Mail Thread Index

• Date Index

• [FD] Significant Vulnerabilities in Axis IP Cameras, Vulnerability Report
• [FD] DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability, EMC Product Security Response Center
• [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction, okan coskun
  • Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction, okan coskun
  • Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction, Thierry Zoller
• [FD] KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability, KoreLogic Disclosures
• [FD] XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites), Rose Jackcode
  • Re: [FD] XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites), Rose Jackcode
• [FD] APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0, Apple Product Security
• [FD] Double free in openslp 2.0.0, Magnus Klaaborg Stubman
• [FD] DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability, Dell EMC Product Security Response Center
• [FD] Faraday Beta V3.0 Released, Francisco Amato
• [FD] Windows Kernel (win32k.sys) Local Denial Of Service, Victor Portal Gonzalez
• [FD] Open-Xchange Security Advisory 2018-07-02, Open-Xchange GmbH
• [FD] ntop-ng < 3.4.180617 - Authentication bypass / session hijacking, Ioannis Profetis
• [FD] [CVE-2018-8755] Nucom NC-WR644GACV Auth Bypass, Fernando A. Lagos Berardi
• [FD] XSS in Sencha Ext JS 4 to 6, Daniel Fritsch
• [FD] CVE-2018-12103, Kevin R
• [FD] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers, SEC Consult Vulnerability Lab
• [FD] Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities., Kyriakos Economou
• [FD] c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops extended till July 15th, Prajwal Panchmahalkar
• [FD] APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0, Apple Product Security
• [FD] DSA-2018-117 RSA Identity Governance and Lifecycle Uncontrolled Search Path Vulnerability, Dell EMC Product Security Response Center
• [FD] info-zip, zip command crash., 오세훈
• [FD] can (should?) packets from unauthentcated wifi devices enter layer2 ?, devzero
• [FD] [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool, Stefan Kanthak
• [FD] VLC media player 2.2.8 Arbitrary Code Execution PoC, Eugene NG (GOVTECH)
• [FD] [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection, Jens Regel
• [FD] APPLE-SA-2018-7-9-1 iOS 11.4.1, Apple Product Security
• [FD] APPLE-SA-2018-7-9-2 watchOS 4.3.2, Apple Product Security
• [FD] APPLE-SA-2018-7-9-3 tvOS 11.4.1, Apple Product Security
• [FD] APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
• [FD] APPLE-SA-2018-7-9-5 Safari 11.1.2, Apple Product Security
• [FD] APPLE-SA-2018-7-9-6 iCloud for Windows 7.6, Apple Product Security
• [FD] APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows, Apple Product Security
• [FD] Crashing Facebook Messenger for Android with an MITM attack, Nightwatch Cybersecurity Research
• [FD] SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T, SEC Consult Vulnerability Lab
• [FD] Secutech DSL WR RIS 330 - Filter Bypass Vulnerability, Vulnerability Lab
• [FD] Intel System CU - Buffer Overflow (Denial of Service) Vulnerability, Vulnerability Lab
• [FD] ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability, Vulnerability Lab
• [FD] Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities, Core Security Advisories Team
• [FD] DSA-2018-084: RSA Identity Governance and Lifecycle Multiple Vulnerabilities, Dell EMC Product Security Response Center
• [FD] Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability, Vulnerability Lab
• [FD] Barracuda ADC v5.x - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS, SEC Consult Vulnerability Lab
• [FD] HackRF Circuit Board - New Universal Case for Devs & Pentesters, Vulnerability Lab
• [FD] 0day CVE-2018-12463, alt3kx via Fulldisclosure
• [FD] XSS in OpenConext-EngineBlock 5.7.0 to 5.7.3, Andrew Klaus
• [FD] eScan ISS for Business v14.0.1400.2029 - BSOD through of a IOCTL, filipe
• [FD] Total AV 4.1.7 ~ 4 .6.19 - Insecure Permissions, filipe
• [FD] G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow, filipe
• [FD] Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability, Vulnerability Lab
• [FD] CSRF vulnerabilities in D-Link DIR-300, MustLive
• [FD] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability, Vulnerability Lab
• [FD] Barracuda Cloud Control 7.1.1.003 - Cross Site Scripting Vulnerability, Vulnerability Lab
• [FD] Binance v1.5.0 - Insecure File Permission Vulnerability, Vulnerability Lab
• [FD] GhostMail - (filename to link) POST Inject Web Vulnerability, Vulnerability Lab
• [FD] GhostMail - (Status Message) Persistent Web Vulnerability, Vulnerability Lab
• [FD] Adobe Systems - Arbitrary Code Injection Vulnerability, Vulnerability Lab
• [FD] Adobe Patches Vulnerability Affecting Internal Systems, Vulnerability Lab
• [FD] Capstone disassembler framework v3.0.5 is out!, Nguyen Anh Quynh
• [FD] Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933), Denis Andzakovic via Fulldisclosure
• [FD] CIRITICAL code injection vulnerability in National Instruments Linux driver package, Enrico Weigelt, metux IT consult
• [FD] [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper, Justin Bull
• [FD] DSA-2018-130: RSA Archer® Multiple Vulnerabilities, Dell EMC Product Security Response Center
• [FD] Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability, Stefan Kanthak
• [FD] [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS, xiaotian.wang
• [FD] [CVE-2018-12997]Zoho manageengine Arbitrary File Read in multiple Products, xiaotian.wang
• [FD] [CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion, xiaotian.wang
• [FD] [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products, xiaotian.wang
• [FD] Network Manager VPNC - Privilege Escalation (CVE-2018-10900), Denis Andzakovic via Fulldisclosure
• [FD] CleanMyMac3 local privilege escalation, Chi Chou
• [FD] APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
• [FD] APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan, Apple Product Security
• [FD] APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4, Apple Product Security
• [FD] APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4, Apple Product Security
• [FD] APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1, Apple Product Security
• [FD] FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018, Branco, Rodrigo
• [FD] Integer overflow in Tracto ERC20, 姚志华
• [FD] [CORE-2018-0009] - SoftNAS Cloud OS Command Injection, Core Security Advisories Team
  • <Possible follow-ups>
  • [FD] [CORE-2018-0009] - SoftNAS Cloud OS Command Injection, Core Security Advisories Team
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities, Defense Code
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities, Defense Code
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability, Defense Code
• [FD] Faraday V3.0 Released, Francisco Amato
• [FD] More - Google supported XSS kit aka AdExchange iframe buster kit (Zmx), Zmx
• [FD] DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability, Dell EMC Product Security Response Center
• [FD] Integer overflow in SunContract, 姚志华