Mail Index

• Thread Index

• [FD] [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
  • From: Egidio Romano
• [FD] Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6
  • From: Daniel Bishtawi
• [FD] Call for Papers for ShmooCon Epilogue Closes Jan 1
  • From: Rob Fuller
• [FD] Chrome Browser for Android Reveals Sensitive Hardware Information
  • From: Nightwatch Cybersecurity Research
• [FD] DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability
  • From: secure
• Re: [FD] [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials
  • From: Tyler Cui
• Re: [FD] [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials
  • From: Tyler Cui
• Re: [FD] [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials
  • From: Tyler Cui
• [FD] /bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)
  • From: zzt0907
• [FD] Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10
  • From: Daniel Bishtawi
• [FD] Vulnerabilities in Zurmo 2.3.4
  • From: Daniel Bishtawi
• [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
  • From: Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5
  • From: Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0
  • From: Daniel Bishtawi
• [FD] CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb
  • From: Daniel Jones via Fulldisclosure
• [FD] CWE-80 XSS Bose Soundtouch App
  • From: ProSec
• [FD] Open-Xchange Security Advisory 2018-12-31
  • From: martin . heiland . lists
• [FD] BMC Remedy + ITAM - multiple security issues.
  • From: Filip Palian
• [FD] BMC Network Automation v8.7 - remote session hijacking.
  • From: Filip Palian
• [FD] DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability
  • From: secure
• [FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin)
  • From: dxw Security
• Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
  • From: Daniel Bishtawi
• [FD] Reflected Cross-site Scripting in Mantis 2.11.1
  • From: Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14
  • From: Daniel Bishtawi
• [FD] New Release: UFONet v1.2 - "Armageddon!"
  • From: psy
• Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
  • From: Henri Salo
• Re: [FD] Vulnerabilities in Zurmo 2.3.4
  • From: Henri Salo
• [FD] Path Traversal in Aspose.ZIP library
  • From: Jaroslav Lobačevski
• [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x
  • From: Sahil Dhar
• [FD] SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series)
  • From: SEC Consult Vulnerability Lab
• [FD] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser
  • From: X41 D-Sec GmbH Advisories
• [FD] Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day
  • From: hyp3rlinx
• [FD] Capstone v4.0.1 is out!
  • From: Nguyen Anh Quynh
• [FD] Open Redirection Vulnerabilities in OrangeForum 1.4.0
  • From: Daniel Bishtawi
• [FD] XML External Entity Injection Vulnerability in BlogEngine 3.3
  • From: Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6
  • From: Daniel Bishtawi
• Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2
  • From: Henri Salo
• Re: [FD] Reflected Cross-site Scripting in Mantis 2.11.1
  • From: Henri Salo
• [FD] [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones
  • From: Sysdream Labs
• [FD] [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones
  • From: Sysdream Labs
• [FD] System Down: A systemd-journald exploit
  • From: Qualys Security Advisory
• Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2
  • From: Henri Salo
• [FD] EuskalHack Security Congress Call For Papers
  • From: Joxean Koret via Fulldisclosure
• [FD] secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler
  • From: Simon Bieber
• [FD] SCP client multiple vulnerabilities
  • From: Harry Sintonen
• [FD] Become a speaker at PHDays 9!
  • From: Alexander Lashkov
• [FD] Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution
  • From: hyp3rlinx
• [FD] Open-Xchange Security Advisory 2019-01-18
  • From: Open-Xchange GmbH
• [FD] Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
  • From: Stefan Kanthak
• [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets
  • From: Security Explorations
• [FD] Call For Paper - leHACK - July 6th - July 7th, 2019
  • From: Hackira via Fulldisclosure
• [FD] CA20190117-01: Security Notice for CA Service Desk Manager
  • From: Kevin Kotas via Fulldisclosure
• [FD] [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE
  • From: Pedro Ribeiro
• [FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval
  • From: RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-004] Cisco RV320 Command Injection
  • From: RedTeam Pentesting GmbH
• [FD] RVAsec 2019 Call for Presentations (CFP)
  • From: Sullo
• [FD] SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI)
  • From: SEC Consult Vulnerability Lab
• [FD] Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution
  • From: hyp3rlinx
• [FD] Cross-site Scripting via XML Vulnerability in DNN 9.1
  • From: Daniel Bishtawi
• [FD] Cross-site Scripting Vulnerability in Abantecart 1.2.12
  • From: Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
  • From: Daniel Bishtawi
• [FD] Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7
  • From: Daniel Bishtawi
• [FD] CA20190124-01: Security Notice for CA Automic Workload Automation
  • From: James Williams via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-1 iOS 12.1.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-5 Safari 12.0.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-4 tvOS 12.1.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-6 iCloud for Windows 7.10
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-3 watchOS 5.1.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows
  • From: Apple Product Security via Fulldisclosure
• Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
  • From: Henri Salo