CSNC-2017-023: Buffer Overflow in Mongoose MQTT Broker
  • From: Advisories
• Re: [FD] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
  • From: Pierre Kim
• [FD] Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities
  • From: hyp3rlinx
• [FD] WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection
  • From: Manuel Garcia Cardenas
• [FD] KL-001-2017-016 : Solarwinds LEM Insecure Update Process
  • From: KoreLogic Disclosures
• [FD] OpenText Documentum Administrator and Webtop - Open Redirection
  • From: Etnies
• [FD] OpenText Documentum Administrator and Webtop - XML External Entity Injection
  • From: Etnies
• [FD] SSD Advisory – Sentora / ZPanel Password Reset Vulnerability
  • From: Maor Shwartz
• [FD] SSD Advisory – FLIR Systems Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] First public BlueBorne (Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow) DEMO/Proof of Concept exploit
  • From: Marcin Kozlowski
• [FD] APPLE-SA-2017-09-25-1 macOS High Sierra 10.13
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-2 iCloud for Windows 7
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-5 Additional information for APPLE-SA-2017-09-20-2 watchOS 4
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-6 Additional information for APPLE-SA-2017-09-20-3 tvOS 11
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-7 iTunes 12.7
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-8 iTunes 12.7 for Windows
  • From: Apple Product Security
• [FD] APPLE-SA-2017-09-25-9 macOS Server 5.4
  • From: Apple Product Security
• [FD] Advisory: Git cvsserver OS Command Injection
  • From: joernchen
• [FD] Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253)
  • From: Qualys Security Advisory
• [FD] CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability
  • From: EMC Product Security Response Center
• [FD] Zyxel P-2812HNU-F1 DSL router - command injection
  • From: Willem de Groot
• [FD] Faleemi FSC-880 Multiple Security Vulnerabilities
  • From: Oleg Puzanov
• [FD] [CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape
  • From: Sysdream Labs
• [FD] [CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation
  • From: Sysdream Labs
• [FD] [CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated)
  • From: Sysdream Labs
• [FD] [CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated)
  • From: Sysdream Labs
• [FD] SAP Enterprise Portal and Clients Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
  • From: netizen 01k
• [FD] Zoho Site24x7 for Android Didn’t Properly Validate SSL
  • From: Nightwatch Cybersecurity Research
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection CVE-2017-14087
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083
  • From: hyp3rlinx
• [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089
  • From: hyp3rlinx
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Arbitrary File Read
  • From: Marcin Wołoszyn
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection
  • From: Marcin Wołoszyn
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection
  • From: Marcin Wołoszyn
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Cross-Site Scripting
  • From: Marcin Wołoszyn
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Cross-Site Scripting
  • From: Marcin Wołoszyn