Mail Thread Index
- [FD] AST-2017-005: Media takeover in RTP stack,
Asterisk Security Team
- [FD] AST-2017-006: Shell access command injection in app_minivm,
Asterisk Security Team
- [FD] AST-2017-007: Remote Crash Vulerability in res_pjsip,
Asterisk Security Team
- [FD] Lexmark Scan to Network (SNF) printer application <= 3.2.9 Information Exposure,
Daniel Correa
- [FD] New BlackArch Linux ISOs (2017.08.30) released!,
Black Arch
- [FD] [ICS] Schneider Electric Pro-Face WinGP – Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- [FD] [ICS] Solar Controls WATTConfig M Software – Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- [FD] [ICS] Solar Controls Heating Control Downloader – Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- [FD] [ICS] SIMPlight SCADA software – Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- [FD] [ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability,
Karn Ganeshen
- [FD] [ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow Vulnerability,
Karn Ganeshen
- [FD] [ICS] Schneider Electric Trio TView – vulnerable JRE versions in use,
Karn Ganeshen
- [FD] [ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- [FD] [ICS] AzeoTech DAQFactory – Insecure Default Permissions and Insecure Library Loading Allows Code Execution,
Karn Ganeshen
- Re: [FD] libmad memory corruption vulnerability,
Timo Teras
- [FD] WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities,
Vulnerability Lab
- [FD] Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability,
Vulnerability Lab
- [FD] Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability,
Vulnerability Lab
- [FD] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution,
hyp3rlinx
- [FD] DNSMap.sh - 0.1 - enumerate DNS hostnames faster | release announcement.,
Levi Shahar
- [FD] "VirusTotal Windows Uploader" poor design of privacy,
Eitan Caspi via Fulldisclosure
- [FD] Hijacking .uk domains with eNom,
Joseph Harris
- [FD] SEC-T 0x0Anniversary Con next week,
mattias bååth via Fulldisclosure
- [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-),
Peter Weidenbach
- [FD] Asterisk vulnerable to RTP Bleed,
Sandro Gauci
- [FD] Aerohive HiveManager Classic privilege escalation and auth code execution vulnerability,
Sandro "guly" Zaccarini
- [FD] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol,
Pierre Kim
- [FD] EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP),
James Hemmings (Security)
- [FD] ESA-2017-099: EMC AppSync SQL Injection Vulnerability,
EMC Product Security Response Center
- [FD] SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS,
Maor Shwartz
- [FD] SSD Advisory – Remote Command Execution in Western Digital with Dropbox App,
Maor Shwartz
- [FD] SSD Advisory – ScrumWorks Pro Remote Code Execution,
Maor Shwartz
- [FD] Hack2Win – Code Blue 3rd Edition,
Maor Shwartz
- [FD] SSD Advisory – Polycom Memory Disclosure,
Maor Shwartz
- [FD] SSD Advisory – WiseGiga NAS Multiple Vulnerabilities,
Maor Shwartz
- [FD] SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution,
Maor Shwartz
- [FD] SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change,
Maor Shwartz
- [FD] Access control bypass in Hikvision IP Cameras,
Monte Crypto
- [FD] How Apple fixed my 2008's hole in their browser after 9 years,
MustLive
- [FD] R.I.P. Kaspersky Privacy Cleaner: withdrawn due to multiple begiinner's errors which allow escalation of privilege,
Stefan Kanthak
- [FD] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20170913-0 :: Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key,
SEC Consult Vulnerability Lab
- [FD] SEC Consult SA-20170914-1 :: Persistent Cross-Site Scripting in SilverStripe CMS,
SEC Consult Vulnerability Lab
- [FD] BSides Roma,
Agostino Panico
- [FD] Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities,
hyp3rlinx
- [FD] Exploit toolkit for CVE-2017-8759 - Microsoft .NET Framework RCE (Builder + listener + video tutorial),
Bhdresh
- [FD] stack buffer overflow in openexif 2.1.4,
luanjunchao
- [FD] Updated advisory for CVE-2017-8769 - WhatsApp Issues with Media Files,
Nightwatch Cybersecurity Research
