Mail Index

• Thread Index

• [FD] "." (period) in file extension(s) in windows
  • From: debug
• [FD] FAQin congress CFP
  • From: Esteban Dauksis
• [FD] SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation
  • From: Maor Shwartz
• [FD] SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities
  • From: Maor Shwartz
• Re: [FD] "." (period) in file extension(s) in windows
  • From: Gynvael Coldwind
• [FD] Gain Access to SSH Group via ssh-agent and OpenSSL
  • From: halfdog
• [FD] EMC xDashboard - SQL Injection Vulnerability
  • From: Paweł Gocyla
• [FD] ChromeOS Doesn’t Always Use SSL During Startup [CVE-2017-15397]
  • From: Nightwatch Cybersecurity Research
• Re: [FD] "." (period) in file extension(s) in windows
  • From: Dave Horsfall
• [FD] SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] AMD-PSP: fTPM Remote Code Execution via crafted EK certificate
  • From: Cfir Cohen via Fulldisclosure
• [FD] [CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability
  • From: Sydream Labs
• [FD] [CVE-2017-7997] Gespage SQL Injection vulnerability
  • From: Sydream Labs
• [FD] SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] RCE in DuoLingo’s TinyCards App for Android [CVE-2017-16905]
  • From: Nightwatch Cybersecurity Research
• [FD] ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty
  • From: Vulnerability Lab
• [FD] SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Re: [FD] AMD-PSP: fTPM Remote Code Execution via crafted EK certificate
  • From: Cfir Cohen via Fulldisclosure
• [FD] Handy Password 4.9.3 Buffer Overflow
  • From: filipe
• [FD] Call For Paper - Nuit du Hack - June 30th - July 1st, 2018
  • From: Freeman
• [FD] SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access
  • From: Maor Shwartz
• [FD] beVX Security Conference - Call For Papers / Workshops
  • From: Maor Shwartz
• [FD] FiberHome MIFI LM53Q1 Multiple Vulnerabilities
  • From: Ibad Shah
• [FD] Wapiti 3.0.0 released! Web vulnerability scanner
  • From: Nicolas SURRIBAS
• [FD] Social Media Widget by Acurax [CSRF]
  • From: Panagiotis Vagenas
• [FD] CMS Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• [FD] Admin Menu Tree Page View [CSRF, Privilege Escalation]
  • From: Panagiotis Vagenas
• [FD] WordPress Download Manager [CSRF]
  • From: Panagiotis Vagenas
• [FD] APPLE-SA-2018-1-8-1 iOS 11.2.2
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-8-3 Safari 11.0.2
  • From: Apple Product Security
• [FD] CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass
  • From: oststrom (public)
• [FD] Sangoma SBC Remote Command Execution - CVE-2017–17430
  • From: Security Team Appsecco
• [FD] WordPress LearnDash LMS: Unauthenticated arbitrary file upload
  • From: NinTechNet
• [FD] SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability
  • From: DefenseCode
• [FD] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
  • From: Kurtis
• [FD] Flash Operator Panel v2.31.03 - Command Execution Vulnerability
  • From: Vulnerability Lab
• [FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• [FD] Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities
  • From: Vulnerability Lab
• [FD] Magento Connect T1 - (Claim) Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] Magento Commerce - SSRF & XSPA Web Vulnerability
  • From: Vulnerability Lab
• [FD] SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [FD] Arbitrary file read in Kaseya VSA
  • From: Securify B.V. via Fulldisclosure
• [FD] Code execution in Kaseya VSA
  • From: Securify B.V. via Fulldisclosure
• [FD] Authentication bypass in Kaseya VSA
  • From: Securify B.V. via Fulldisclosure
• [FD] Broken TLS certificate validation in VTech DigiGo browser
  • From: Summer of Pwnage via Fulldisclosure
• [FD] Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
  • From: Summer of Pwnage via Fulldisclosure
• [FD] Broken TLS certificate pinning in VTech DigiGo Kid Connect app
  • From: Summer of Pwnage via Fulldisclosure
• [FD] PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH)
  • From: Manuel Garcia Cardenas
• [FD] Seagate Media Server allows deleting of arbitrary files and folders
  • From: Summer of Pwnage via Fulldisclosure
• [FD] [Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
  • From: Kurtis
• [FD] Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• [FD] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2
  • From: RedTeam Pentesting GmbH
• [FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• [FD] Zenario v7.6 CMS - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• [FD] Multiple vulnerabilities in all versions of ASUS routers
  • From: Blazej Adamczyk
• [FD] Adminer <= v4.3.1 Server Side Request Forgery
  • From: hyp3rlinx
• [FD] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation
  • From: Rodrigo Menezes
• [FD] SSD Advisory – GitStack Unauthenticated Remote Code Execution
  • From: Maor Shwartz
• Re: [FD] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation
  • From: Rodrigo Menezes
• [FD] [v2] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation
  • From: Rodrigo Menezes
• [FD] Positive Hack Days 8 CFP is now open
  • From: Alexander Lashkov
• [FD] Photo Vault v1.2 iOS - Insecure Authentication Vulnerability
  • From: Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• [FD] Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications
  • From: SEC Consult Vulnerability Lab
• [FD] DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities
  • From: DefenseCode
• [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution
  • From: Maor Shwartz
• [FD] HACKTRICK'18 | Case Study Summit
  • From: Mustafa Kaan Demirhan
• [FD] ESA-2018-002: RSA® Authentication Manager SQL Injection Vulnerability
  • From: EMC Product Security Response Center
• [FD] CMS Made Simple 2.2.5 [Stored Cross-Site Scripting]
  • From: Kyaw Min Thein
• [FD] CMS Made Simple 2.2.5[Reflected Cross-Site Scripting]
  • From: Kyaw Min Thein
• [FD] CMS Made Simple 2.2.5[Reflected Cross-Site Scripting]
  • From: Kyaw Min Thein
• [FD] APPLE-SA-2018-1-23-1 iOS 11.2.5
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-3 watchOS 4.2.2
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-4 tvOS 11.2.5
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-5 Safari 11.0.3
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows
  • From: Apple Product Security
• [FD] APPLE-SA-2018-1-23-7 iCloud for Windows 7.3
  • From: Apple Product Security
• [FD] [CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin
  • From: nicolas.buzy-debat
• [FD] [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4
  • From: Pedro Ribeiro
• Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution
  • From: Pedro Ribeiro
• [FD] KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
  • From: KoreLogic Disclosures
• [FD] Banknotes Misproduction security & biometric weakness
  • From: Vulnerability Lab
• [FD] SSD Advisory – iBall Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
  • From: Matthias Deeg
• [FD] XSS and CSRF vulnerabilities in ASUS RT-N10
  • From: MustLive
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: Jeffrey Walton
• [FD] Defense in depth -- the Microsoft way (part 49): fun with application manifests
  • From: Stefan Kanthak
• [FD] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
  • From: SEC Consult Vulnerability Lab