Mail Thread Index

• Date Index

• [FD] [SE-2011-01] Security contact at Canal+ Group ?, Security Explorations
  • Message not available
    • Re: [FD] [SE-2011-01] Security contact at Canal+ Group ?, Security Explorations
• [FD] Massive Breach in Panera Bread, Jack Beanstalk
  • Re: [FD] Massive Breach in Panera Bread, (RS) Tyler Schroder
    • Re: [FD] Massive Breach in Panera Bread, John Menerick
    • Re: [FD] Massive Breach in Panera Bread, Cornelius Keck
• [FD] Directory Traversal Vulnerability in DNNarticle module for DNN, Rahimian
• Re: [FD] CVE-2018-5708, Kevin R
• [FD] CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass, hyp3rlinx
  • Re: [FD] CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass, Buherátor
    • Re: [FD] CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass, hyp3rlinx
• [FD] CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto, hyp3rlinx
• [FD] [FIXED TYPO **] CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto, hyp3rlinx
• [FD] Authentication Bypass Vulnerability in the Auth0 Identity Platform, Nahuel Grisolia
• [FD] DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability, EMC Product Security Response Center
• [FD] The first 8dayz of an Underground crew deemed Underground_Agency (~UA) 2018, keliikoa kirland
• [FD] [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution, RedTeam Pentesting GmbH
• [FD] [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure, RedTeam Pentesting GmbH
• [FD] SQLi in Relevanssi might allow an admin to read contents of database (WordPress plugin), dxw Security
• [FD] Like Button Rating ♥ LikeBtn allows anybody to set any option (WordPress plugin), dxw Security
• [FD] Rating-Widget: Star Review System allows anybody to turn on debug mode and view errors and warnings (WordPress plugin), dxw Security
• [FD] WP Image Zoom allows anybody to cause denial of service (WordPress plugin), dxw Security
• Re: [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, Matthew Fernandez
  • Re: [FD] new email; gw22067@xxxxxxxxxxx | Double-free segfault bypass, Justin Ferguson
• Re: [FD] Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE, bashis
• [FD] secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application, Simon Bieber
• [FD] secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application, Simon Bieber
• [FD] Microsoft account site using old cert, Eitan Caspi via Fulldisclosure
• [FD] DSA-2018-071: Dell EMC ViPR Controller Information Exposure Vulnerability, EMC Product Security Response Center
• [FD] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected., ketamine
• [FD] Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH, Stefan Kanthak
• [FD] Strong Password Generator - Biased Randomness, Sean Buckley
• [FD] Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18), Yves Younan
• Re: [FD] CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088, IS Threat Team
• [FD] Kodi <= 17.6 - Persistent Cross-Site Scripting, Manuel Garcia Cardenas
• [FD] Seagate Personal Cloud allows moving of arbitrary files, Summer of Pwnage via Fulldisclosure
• [FD] Seagate Media Server stored Cross-Site Scripting vulnerability, Summer of Pwnage via Fulldisclosure
• [FD] Seagate Media Server path traversal vulnerability, Summer of Pwnage via Fulldisclosure
• [FD] [CVE-2017-5641] - DrayTek Vigor ACS 2 Java Deserialisation RCE, Pedro Ribeiro
• [FD] Foxit Reader 8.3.1.21155 ( Unsafe DLL Loading Vulnerability ), Whatis Yourbug
• [FD] Microsoft (Win 10) InternetExplorer v11.371.16299.0 - Denial Of Service, hyp3rlinx
• [FD] wifi and z-wave smart home from zibreo, Larry
• [FD] [SE-2011-01] The origin and impact of vulnerabilities in ST chipsets, Security Explorations
• [FD] SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products, SEC Consult Vulnerability Lab
• [FD] Sitecore Directory Traversal Vulnerability, Chris
• [FD] Hikvision hik-connect.com authentication vulnerability, Vangelis Stykas
• [FD] Authorization bypass in PHPLiteAdmin since 1.9.5, Karsten König
  • Re: [FD] Authorization bypass in PHPLiteAdmin since 1.9.5, Karsten König
• [FD] APPLE-SA-2018-04-24-1 iOS 11.3.1, Apple Product Security
• [FD] APPLE-SA-2018-04-24-2 Security Update 2018-001, Apple Product Security
• [FD] APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4), Apple Product Security
• Re: [FD] Auto-detection of Compressed Files in Apple’s macOS, Nightwatch Cybersecurity Research
• [FD] DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability, EMC Product Security Response Center
  • <Possible follow-ups>
  • [FD] DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability, EMC Product Security Response Center
• [FD] [RCE] TP-Link Remote Code Execution CVE-2017-13772 v2 - >180, 000 affected devices, Andrew Mabbitt
• [FD] [** FIX CODE TYPO] Microsoft (Win 10) InternetExplorer v11.371.16299.0 - Denial Of Service, hyp3rlinx
• [FD] Unvalidated Redirect in Shibboleth component of Blackboard Learn, Ethan Sweet
• [FD] GitList 0.6 Unauthenticated RCE, Kacper Szurek
• [FD] VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 Memory Corruption (PoC), Kroppoloe via Fulldisclosure