Mail Thread Index

• Date Index

• [FD] Disclose Vulnerability, alphan yavaş
• [FD] Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859), Bernd Leitner
• [FD] [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products, Francesco Servida
• [FD] Zoho ManageEngine OpManager 12.3 allows Stored XSS, Hakan Bayır
• [FD] Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability, Hakan Bayır
• [FD] Royal TS/X - Information Disclosure, Jakub Palaczynski
  • Re: [FD] Royal TS/X - Information Disclosure, Jakub Palaczynski
• [FD] Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS, Jakub Palaczynski
• [FD] APPLE-SA-2018-10-30-1 iOS 12.1, Apple Product Security
• [FD] APPLE-SA-2018-10-30-3 Safari 12.0.1, Apple Product Security
• [FD] APPLE-SA-2018-10-30-4 watchOS 5.1, Apple Product Security
• [FD] APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra, Apple Product Security
• [FD] APPLE-SA-2018-10-30-5 tvOS 12.1, Apple Product Security
• [FD] APPLE-SA-2018-10-30-6 iTunes 12.9.1, Apple Product Security
• [FD] APPLE-SA-2018-10-30-7 iCloud for Windows 7.8, Apple Product Security
• [FD] APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12, Apple Product Security
• [FD] APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5, Apple Product Security
• [FD] APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14, Apple Product Security
• [FD] APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7, Apple Product Security
• [FD] APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12, Apple Product Security
• [FD] APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows, Apple Product Security
• [FD] APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan, Apple Product Security
• [FD] KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities, KoreLogic Disclosures
• [FD] Cradlepoint vulnerabilities, CrazyOwl via Fulldisclosure
  • <Possible follow-ups>
  • [FD] Cradlepoint vulnerabilities, Todd Kelly via Fulldisclosure
• [FD] Security issue in the password reset mechanism of Forcepoint Secure Messaging product (tested in version 8.5), Eitan shav
• [FD] Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings., Hakan Bayır
• [FD] CVE-2018-15437 / Cisco Immunet and Cisco AMP for Endpoints / System Scan Denial of Service, hyp3rlinx
• [FD] CVE-2018-15516 / D- LINK Central WifiManager CWM-100 / FTP Server PORT Bounce Scan, hyp3rlinx
• [FD] CVE-2018-15517 / D-LINK Central WifiManager CWM-100 / Server Side Request Forgery, hyp3rlinx
• [FD] CVE-2018-15515 / D-LINK Central WifiManager CWM-100 / Trojan File SYSTEM Privilege Escalation, hyp3rlinx
• [FD] [CVE-2018-18619] SQL injection in Advanced comment system v1.0, Rafael Pedrero
• [FD] [CVE-2018-18940] Cross Site Scripting in default SnoopServlet servlet Netscape Enterprise 3.63, Rafael Pedrero
• [FD] [CVE-2018-18941] Security Vulnerability in Vignette Content Management version 6, Rafael Pedrero
• [FD] DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities, secure
• [FD] Sensitive Data Exposure via Battery Information Broadcasts in Android OS [CVE-2018-15835], Nightwatch Cybersecurity Research
• [FD] Sensitive Data Exposure via RSSI Broadcasts in Android OS [CVE-2018-9581], Nightwatch Cybersecurity Research
• [FD] DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability, secure
• [FD] SwitchVPN MacOS Privilege Escalation Vulnerability, Bernd Leitner
• [FD] SwitchVPN Insecure Update Process and RCE, Bernd Leitner
• [FD] OCS Inventory NG ocsreports Authenticated RCE via Shell Upload (CVE-2018-15537), Simon Uvarov via Fulldisclosure
• [FD] AST-2018-010:, Asterisk Security Team
• [FD] AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups, Asterisk Security Team
• [FD] Remote Code Execution Vulnerability in ELBA5 Electronic Banking, Florian Bogner
• [FD] Budabot !calc Denial of Service, Ryan Delaney
• [FD] [CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver, Stefan Kanthak
• [FD] [CVE-2018-18006] Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices, Hodorsec via Fulldisclosure
• [FD] Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions (CVE-2018-14667), Joao F M Figueiredo
• [FD] Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API., Murat Aydemir
• [FD] DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities, secure
• [FD] DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability, secure
• [FD] DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability, secure
• [FD] Escalation of privilege with Intel Rapid Storage User Interface, Stefan Kanthak
• [FD] Carolina Con CFP, Trvon via Fulldisclosure
• [FD] SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK, SEC Consult Vulnerability Lab
• [FD] CVE-2010-1910 - Multiple Consona Products Password Reset Security Bypass Vulnerability, Rafael Pedrero
• [FD] CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602, Rafael Pedrero
• [FD] [CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability, advisories
• [FD] It is not a vulnerability. It is a feature. A Zendesk customer? Act now!, Eitan Caspi via Fulldisclosure
• [FD] XSS Fuzzer, Poyo VL via Fulldisclosure
• [FD] CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1, Rafael Pedrero
• [FD] New BlackArch Linux ISOs + OVA Image (2018.12.01) with more than 2050 Tools Released., Black Arch
• [FD] Multiple OS Command Injection in Moxa NPort W2x50A products, Maxim Khazov via Fulldisclosure
• [FD] CVE-2017-9732: knc (kerberized netcat) memory exhaustion, Imre Rad
• [FD] CVE-2018-19753 - Directory Traversal in Tarantella Enterprise before 3.11, Rafael Pedrero
• [FD] CVE-2018-19754 - Security Bypass Access Control Vulnerability in Tarantella Enterprise before 3.11, Rafael Pedrero
• [FD] SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope, SEC Consult Vulnerability Lab