Mail Index

• Thread Index

• [FD] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range
  • From: SEC Consult Vulnerability Lab
• [FD] IPSwitch MoveIt Stored Cross Site Scripting (XSS)
  • From: 1n3
• [FD] Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key
  • From: cfpmontreal2018
• [FD] Claymore Dual Gpu Miner <= 10.5 Format Strings Vulnerability
  • From: disclosure
• [FD] CFP: EuroSec 2018, 11th European Workshop on Systems Security (Extended Deadline: February 9, 2018)
  • From: Fengwei Zhang
• [FD] Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access
  • From: bashis
• [FD] New vulnerabilities in D-Link DIR-100
  • From: MustLive
• [FD] Flexense SyncBreeze Entreprise 10.3.14 Buffer Overflow (SEH-bypass)
  • From: RYT
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: Ben Tasker
• [FD] SSD Advisory – Hotspot Shield Information Disclosure
  • From: Maor Shwartz
• [FD] Microsoft Anti Ransomware mitigation bypass
  • From: Yago Jesus
• [FD] ESA-2018-015: EMC RecoverPoint Command Injection Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] EuskalHack Security Congress Call For Papers
  • From: Joxean Koret
• [FD] CFP for Packet Hacking Village Talks at DEF CON 26
  • From: Ming
• [FD] IBM Tivoli Monitoring CVE-2017-1635 Remote Code Execution Vulnerability
  • From: p
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: InterN0T via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 50); Windows Update shoves unsafe crap as "important" updates to unsuspecting users
  • From: Stefan Kanthak
• [FD] [SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform
  • From: Security Explorations
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: Vulnerability Lab
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: Vulnerability Lab
• Re: [FD] Banknotes Misproduction security & biometric weakness
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro
  • From: SEC Consult Vulnerability Lab
• [FD] CVS Suite 2009R2 Insecure Library Loading CVE-2018-6461
  • From: hyp3rlinx
• [FD] Formstack Webhook HMAC Advisory
  • From: Derrek Bertrand
• [FD] KL-001-2018-002 : NetEx HyperIP Authentication Bypass
  • From: KoreLogic Disclosures
• [FD] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution
  • From: KoreLogic Disclosures
• [FD] KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability
  • From: KoreLogic Disclosures
• [FD] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability
  • From: KoreLogic Disclosures
• [FD] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass
  • From: KoreLogic Disclosures
• [FD] SoapUI v5.3.0 Code Execution
  • From: Ismail Doe
• [FD] libreoffice remote arbitrary file disclosure
  • From: Mikhail Klementev
• [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• [FD] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow
  • From: hyp3rlinx
• [FD] Multiple SQL injection vulnerabilities in dotCMS (2x CVE)
  • From: Elar Lang
• Re: [FD] SoapUI v5.3.0 Code Execution
  • From: Ismail Doe
• [FD] RootedCON Security Conference - 1-3 March, Madrid (Spain)
  • From: omarbv
• [FD] DSA-2018-024: Dell EMC VMAX Virtual Appliance (vApp) Manager Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow
  • From: SecuriTeam SSD
• [FD] [CORE-2017-0009] - Dell EMC Isilon OneFS Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] DSA-2018-024: Dell EMC VMAX Virtual Appliance (vApp) Manager Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure
  • From: SecuriTeam SSD
• [FD] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
  • From: Stefan Kanthak
• [FD] : Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF
  • From: Arvind Vishwakarma
• [FD] F-Secure Radar Persistent Cross-Site Scripting Vulnerability
  • From: Oscar Hjelm
• [FD] F-Secure Radar Login Page Unvalidated Redirect Vulnerability
  • From: Oscar Hjelm
• [FD] Local Privilege Escalation in CrashPlan’s Windows Client Version 4
  • From: Florian Bogner
• [FD] [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router
  • From: Kurtis
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Jeffrey Walton
• [FD] [SE-2011-01] Regarding liabilities in SW / HW (ST chipsets flaws' case)
  • From: Security Explorations
• [FD] [Project] Patton: The clever vulnerability knowledge store
  • From: cr0hn
• [FD] Navarino Infinity onship unit multiple vulnerabilities
  • From: Vangelis Stykas
• [FD] APPLE-SA-2018-02-19-1 iOS 11.2.6
  • From: Apple Product Security
• [FD] APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update
  • From: Apple Product Security
• [FD] APPLE-SA-2018-02-19-3 tvOS 11.2.6
  • From: Apple Product Security
• [FD] APPLE-SA-2018-02-19-4 watchOS 4.2.3
  • From: Apple Product Security
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• [FD] Mozilla's executable installers: FUBAR (that's spelled "fucked-up beyond all repair")
  • From: Stefan Kanthak
• [FD] SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors
  • From: SEC Consult Vulnerability Lab
• [FD] [CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] AST-2018-001: Crash when receiving unnegotiated dynamic payload
  • From: Asterisk Security Team
• [FD] AST-2018-002: Crash when given an invalid SDP media format description
  • From: Asterisk Security Team
• [FD] AST-2018-003: Crash with an invalid SDP fmtp attribute
  • From: Asterisk Security Team
• [FD] AST-2018-004: Crash when receiving SUBSCRIBE request
  • From: Asterisk Security Team
• [FD] AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
  • From: Asterisk Security Team
• [FD] AST-2018-006: WebSocket frames with 0 sized payload causes DoS
  • From: Asterisk Security Team
• [FD] DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability
  • From: Defense Code
• [FD] BSides Denver 2018 CFP is open
  • From: Jeff Pettorino
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Kevin Beaumont
• [FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5
  • From: Justin Bull
• Re: [FD] [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5
  • From: Justin Bull
• [FD] Search engine of leaks
  • From: Gustavo Sánchez
• [FD] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket
  • From: SEC Consult Vulnerability Lab
• [FD] ActivePDF Toolkit < 8.1.0 multiple RCE
  • From: François Goichon via Fulldisclosure
• [FD] Auto-detection of Compressed Files in Apple’s macOS
  • From: Nightwatch Cybersecurity Research
• [FD] Download Protection Bypass in Google’s Chrome (multiple)
  • From: Nightwatch Cybersecurity Research
• [FD] ES2018-01 Asterisk pjsip subscribe stack corruption
  • From: Sandro Gauci
• [FD] ES2018-02 Asterisk pjsip sdp invalid fmtp segfault
  • From: Sandro Gauci
• [FD] ES2018-03 Asterisk pjsip sdp invalid media format description segfault
  • From: Sandro Gauci
• [FD] ES2018-04 Asterisk pjsip tcp segfault
  • From: Sandro Gauci
• Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
  • From: Stefan Kanthak
• [FD] AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial /css//..%2f substring in a URI. CVE-2018-7467
  • From: Anthony Cicalla
• [FD] SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management
  • From: SEC Consult Vulnerability Lab