Mail Thread Index

• Date Index

• [FD] Multiple vulnerabilities in Dovecot 2.3, Aki Tuomi via Fulldisclosure
• Re: [FD] WordPress Plugin Contact Form Builder [CSRF → LFI], Henri Salo
• Re: [FD] WordPress Plugin Form Maker by WD [CSRF → LFI], Henri Salo
• Re: [FD] WordPress plugin Contact Form by WD [CSRF → LFI], Henri Salo
• [FD] OpenPGP and S/MIME signature forgery attacks in multiple email clients, Jens Müller via Fulldisclosure
• [FD] [REVIVE-SA-2019-001] Revive Adserver - Multiple vulnerabilities, Matteo Beccati via Fulldisclosure
• [FD] [CVE-2019-9826] phpBB Native Fulltext Search denial of service, Colin Snover
• [FD] Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution 0day, hyp3rlinx
• [FD] OneShield - Policy Solutions - Dragon Framework Log Poisoning, ghost
• [FD] OneShield - Policy Solutions - Dragon Framework Persistent XSS in Framework Textboxes, ghost
• [FD] [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310), Matthias Deeg
• [FD] RCE in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232, Nightwatch Cybersecurity Research
• [FD] Open source tool | Lets Map Your Network, Pramod Rana
• [FD] SEC Consult SA-20190509-0 :: Multiple Vulnerabilities in Gemalto (Thales Group) DS3 Authentication Server / Ezio Server, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject, SEC Consult Vulnerability Lab
• [FD] WordPress Plugin Form Maker 1.13.3 - SQL Injection, Daniele Scanu
• [FD] Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF,vulnerability via unauthenticated GET Request, David H
• [FD] dotCMS v5.1.1 Vulnerabilities, John Martinelli
  • Message not available
    • [FD] dotCMS v5.1.1 HTML Injection & XSS Vulnerability, John Martinelli
      • Re: [FD] dotCMS v5.1.1 HTML Injection & XSS Vulnerability, John Martinelli
• [FD] Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before, Pramod Rana
• [FD] CSV Injection | Alkacon OpenCMS v10.5.4 and before, Pramod Rana
• [FD] Cross Site Scripting | WolfCMS v0.8.3.1 and before, Pramod Rana
• [FD] SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult), SEC Consult Vulnerability Lab
• [FD] TOR browser / Firefox telemetry data, Bipin Gautam
• [FD] [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services, Joshua Mulliken
• [FD] APPLE-SA-2019-5-13-1 iOS 12.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-13-3 tvOS 12.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-13-4 watchOS 5.2.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-13-6 Apple TV Software 7.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-13-5 Safari 12.1.1, Apple Product Security via Fulldisclosure
• Re: [FD] System Down: A systemd-journald exploit, Qualys Security Advisory
• [FD] [CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection, RCE Security
• [FD] SEC Consult SA-20190515-0 :: Authorization Bypass in RSA NetWitness (@sec_consult), SEC Consult Vulnerability Lab
• [FD] [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway, RedTeam Pentesting GmbH
• [FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability, gionreale
  • Re: [FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability, gionreale
• [FD] [CVE-2019-11880] CommSy <= 8.6.5 - SQL injection, Jens Regel | Schneider & Wulf
• [FD] local privilege escalation via CDE dtprintinfo, Marco Ivaldi
• [FD] Epic Web Honeypot 2.0a - Fingerprinting Vulnerability, gionreale
• [FD] Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass, gionreale
• [FD] Emerson Network Power Cross Site Scripting(XSS) Vulnerability, Kubilay Onur Gungor
• [FD] CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting, Manuel Garcia Cardenas
• [FD] New BlackArch Linux ISOs + OVA Image (2019.06.01) with 2200 Tools released, Black Arch
• [FD] [REVIVE-SA-2019-002] Revive Adserver Vulnerability, Matteo Beccati via Fulldisclosure
• [FD] Exploring the File System via Jenkins Credentials Plugin Vulnerability – CVE-2019-10320, Nightwatch Cybersecurity Research
• [FD] [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting, RCE Security
• [FD] Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7, Daniel Bishtawi
• [FD] Cross-site Scripting Vulnerabilities in VFront 0.99.5, Daniel Bishtawi
• [FD] CA20190523-01: Security Notice for CA Risk Authentication and CA Strong Authentication, Kevin Kotas via Fulldisclosure
• [FD] [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321), Matthias Deeg
• [FD] [SYSS-2019-013]: Siemens LOGO! 8 - Missing Authentication for Critical Function (CWE-306), Matthias Deeg
• [FD] [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257), Matthias Deeg
• [FD] Local Privilege Escalation via Serv-U FTP Server, Chris
• [FD] APPLE-SA-2019-5-28-2 iCloud for Windows 7.12, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5, Apple Product Security via Fulldisclosure
• [FD] XSS in SSI printenv command – Apache Tomcat – CVE-2019-0221, Nightwatch Cybersecurity Research
• [FD] Anviz M3 RFID Access Control security issues, Marco