Full Disclosure: by date

PreviousPrevious period
Next periodNext

173 messages starting Jun 01 14 and ending Jun 30 14
Date index | Thread index | Author index

Sunday, 01 June

Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress Yarubo Security Research Team

Monday, 02 June

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues advisories

Tuesday, 03 June

NG WifiTransfer Pro 1.1 - File Include Vulnerability Vulnerability Lab
Files Desk Pro v1.4 iOS - File Include Web Vulnerability Vulnerability Lab
Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability Vulnerability Lab
TigerCom My Assistant v1.1 iOS - File Include Vulnerability Vulnerability Lab
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 Portcullis Advisories
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability Vulnerability Lab
GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield
CVE-2013-6876 s3dvt Root shell Hector Marco
CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco
CVE-2014-1226 s3dvt Root shell (still) Hector Marco
Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Is Your Antivirus Tracking You? You'd Be Surprised At What It Sends Ivan .Heca
[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies Fran
Re: TrueCrypt? Dave Howe
Re: TrueCrypt 7.1 repos on GitHub - forking starting point Dave Howe
Re: TrueCrypt 7.1 repos on GitHub - forking starting point Greg Bromage

Wednesday, 04 June

IPSwitch IMail Server WEB client 12.4 persistent XSS fulldisclosure
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran
More /tmp fun (PHP, Lynis) A B
Linksys E4200 Authentication Bypass Jordan Bradley
Re: TrueCrypt? Dave Warren

Thursday, 05 June

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager RedTeam Pentesting GmbH
More OpenSSL issues Jordan Urie
Scrumworks Pro authenticated arbitrary password reset Brandon Perry
PHPBTTracker+ 2.2 SQL Injection Enrico Cinquini
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Computer hackers face life in prison under new Government crackdown on cyber terrorism | Mail Online Ivan .Heca
Re: More OpenSSL issues Brandon Vincent
Re: Computer hackers face life in prison under new Government crackdown on cyber terrorism | Mail Online Jeffrey Walton
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton

Friday, 06 June

Re: More OpenSSL issues P Vixie
SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan SEC Consult Vulnerability Lab
[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components Onapsis Research Labs
[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering Onapsis Research Labs

Saturday, 07 June

Re: More OpenSSL issues Craig Young

Sunday, 08 June

[Tool] Pcredz laurent gaffie
Xornic Contact Us Form - Captcha Bypass / XSS Scott Arciszewski
Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM Dave Howe
CVE-2014-3740 - SpiceWorks Cross-site scripting Dolev Farhi
Responsible disclosure: terms and conditions Pedro Ribeiro
Re: TrueCrypt? surivaton surivaton
Re: TrueCrypt? Dave Warren
Re: Responsible disclosure: terms and conditions Paul Vixie
Re: Responsible disclosure: terms and conditions Daniel Wood
Re: Responsible disclosure: terms and conditions Dave Warren
Re: Responsible disclosure: terms and conditions codeinject.org
Re: Responsible disclosure: terms and conditions Pedro Ribeiro
Re: Responsible disclosure: terms and conditions Paul Vixie
Re: Responsible disclosure: terms and conditions Paul Vixie
SCADA StrangeLove at PHDays IV scadastrangelove
Re: SCADA StrangeLove at PHDays IV scadastrangelove
Re: Responsible disclosure: terms and conditions Paul Vixie
Re: Responsible disclosure: terms and conditions Paul Vixie

Monday, 09 June

Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289 William Costa
Re: Responsible disclosure: terms and conditions Eric Rand
Re: Responsible disclosure: terms and conditions coderman
Re: Responsible disclosure: terms and conditions Daniel Wood
[Tool] Responder v2.0.9 laurent gaffie

Tuesday, 10 June

CSRF in Featured Comments 1.2.1 allows an attacker to set and unset comment statuses (WordPress plugin) dxw Security
CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin) dxw Security
CSRF in JW Player for Flash & HTML5 Video 2.1.2 permits deletion of players (WordPress plugin) dxw Security
PayPal supports terrorism MustLive
Multiple Vulns in Openfiler 2.99 dsa dsa
Oracle Access Manager (OAM) Vulnerabilities (CVEs) Jing Wang
Embeded Device Security Conference 2014 // CFP Michael Eddington
Re: PayPal supports terrorism
Re: PayPal supports terrorism Fyodor
NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities "VMware Security Response Center"

Wednesday, 11 June

CVE-2014-3977 - Privilege Escalation in IBM AIX Portcullis Advisories
XSS on Samsung Site Roberto Garcia Amoriz

Thursday, 12 June

CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones J. Oquendo

Friday, 13 June

AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Asterisk Security Team
AST-2014-006: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team
AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections Asterisk Security Team
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions Asterisk Security Team

Sunday, 15 June

[SE-2014-01] Security vulnerabilities in Oracle Database Java VM Security Explorations

Monday, 16 June

T-Mobile webConnect Manager sysauth cookie leak in plain text via http request Americas Testkitchen
[Tool] XXE exploit automation - On The Outside, Reaching In 0.2 Ben Lincoln (F7EFC8C9)
[CFP] Hacktivity 2014 CFP is open Ferenc Spala
chatcrypt.com insecure, bad setup for secure chat johan nestaas
Securing Ubuntu-Desktop From the Bad-Guys, and the Good-Guys. Joshua Rogers
Onnto RAID Master rev358 for OS X - multiple remote vulnerabilities Reed Black
Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable) Kristian Erik Hermansen

