Full Disclosure: by thread
126 messages
starting Jul 01 15 and
ending Jul 29 15
Date index |
Thread index |
Author index
- Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability Vulnerability Lab (Jul 01)
- Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability Vulnerability Lab (Jul 01)
- FCS Scanner v1.0 & v1.4 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 01)
- Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability Vulnerability Lab (Jul 01)
- Re: Google Chrome Address Spoofing (Request For Comment) David Leo (Jul 01)
- <Possible follow-ups>
- Re: Google Chrome Address Spoofing (Request For Comment) Mike K Gorski (Jul 01)
- Re: Google Chrome Address Spoofing (Request For Comment) Valentinas Bakaitis (Jul 01)
- Re: Google Chrome Address Spoofing (Request For Comment) Big Whale (Jul 02)
- Re: Google Chrome Address Spoofing (Request For Comment) Mustafa Al-Bassam (Jul 02)
- Re: Google Chrome Address Spoofing (Request For Comment) Daniel Wood (Jul 03)
- Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) Pierre Kim (Jul 01)
- iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak (Jul 01)
- CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 Alessandro Zala (Jul 02)
- Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont (Jul 02)
- Re: [oss-security] Re: Google Chrome Address Spoofing (Request For Comment) anidear (Jul 03)
- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 03)
- SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar (Jul 03)
- Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability Password Manager Pro Support (Jul 03)
- ipTIME n104r3 vulnerable to CSRF and XSS attacks Pierre Kim (Jul 03)
- Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak (Jul 03)
- WK UDID v1.0.1 iOS - Command Inject Vulnerability Vulnerability Lab (Jul 04)
- Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability Vulnerability Lab (Jul 04)
- Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jul 04)
- Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Gynvael Coldwind (Jul 05)
- Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass MustLive (Jul 05)
- Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 Nitin Venkatesh (Jul 05)
- 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim (Jul 05)
- [CORE-2015-0012] - AirLive Multiple Products OS Command Injection CORE Advisories Team (Jul 06)
- WideImage Demo Code Cross Site Scripting (XSS) 47 (Jul 06)
- <Possible follow-ups>
- WideImage Demo Code Cross Site Scripting (XSS) sikkandar.lynx (Jul 06)
- Auditing folders ACLs with Powershell Darío B (Jul 06)
- Orchard CMS - Persistent XSS vulnerability Paris Zoumpouloglou (Jul 06)
- Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root David Jorm (Jul 07)
- Google Chrome Address Spoofing - Google's Opinion David Leo (Jul 07)
- Fake links in Skype Jaanus (Jul 07)
- Re: Fake links in Skype Joshua Rogers (Jul 10)
- Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 07)
- Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Larry W. Cashdollar (Jul 07)
- [CFP] Hackito Ergo Sum 2015 tAd (Jul 07)
- [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection CORE Advisories Team (Jul 08)
- NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Response Center (Jul 09)
- CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution Kyriakos Economou (Jul 10)
- J2Store 3.1.6 unauthenticated SQL injections Brandon Perry (Jul 10)
- SOPlanning - Simple Online Planning Tool multiple vulnerabilities Dau, Huy-Ngoc (FR - Paris) (Jul 10)
- Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution Dau, Huy-Ngoc (FR - Paris) (Jul 10)
- CVE-2014-7952, Android ADB backup APK injection vulnerability Imre RAD (Jul 10)
- Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar (Jul 10)
- SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar (Jul 10)
- CFP: Passwords 2015, Dec 7-9, Cambridge, UK Per Thorsheim (Jul 10)
- Local File Include vulnerability in GD bbPress Attachments allows attackers to include arbitrary PHP files (WordPress plugin) dxw Security (Jul 10)
- Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin) dxw Security (Jul 10)
- Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh (Jul 10)
- Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution xistence (Jul 10)
- Broken, Abandoned, and Forgotten Code, Part 10 Zach C (Jul 10)
- Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Seamus Caveney (Jul 11)
- CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS Portcullis Advisories (Jul 13)
- CVE-2015-4426 - SQL Injection In Pimcore CMS Portcullis Advisories (Jul 13)
- CVE-2015-3621 - Privilege Escalation In SAP ECC Portcullis Advisories (Jul 13)
- CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe Portcullis Advisories (Jul 13)
- CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products Portcullis Advisories (Jul 13)
- Vulnerability in Apache Tomcat Juan Martinez (Jul 13)
- Re: Vulnerability in Apache Tomcat Mark Thomas (Jul 14)
- Re: Vulnerability in Apache Tomcat ZhangTianqi (Jul 14)
- [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect Pedro Ribeiro (Jul 13)
- Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar (Jul 13)
- Remote file download vulnerability in Wordpress Plugin image-export v1.1 Larry W. Cashdollar (Jul 13)
- Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029) William Costa (Jul 13)
- Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security (Jul 13)
- Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin) dxw Security (Jul 13)
- Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin) dxw Security (Jul 14)
- CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5 (WordPress plugin) dxw Security (Jul 14)
- Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 Nitin Venkatesh (Jul 14)
- Capstone disassembly engine 3.0.4 is out! Nguyen Anh Quynh (Jul 16)
- SAP Security Notes July 2015 Darya Maenkova (Jul 16)
- 15 TOTOLINK router models vulnerable to multiple RCEs Pierre Kim (Jul 16)
- Re: 15 TOTOLINK router models vulnerable to multiple RCEs Joshua Wright (Jul 16)
- 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Pierre Kim (Jul 16)
- Backdoor credentials found in 4 TOTOLINK router models Pierre Kim (Jul 16)
- Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim (Jul 16)
- SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express SEC Consult Vulnerability Lab (Jul 16)
- New CVE's to be released the 17th of June. Kasper Westphal Bertelsen (Jul 16)
- double free's in glibc (and tcmalloc/jemalloc) PIN (Jul 16)
- Broken, Abandoned, and Forgotten Code, Part 11 Zach C (Jul 16)
- UDID+ v2.5 iOS - Mail Command Inject Vulnerability Vulnerability Lab (Jul 17)
- <Possible follow-ups>
- UDID+ v2.5 iOS - Mail Command Inject Vulnerability Douglas Held (Jul 17)
- FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Jul 17)
- AirDroid ID - Client Side JSONP Callback Vulnerability Vulnerability Lab (Jul 17)
- 1503A - Chrome - ui::AXTree::Unserialize use-after-free Berend-Jan Wever (Jul 17)
- Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)
- Re: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 17)
- OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) king cope (Jul 17)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Dirk-Willem van Gulik (Jul 21)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)
- weblogin software cross site request Juan Martinez (Jul 17)
- <Possible follow-ups>
- Re: weblogin software cross site request jericho (Jul 18)
- Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below Nitin Venkatesh (Jul 18)
- Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability Vulnerability Lab (Jul 20)
- Ashley Madison Hacked Brian Offenheim (Jul 21)
- Re: Ashley Madison Hacked Dave Horsfall (Jul 21)
- Joomla! plugin Helpdesk Pro < 1.4.0 Simon Rawet (Jul 21)
- CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Shi,Tong (Jul 21)
- Re: CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Henri Salo (Jul 21)
- Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Nitin Venkatesh (Jul 21)
- RainbowCrack Plugin for Oracle hashes (<=10g) bob secse (Jul 21)
- Why Full Disclosure is the solution ? An example with RIPE Pierre Kim (Jul 21)
- ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability Vulnerability Lab (Jul 23)
- Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)
- Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V. (Jul 25)
- CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)
- <Possible follow-ups>
- CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross (Jul 25)
- Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Nitin Venkatesh (Jul 25)
- Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Nitin Venkatesh (Jul 25)
- Multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager Sijmen Ruwhof (Jul 26)
- Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability Vulnerability Lab (Jul 27)
- Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi (Jul 27)
- Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne Samuel Lavitt - CVE-2015-0942 (Jul 27)
- SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities SEC Consult Vulnerability Lab (Jul 28)
- CSRF and XSS vulnerabilities in D-Link DCS-2103 MustLive (Jul 28)
- Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin) dxw Security (Jul 28)
- Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report Dancho Danchev (Jul 29)
- Fwd: CVE_for_Vulnerability_theholidaycalendar Luciano Pedreira (Jul 29)