Mail Thread Index

• Date Index

• [FD] [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability, Egidio Romano
• [FD] [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability, Egidio Romano
• [FD] [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability, Egidio Romano
• [FD] [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability, Egidio Romano
• [FD] Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6, Daniel Bishtawi
• [FD] Call for Papers for ShmooCon Epilogue Closes Jan 1, Rob Fuller
• [FD] Chrome Browser for Android Reveals Sensitive Hardware Information, Nightwatch Cybersecurity Research
• [FD] DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability, secure
• Re: [FD] [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials, Tyler Cui
• Re: [FD] [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials, Tyler Cui
• Re: [FD] [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials, Tyler Cui
• [FD] /bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212), zzt0907
• [FD] Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10, Daniel Bishtawi
• [FD] Vulnerabilities in Zurmo 2.3.4, Daniel Bishtawi
  • Re: [FD] Vulnerabilities in Zurmo 2.3.4, Henri Salo
• [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8, Daniel Bishtawi
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8, Henri Salo
    • Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8, Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5, Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0, Daniel Bishtawi
• [FD] CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb, Daniel Jones via Fulldisclosure
• [FD] CWE-80 XSS Bose Soundtouch App, ProSec
• [FD] Open-Xchange Security Advisory 2018-12-31, martin . heiland . lists
• [FD] BMC Remedy + ITAM - multiple security issues., Filip Palian
• [FD] BMC Network Automation v8.7 - remote session hijacking., Filip Palian
• [FD] DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability, secure
• [FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin), dxw Security
• [FD] Reflected Cross-site Scripting in Mantis 2.11.1, Daniel Bishtawi
  • Re: [FD] Reflected Cross-site Scripting in Mantis 2.11.1, Henri Salo
• [FD] Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14, Daniel Bishtawi
• [FD] New Release: UFONet v1.2 - "Armageddon!", psy
• [FD] Path Traversal in Aspose.ZIP library, Jaroslav Lobačevski
• [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x, Sahil Dhar
• [FD] SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series), SEC Consult Vulnerability Lab
• [FD] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser, X41 D-Sec GmbH Advisories
• [FD] Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day, hyp3rlinx
• [FD] Capstone v4.0.1 is out!, Nguyen Anh Quynh
• [FD] Open Redirection Vulnerabilities in OrangeForum 1.4.0, Daniel Bishtawi
• [FD] XML External Entity Injection Vulnerability in BlogEngine 3.3, Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6, Daniel Bishtawi
• Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2, Henri Salo
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2, Henri Salo
• [FD] [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones, Sysdream Labs
• [FD] [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones, Sysdream Labs
• [FD] System Down: A systemd-journald exploit, Qualys Security Advisory
• [FD] EuskalHack Security Congress Call For Papers, Joxean Koret via Fulldisclosure
• [FD] secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler, Simon Bieber
• [FD] SCP client multiple vulnerabilities, Harry Sintonen
• [FD] Become a speaker at PHDays 9!, Alexander Lashkov
• [FD] Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution, hyp3rlinx
• [FD] Open-Xchange Security Advisory 2019-01-18, Open-Xchange GmbH
• [FD] Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability, Stefan Kanthak
• [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets, Security Explorations
• [FD] Call For Paper - leHACK - July 6th - July 7th, 2019, Hackira via Fulldisclosure
• [FD] CA20190117-01: Security Notice for CA Service Desk Manager, Kevin Kotas via Fulldisclosure
• [FD] [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE, Pedro Ribeiro
• [FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export, RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval, RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-004] Cisco RV320 Command Injection, RedTeam Pentesting GmbH
• [FD] RVAsec 2019 Call for Presentations (CFP), Sullo
• [FD] SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI), SEC Consult Vulnerability Lab
• [FD] Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution, hyp3rlinx
• [FD] Cross-site Scripting via XML Vulnerability in DNN 9.1, Daniel Bishtawi
• [FD] Cross-site Scripting Vulnerability in Abantecart 1.2.12, Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46, Daniel Bishtawi
  • Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46, Henri Salo
• [FD] Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7, Daniel Bishtawi
• [FD] CA20190124-01: Security Notice for CA Automic Workload Automation, James Williams via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-1 iOS 12.1.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-5 Safari 12.0.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-4 tvOS 12.1.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-6 iCloud for Windows 7.10, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-3 watchOS 5.1.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows, Apple Product Security via Fulldisclosure