Mail Thread Index

• Date Index

• [FD] "." (period) in file extension(s) in windows, debug
  • Re: [FD] "." (period) in file extension(s) in windows, Gynvael Coldwind
    • Re: [FD] "." (period) in file extension(s) in windows, Dave Horsfall
• [FD] FAQin congress CFP, Esteban Dauksis
• [FD] SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation, Maor Shwartz
• [FD] SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities, Maor Shwartz
• [FD] Gain Access to SSH Group via ssh-agent and OpenSSL, halfdog
• [FD] EMC xDashboard - SQL Injection Vulnerability, Paweł Gocyla
• [FD] ChromeOS Doesn’t Always Use SSL During Startup [CVE-2017-15397], Nightwatch Cybersecurity Research
• [FD] SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
• [FD] iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities, Vulnerability Lab
• [FD] AMD-PSP: fTPM Remote Code Execution via crafted EK certificate, Cfir Cohen via Fulldisclosure
• [FD] [CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability, Sydream Labs
• [FD] [CVE-2017-7997] Gespage SQL Injection vulnerability, Sydream Labs
• [FD] SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities, Maor Shwartz
• [FD] RCE in DuoLingo’s TinyCards App for Android [CVE-2017-16905], Nightwatch Cybersecurity Research
• [FD] ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities, EMC Product Security Response Center
• [FD] Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty, Vulnerability Lab
• [FD] SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
• Re: [FD] AMD-PSP: fTPM Remote Code Execution via crafted EK certificate, Cfir Cohen via Fulldisclosure
• [FD] Handy Password 4.9.3 Buffer Overflow, filipe
• [FD] Call For Paper - Nuit du Hack - June 30th - July 1st, 2018, Freeman
• [FD] SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access, Maor Shwartz
• [FD] beVX Security Conference - Call For Papers / Workshops, Maor Shwartz
• [FD] FiberHome MIFI LM53Q1 Multiple Vulnerabilities, Ibad Shah
• [FD] Wapiti 3.0.0 released! Web vulnerability scanner, Nicolas SURRIBAS
• [FD] Social Media Widget by Acurax [CSRF], Panagiotis Vagenas
  • [FD] CMS Tree Page View [CSRF, Privilege Escalation], Panagiotis Vagenas
  • [FD] Admin Menu Tree Page View [CSRF, Privilege Escalation], Panagiotis Vagenas
• [FD] WordPress Download Manager [CSRF], Panagiotis Vagenas
• [FD] APPLE-SA-2018-1-8-1 iOS 11.2.2, Apple Product Security
• [FD] APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update, Apple Product Security
• [FD] APPLE-SA-2018-1-8-3 Safari 11.0.2, Apple Product Security
• [FD] CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass, oststrom (public)
• [FD] Sangoma SBC Remote Command Execution - CVE-2017–17430, Security Team Appsecco
• [FD] WordPress LearnDash LMS: Unauthenticated arbitrary file upload, NinTechNet
• [FD] SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities, Maor Shwartz
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities, DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability, DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability, DefenseCode
• [FD] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough, Kurtis
• [FD] Flash Operator Panel v2.31.03 - Command Execution Vulnerability, Vulnerability Lab
• [FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability, Vulnerability Lab
• [FD] Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities, Vulnerability Lab
• [FD] Magento Connect T1 - (Claim) Persistent Vulnerability, Vulnerability Lab
• [FD] Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability, Vulnerability Lab
• [FD] Magento Commerce - SSRF & XSPA Web Vulnerability, Vulnerability Lab
• [FD] SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [FD] Arbitrary file read in Kaseya VSA, Securify B.V. via Fulldisclosure
• [FD] Code execution in Kaseya VSA, Securify B.V. via Fulldisclosure
• [FD] Authentication bypass in Kaseya VSA, Securify B.V. via Fulldisclosure
• [FD] Broken TLS certificate validation in VTech DigiGo browser, Summer of Pwnage via Fulldisclosure
• [FD] Multiple vulnerabilities in VTech DigiGo allow browser overlay attack, Summer of Pwnage via Fulldisclosure
• [FD] Broken TLS certificate pinning in VTech DigiGo Kid Connect app, Summer of Pwnage via Fulldisclosure
• [FD] PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH), Manuel Garcia Cardenas
• [FD] Seagate Media Server allows deleting of arbitrary files and folders, Summer of Pwnage via Fulldisclosure
• [FD] [Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough, Kurtis
• [FD] Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
• [FD] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2, RedTeam Pentesting GmbH
• [FD] Zenario v7.6 CMS - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] Multiple vulnerabilities in all versions of ASUS routers, Blazej Adamczyk
• [FD] Adminer <= v4.3.1 Server Side Request Forgery, hyp3rlinx
• [FD] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation, Rodrigo Menezes
  • Re: [FD] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation, Rodrigo Menezes
• [FD] SSD Advisory – GitStack Unauthenticated Remote Code Execution, Maor Shwartz
• [FD] [v2] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation, Rodrigo Menezes
• [FD] Positive Hack Days 8 CFP is now open, Alexander Lashkov
• [FD] Photo Vault v1.2 iOS - Insecure Authentication Vulnerability, Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities, Vulnerability Lab
• [FD] Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities, Vulnerability Lab
• [FD] SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications, SEC Consult Vulnerability Lab
• [FD] DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities, DefenseCode
• [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution, Maor Shwartz
  • Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution, Pedro Ribeiro
• [FD] HACKTRICK'18 | Case Study Summit, Mustafa Kaan Demirhan
• [FD] ESA-2018-002: RSA® Authentication Manager SQL Injection Vulnerability, EMC Product Security Response Center
• [FD] CMS Made Simple 2.2.5 [Stored Cross-Site Scripting], Kyaw Min Thein
• [FD] CMS Made Simple 2.2.5[Reflected Cross-Site Scripting], Kyaw Min Thein
  • <Possible follow-ups>
  • [FD] CMS Made Simple 2.2.5[Reflected Cross-Site Scripting], Kyaw Min Thein
• [FD] APPLE-SA-2018-1-23-1 iOS 11.2.5, Apple Product Security
• [FD] APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, Apple Product Security
• [FD] APPLE-SA-2018-1-23-3 watchOS 4.2.2, Apple Product Security
• [FD] APPLE-SA-2018-1-23-4 tvOS 11.2.5, Apple Product Security
• [FD] APPLE-SA-2018-1-23-5 Safari 11.0.3, Apple Product Security
• [FD] APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows, Apple Product Security
• [FD] APPLE-SA-2018-1-23-7 iCloud for Windows 7.3, Apple Product Security
• [FD] [CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin, nicolas.buzy-debat
• [FD] [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4, Pedro Ribeiro
• [FD] KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability, KoreLogic Disclosures
• [FD] Banknotes Misproduction security & biometric weakness, Vulnerability Lab
  • Re: [FD] Banknotes Misproduction security & biometric weakness, Jeffrey Walton
• [FD] SSD Advisory – iBall Multiple Vulnerabilities, Maor Shwartz
• [FD] [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks, Matthias Deeg
• [FD] XSS and CSRF vulnerabilities in ASUS RT-N10, MustLive
• [FD] Defense in depth -- the Microsoft way (part 49): fun with application manifests, Stefan Kanthak
• [FD] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433, SEC Consult Vulnerability Lab