Mail Index

• Thread Index

• [FD] Significant Vulnerabilities in Axis IP Cameras
  • From: Vulnerability Report
• [FD] DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability
  • From: EMC Product Security Response Center
• [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
  • From: okan coskun
• [FD] KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability
  • From: KoreLogic Disclosures
• [FD] XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)
  • From: Rose Jackcode
• [FD] APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0
  • From: Apple Product Security
• [FD] Double free in openslp 2.0.0
  • From: Magnus Klaaborg Stubman
• [FD] DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability
  • From: Dell EMC Product Security Response Center
• [FD] Faraday Beta V3.0 Released
  • From: Francisco Amato
• Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
  • From: okan coskun
• [FD] Windows Kernel (win32k.sys) Local Denial Of Service
  • From: Victor Portal Gonzalez
• [FD] Open-Xchange Security Advisory 2018-07-02
  • From: Open-Xchange GmbH
• [FD] ntop-ng < 3.4.180617 - Authentication bypass / session hijacking
  • From: Ioannis Profetis
• [FD] [CVE-2018-8755] Nucom NC-WR644GACV Auth Bypass
  • From: Fernando A. Lagos Berardi
• [FD] XSS in Sencha Ext JS 4 to 6
  • From: Daniel Fritsch
• [FD] CVE-2018-12103
  • From: Kevin R
• Re: [FD] XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)
  • From: Rose Jackcode
• [FD] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers
  • From: SEC Consult Vulnerability Lab
• [FD] Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.
  • From: Kyriakos Economou
• [FD] c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops extended till July 15th
  • From: Prajwal Panchmahalkar
• [FD] APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0
  • From: Apple Product Security
• [FD] DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability
  • From: Dell EMC Product Security Response Center
• [FD] info-zip, zip command crash.
  • From: 오세훈
• [FD] can (should?) packets from unauthentcated wifi devices enter layer2 ?
  • From: devzero
• [FD] [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
  • From: Stefan Kanthak
• Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
  • From: Thierry Zoller
• [FD] VLC media player 2.2.8 Arbitrary Code Execution PoC
  • From: Eugene NG (GOVTECH)
• [FD] [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection
  • From: Jens Regel
• [FD] APPLE-SA-2018-7-9-1 iOS 11.4.1
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-2 watchOS 4.3.2
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-3 tvOS 11.4.1
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-5 Safari 11.1.2
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-6 iCloud for Windows 7.6
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows
  • From: Apple Product Security
• [FD] Crashing Facebook Messenger for Android with an MITM attack
  • From: Nightwatch Cybersecurity Research
• [FD] SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T
  • From: SEC Consult Vulnerability Lab
• [FD] Secutech DSL WR RIS 330 - Filter Bypass Vulnerability
  • From: Vulnerability Lab
• [FD] Intel System CU - Buffer Overflow (Denial of Service) Vulnerability
  • From: Vulnerability Lab
• [FD] ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability
  • From: Vulnerability Lab
• [FD] Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• [FD] [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities
  • From: Core Security Advisories Team
• [FD] DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities
  • From: Dell EMC Product Security Response Center
• [FD] Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability
  • From: Vulnerability Lab
• [FD] Barracuda ADC v5.x - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS
  • From: SEC Consult Vulnerability Lab
• [FD] HackRF Circuit Board - New Universal Case for Devs & Pentesters
  • From: Vulnerability Lab
• [FD] 0day CVE-2018-12463
  • From: alt3kx via Fulldisclosure
• [FD] XSS in OpenConext-EngineBlock 5.7.0 to 5.7.3
  • From: Andrew Klaus
• [FD] eScan ISS for Business v14.0.1400.2029 - BSOD through of a IOCTL
  • From: filipe
• [FD] Total AV 4.1.7 ~ 4 .6.19 - Insecure Permissions
  • From: filipe
• [FD] G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow
  • From: filipe
• [FD] Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability
  • From: Vulnerability Lab
• [FD] CSRF vulnerabilities in D-Link DIR-300
  • From: MustLive
• [FD] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability
  • From: Vulnerability Lab
• [FD] Barracuda Cloud Control 7.1.1.003 - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] Binance v1.5.0 - Insecure File Permission Vulnerability
  • From: Vulnerability Lab
• [FD] GhostMail - (filename to link) POST Inject Web Vulnerability
  • From: Vulnerability Lab
• [FD] GhostMail - (Status Message) Persistent Web Vulnerability
  • From: Vulnerability Lab
• [FD] Adobe Systems - Arbitrary Code Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Adobe Patches Vulnerability Affecting Internal Systems
  • From: Vulnerability Lab
• [FD] Capstone disassembler framework v3.0.5 is out!
  • From: Nguyen Anh Quynh
• [FD] Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933)
  • From: Denis Andzakovic via Fulldisclosure
• [FD] CIRITICAL code injection vulnerability in National Instruments Linux driver package
  • From: Enrico Weigelt, metux IT consult
• [FD] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper
  • From: Justin Bull
• [FD] DSA-2018-130: RSA Archer® Multiple Vulnerabilities
  • From: Dell EMC Product Security Response Center
• [FD] Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
  • From: Stefan Kanthak
• [FD] [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS
  • From: xiaotian.wang
• [FD] [CVE-2018-12997]Zoho manageengine Arbitrary File Read in multiple Products
  • From: xiaotian.wang
• [FD] [CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion
  • From: xiaotian.wang
• [FD] [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products
  • From: xiaotian.wang
• [FD] Network Manager VPNC - Privilege Escalation (CVE-2018-10900)
  • From: Denis Andzakovic via Fulldisclosure
• [FD] CleanMyMac3 local privilege escalation
  • From: Chi Chou
• [FD] APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4
  • From: Apple Product Security
• [FD] APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1
  • From: Apple Product Security
• [FD] FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018
  • From: Branco, Rodrigo
• [FD] Integer overflow in Tracto ERC20
  • From: 姚志华
• [FD] [CORE-2018-0009] - SoftNAS Cloud OS Command Injection
  • From: Core Security Advisories Team
• [FD] [CORE-2018-0009] - SoftNAS Cloud OS Command Injection
  • From: Core Security Advisories Team
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities
  • From: Defense Code
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities
  • From: Defense Code
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability
  • From: Defense Code
• [FD] Faraday V3.0 Released
  • From: Francisco Amato
• [FD] More - Google supported XSS kit aka AdExchange iframe buster kit (Zmx)
  • From: Zmx
• [FD] DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability
  • From: Dell EMC Product Security Response Center
• [FD] Integer overflow in SunContract
  • From: 姚志华