Mail Thread Index

• Date Index

• [FD] SolarWinds SFTP Vulnerabilities, Alex Craggs
• [FD] CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage, hyp3rlinx
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0, Daniel Bishtawi
• [FD] Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1, Daniel Bishtawi
• [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2, Daniel Bishtawi
• [FD] Reflected Cross-site Scripting Vulnerability in Typesetter 5.1, Daniel Bishtawi
• [FD] SQL Injection and Cross-site Scripting Vulnerabilities in Chamilo 1.11.6, Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4, Daniel Bishtawi
• [FD] Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0, Daniel Bishtawi
• [FD] SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol, SEC Consult Vulnerability Lab
• [FD] Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877), Gustavo Sorondo
• [FD] APPLE-SA-2018-12-05-1 iOS 12.1.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-3 tvOS 12.1.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-4 Safari 12.0.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-7 Shortcuts 2.1.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-05-6 iCloud for Windows 7.9, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2018-12-06-1 watchOS 5.1.2, Apple Product Security via Fulldisclosure
• [FD] [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method, Rafael Pedrero
• [FD] [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029), Rafael Pedrero
• [FD] Multiple vulnerabilities found in Trendnet routers and IP Cameras., Prashast Srivastava
• [FD] [CFP] Security BSides Ljubljana 0x7E3 | March 16, 2019, Andraz Sraka
• [FD] Vmware airwatch feature, Jacek Lipkowski
• [FD] Dynamic Loader Oriented Programming - Wiedergaenger PoC (Proof of Concept) on Ubuntu 16.04.5 LTS - 2018, Marcin Kozlowski
• [FD] Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API., Murat Aydemir
• [FD] CVE-2018-7690 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities, alt3kx via Fulldisclosure
• [FD] CVE-2018-7691 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities, alt3kx via Fulldisclosure
• [FD] Mikrotik RouterOS telnet arbitrary root file creation 0day, Hacker Fantastic via Fulldisclosure
• [FD] GNU inetutils <= 1.9.4 telnet.c multiple overflows, Hacker Fantastic via Fulldisclosure
• [FD] YSTS 13th Edition - CFP, Luiz Eduardo
• [FD] Tracking Linux Kernel Vulnerabilities, Nicholas Luedtke
• [FD] LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232), =?gb18030?b?enp0MDkwNw==?=
  • Re: [FD] LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232), Henri Salo
• [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231), =?gb18030?b?enp0MDkwNw==?=
• [FD] [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities, advisories
• [FD] [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities, advisories
• [FD] Capstone disassembler v4.0 is out!, Nguyen Anh Quynh
• [FD] Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API, Murat Aydemir
• [FD] Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section, Murat Aydemir
• [FD] Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section, Murat Aydemir
• [FD] New vulnerabilities in Transcend Wi-Fi SD Card, MustLive
• [FD] DAVOSET v.1.3.7, MustLive
• [FD] CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631), Rafael Pedrero
• [FD] CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0, Rafael Pedrero
• [FD] [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials, Tyler Cui
• [FD] [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials, Tyler Cui
• [FD] [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials, Tyler Cui