Mail Thread Index

• Date Index

• [FD] airgapping kvm switch, debug
• Re: [FD] Unvalidated Redirect in Shibboleth component of Blackboard, Derrek Bertrand
• [FD] ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities, matthew f
• [FD] XSS-Flexense-DiskBoss-Enterprise-all-versions, n0ipr0cs
• [FD] XSS in Flexense SyncBreeze, affects all versions, n0ipr0cs
• [FD] XSS in Flexense DiskPulse, affects all versions, n0ipr0cs
• [FD] XSS in Flexense DiskSavvy, affects all versions, n0ipr0cs
• [FD] XSS in Flexense DupScout, affects all versions, n0ipr0cs
• [FD] XSS in Flexense VX Search, affects all versions, n0ipr0cs
• [FD] XSS in Flexense DiskSorter, affects all versions, n0ipr0cs
• [FD] Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution, Stephen Shkardoon
• [FD] SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM), SEC Consult Vulnerability Lab
• [FD] CA20180501-01: Security Notice for CA Spectrum, Kotas, Kevin J
• [FD] DSA-2018-063: Dell EMC Unity Family OS Command Injection Vulnerability, EMC Product Security Response Center
• [FD] [CORE-2018-0001] TP-Link EAP Controller Multiple Vulnerabilities, Core Security Advisories Team
• [FD] Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA (CVE-2018-10641), Joe Gray
• [FD] DSA-2018-086: RSA® Authentication Manager Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04, Apple Product Security
• [FD] GNU Wget Cookie Injection [CVE-2018-0494], Harry Sintonen
• [FD] CVE-2018-10201 – Ncomputing vSpace Pro Directory Traversal Vulnerability, Javier Bernardo
• [FD] APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001, Apple Product Security
• [FD] [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy, Stefan Kanthak
• [FD] Microsoft Windows "FxCop" v10-12 / XML External Entity Injection, hyp3rlinx
• [FD] Vulnerabilities in IBMs Flashsystems and Storwize Products, Sebastian Neuner via Fulldisclosure
• [FD] t2'18: Call For Papers 2018 (Helsinki, Finland), Tomi Tuominen
• [FD] CSRF in WP User Groups allows anybody to modify user groups and types (WordPress plugin), dxw Security
  • Re: [FD] Vulnerabilities in IBMs Flashsystems and Storwize Products, Sebastian Neuner via Fulldisclosure
• [FD] Calamp.com Incorrect privilege assignment could lead to full user compromise, Vangelis Stykas
• [FD] Buffer overflow in xls2csv (xlsparse.c:716) - catdoc, Mohd Hanafie
  • Re: [FD] Buffer overflow in xls2csv (xlsparse.c:716) - catdoc, Vadim Zhukov
• [FD] CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities, Imre Rad
• [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet, SEC Consult Vulnerability Lab
  • Re: [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet, SEC Consult Vulnerability Lab
• [FD] Stored XSS in WP ULike allows unauthorised users to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] WP ULike allows anybody to delete any row in any WordPress table (WordPress plugin), dxw Security
• [FD] CSRF in Metronet Tag Manager allows anybody to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Calamp.com Incorrect privilege assignment could lead to full user and vehicle compromise, Vangelis Stykas
• [FD] Multiple Arris Touchstone Gateway Vulnerabilities, Akshay Sharma
• [FD] CVE-2018-10994: HTML tag injection in Signal-desktop, Alfredo Ortega
• [FD] Keeper Commander, sosumi
• [FD] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager, SEC Consult Vulnerability Lab
• [FD] vcftools 0.1.15 vuln bugs, bear.xiong
• [FD] PDFParser vulnerability, bear.xiong
• [FD] Privilege escalation on Windows10/x by shortcut alteration., Davide Lombardo
• [FD] CVE-2018-11101: Signal-desktop HTML tag injection variant 2, Alfredo Ortega
• [FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411, Amine Taouirsa
  • <Possible follow-ups>
  • [FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411, Amine Taouirsa
• [FD] libmobi 0.3 vulns, 熊文彬
• [FD] taglib 1.11.1 vuln, 熊文彬
  • Re: [FD] taglib 1.11.1 vuln, Alan Coopersmith
• [FD] WindScribe VPN 1.81 Privilege Escalation, Emin Ghuliev
• [FD] Authentication Bypass in Accellion Kiteworks, jerinjoy
• [FD] [CVE-2018-10094] Dolibarr SQL Injection vulnerability, Sysdream Labs
• [FD] [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability, Sysdream Labs
• [FD] Dolibarr XSS Injection vulnerability, Sysdream Labs
• [FD] [CVE-2018-1418] IBM QRadar SIEM unauthenticated remote code execution as root, Pedro Ribeiro
• [FD] SharePoint Site User Enumeration, pzpcve180528
• [FD] Qualys Security Advisory - Procps-ng Audit Report, Qualys Security Advisory
• [FD] Android OS Didn’t use FLAG_SECURE for Sensitive Settings [CVE-2017-13243], Nightwatch Cybersecurity Research
• [FD] Reptile: a LKM rootkit written for evil purposes, nullbyte
• [FD] DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability, xiaotian.wang
• [FD] JDA Warehouse Management System (WMS) Multiple Critical Vulnerabilities, Xiaoran Wang via Fulldisclosure
• [FD] JDA Connect Multiple Critical Vulnerabilities, Xiaoran Wang via Fulldisclosure
• [FD] Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting, Yavuz Atlas
• [FD] SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle, SEC Consult Vulnerability Lab
• [FD] foilChat sign up email PIN confirmation bypass, Harry Sintonen
• [FD] CVE-2018-11551 AXON PBX DLL Loading Arbitrary Code Execution & Privilege Escalation Vulnerability, Himanshu Mehta
• [FD] CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting, Himanshu Mehta