Mail Index

• Thread Index

• [FD] :
  • From: Asterisk Security Team
• [FD] AST-2017-013: DOS Vulnerability in Asterisk chan_skinny
  • From: Asterisk Security Team
• [FD] Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884
  • From: hyp3rlinx
• [FD] Artica Web Proxy v3.06 Remote Code Execution / CVE-2017-17055
  • From: hyp3rlinx
• [FD] Abyss Web Server < v2.11.6 Memory Heap Corruption
  • From: hyp3rlinx
• [FD] Announcing NorthSec 2018 CFP + Reg - Montreal, May 14-20
  • From: Pierre-David Oriol - Northsec Conference
• [FD] aws-cfn-bootstrap local code execution as root [CVE-2017-9450]
  • From: Harry Sintonen
• [FD] Symantec Encryption Desktop & Endpoint Encryption Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS
  • From: Kyriakos Economou
• [FD] Axis Communications MPQT/PACS Heap Overflow and Information Leakage
  • From: bashis
• [FD] ZKTime Web Software 2.0.1.12280 CVE-2017-17056 Cross Site Request Forgery
  • From: Himanshu Mehta
• [FD] ZKTime Web Software 2.0.1.12280 CVE-2017-17057 Cross Site Scripting
  • From: Himanshu Mehta
• [FD] APPLE-SA-2017-11-29-1 Security Update 2017-001
  • From: Apple Product Security
• [FD] APPLE-SA-2017-11-29-2 Security Update 2017-001
  • From: Apple Product Security
• [FD] AMD's buddies for Intel's FDIV bug: _llrem and _ullrem yield wrong remainders!
  • From: Stefan Kanthak
• [FD] SEC Consult SA-20171129-0 :: FortiGate SSL VPN Portal XSS Vulnerability
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20171130-0 :: Critical CODESYS vulnerabilities in WAGO PFC 200 Series
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20171130-1 :: OS Command Injection & Reflected Cross Site Scripting in OpenEMR
  • From: SEC Consult Vulnerability Lab
• Re: [FD] Edward Snowden free speech at JBFone - Future, Data Security & Privacy
  • From: Vulnerability Lab
• [FD] [CFP] BSides San Francisco - April 2018
  • From: BSidesSF CFP via Fulldisclosure
• [FD] CVE-2017-15357 Local root privesc in Arq Backup <= 5.9.6
  • From: Mark Wadham
• [FD] CVE-2017-16895 Local root privesc in Arq Backup <= 5.9.7
  • From: Mark Wadham
• [FD] Owning VirtualBox via MITM
  • From: Mark Wadham
• [FD] SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] Amazon Audible Software CVE-2017-17069 Privilege Escalation Vulnerability
  • From: Himanshu Mehta
• [FD] CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface
  • From: oststrom (public)
• [FD] macOS High Sierra 10.13.1 insecure cron system
  • From: Mark Wadham
• [FD] APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-6-2 iOS 11.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-6-3 watchOS 4.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-6-4 tvOS 11.2
  • From: Apple Product Security
• [FD] Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files
  • From: Nightwatch Cybersecurity Research
• [FD] Meinberg LANTIME Web Configuration Utility - Arbitrary File Read
  • From: Jakub Palaczynski
• [FD] Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload
  • From: Jakub Palaczynski
• [FD] Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access
  • From: Jakub Palaczynski
• [FD] Sony PS4 Remote Play - DLL Hijack vulnerability
  • From: Maelstrom Security via Fulldisclosure
• [FD] SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution
  • From: Maor Shwartz
• Re: [FD] Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files
  • From: Jeffrey Walton
• [FD] CVE-2017-15944: Palo Alto Networks firewalls remote root code execution
  • From: Philip Pettersson
• [FD] APPLE-SA-2017-12-12-1 AirPort Base Station Firmware Update 7.6.9
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9
  • From: Apple Product Security
• [FD] Qualys Security Advisory - Buffer overflow in glibc's ld.so
  • From: Qualys Security Advisory
• [FD] ESA-2017-153: EMC Isilon OneFS Privilege Escalation Vulnerability
  • From: EMC Product Security Response Center
• [FD] Three exploits for Zivif Web Cameras (may impact others)
  • From: Silas
• [FD] SEC Consult SA-20171213-0 :: VPN credentials disclosure in Fortinet FortiClient
  • From: SEC Consult Vulnerability Lab