Tuesday, 17 June

[CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack pnig0spnig0s

Wednesday, 18 June

Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability Vulnerability Lab
Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Vulnerability Lab
Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Vulnerability Lab
Vulnerabilities in CDVI ACAC22 [2-Door Controller] gassyjack
[CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack pnig0spnig0s
Re: Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Secunia Research
XSS on Dell Site Roberto Garcia Amoriz
Call For Papers for 2nd Balkan Computer Congress - BalCCon2k14 Milos Krasojevic

Friday, 20 June

Project un1c0rn hits 70k hosts Project Un1c0rn
XSS on Panasonic site Roberto Garcia Amoriz
XSS on Epson site Roberto Garcia Amoriz
Re: Project un1c0rn hits 70k hosts surivaton surivaton
Re: Project un1c0rn hits 70k hosts Project Un1c0rn

Saturday, 21 June

Re: XSS on Panasonic site Adrien Jolibert
keybase.io Rikairchy

Sunday, 22 June

BF and XSS vulnerabilities in Zyxel P660RT2 EE MustLive
Re: keybase.io Dennis E. Hamilton
Re: keybase.io Attilla de Groot
Re: keybase.io Tony Arcieri
Re: keybase.io Robert Dannhauer

Monday, 23 June

Fwd: CFP ekoparty 2014 Juan Pablo Daniel
Re: keybase.io Nick Boyce
Re: keybase.io Tony Arcieri
Android KeyStore Stack Buffer Overflow (CVE-2014-3100) Roee Hay
Session Hijack Vulnerabilty on ebays german want ad? Christian K.
SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965 William Costa
Re: keybase.io Jonathan Care

Tuesday, 24 June

Boolean algebra and CSS history theft Michal Zalewski
CVE-2014-3868: ZeusCart 4.x Remote SQL Injection Vulnerability Kenny Mathis
Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Pichaya Morimoto
R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES Pablo A.
Re: Session Hijack Vulnerabilty on ebays german want ad? Cengizhan.Yuecel
Re: Session Hijack Vulnerabilty on ebays german want ad? felsenkotzer
Re: Session Hijack Vulnerabilty on ebays german want ad? uname -a
Exploiting Wildcard Expansion on Linux Stephen Chavez

Wednesday, 25 June

[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting GmbH
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting RedTeam Pentesting GmbH
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014 Portcullis Advisories
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux) Portcullis Advisories
HP Enterprise Maps 1.00 Authenticated XXE Brandon Perry
Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable Stefan Kanthak
Re: Boolean algebra and CSS history theft Diego Rodriguez
Re: keybase.io Tony Arcieri
Re: keybase.io Sam Stewart
FCC Net Neutrality laurent gaffie
Re: Session Hijack Vulnerabilty on ebays german want ad? R D
XSS and CSRF vulnerabilities in Zyxel P660RT2 EE MustLive
Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Ryan Dewhurst

Thursday, 26 June

Back To The Future: Unix Wildcards Gone Wild defensecode
Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Onur Alanbel
CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin) dxw Security
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution RedTeam Pentesting GmbH
Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski

Friday, 27 June

check_dhcp - Nagios Plugins = 2.0.2 Race Condition Dawid Golunski
Microsoft no longer sending e-mail based security notifications Reed Loden
SECV-05-1401 - Vulnerability on World of Tanks servers info
SECV-05-1402 - Reportico php admin credentials leak info
CSRF Vulnerability on LinkedIn Kishor Sonawane
openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability Ubani Balogun
openSIS 4.5 - 5.3 SQL Injection vulnerability Ubani Balogun
Re: Back To The Future: Unix Wildcards Gone Wild Julius Kivimäki
Re: Back To The Future: Unix Wildcards Gone Wild gremlin
Re: Back To The Future: Unix Wildcards Gone Wild Nick Lindridge
Re: Back To The Future: Unix Wildcards Gone Wild Ivan Delalande
Re: Session Hijack Vulnerabilty on ebays german want ad? Christian K.
Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski

Saturday, 28 June

Re: Session Hijack Vulnerabilty on ebays german want ad? Michael Brown
Re: Back To The Future: Unix Wildcards Gone Wild steel-wing
Fwd: Re: Microsoft no longer sending e-mail based security notifications Peter Nas
Re: Microsoft no longer sending e-mail based security notifications Zurd
Re: SECV-05-1401 - Vulnerability on World of Tanks servers jen140
Re: Back To The Future: Unix Wildcards Gone Wild Cley Faye
Re: Back To The Future: Unix Wildcards Gone Wild *
Re: Back To The Future: Unix Wildcards Gone Wild fulldisclosure
Re: Back To The Future: Unix Wildcards Gone Wild Daniel Miller

Sunday, 29 June

Horde Framework Unserialize PHP Code Execution - metasploit port / standalone exploit Akra Macha
Sun/Oracle GlassFish Server Authenticated Code Execution - metasploit port / Standalone exploit Akra Macha
Asterisk Phreaking How-To Akra Macha
Flussonic Media Server 4.3.3 Multiple Vulnerabilities Onur Alanbel
Re: Back To The Future: Unix Wildcards Gone Wild Nico Le Moin
AV scan on read vs write debate.... Exibar
Re: Back To The Future: Unix Wildcards Gone Wild Peter Stamfest
Re: AV scan on read vs write debate.... Reindl Harald

Monday, 30 June

Local File Inclusion in Theme My Login 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution (WordPress plugin) dxw Security
SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS SEC Consult Vulnerability Lab
PreviousPrevious period
Next periodNext