Mail Thread Index

• Date Index

• Re: [FD] Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components, Dennis E. Hamilton
  • Re: [FD] Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components, Stefan Kanthak
• [FD] XSSer v.1.8[3] - "The HiV€!" released, psy
• [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory, RedTimmy Security
  • Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory, Hunger
    • Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory, RedTimmy Security
  • Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory, Phil Ashby
• [FD] QuickHeal Generic Malformed Archive Bypass (ZIP GPFLAG), Thierry Zoller
• [FD] Buffer overflow in pppd - CVE-2020-8597, Marcin Kozlowski
• [FD] [SYSS-2020-004] Information Exposure Through Caching (CWE-512) in Citrix Gateway (CVE-2020-10110), Micha Borrmann
• [FD] [SYSS-2020-005] Cache Poisoning (CAPEC-141) in Citrix Gateway (CVE-2020-10112), Micha Borrmann
• [FD] [SYSS-2020-006] Inconsistent Interpretation of HTTP Requests (CWE-444) in Citrix Gateway (CVE-2020-10111), Micha Borrmann
• [FD] Script Injection Vulnerability Remediated, Scott Baker via Fulldisclosure
• [FD] [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form, sec-advisory
• [FD] [TZO-20-2020] - Quickheal Malformed Archive bypass (ZIP GPFLAG) - CVE-2020-9362, Thierry Zoller
• [FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client, SEC Consult Vulnerability Lab
  • [FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client, SEC Consult Vulnerability Lab
• [FD] [REVIVE-SA-2020-002] Revive Adserver Vulnerabilities, Matteo Beccati via Fulldisclosure
• [FD] CarolinaCon is POSTPONED, CarolinaCon
• [FD] Defense in depth -- the Microsoft way (part 63): program defaults, settings, policies ... and (un)trustworthy computing, Stefan Kanthak
• [FD] [RT-SA-2020-001] Credential Disclosure in WatchGuard Fireware AD Helper Component, RedTeam Pentesting GmbH
• [FD] RichFaces exploitation toolkit, Red Timmy Security
  • [FD] Oce Colorwave 500 printer - multiple vulnerabilities, Red Timmy Security
• [FD] Multiple vulnerabilities found in Zyxel CNM SecuManager, Pierre Kim
• [FD] ZoneAlarm TrueVector Internet Monitor service insecure NTFS permissions vulnerability, Securify B.V. via Fulldisclosure
• [FD] LPE in Avast Secure Browser, Silton Renato Pereira dos Santos
• [FD] Authentication Bypass in Tribal SITS:Vision, Callum Murphy
• [FD] New version of Hyperion PE runtime crypter, Levon Kayan
• [FD] APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-3 tvOS 13.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-7 Xcode 11.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-4 watchOS 6.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-24-5 Safari 13.1, Apple Product Security via Fulldisclosure
• [FD] Hackers 2 Hackers Conference 17th Edition Call For Papers, Rodrigo Rubira Branco (BSDaemon)
• [FD] HP ThinPro - Information disclosure, Eldar Marcussen
• [FD] HP ThinPro - Application filter bypass, Eldar Marcussen
• [FD] HP ThinPro - Privilege escalation, Eldar Marcussen
• [FD] HP ThinPro - Citrix command injection, Eldar Marcussen
• [FD] HP ThinPro - Privileged command injection, Eldar Marcussen
• [FD] CVE-2019-19912, Georg Ph E Heise via Fulldisclosure
• [FD] CVE-2019-19913, Georg Ph E Heise via Fulldisclosure
• [FD] New tool: nullscan v1.0.0 - A modular framework designed to chain and automate security tests, Levon Kayan
• [FD] CVE-2019-4716: conf overwrite + auth bypass = rce as root / SYSTEM on IBM PA / TM1, Pedro Ribeiro
• [FD] APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-03-25-2 iCloud for Windows 7.18, Apple Product Security via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 65): unsafe, easy to rediect paths all over, Stefan Kanthak
• [FD] [SYSS-2019-046] Micro Focus Vibe - HTML Injection, Vladimir Bostanov
• [FD] [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520), Vladimir Bostanov