• [FD] AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  • From: Asterisk Security Team
• [FD] SyncBreeze <= 10.2.12 - Denial of Service
  • From: Manuel Garcia Cardenas
• [FD] [CONVISO-17-002] - Zoom Linux Client Stack-based Buffer Overflow Vulnerability
  • From: Gabriel Quadros
• [FD] [CONVISO-17-003] - Zoom Linux Client Command Injection Vulnerability (RCE)
  • From: Gabriel Quadros
• [FD] CVE-2017-17670: vlc: type conversion vulnerability
  • From: Hans Jerry Illikainen
• Re: [FD] Meinberg LANTIME Web Configuration Utility - Arbitrary File Read
  • From: Jakub Palaczynski
• [FD] SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion
  • From: Maor Shwartz
• [FD] 0-day: Remote Stack Format String in 'nsd' binary from multiple OEM
  • From: bashis
• [FD] APPLE-SA-2017-12-13-1 iOS 11.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-2 tvOS 11.2.1
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-3 iCloud for Windows 7.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-5 Safari 11.0.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2
  • From: Apple Product Security
• [FD] APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2
  • From: Apple Product Security
• Re: [FD] [oss-security] CVE-2017-17670: vlc: type conversion vulnerability
  • From: Stiepan
• [FD] [CFP] Security BSides Ljubljana 0x7E2
  • From: Andraz Sraka
• [FD] CVE-2017-6094 - Genexis GAPS Access Control Vulnerability
  • From: Antoine Neuenschwander
• [FD] [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House
  • From: David Tomaschik via Fulldisclosure
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin SQL Injection Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Booking Calendar Multiple Security Vulnerabilities
  • From: DefenseCode
• Re: [FD] CVE-2017-15944: Palo Alto Networks firewalls remote root code execution
  • From: Fernando A. Lagos Berardi
• Re: [FD] [oss-security] CVE-2017-17670: vlc: type conversion vulnerability
  • From: Hans Jerry Illikainen
• [FD] Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747
  • From: James McLean
• [FD] Google supported XSS kit aka AdExchange iframe buster kit
  • From: Zmx
• Re: [FD] Google supported XSS kit aka AdExchange iframe buster kit
  • From: Zmx
• [FD] SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow
  • From: Maor Shwartz
• [FD] SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] [SYSS-2017-027] Microsoft Windows Hello Face Authentication - Authentication Bypass by Spoofing (CWE-290)
  • From: Matthias Deeg
• [FD] [CVE-2017-17719] Cross-Site Scripting (XSS) vulnerability in WordPress Concours Plugin
  • From: nicolas.buzy-debat
• [FD] [CVE-2017-17744] Cross-Site Scripting (XSS) vulnerability in Custom Map WordPress Plugin
  • From: nicolas.buzy-debat
• [FD] [CVE-2017-17753] Multiple Cross-Site Scripting (XSS) vulnerabilities in CSV Import-Export Wordpress Plugin
  • From: nicolas.buzy-debat
• [FD] ESA-2017-161: EMC Isilon OneFS NFS Export Security Setting Fallback Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-157: EMC Data Domain DD OS Memory Overflow Vulnerability
  • From: EMC Product Security Response Center
• [FD] [CORE-2017-0008] - Trend Micro Smart Protection Server Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] AST-2017-014: Crash in PJSIP resource when missing a contact header
  • From: Asterisk Security Team
• [FD] [CVE-2017-17752] Cross-Site Scripting (XSS) vulnerability in Ability Mail Server 3.3.2
  • From: Aloyce J. Makalanga
• [FD] [CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions
  • From: Julien Ahrens
• Re: [FD] Google supported XSS kit aka AdExchange iframe buster kit
  • From: Zmx
• [FD] Vitek RCE and Information Disclosure (and possible other OEM)
  • From: bashis
• Re: [FD] [CVE-2017-17719] Cross-Site Scripting (XSS) vulnerability in WordPress Concours Plugin
  • From: Ryan Dewhurst
• [FD] ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX Control Station
  • From: EMC Product Security Response Center
• [FD] SSD Advisory – Trustwave SWG Unauthorized Access
  • From: Maor Shwartz