Full Disclosure: by date

PreviousPrevious period
Next periodNext

79 messages starting Jun 01 16 and ending Jun 28 16
Date index | Thread index | Author index

Wednesday, 01 June

Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking Stefan Kanthak
Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! Francisco Amato
MitM Attack against KeePass 2's Update Check Bogner Florian
XSS in CMSimple <= v4.6.2 Manuel Garcia Cardenas
Keystone Assembler Engine is out! Nguyen Anh Quynh
CVE-2016-3670 Stored Cross Site Scripting in Liferay CE Fernando Camara
Joomla SecurityCheck extension - Multiple vulnerabilities Gökmen GÜREŞÇİ

Thursday, 02 June

SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway SEC Consult Vulnerability Lab
Force allow access button to Bypass windows firewall Raiden lol
Nagios XI Multiple Vulnerabilities Francesco Oddo
Multiple XSS in Babylon Francisco Javier Santiago Vázquez
rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Gregory Pickett
XML External Entity XXE vulnerability in OpenID component of Liferay Sandro Gauci

Tuesday, 07 June

Mapbox (API) - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability Vulnerability Lab
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability Vulnerability Lab
Microsoft Education - Code Execution Vulnerability Vulnerability Lab

Wednesday, 08 June

SQL Injection Vulnerabilities found in European Commisssion & European Parliament Vulnerability Lab

Monday, 13 June

CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability Vulnerability Lab
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability Vulnerability Lab
nagios phishing vector & xss randomsec guy
Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability Benjamin Gnahm

Tuesday, 14 June

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability Vulnerability Lab
CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder ljj

Wednesday, 15 June

FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab
Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Nate Kettlewell
CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers Stefan Kanthak
CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell
CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Nate Kettlewell
Siklu EtherHaul Hidden ‘root’ Account Ian Ling
Face Authentication Bypassing – KeyLemon omarbv
Microsoft Visio multiple DLL side loading vulnerabilities Securify B.V.

Thursday, 16 June

Blindspot Advisory: HTTP Header Injection in Python urllib Timothy D. Morgan
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) Ian Ling
HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities Karn Ganeshen
Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities Karn Ganeshen
Stack Overflow in BLAT vishnu raju
CVE-2016-5709 - Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager Nate Kettlewell

Saturday, 18 June

[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player Stefan Kanthak
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability ERPScan inc
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability ERPScan inc
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability ERPScan inc
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense Remco Sprooten
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion Berend-Jan Wever

Tuesday, 21 June

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 Apple Product Security
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability ERPScan inc
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities ERPScan inc
CVE ID Request : Horsys v8 multiple vulnerabilities Sysdream Labs

Thursday, 23 June

[KIS-2016-03] SugarCRM <= 6.5.18 (SAML Authentication) XML External Entity Vulnerability Egidio Romano
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities Egidio Romano
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities Egidio Romano
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability Egidio Romano
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability Egidio Romano

Friday, 24 June

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure SEC Consult Vulnerability Lab
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability ERPScan inc
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability ERPScan inc
Faraday v1.0.21 with our new GTK interface! Francisco Amato
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever
Re: Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever
Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple Vulnerabilities Karn Ganeshen
Re: Magic values in 32-bit processes on 64-bit OS-es and how to exploit them Berend-Jan Wever
EdgeCore - ES3526XA Manager - Multiple Vulnerabilities Karn Ganeshen
#146416 Ruby:HTTP Header injection in 'net/http' redrain root
libical 0.47 SEGV on unknown address Brandon Perry

Monday, 27 June

Re: [oss-security] libical 0.47 SEGV on unknown address Alan Coopersmith
Re: [oss-security] libical 0.47 SEGV on unknown address Brandon Perry
Panda Security Privilege Escalation Ash
Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Francesco Oddo
Aramadito remote arbitrary file write in case of MiTM thedeadcow
Craft CMS affected by server side template injection Securify B.V.

Tuesday, 28 June

Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability Vulnerability Lab
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability Vulnerability Lab
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability Vulnerability Lab
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities Vulnerability Lab
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities Egidio Romano
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities Egidio Romano
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability Egidio Romano
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution KoreLogic Disclosures
PreviousPrevious period
Next periodNext