- [FD] ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability,
EMC Product Security Response Center
- [FD] Internet Security Conference 2017 in China by 360 Qihoo,
Vulnerability Lab
- [FD] ZKTime_Web Software 2.0 - Cross Site Request Forgery,
Arvind Vishwakarma
- [FD] ZK Time_Web Software 2.0 - Broken Authentication,
Arvind Vishwakarma
- [FD] Recon Brussels 2018 Call For Papers - 0xD - Registration - Training - Conference - Submit! - PGP key,
cfpbrussels2018
- [FD] SSD Advisory – NEXXT Authentication Bypass,
Maor Shwartz
- [FD] Vulnerabilities in D-Link DGS-3000-10TC,
MustLive
- [FD] AST-2017-008: RTP/RTCP information leak,
Asterisk Security Team
- [FD] APPLE-SA-2017-09-19-1 iOS 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-19-2 Safari 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-19-3 Xcode 9,
Apple Product Security
- [FD] APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-20-2 watchOS 4,
Apple Product Security
- [FD] APPLE-SA-2017-09-20-3 tvOS 11,
Apple Product Security
- [FD] ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities,
EMC Product Security Response Center
- [FD] CSNC-2017-023: Buffer Overflow in Mongoose MQTT Broker,
Advisories
- [FD] WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection,
Manuel Garcia Cardenas
- [FD] KL-001-2017-016 : Solarwinds LEM Insecure Update Process,
KoreLogic Disclosures
- [FD] OpenText Documentum Administrator and Webtop - Open Redirection,
Etnies
- [FD] OpenText Documentum Administrator and Webtop - XML External Entity Injection,
Etnies
- [FD] SSD Advisory – Sentora / ZPanel Password Reset Vulnerability,
Maor Shwartz
- [FD] SSD Advisory – FLIR Systems Multiple Vulnerabilities,
Maor Shwartz
- [FD] First public BlueBorne (Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow) DEMO/Proof of Concept exploit,
Marcin Kozlowski
- [FD] APPLE-SA-2017-09-25-1 macOS High Sierra 10.13,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-2 iCloud for Windows 7,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-5 Additional information for APPLE-SA-2017-09-20-2 watchOS 4,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-6 Additional information for APPLE-SA-2017-09-20-3 tvOS 11,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-7 iTunes 12.7,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-8 iTunes 12.7 for Windows,
Apple Product Security
- [FD] APPLE-SA-2017-09-25-9 macOS Server 5.4,
Apple Product Security
- [FD] Advisory: Git cvsserver OS Command Injection,
joernchen
- [FD] Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253),
Qualys Security Advisory
- [FD] CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin),
dxw Security
- [FD] ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability,
EMC Product Security Response Center
- [FD] ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability,
EMC Product Security Response Center
- [FD] Zyxel P-2812HNU-F1 DSL router - command injection,
Willem de Groot
- [FD] Faleemi FSC-880 Multiple Security Vulnerabilities,
Oleg Puzanov
- [FD] [CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape,
Sysdream Labs
- [FD] [CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation,
Sysdream Labs
- [FD] [CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated),
Sysdream Labs
- [FD] [CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated),
Sysdream Labs
- [FD] SAP Enterprise Portal and Clients Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks,
netizen 01k
- [FD] Zoho Site24x7 for Android Didn’t Properly Validate SSL,
Nightwatch Cybersecurity Research
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection CVE-2017-14087,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083,
hyp3rlinx
- [FD] Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089,
hyp3rlinx
- [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Arbitrary File Read,
Marcin Wołoszyn
- [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection,
Marcin Wołoszyn
- [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Cross-Site Scripting,
Marcin Wołoszyn
Mail converted by MHonArc