Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

129 messages starting Dec 11 15 and ending Dec 09 15
Date index | Thread index | Author index

agotouning () libero it

CLOUD4WI SPLASH PORTAL REFLECTED XSS VULNERABILITY – CVE-2015-4699 agotouning () libero it (Dec 11)

Alexander Lashkov

[CFP] Speak About Your Cyberwar at PHDays VI Alexander Lashkov (Dec 16)

Apple Product Security

APPLE-SA-2015-12-08-4 watchOS 2.1 Apple Product Security (Dec 09)
APPLE-SA-2015-12-08-5 Safari 9.0.2 Apple Product Security (Dec 09)
APPLE-SA-2015-12-08-2 tvOS 9.1 Apple Product Security (Dec 09)
APPLE-SA-2015-12-08-6 Xcode 7.2 Apple Product Security (Dec 09)
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 Apple Product Security (Dec 09)
APPLE-SA-2015-12-08-1 iOS 9.2 Apple Product Security (Dec 09)
APPLE-SA-2015-12-11-1 iTunes 12.3.2 Apple Product Security (Dec 11)

Aravind

XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 Aravind (Dec 13)

Augusto Pereyra

Samsung softap weak random generated password Augusto Pereyra (Dec 18)

Bacon Zombie

Re: PFSense <= 2.2.5 Directory Traversal Bacon Zombie (Dec 21)

Blue Frost Security Research Lab

BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability Blue Frost Security Research Lab (Dec 10)

BSides SF

[CFP] BSides San Francisco - February 2016 BSides SF (Dec 03)

changzhao . mao

[CVE-2015-8369] Cacti SQL injection in graph.php changzhao . mao (Dec 09)

CORE Advisories Team

[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference CORE Advisories Team (Dec 09)

CSW Research Lab

SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)
OcPortal CMS 9.0.20 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab (Dec 13)
Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities CSW Research Lab (Dec 13)
Bedita 3.6.0 – Cross-Site Scripting Vulnerability CSW Research Lab (Dec 13)

Curesec Research Team (CRT)

appRain 4.0.3: Code Execution Curesec Research Team (CRT) (Dec 09)
4images 1.7.11: SQL Injection Curesec Research Team (CRT) (Dec 09)
appRain 4.0.3: Path Traversal Curesec Research Team (CRT) (Dec 09)
4images 1.7.11: Code Execution Exploit Curesec Research Team (CRT) (Dec 09)
CouchCMS 1.4.5: Code Execution Curesec Research Team (CRT) (Dec 23)
PhpSocial v2.0.0304: CSRF Curesec Research Team (CRT) (Dec 23)
phpwcms 1.7.9: CSRF Curesec Research Team (CRT) (Dec 09)
redaxscript 2.5.0: XSS Curesec Research Team (CRT) (Dec 09)
4images 1.7.12: XSS Curesec Research Team (CRT) (Dec 09)
appRain 4.0.3: XSS Curesec Research Team (CRT) (Dec 09)
Geeklog 2.1.0: Code Execution Curesec Research Team (CRT) (Dec 09)
Arastta 1.1.5: SQL Injection Curesec Research Team (CRT) (Dec 23)
Grawlix 1.0.3: CSRF Curesec Research Team (CRT) (Dec 23)
appRain 4.0.3: CSRF Curesec Research Team (CRT) (Dec 09)
PhpSocial v2.0.0304: XSS Curesec Research Team (CRT) (Dec 23)
4images 1.7.11: Code Execution Curesec Research Team (CRT) (Dec 09)
Arastta 1.1.5: XSS Curesec Research Team (CRT) (Dec 23)
CodoForum 3.4: XSS Curesec Research Team (CRT) (Dec 09)
Grawlix 1.0.3: Code Execution Curesec Research Team (CRT) (Dec 23)
Geeklog 2.1.0: Code Execution Exploit Curesec Research Team (CRT) (Dec 09)
Grawlix 1.0.3: XSS Curesec Research Team (CRT) (Dec 23)
phpwcms 1.7.9: Code Execution Curesec Research Team (CRT) (Dec 09)
redaxscript 2.5.0: Code Execution Curesec Research Team (CRT) (Dec 09)
esoTalk 1.0.0g4: XSS Curesec Research Team (CRT) (Dec 23)
Geeklog 2.1.0: XSS Curesec Research Team (CRT) (Dec 09)
4images 1.7.11: Path Traversal Curesec Research Team (CRT) (Dec 09)
CouchCMS 1.4.5: XSS & Open Redirect Curesec Research Team (CRT) (Dec 23)

[CXSEC]

MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow [CXSEC] (Dec 08)

Dolev Farhi

ntop-ng <= 2.0.151021 - Privilege Escalation Dolev Farhi (Dec 09)

ERPScan inc

ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ERPScan inc (Dec 16)
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ERPScan inc (Dec 16)

Francisco Amato

Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Francisco Amato (Dec 21)

Haifei Li

#BadWinmail: The "Enterprise Killer" Attack Vector in Microsoft Outlook Haifei Li (Dec 16)

halfdog

User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 16)

Hans Jerry Illikainen

libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen (Dec 16)
libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen (Dec 26)
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen (Dec 16)
giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen (Dec 21)

