Full Disclosure: by date
101 messages
starting Jan 31 15 and
ending Feb 28 15
Date index |
Thread index |
Author index
Saturday, 31 January
Major Internet Explorer Vulnerability - NOT Patched David Leo
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 Onur Yilmaz
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you Stefan Kanthak
SQL injection vulnerabilities in zerocms <= v.1.3.3 Steffen Rösemann
iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Monday, 02 February
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability Alex Haynes
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities ITAS TEAM
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities Jing Wang
Re: Major Internet Explorer Vulnerability - NOT Patched Joey Fowler
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Re: iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
[Call For Papers] BSides Knoxville, TN - May 15th 2015 Adam Caudill
Tuesday, 03 February
Maldrone for drones. Rahul Sasi
My Little Forum Multiple XSS Security Vulnerabilities Jing Wang
MSA-2015-02: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Advisories
Capstone disassembly engine 3.0.1 released! Nguyen Anh Quynh
SQL injection vulnerability in Pragyan CMS v.3.0 Steffen Rösemann
Wednesday, 04 February
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD)
Re: Major Internet Explorer Vulnerability - NOT Patched Zaakiy Siddiqui
CFP: Extended submission deadline:: ISSRMET2015 Dubai Hazel Ann
Saturday, 07 February
Re: Major Internet Explorer Vulnerability - NOT Patched Dimitris Strevinas
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" David Leo
Re: Major Internet Explorer Vulnerability - NOT Patched David Leo
LG On Screen Phone authentication bypass (CVE-2014-8757) Imre Rad
Responder Windows Version laurent gaffie
Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE) Steffen Rösemann
Re: Major Internet Explorer Vulnerability - NOT Patched Barkley, Peter
Re: Major Internet Explorer Vulnerability - NOT Patched Justin Steven
Re: Major Internet Explorer Vulnerability - NOT Patched Ben Lincoln (F7EFC8C9 - FD)
Tuesday, 10 February
[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page RedTeam Pentesting GmbH
Wednesday, 11 February
Barracuda Cloud Series - Filter Bypass Vulnerability (ID 731) Vulnerability Lab
Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Vulnerability Lab
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability Vulnerability Lab
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability Vulnerability Lab
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) Vulnerability Lab
Radexscript CMS 2.2.0 - SQL Injection vulnerability ITAS Team
Re: Suspicious URL:Re: Major Internet Explorer Vulnerability - NOT Patched Christoph Gruber
MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Samandeep Singh
CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Scott Arciszewski
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Scott Arciszewski
Re: Major Internet Explorer Vulnerability - NOT Patched Sijmen Ruwhof
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) Stefan Kanthak
Thursday, 12 February
Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) Jonathan Brossard
eTouch SamePage v4.4.0.0.239 multiple vulnerabilities Brandon Perry
CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Followup on CVE-2014-6412 Scott Arciszewski
Re: CVE-2014-6412 - WordPress (all versions) lacks CSPRNG Paul McMillan
Vanilla forum Stored XSS on any private message / thread post W S
NetGear WNDR Authentication Bypass / Information Disclosure Peter Adkins
Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Steffen Rösemann
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Alfie John
Re: Major Internet Explorer Vulnerability - NOT Patched Dan Ballance
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Julius Kivimäki
Friday, 13 February
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service Hector Marco
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four Hector Marco
HumHub .htaccess file upload vulnerability and remote code execution A. W.
Monday, 16 February
Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes SCADA StrangeLove
Tuesday, 17 February
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability Vulnerability Lab
Wednesday, 18 February
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite RedTeam Pentesting GmbH
Agora Marketplace CSRF to Steal Bitcoins (agorahooawayyfoe.onion) agoraagoraagora
Bug in TradeWinds Juan Martinez
DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities Jing Wang
DLGuard SQL Injection Security Vulnerabilities Jing Wang
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Jing Wang
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities Rehan Ahmed
[CVE-REQUEST] Multiple vulnerabilities on GLPI Stiehl
PHP Code Execution in jui_filter_rules Parsing Library Timo Schmid
Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3 Steffen Rösemann
Reflected File Download in AOL Search Website Ricardo Iramar dos Santos
Saturday, 21 February
WooCommerce WordPress plugin 2.2.10 Reflected XSS Eric Flokstra
Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF Eric Flokstra
New version of Hyperion PE runtime encrypter Levon Kayan
VLC for Android beta crash Paweł
Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities Praveen D
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) Stefan Kanthak
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3 Steffen Rösemann
Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0 Steffen Rösemann
Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen
Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen
xaviershay-dm-rails v0.10.3.8 mysql credential exposure Larry W. Cashdollar
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation Stefan Kanthak
Sunday, 22 February
Fwd: Apple OS X: Don't trust, and don't prompt to trust certificates Douglas Held
ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann
Monday, 23 February
WESP SDK multiple Remote Code Execution Vulnerabilities Praveen D
Wednesday, 25 February
[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench Onapsis Research Labs
[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA Onapsis Research Labs
Thursday, 26 February
DSS TFTP 1.0 Server - Path Traversal Vulnerability Vulnerability Lab
Data Source: Scopus CMS - SQL Injection Web Vulnerability Vulnerability Lab
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities Vulnerability Lab
Friday, 27 February
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home SEC Consult Vulnerability Lab
Saturday, 28 February
Swiss File Knife v1.7.4 HTTP - Buffer Overflow Vulnerability Vulnerability Lab