Mail Index

• Thread Index

• Re: [FD] Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
  • From: Dennis E. Hamilton
• [FD] XSSer v.1.8[3] - "The HiV€!" released
  • From: psy
• [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory
  • From: RedTimmy Security
• Re: [FD] Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
  • From: Stefan Kanthak
• [FD] QuickHeal Generic Malformed Archive Bypass (ZIP GPFLAG)
  • From: Thierry Zoller
• Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory
  • From: Hunger
• [FD] Buffer overflow in pppd - CVE-2020-8597
  • From: Marcin Kozlowski
• [FD] [SYSS-2020-004] Information Exposure Through Caching (CWE-512) in Citrix Gateway (CVE-2020-10110)
  • From: Micha Borrmann
• [FD] [SYSS-2020-005] Cache Poisoning (CAPEC-141) in Citrix Gateway (CVE-2020-10112)
  • From: Micha Borrmann
• [FD] [SYSS-2020-006] Inconsistent Interpretation of HTTP Requests (CWE-444) in Citrix Gateway (CVE-2020-10111)
  • From: Micha Borrmann
• Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory
  • From: Phil Ashby
• Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory
  • From: RedTimmy Security
• [FD] Script Injection Vulnerability Remediated
  • From: Scott Baker via Fulldisclosure
• [FD] [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form
  • From: sec-advisory
• [FD] [TZO-20-2020] - Quickheal Malformed Archive bypass (ZIP GPFLAG) - CVE-2020-9362
  • From: Thierry Zoller
• [FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client
  • From: SEC Consult Vulnerability Lab
• [FD] [REVIVE-SA-2020-002] Revive Adserver Vulnerabilities
  • From: Matteo Beccati via Fulldisclosure
• [FD] CarolinaCon is POSTPONED
  • From: CarolinaCon
• [FD] Defense in depth -- the Microsoft way (part 63): program defaults, settings, policies ... and (un)trustworthy computing
  • From: Stefan Kanthak
• [FD] [RT-SA-2020-001] Credential Disclosure in WatchGuard Fireware AD Helper Component
  • From: RedTeam Pentesting GmbH
• [FD] RichFaces exploitation toolkit
  • From: Red Timmy Security
• [FD] Multiple vulnerabilities found in Zyxel CNM SecuManager
  • From: Pierre Kim
• [FD] ZoneAlarm TrueVector Internet Monitor service insecure NTFS permissions vulnerability
  • From: Securify B.V. via Fulldisclosure
• [FD] Oce Colorwave 500 printer - multiple vulnerabilities
  • From: Red Timmy Security
• [FD] LPE in Avast Secure Browser
  • From: Silton Renato Pereira dos Santos
• [FD] Authentication Bypass in Tribal SITS:Vision
  • From: Callum Murphy
• [FD] New version of Hyperion PE runtime crypter
  • From: Levon Kayan
• [FD] APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-3 tvOS 13.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-7 Xcode 11.4
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-4 watchOS 6.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-5 Safari 13.1
  • From: Apple Product Security via Fulldisclosure
• [FD] Hackers 2 Hackers Conference 17th Edition Call For Papers
  • From: Rodrigo Rubira Branco (BSDaemon)
• [FD] HP ThinPro - Information disclosure
  • From: Eldar Marcussen
• [FD] HP ThinPro - Application filter bypass
  • From: Eldar Marcussen
• [FD] HP ThinPro - Privilege escalation
  • From: Eldar Marcussen
• [FD] HP ThinPro - Citrix command injection
  • From: Eldar Marcussen
• [FD] HP ThinPro - Privileged command injection
  • From: Eldar Marcussen
• [FD] CVE-2019-19912
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] CVE-2019-19913
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] New tool: nullscan v1.0.0 - A modular framework designed to chain and automate security tests
  • From: Levon Kayan
• [FD] CVE-2019-4716: conf overwrite + auth bypass = rce as root / SYSTEM on IBM PA / TM1
  • From: Pedro Ribeiro
• [FD] APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-25-2 iCloud for Windows 7.18
  • From: Apple Product Security via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 65): unsafe, easy to rediect paths all over
  • From: Stefan Kanthak
• [FD] [SYSS-2019-046] Micro Focus Vibe - HTML Injection
  • From: Vladimir Bostanov
• [FD] [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)
  • From: Vladimir Bostanov