Hector Marco-Gisbert

Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert (Dec 16)

Hossein Lotfi

Two bytes change and you have a zero day Hossein Lotfi (Dec 16)

imposter imp

Re: Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13 imposter imp (Dec 17)

Jake Reynolds

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability Jake Reynolds (Dec 11)

Josh Chaney

Netduma R1 Router CSRF Josh Chaney (Dec 30)

Justin Ferguson

Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Justin Ferguson (Dec 23)

Karn Ganeshen

eWON sa Industrial router - Multiple Vulnerabilities Karn Ganeshen (Dec 24)
XZERES 442SR Wind Turbine XSS Karn Ganeshen (Dec 24)
Nordex Control 2 (NC2) SCADA V16 and prior versions - XSS Karn Ganeshen (Dec 24)
LG Nortel ADSL modems - Multiple vulnerabilities Karn Ganeshen (Dec 09)

KoreLogic Disclosures

KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures (Dec 18)
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password KoreLogic Disclosures (Dec 18)
KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass KoreLogic Disclosures (Dec 04)

Larry W. Cashdollar

Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar (Dec 29)

lists

Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege lists (Dec 30)

Luiz Eduardo

Call for Papers -YSTS X - Information Security Conference, Brazil Luiz Eduardo (Dec 21)

Martin Kühne

Re: libtiff: invalid write (CVE-2015-7554) Martin Kühne (Dec 28)

MustLive

Vulnerabilities in Mobile Safari MustLive (Dec 29)
DAVOSET v.1.2.7 MustLive (Dec 13)
BF and CE vulnerabilities in ASUS RT-G32 MustLive (Dec 03)

NaxoneZ .

Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege NaxoneZ . (Dec 23)

Pierre-David Oriol

Announcing NorthSec 2016 CFP + Reg - Montreal, May 19-22 Pierre-David Oriol (Dec 09)

Pierre Kim

Huawei Wimax routers vulnerable to multiple threats Pierre Kim (Dec 03)

RedTeam Pentesting GmbH

[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality RedTeam Pentesting GmbH (Dec 22)

Rio Sherri

Notepad ++ NPPFtp Plugin Buffer Overflow Rio Sherri (Dec 19)
PFSense <= 2.2.5 Directory Traversal Rio Sherri (Dec 18)
GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Rio Sherri (Dec 09)
EasyCafe Server <= 2.2.14 Remote File Read Rio Sherri (Dec 26)

Ryan Dewhurst

Re: Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Ryan Dewhurst (Dec 23)

Sachin Wagh

Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 23)
Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 09)

SCADA StrangeLove

SIPROTEC 4 and SIPROTEC Compact FAQ #5 SCADA StrangeLove (Dec 22)

SEC Consult Vulnerability Lab

SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities SEC Consult Vulnerability Lab (Dec 10)

Securify B.V.

Event Viewer Snapin multiple DLL side loading vulnerabilities Securify B.V. (Dec 12)
COM+ Services DLL side loading vulnerability Securify B.V. (Dec 12)
Shutdown UX DLL side loading vulnerability Securify B.V. (Dec 16)
Shockwave Flash Object DLL side loading vulnerability Securify B.V. (Dec 16)
Windows Authentication UI DLL side loading vulnerability Securify B.V. (Dec 12)
OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Securify B.V. (Dec 16)

Shawn McMahon

Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Shawn McMahon (Dec 23)

Stefan Kanthak

Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege Stefan Kanthak (Dec 09)
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege Stefan Kanthak (Dec 17)
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 23)
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege Stefan Kanthak (Dec 21)
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) Stefan Kanthak (Dec 16)
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup Stefan Kanthak (Dec 09)
Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13 Stefan Kanthak (Dec 16)
Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege Stefan Kanthak (Dec 31)
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution Stefan Kanthak (Dec 22)
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege Stefan Kanthak (Dec 09)
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies Stefan Kanthak (Dec 21)
Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges Stefan Kanthak (Dec 09)
Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege Stefan Kanthak (Dec 26)

Vex Woo

SQLMap Code Execute Vex Woo (Dec 09)

Vogt, Thomas

[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities Vogt, Thomas (Dec 09)

Vulnerability Lab

Aeris Calandar v2.1 - Buffer Overflow Vulnerability Vulnerability Lab (Dec 22)
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Vulnerability Lab (Dec 22)
Switch v4.68 - Code Execution Vulnerability Vulnerability Lab (Dec 22)
Lithium Forum - (previewImages) Persistent Vulnerability Vulnerability Lab (Dec 22)
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 22)
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability Vulnerability Lab (Dec 22)
WP Content Text Slider on Post 6.8 - Persistent Vulnerability Vulnerability Lab (Dec 22)

Wub TheCaptain

Multiple vulnerabilities in Huutopörssi's website (huutoporssi.fi) Wub TheCaptain (Dec 03)

xiaotian.wang () dbappsecurity com cn

[CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability xiaotian.wang () dbappsecurity com cn (Dec 13)

XPD Advisories Team

[CVE-2014-3260] Crypto implementation flaws in Pacom GMS System XPD Advisories Team (Dec 09)

Previous period

Next period