Mail Index

• Thread Index

• [FD] Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
  • From: Vulnerability Lab
• [FD] [SYSS-2020-012] Improper Access Control (CWE-284) in xt:Commerce (CVE-2020-12101)
  • From: Fabian Krone
• [FD] Multiple 0days in IBM Data Risk Manager
  • From: Pedro Ribeiro
• [FD] TP-LINK Cloud Cameras NCXXX Bonjour Command Injection
  • From: Pietro Oliva
• [FD] TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key
  • From: Pietro Oliva
• [FD] TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection
  • From: Pietro Oliva
• [FD] CVE-2020-1967: proving sigalg != NULL
  • From: Imre Rad
• [FD] iJoomla com_adagency v6.0.9 - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] Joomla com_content v1.5 - Blind SQL-Injection Vulnerability
  • From: Vulnerability Lab
• [FD] File Explorer v1.4 iOS - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] Fishing Reservation System - Multiple Remote SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• [FD] Fishing Reservation System - Multiple Remote SQL Injection Vulnerabilities
  • From: admin@xxxxxxxxxxxxxxxxx
• [FD] Reflected XSS in WordPress - WooCommerce - Advanced Order Export 3.1.3 plugin disclosure
  • From: Jack Misiura via Fulldisclosure
• [FD] Sentrifugo v3.2 CMS - Persistent XSS Web Vulnerability
  • From: Vulnerability Lab
• [FD] KeeWeb v1.14.0 - (Notes) Html Inject Web Vulnerability
  • From: Vulnerability Lab
• [FD] OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability
  • From: Vulnerability Lab
• [FD] Qik Chat v3.0 iOS - (Name) Command Inject Vulnerability
  • From: Vulnerability Lab
• [FD] Creative Zone - (id) Remote SQL Injection Vulnerability
  • From: Vulnerability Lab
• [FD] Draytek VigorAP - (RADIUS) Persistent XSS Vulnerability
  • From: Vulnerability Lab
• [FD] LANCOM WLAN Controller - Multiple Cross Site Scripting Vulnerabilities
  • From: Vulnerability Lab
• [FD] LANCOM WLAN Controller - Multiple Cross Site Vulnerabilities
  • From: Vulnerability Lab
• [FD] Tiny MySQL - Cross Site Scripting Vulnerability
  • From: admin@xxxxxxxxxxxxxxxxx
• [FD] Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability
  • From: admin@xxxxxxxxxxxxxxxxx
• [FD] Creative Zone - (id) Remote SQL Injection Vulnerability
  • From: admin@xxxxxxxxxxxxxxxxx
• [FD] Capstone 4.0.2 is out!
  • From: Nguyen Anh Quynh
• [FD] ChopSlider3 Wordpress Plugin SQL Injection
  • From: Callum Murphy
• [FD] SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution
  • From: Jens Regel
• [FD] Webmin (Upload Module) Remote Command Injection Vulnerability
  • From: raki ben hamouda
• [FD] DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal
  • From: xen1thLabs
• [FD] DataSecurity Plus Xnode Server - Authentication Bypass
  • From: xen1thLabs
• [FD] Asset Explorer Windows Agent - Remote Code Execution
  • From: xen1thLabs
• [FD] Two vulnerabilities found in MikroTik's RouterOS
  • From: Q C
• [FD] Two vulnerabilities in Oracle’s iPlanet Web Server (CVE-2020-9315 and CVE-2020-9314)
  • From: Nightwatch Cybersecurity Research
• [FD] Tryton v5.4 - (Name) Persistent Cross Site Vulnerability
  • From: Vulnerability Lab
• [FD] Sellacious eCommerce - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• [FD] KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] CVE-2020-1113 - Windows Task Scheduler - Security Feature Bypass
  • From: Advisories
• [FD] Asset Explorer (Windows & Linux) - Authenticated Command Execution
  • From: xen1thLabs
• [FD] Multiple vulnerabilities in Dovecot IMAP server
  • From: Aki Tuomi
• [FD] [SYSS-2019-039] Smartbear ReadyAPI/SoapUI Pro/jProductivity Licensing Unsafe Deserialization
  • From: Moritz Bechler
• [FD] Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting
  • From: Manuel Garcia Cardenas
• [FD] Short notes on qmail security guarantee
  • From: Georgi Guninski
• [FD] APPLE-SA-2020-05-20-1 Xcode 11.5
  • From: Apple Product Security via Fulldisclosure
• [FD] Remote Code Execution in qmail (CVE-2005-1513)
  • From: Qualys Security Advisory
• [FD] [IAIK JCE] Timing Attack Side Channel in DSA Implementation
  • From: Giuseppe Cocomazzi
• [FD] Filetto v1.0 - 'FEAT' Denial of Service (PoC)
  • From: socket_0x03
• [FD] Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC)
  • From: socket_0x03
• [FD] Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC)
  • From: socket_0x03
• [FD] New BlackArch Linux ISOs + OVA Image released!
  • From: Black Arch
• [FD] APPLE-SA-2020-05-26-2 iOS 12.4.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-6 watchOS 5.3.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-7 Safari 13.1.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-8 iTunes 12.10.7 for Windows
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-5 watchOS 6.2.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-9 iCloud for Windows 11.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-10 iCloud for Windows 7.19
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11)
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-4 tvOS 13.4.5
  • From: Apple Product Security via Fulldisclosure
• [FD] [CDPWE-0001] - RocketReach
  • From: Thierry Zoller