Mail Index

• Thread Index

• [FD] Wolters Kluwer TeamMate+ – Cross-Site Request Forgery (CSRF) vulnerability
  • From: Bhdresh
• [FD] ZeroNights 2019
  • From: CFP ZeroNights
• [FD] Totaljs CMS authenticated path traversal (could lead to RCE)
  • From: paw
• [FD] Totaljs CMS Insecure Admin Session cookie
  • From: paw
• [FD] Totaljs CMS Authenticated Code injection on widget creation
  • From: paw
• [FD] Totaljs CMS Broken Access Control on the API call
  • From: paw
• [FD] One Identity Defender - Insecure Cryptographic Storage
  • From: spicyitalian--- via Fulldisclosure
• [FD] SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
  • From: SEC Consult Vulnerability Lab
• [FD] AST-2019-004: Crash when negotiating for T.38 with a declined stream
  • From: Asterisk Security Team
• [FD] AST-2019-005: Remote Crash Vulnerability in audio transcoding
  • From: Asterisk Security Team
• [FD] Windows NTFS / Privileged File Access Enumeration
  • From: hyp3rlinx
• Re: [FD] Totaljs CMS authenticated path traversal (could lead to RCE)
  • From: paw
• [FD] Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability
  • From: Vulnerability Lab
• [FD] NtFileSins v2 / Windows NTFS Privileged File Access Enumeration Tool
  • From: hyp3rlinx
• Re: [FD] CVE 2019-13224 (UAF in PHP and Ruby regex lib)
  • From: Marcin Kozlowski
• [FD] CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)
  • From: Kevin Kotas via Fulldisclosure
• [FD] Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow (SEH Unicode)
  • From: Debashis Pal
• [FD] CVE-2018-18809 Path traversal in Tibco JasperSoft
  • From: Elar Lang
• [FD] NtFileSins v2.1 / Windows NTFS Privileged File Access Enumeration Tool
  • From: hyp3rlinx
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1
  • From: Daniel Bishtawi
• [FD] [CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS
  • From: Info
• [FD] [CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections
  • From: Info
• [FD] SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey
  • From: SEC Consult Vulnerability Lab
• [FD] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
  • From: Manuel Garcia Cardenas
• [FD] FTPShell client 6.74 - Local Buffer Overflow (SEH)
  • From: Debashis Pal
• [FD] Piwigo - Version 2.9.5 [CVE-2019-13363, CVE-2019-13364 ]
  • From: rant
• [FD] Insecure tmpdir() use in dbtoepub.rb in docbook / xslt10-stylesheets
  • From: Shlomi Fish
• [FD] SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF
  • From: SEC Consult Vulnerability Lab
• [FD] Reflected XSS – HRworks Login (v1.16.1)
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] Bug Bounty Competition 2019
  • From: Vulnerability Lab
• [FD] XSSer v.1.8[1] - "The Hive!" released
  • From: psy
• [FD] vBulletin 5.x 0day pre-auth RCE exploit
  • From: i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure
• [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
  • From: flanker
• [FD] [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component
  • From: flanker
• [FD] SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade
  • From: SEC Consult Vulnerability Lab
• [FD] DOM based XSS (Login page) in "GFI Kerio Control" Firewalls v9.3.0 / CVE-2019-16414 - working exploit attached
  • From: Michael Eissele
• [FD] APPLE-SA-2019-9-26-1 iOS 12.4.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-4 Safari 13
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-3 iOS 13
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-5 watchOS 6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-6 tvOS 13
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-7 Xcode 11.0
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-9 Safari 13.0.1
  • From: Apple Product Security via Fulldisclosure