Mail Index

• Thread Index

• [FD] Multiple APIs Vulnerabilities in CUJO Firewall
  • From: CUJ0 FAIL
• [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1
  • From: Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2
  • From: Daniel Bishtawi
• [FD] [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration
  • From: Sysdream Labs
• [FD] Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP Server
  • From: Chris
• [FD] Reflected XSS in n SolarWinds Serv-U FTP Server
  • From: Chris
• [FD] SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government
  • From: SEC Consult Vulnerability Lab
• [FD] [Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root
  • From: Pedro Ribeiro
• [FD] DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability
  • From: secure
• [FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin)
  • From: Tim Coen
• [FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)
  • From: Tim Coen
• [FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] Give 2.3.0 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open
  • From: Vic Vandal
• [FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)
  • From: Tim Coen
• [FD] Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)
  • From: David Coomber
• [FD] APPLE-SA-2019-2-07-1 iOS 12.1.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS
  • From: Apple Product Security via Fulldisclosure
• [FD] [CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2
  • From: Rafael Pedrero
• [FD] [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3
  • From: Rafael Pedrero
• [FD] [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service
  • From: Rafael Pedrero
• [FD] [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
  • From: Rafael Pedrero
• [FD] Content Injection in Amazon's FireOS [CVE-2019-7399]
  • From: Nightwatch Cybersecurity Research
• [FD] KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
  • From: Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall
  • From: Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products
  • From: Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices
  • From: Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices
  • From: Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset
  • From: Kingkaustubh via Fulldisclosure
• Re: [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets
  • From: Security Explorations
• [FD] [SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset
  • From: Adam Gowdiak
• [FD] [SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities
  • From: advisories
• [FD] Open Redirection Vulnerability in GetSimpleCMS 3.3.13
  • From: Daniel Bishtawi
• [FD] Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4
  • From: Daniel Bishtawi
• Re: [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1
  • From: Henri Salo
• [FD] CA20190212-01: Security Notice for CA Privileged Access Manager
  • From: Kevin Kotas via Fulldisclosure
• [FD] [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous)
  • From: Rafael Pedrero
• [FD] [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
  • From: Rafael Pedrero
• [FD] [CVE-2018-18845] Cross Site Scripting in Advanced comment system v1.0
  • From: Rafael Pedrero
• [FD] [CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17
  • From: Rafael Pedrero
• [FD] Multiple issues in Teracue ENC-400 including pre-authenticated remote code execution
  • From: Stephen Shkardoon
• [FD] Kanboard 1.2.7 Multiple Vulnerabilities
  • From: Will Boucher via Fulldisclosure
• [FD] CVE-2019-8939: XSS in Tautulli
  • From: Geeknik Labs via Fulldisclosure
• [FD] CVE-2019-1000032: Memory corruption / DoS in nanosvg
  • From: Sebastian Neef
• [FD] [CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4)
  • From: Rafael Pedrero
• [FD] Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
  • From: Stefan Kanthak