Mail Thread Index

• Date Index

• [FD] DualDesk v20 "Proxy.exe" Server / Denial Of Service - CVE-2018-7583, hyp3rlinx
• [FD] CVE-2018-7449 SEGGER embOS/IP FTP Server v3.22 / FTP CMDs Denial Of Service, hyp3rlinx
• [FD] Another TCP based IDS bypass technique. CVE-2018-6794, Kirill Shipulin
• [FD] CSRF vulnerabilities in D-Link DGS-3000-10TC, MustLive
• [FD] Content Injection in Samsung Display Solutions Application for Android [CVE-2018-6019], Nightwatch Cybersecurity Research
• [FD] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor, spinfoo via Fulldisclosure
  • <Possible follow-ups>
  • [FD] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor, spinfoo via Fulldisclosure
• [FD] KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service, KoreLogic Disclosures
• [FD] KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service, KoreLogic Disclosures
• [FD] Softros Network Time System Server v2.3.4 / Denial Of Service CVE-2018-7658, hyp3rlinx
• [FD] DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery, Defense Code
• [FD] DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities, Defense Code
• [FD] DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products, Defense Code
• [FD] DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes, Defense Code
• [FD] Rapid Scada - 5.5.0 - Insecure Permissions, filipe
• [FD] DSA-2018-038: RSA Archer GRC Platform Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] DSA-2018-011: RSA Identity Governance and Lifecycle Privilege Escalation Vulnerability, EMC Product Security Response Center
• [FD] [RT-SA-2018-001] Arbitrary Redirect in Tuleap, RedTeam Pentesting GmbH
• [FD] WebLog Expert Web Server Enterprise v9.4 / Authentication Bypass CVE-2018-7581, hyp3rlinx
• [FD] WebLog Expert Web Server Enterprise v9.4 / Remote Denial Of Service CVE-2018-7582, hyp3rlinx
• [FD] Tuleap SQL Injection, Cristiano Maruti
• [FD] 10-Strike Network Monitor 5.4 - Unquoted Service Path, filipe
• [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions, filipe
  • Re: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions, Alex BALAN
• [FD] Panda Global Security 17.0.1 - Unquoted service path, filipe
• [FD] Panda Global Security 17.0.1 - NULL DACL grants full access, filipe
• [FD] WPS Free Office 10.2.0.5978 - NULL DACL grants full access, filipe
• [FD] Hola VPN 1.79.859 - Insecure service permissions, filipe
• [FD] Multiple SQL injection vulnerabilities in Bacula-Web (CVE-2017-15367), Gustavo Sorondo
• [FD] DSA-2018-020: Dell EMC Data Protection Advisor Hardcoded Password Vulnerability, EMC Product Security Response Center
• [FD] SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail, SEC Consult Vulnerability Lab
• [FD] [RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites, RedTeam Pentesting GmbH
• [FD] PayPal Inc - New Venmo Bug Bounty Program, Vulnerability Lab
• [FD] PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$, Vulnerability Lab
• [FD] SQL Injection in Textpattern <= 4.6.2, Manuel Garcia Cardenas
• [FD] DEWESoft X3 SP1 (64-bit) installer / Remote Internal Command Access - CVE-2018-7756, hyp3rlinx
• [FD] hardwear.io CFP is Open & New Security Training in Berlin!, Yuliya Pliavaka
• [FD] SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net), SEC Consult Vulnerability Lab
• [FD] [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow, Core Security Advisories Team
• [FD] [CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability, Sydream Labs
• [FD] [CVE-2018-7422] Local File Inclusion (LFI) vulnerability in WordPress Site Editor Plugin, nicolas.buzy-debat
• [FD] c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops 2018 Open, Prajwal Panchmahalkar
• [FD] RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213), (RS) Tyler Schroder
• [FD] DSA-2018-037: Dell EMC NetWorker Buffer Overflow Vulnerability, EMC Product Security Response Center
• [FD] New release: UFONet v1.0 "TachY0n!", psy
• [FD] LDAP Account Manager (6.2) CVE-2018-8763, CVE-2018-8764, Michał Kędzior
• [FD] Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation, x ksi
• [FD] Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal, x ksi
• [FD] ModSecurity WAF 3.0 for Nginx - Denial of Service, x ksi
• [FD] ES2018-05 Kamailio heap overflow, Sandro Gauci
• [FD] DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] BSidesMilano Event and CFP, Agostino Panico
• [FD] Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links, Securify B.V. via Fulldisclosure
• [FD] AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability, Vulnerability Lab
• [FD] Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820), Hate Shape
• [FD] ManageEngine Service Desk Plus < 9403 Cross-Site Scripting, okan coskun
• [FD] DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities, EMC Product Security Response Center
• [FD] DSA-2018-040: RSA® Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, keliikoa kirland
  • Re: [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, keliikoa kirland
  • Re: [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, keliikoa kirland
    • Re: [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, Matthew Fernandez
• [FD] CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center, Williams, Ken
• [FD] CA20180328-01: Security Notice for CA API Developer Portal, Kotas, Kevin J
• [FD] CVE-2018-5708, Kevin R
• [FD] Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script, Mohamed A. Baset
• [FD] APPLE-SA-2018-3-29-1 iOS 11.3, Apple Product Security
• [FD] APPLE-SA-2018-3-29-2 watchOS 4.3, Apple Product Security
• [FD] APPLE-SA-2018-3-29-3 tvOS 11.3, Apple Product Security
• [FD] APPLE-SA-2018-3-29-4 Xcode 9.3, Apple Product Security
• [FD] APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan, Apple Product Security
• [FD] APPLE-SA-2018-3-29-6 Safari 11.1, Apple Product Security
• [FD] APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows, Apple Product Security
• [FD] APPLE-SA-2018-3-29-8 iCloud for Windows 7.4, Apple Product Security
• [FD] Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys, WTS Research Team