Mail Thread Index
- [FD] Wolters Kluwer TeamMate+ – Cross-Site Request Forgery (CSRF) vulnerability,
Bhdresh
- [FD] ZeroNights 2019,
CFP ZeroNights
- [FD] Totaljs CMS authenticated path traversal (could lead to RCE),
paw
- [FD] Totaljs CMS Insecure Admin Session cookie,
paw
- [FD] Totaljs CMS Authenticated Code injection on widget creation,
paw
- [FD] Totaljs CMS Broken Access Control on the API call,
paw
- [FD] One Identity Defender - Insecure Cryptographic Storage,
spicyitalian--- via Fulldisclosure
- [FD] SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X,
SEC Consult Vulnerability Lab
- [FD] AST-2019-004: Crash when negotiating for T.38 with a declined stream,
Asterisk Security Team
- [FD] AST-2019-005: Remote Crash Vulnerability in audio transcoding,
Asterisk Security Team
- [FD] Windows NTFS / Privileged File Access Enumeration,
hyp3rlinx
- [FD] Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability,
Vulnerability Lab
- [FD] NtFileSins v2 / Windows NTFS Privileged File Access Enumeration Tool,
hyp3rlinx
- Re: [FD] CVE 2019-13224 (UAF in PHP and Ruby regex lib),
Marcin Kozlowski
- [FD] CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA),
Kevin Kotas via Fulldisclosure
- [FD] Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow (SEH Unicode),
Debashis Pal
- [FD] CVE-2018-18809 Path traversal in Tibco JasperSoft,
Elar Lang
- [FD] NtFileSins v2.1 / Windows NTFS Privileged File Access Enumeration Tool,
hyp3rlinx
- [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1,
Daniel Bishtawi
- [FD] [CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS,
Info
- [FD] [CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections,
Info
- [FD] SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey,
SEC Consult Vulnerability Lab
- [FD] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery,
Manuel Garcia Cardenas
- [FD] FTPShell client 6.74 - Local Buffer Overflow (SEH),
Debashis Pal
- [FD] Piwigo - Version 2.9.5 [CVE-2019-13363, CVE-2019-13364 ],
rant
- [FD] Insecure tmpdir() use in dbtoepub.rb in docbook / xslt10-stylesheets,
Shlomi Fish
- [FD] SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF,
SEC Consult Vulnerability Lab
- [FD] Reflected XSS – HRworks Login (v1.16.1),
Georg Ph E Heise via Fulldisclosure
- [FD] Bug Bounty Competition 2019,
Vulnerability Lab
- [FD] XSSer v.1.8[1] - "The Hive!" released,
psy
- [FD] vBulletin 5.x 0day pre-auth RCE exploit,
i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure
- [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component,
flanker
- [FD] [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component,
flanker
- [FD] SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade,
SEC Consult Vulnerability Lab
- [FD] DOM based XSS (Login page) in "GFI Kerio Control" Firewalls v9.3.0 / CVE-2019-16414 - working exploit attached,
Michael Eissele
- [FD] APPLE-SA-2019-9-26-1 iOS 12.4.2,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-4 Safari 13,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-3 iOS 13,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-5 watchOS 6,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-6 tvOS 13,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-7 Xcode 11.0,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1,
Apple Product Security via Fulldisclosure
- [FD] APPLE-SA-2019-9-26-9 Safari 13.0.1,
Apple Product Security via Fulldisclosure
Mail converted by MHonArc