Mail Thread Index

• Date Index

• [FD] Argus Surveillance DVR - 4.0.0.0 / SYSTEM Privilege Escalation, hyp3rlinx
• [FD] Argus Surveillance DVR - 4.0.0.0 / Unauthenticated Directory Traversal File Disclosure, hyp3rlinx
• [FD] CA20180829-01: Security Notice for CA PPM, Williams, Ken
• [FD] CA20180829-02: Security Notice for CA Unified Infrastructure Management, Williams, Ken
• [FD] CA20180829-03: Security Notice for CA Release Automation, Williams, Ken
• [FD] Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489], Nightwatch Cybersecurity Research
• [FD] [CFP] BSides San Francisco - March 2019, BSidesSF CFP via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009, Stefan Kanthak
• [FD] Android Dexdump Buffer Overflow Vulnerability, Veysel hataş
• [FD] [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities, Core Security Advisories Team
• [FD] SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki, SEC Consult Vulnerability Lab
• [FD] CVE-2018-1000664: DSub for Subsonic (Android) - Improper Certificate Validation, Andrew Klaus
• [FD] CVE-2018-15898: Subsonic Music Streamer 4.4 (Android) - Improper Certificate Validation, Andrew Klaus
• [FD] DSA-2018-150:RSA BSAFE® SSL-J Multiple Vulnerabilities, secure
• [FD] DSA-2018-147: Dell EMC Isilon OneFS and Dell EMC IsilonSD Edge Remote Kernel Crash Vulnerability, secure
• [FD] DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness, secure
• [FD] Vulnerabilities in KONEs Group Controller (KGC), Sebastian Neuner via Fulldisclosure
• [FD] ZDI-CAN-6307 / Microsoft Baseline Security Analyzer v2.3 / XML External Entity Injection, hyp3rlinx
• [FD] Seagate Personal Cloud multiple information disclosure vulnerabilities, Summer of Pwnage via Fulldisclosure
• [FD] Disclose SSRF Vulnerability, Alphan Yavaş
  • <Possible follow-ups>
  • [FD] Disclose SSRF Vulnerability, alphan yavaş
• [FD] CVE-2018-16242 - oBike Electronic Lock Bypass, Antoine Neuenschwander
• [FD] CVE-2018-15502 - Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs., Mathieu Michaud
• [FD] Policy bypass on Imperva WAF, Dam Cab
• [FD] CVE-2017-17762 - XXE Vulnerability in Episerver CMS, Jonas Lejon
• [FD] DAVOSET v.1.3.6, MustLive
• [FD] DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability, secure
• [FD] [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability, Francesco Servida
• [FD] Multiple Vulnerabilities in Oracle WebCenter Interaction 10.3.3, Ben N
• [FD] APPLE-SA-2018-9-17-2 watchOS 5, Apple Product Security
• [FD] APPLE-SA-2018-9-17-1 iOS 12, Apple Product Security
• [FD] APPLE-SA-2018-9-17-3 tvOS 12, Apple Product Security
• [FD] APPLE-SA-2018-9-17-4 Safari 12, Apple Product Security
• [FD] APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS, Apple Product Security
• [FD] SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform, SEC Consult Vulnerability Lab
• [FD] Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges, Securify B.V. via Fulldisclosure
• [FD] DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities, secure
• [FD] AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade, Asterisk Security Team
• [FD] WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion, Manuel Garcia Cardenas
• [FD] WordPress Plugin Localize My Post 1.0 - Local File Inclusion, Manuel Garcia Cardenas
• [FD] X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX, X41 D-Sec GmbH Advisories
• [FD] X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty, X41 D-Sec GmbH Advisories
• [FD] OPManager SQL Injection Vulnerability, Murat Aydemir
• [FD] DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities, secure
  • <Possible follow-ups>
  • [FD] DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities, secure
• [FD] [CVE-2018-13140] Antidote Remote Code Execution against the update component, Sysdream Labs
• [FD] APPLE-SA-2018-9-24-1 macOS Mojave 10.14, Apple Product Security
• [FD] APPLE-SA-2018-9-24-3 Additional information for APPLE-SA-2018-9-17-4 Safari 12, Apple Product Security
• [FD] APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows, Apple Product Security
• [FD] APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12, Apple Product Security
• [FD] APPLE-SA-2018-9-24-5 Additional information for APPLE-SA-2018-9-17-2 watchOS 5, Apple Product Security
• [FD] APPLE-SA-2018-9-24-6 Additional information for APPLE-SA-2018-9-17-3 tvOS 12, Apple Product Security
• [FD] bounties, Justin Ferguson
• [FD] DSA-2018-158: Dell EMC ESRS Policy Manager Remote Code Execution Vulnerability, secure
• [FD] SEC Consult SA-20180924-0 :: Multiple Vulnerabilities in Citrix StorageZones Controller, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20180926-0 ::, SEC Consult Vulnerability Lab
  • Re: [FD] SEC Consult SA-20180926-0 :: Stored Cross-Site Scripting in Progress Kendo UI Editor, SEC Consult Vulnerability Lab
• [FD] Hardened Debian Security Focused Distribution - Feedback Wanted!, TNT BOM BOM
• [FD] New Release: UFONet v1.1 - "Quantum Hydra!"..., psy
• [FD] Skype Debian package: allows complete machine takeover for Microsoft, Enrico Weigelt, metux IT consult
• [FD] Integer overflow in Linux's create_elf_tables() (CVE-2018-14634), Qualys Security Advisory
• [FD] DSA-2018-141: Dell EMC Unity Family Incorrect File Permissions vulnerability, secure
• [FD] Executable installers are vulnerable^WEVIL (case 57): arbitrary code execution WITH escalation of privilege viaIntel Extreme Tuning Utility, Stefan Kanthak