Mail Index

• Thread Index

• [FD] airgapping kvm switch
  • From: debug
• Re: [FD] Unvalidated Redirect in Shibboleth component of Blackboard
  • From: Derrek Bertrand
• [FD] ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities
  • From: matthew f
• [FD] XSS-Flexense-DiskBoss-Enterprise-all-versions
  • From: n0ipr0cs
• [FD] XSS in Flexense SyncBreeze, affects all versions
  • From: n0ipr0cs
• [FD] XSS in Flexense DiskPulse, affects all versions
  • From: n0ipr0cs
• [FD] XSS in Flexense DiskSavvy, affects all versions
  • From: n0ipr0cs
• [FD] XSS in Flexense DupScout, affects all versions
  • From: n0ipr0cs
• [FD] XSS in Flexense VX Search, affects all versions
  • From: n0ipr0cs
• [FD] XSS in Flexense DiskSorter, affects all versions
  • From: n0ipr0cs
• [FD] Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution
  • From: Stephen Shkardoon
• [FD] SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM)
  • From: SEC Consult Vulnerability Lab
• [FD] CA20180501-01: Security Notice for CA Spectrum
  • From: Kotas, Kevin J
• [FD] DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability
  • From: EMC Product Security Response Center
• [FD] [CORE-2018-0001] TP-Link EAP Controller Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA (CVE-2018-10641)
  • From: Joe Gray
• [FD] DSA-2018-086: RSA® Authentication Manager Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04
  • From: Apple Product Security
• [FD] GNU Wget Cookie Injection [CVE-2018-0494]
  • From: Harry Sintonen
• [FD] CVE-2018-10201 – Ncomputing vSpace Pro Directory Traversal Vulnerability
  • From: Javier Bernardo
• [FD] APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001
  • From: Apple Product Security
• [FD] [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
  • From: Stefan Kanthak
• [FD] Microsoft Windows "FxCop" v10-12 / XML External Entity Injection
  • From: hyp3rlinx
• [FD] Vulnerabilities in IBMs Flashsystems and Storwize Products
  • From: Sebastian Neuner via Fulldisclosure
• [FD] t2'18: Call For Papers 2018 (Helsinki, Finland)
  • From: Tomi Tuominen
• [FD] CSRF in WP User Groups allows anybody to modify user groups and types (WordPress plugin)
  • From: dxw Security
• [FD] Calamp.com Incorrect privilege assignment could lead to full user compromise
  • From: Vangelis Stykas
• [FD] Buffer overflow in xls2csv (xlsparse.c:716) - catdoc
  • From: Mohd Hanafie
• [FD] CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities
  • From: Imre Rad
• Re: [FD] Vulnerabilities in IBMs Flashsystems and Storwize Products
  • From: Sebastian Neuner via Fulldisclosure
• [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet
  • From: SEC Consult Vulnerability Lab
• [FD] Stored XSS in WP ULike allows unauthorised users to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] WP ULike allows anybody to delete any row in any WordPress table (WordPress plugin)
  • From: dxw Security
• Re: [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet
  • From: SEC Consult Vulnerability Lab
• [FD] CSRF in Metronet Tag Manager allows anybody to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• [FD] Calamp.com Incorrect privilege assignment could lead to full user and vehicle compromise
  • From: Vangelis Stykas
• [FD] Multiple Arris Touchstone Gateway Vulnerabilities
  • From: Akshay Sharma
• [FD] CVE-2018-10994: HTML tag injection in Signal-desktop
  • From: Alfredo Ortega
• Re: [FD] Buffer overflow in xls2csv (xlsparse.c:716) - catdoc
  • From: Vadim Zhukov
• [FD] Keeper Commander
  • From: sosumi
• [FD] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager
  • From: SEC Consult Vulnerability Lab
• [FD] vcftools 0.1.15 vuln bugs
  • From: bear.xiong
• [FD] PDFParser vulnerability
  • From: bear.xiong
• [FD] Privilege escalation on Windows10/x by shortcut alteration.
  • From: Davide Lombardo
• [FD] CVE-2018-11101: Signal-desktop HTML tag injection variant 2
  • From: Alfredo Ortega
• [FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411
  • From: Amine Taouirsa
• [FD] libmobi 0.3 vulns
  • From: 熊文彬
• [FD] taglib 1.11.1 vuln
  • From: 熊文彬
• [FD] WindScribe VPN 1.81 Privilege Escalation
  • From: Emin Ghuliev
• [FD] Authentication Bypass in Accellion Kiteworks
  • From: jerinjoy
• [FD] [CVE-2018-10094] Dolibarr SQL Injection vulnerability
  • From: Sysdream Labs
• [FD] [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability
  • From: Sysdream Labs
• [FD] Dolibarr XSS Injection vulnerability
  • From: Sysdream Labs
• [FD] [CVE-2018-1418] IBM QRadar SIEM unauthenticated remote code execution as root
  • From: Pedro Ribeiro
• [FD] SharePoint Site User Enumeration
  • From: pzpcve180528
• [FD] Qualys Security Advisory - Procps-ng Audit Report
  • From: Qualys Security Advisory
• [FD] Android OS Didn’t use FLAG_SECURE for Sensitive Settings [CVE-2017-13243]
  • From: Nightwatch Cybersecurity Research
• [FD] Reptile: a LKM rootkit written for evil purposes
  • From: nullbyte
• [FD] DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411
  • From: Amine Taouirsa
• [FD] NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability
  • From: xiaotian.wang
• [FD] JDA Warehouse Management System (WMS) Multiple Critical Vulnerabilities
  • From: Xiaoran Wang via Fulldisclosure
• [FD] JDA Connect Multiple Critical Vulnerabilities
  • From: Xiaoran Wang via Fulldisclosure
• [FD] Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
  • From: Yavuz Atlas
• [FD] SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle
  • From: SEC Consult Vulnerability Lab
• [FD] foilChat sign up email PIN confirmation bypass
  • From: Harry Sintonen
• Re: [FD] taglib 1.11.1 vuln
  • From: Alan Coopersmith
• [FD] CVE-2018-11551 AXON PBX DLL Loading Arbitrary Code Execution & Privilege Escalation Vulnerability
  • From: Himanshu Mehta
• [FD] CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting
  • From: Himanshu Mehta