Mail Thread Index

• Date Index

• [FD] Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020, Vulnerability Lab
• [FD] [SYSS-2020-012] Improper Access Control (CWE-284) in xt:Commerce (CVE-2020-12101), Fabian Krone
• [FD] Multiple 0days in IBM Data Risk Manager, Pedro Ribeiro
• [FD] TP-LINK Cloud Cameras NCXXX Bonjour Command Injection, Pietro Oliva
• [FD] TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key, Pietro Oliva
• [FD] TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection, Pietro Oliva
• [FD] CVE-2020-1967: proving sigalg != NULL, Imre Rad
• [FD] iJoomla com_adagency v6.0.9 - SQL Injection Vulnerabilities, Vulnerability Lab
• [FD] Joomla com_content v1.5 - Blind SQL-Injection Vulnerability, Vulnerability Lab
• [FD] File Explorer v1.4 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] Fishing Reservation System - Multiple Remote SQL Injection Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] Fishing Reservation System - Multiple Remote SQL Injection Vulnerabilities, admin@xxxxxxxxxxxxxxxxx
• [FD] Reflected XSS in WordPress - WooCommerce - Advanced Order Export 3.1.3 plugin disclosure, Jack Misiura via Fulldisclosure
• [FD] Sentrifugo v3.2 CMS - Persistent XSS Web Vulnerability, Vulnerability Lab
• [FD] KeeWeb v1.14.0 - (Notes) Html Inject Web Vulnerability, Vulnerability Lab
• [FD] OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability, Vulnerability Lab
• [FD] Qik Chat v3.0 iOS - (Name) Command Inject Vulnerability, Vulnerability Lab
• [FD] Creative Zone - (id) Remote SQL Injection Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • [FD] Creative Zone - (id) Remote SQL Injection Vulnerability, admin@xxxxxxxxxxxxxxxxx
• [FD] Draytek VigorAP - (RADIUS) Persistent XSS Vulnerability, Vulnerability Lab
• [FD] LANCOM WLAN Controller - Multiple Cross Site Scripting Vulnerabilities, Vulnerability Lab
• [FD] LANCOM WLAN Controller - Multiple Cross Site Vulnerabilities, Vulnerability Lab
• [FD] Tiny MySQL - Cross Site Scripting Vulnerability, admin@xxxxxxxxxxxxxxxxx
• [FD] Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability, admin@xxxxxxxxxxxxxxxxx
• [FD] Capstone 4.0.2 is out!, Nguyen Anh Quynh
• [FD] ChopSlider3 Wordpress Plugin SQL Injection, Callum Murphy
• [FD] SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution, Jens Regel
• [FD] Webmin (Upload Module) Remote Command Injection Vulnerability, raki ben hamouda
• [FD] DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal, xen1thLabs
• [FD] DataSecurity Plus Xnode Server - Authentication Bypass, xen1thLabs
• [FD] Asset Explorer Windows Agent - Remote Code Execution, xen1thLabs
• [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
• [FD] Two vulnerabilities in Oracle’s iPlanet Web Server (CVE-2020-9315 and CVE-2020-9314), Nightwatch Cybersecurity Research
• [FD] Tryton v5.4 - (Name) Persistent Cross Site Vulnerability, Vulnerability Lab
• [FD] Sellacious eCommerce - Multiple Persistent Vulnerabilities, Vulnerability Lab
• [FD] KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege, KoreLogic Disclosures via Fulldisclosure
• [FD] CVE-2020-1113 - Windows Task Scheduler - Security Feature Bypass, Advisories
• [FD] Asset Explorer (Windows & Linux) - Authenticated Command Execution, xen1thLabs
• [FD] Multiple vulnerabilities in Dovecot IMAP server, Aki Tuomi
• [FD] [SYSS-2019-039] Smartbear ReadyAPI/SoapUI Pro/jProductivity Licensing Unsafe Deserialization, Moritz Bechler
• [FD] Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting, Manuel Garcia Cardenas
• [FD] Short notes on qmail security guarantee, Georgi Guninski
• [FD] APPLE-SA-2020-05-20-1 Xcode 11.5, Apple Product Security via Fulldisclosure
• [FD] Remote Code Execution in qmail (CVE-2005-1513), Qualys Security Advisory
• [FD] [IAIK JCE] Timing Attack Side Channel in DSA Implementation, Giuseppe Cocomazzi
• [FD] Filetto v1.0 - 'FEAT' Denial of Service (PoC), socket_0x03
• [FD] Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC), socket_0x03
• [FD] Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC), socket_0x03
• [FD] New BlackArch Linux ISOs + OVA Image released!, Black Arch
• [FD] APPLE-SA-2020-05-26-2 iOS 12.4.7, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-6 watchOS 5.3.7, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-7 Safari 13.1.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-8 iTunes 12.10.7 for Windows, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-5 watchOS 6.2.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-9 iCloud for Windows 11.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-10 iCloud for Windows 7.19, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-11 Windows Migration Assistant 2.2.0.0 (v. 1A11), Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-05-26-4 tvOS 13.4.5, Apple Product Security via Fulldisclosure
• [FD] [CDPWE-0001] - RocketReach, Thierry Zoller