Mail Index

• Thread Index

• [FD] Deskpro Helpdesk < 2019.8.0 (Privilege Escalation, RCE)
  • From: RedForce Advisory
• [FD] Recon-Informer v1 - Intel for offensive systems tool
  • From: hyp3rlinx
• Re: [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs
  • From: Paul Szabo
• [FD] TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference
  • From: Pietro Oliva
• Re: [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 66): attachment manager allows to load arbitrary DLLs
  • From: Stefan Kanthak
• [FD] Recon-Informer v1 - Intel for offensive systems tool.
  • From: hyp3rlinx
• [FD] MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities
  • From: Red Timmy Security
• [FD] Microsoft Windows "net use" Logon CMD / Insufficient Password Prompt
  • From: hyp3rlinx
• [FD] SEC Consult SA-20200407-0 :: Multiple XSS vulnerabilities in TAO Open Source Assessment Platform
  • From: SEC Consult Vulnerability Lab
• [FD] netABuse - Windows Insufficient Authentication Logic Scanner
  • From: hyp3rlinx
• Re: [FD] TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference
  • From: Pietro Oliva
• [FD] KL-001-2020-001 : Cellebrite Hardcoded ADB Authentication Keys
  • From: KoreLogic Disclosures via Fulldisclosure
• Re: [FD] Two vulnerabilities found in MikroTik's RouterOS
  • From: Q C
• [FD] Workspace Management 9.1.2.2765 - Stored Cross-Site Scripting
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] Matrix42 Workspace Management 9.1.2.2765 – Reflected Cross-Site Scripting
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] Matrix42 Workspace Management 9.1.2.2765 – Reflected Cross-Site Scripting
  • From: Georg Ph E Heise via Fulldisclosure
• [FD] WSO2 API Manager Stored XSS Vulnerabilty
  • From: raki ben hamouda
• [FD] Defense in depth -- the Microsoft way (part 67): we maintain 20 year old bugs since we don't care about our customers safety and security
  • From: Stefan Kanthak
• [FD] DedeCMS v7.5 SP2 - Multiple Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Macs Framework v1.14f CMS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] SuperBackup v2.0.5 iOS - (VCF) Persistent XSS Vulnerability
  • From: Vulnerability Lab
• [FD] File Transfer iFamily v2.1 - Directory Traversal Vulnerability
  • From: Vulnerability Lab
• [FD] AirDisk Pro v5.5.3 iOS - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] Bundeswehr Karriere Portal - Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [FD] TAO Open Source Assessment Platform v3.3.0 RC02 - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] SMACom v1.2.0 - Insecure Session Validation Vulnerability
  • From: Vulnerability Lab
• [FD] Playable v9.18 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] CA20200414-01: Security Notice for CA API Developer Portal
  • From: Ken Williams via Fulldisclosure
• [FD] CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris
  • From: Marco Ivaldi
• [FD] Prestashop <= 1.7.6.4 Multiple Vulnerabilities - CSRF to RCE
  • From: Sivanesh Ashok
• [FD] Swift File Transfer Mobile - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities
  • From: Vulnerability Lab
• [FD] Phpgurukul User Registration v2.0 - Multiple Vulnerabilities
  • From: Vulnerability Lab
• [FD] Folder Lock v3.4.5 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Mahara v19.10.2 CMS - Persistent Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• [FD] Sky File v2.1.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] Multiple 0 day vulnerabilities in IBM Data Risk Manager
  • From: Pedro Ribeiro
• [FD] Unauthorized access to QRadar configuration sets via default password
  • From: Securify B.V. via Fulldisclosure
• [FD] QRadar RssFeedItem Server-Side Request Forgery vulnerability
  • From: Securify B.V. via Fulldisclosure
• [FD] Cross-Site Request Forgery & weak access control in QRadar ConfigServices webservice
  • From: Securify B.V. via Fulldisclosure
• [FD] Reflected Cross-Site Scripting in QRadar Forensics link analysis page
  • From: Securify B.V. via Fulldisclosure
• [FD] Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions
  • From: Securify B.V. via Fulldisclosure
• [FD] PHP object injection vulnerability in QRadar Forensics web application
  • From: Securify B.V. via Fulldisclosure
• [FD] Arbitrary class instantiation & local file inclusion vulnerability in QRadar Forensics web application
  • From: Securify B.V. via Fulldisclosure
• [FD] Authorization bypass in QRadar Forensics web application
  • From: Securify B.V. via Fulldisclosure
• [FD] QRadar session manager path traversal vulnerability
  • From: Securify B.V. via Fulldisclosure
• [FD] Cisco AnyConnect elevation of privileges due to insecure handling of path names
  • From: Securify B.V. via Fulldisclosure
• [FD] Web Application Firewall bypass via F5 Big-IP partial URI decoding
  • From: RedTimmy Security
• [FD] Air Sender v1.0.2 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] jQuery < 3.5 Cross-Site Scripting (XSS)
  • From: Marcin Kozlowski
• [FD] Project Open v5.0.3 CMS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] POS PHP v17.5 - Persistent Cross Site Web Vulnerability
  • From: Vulnerability Lab
• [FD] Easy Transfer v1.7 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [FD] File Sharing & Chat v1.0 iOS - Denial of Service Vulnerability
  • From: Vulnerability Lab
• [FD] Transfer Master v3.3 iOS - Denial of Service Vulnerability
  • From: Vulnerability Lab
• [FD] File Explorer v1.4 iOS - Information Disclosure Vulnerability
  • From: Vulnerability Lab
• [FD] Internet Download Manager v6.37.11.1 - Stack Buffer Overflow Vulnerabilities
  • From: Vulnerability Lab
• [FD] Cross-Site Scripting Vulnerability in Geeklog 2.2.1
  • From: Daniel Bishtawi
• [FD] Blind SQL Injection Vulnerability in Geeklog 2.2.1
  • From: Daniel Bishtawi
• [FD] Gigamon - GigaVUE 0day
  • From: Balázs Hambalkó
• [FD] Multiple vulnerabilities OpenAudiT
  • From: Pablo Zurro via Fulldisclosure
• [FD] Exploiting java deserialization vulnerabilities in crypto contexts - a java applet case-study
  • From: RedTimmy Security
• [FD] IDM v6.37.11.1 - Stack Buffer Overflow Vulnerabilities
  • From: Vulnerability Lab
• [FD] HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [FD] Super Backup v2.0.5 iOS - Directory Traversal Vulnerability
  • From: Vulnerability Lab