Full Disclosure: by thread
162 messages
starting Nov 01 16 and
ending Nov 29 16
Date index |
Thread index |
Author index
- Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang (Nov 01)
- Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Brandon Perry (Nov 01)
- Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Elar Lang (Nov 02)
- Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Brandon Perry (Nov 01)
- Vulnerabilities in D-Link DIR-300 MustLive (Nov 01)
- Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards Vulnerability Lab (Nov 01)
- MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] Dawid Golunski (Nov 01)
- CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS Peter Lapp (Nov 01)
- CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability Peter Lapp (Nov 01)
- CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability Peter Lapp (Nov 01)
- CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability Peter Lapp (Nov 01)
- Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details Berend-Jan Wever (Nov 01)
- MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details Berend-Jan Wever (Nov 02)
- Disclose [10 * cve] in Exponent CMS Obfuscator (Nov 02)
- Sparkjava Framework - Arbitrary File Read Vulnerability aj (Nov 02)
- MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read Berend-Jan Wever (Nov 04)
- [oss-security] CVE request:Lynx invalid URL parsing with '?' redrain root (Nov 04)
- Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
- Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Leo Famulari (Nov 04)
- Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
- Re: [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski (Nov 05)
- KL-001-2016-008 : Sophos Web Appliance Privilege Escalation KoreLogic Disclosures (Nov 04)
- KL-001-2016-009 : Sophos Web Appliance Remote Code Execution KoreLogic Disclosures (Nov 04)
- MSIE 9 MSHTML CPtsTextParaclient::CountApes out-of-bounds read Berend-Jan Wever (Nov 04)
- MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) Dawid Golunski (Nov 04)
- Bypass Imperva by confusing HTTP Pollution Normalization Engine Nic Wiswat (Nov 04)
- Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation Andrew Klaus (Nov 06)
- WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow hyp3rlinx (Nov 06)
- Axessh 4.2.2 Denial Of Service hyp3rlinx (Nov 06)
- Rapid PHP Editor CSRF Remote Command Execution hyp3rlinx (Nov 06)
- Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability Vulnerability Lab (Nov 07)
- Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability Vulnerability Lab (Nov 07)
- Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability Vulnerability Lab (Nov 07)
- Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation Vulnerability Lab (Nov 07)
- [SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287) Klaus Tichmann (Nov 07)
- Several unpatched vulns in OwnCloud Felix Matei (Nov 07)
- [RootedCON 2017] Call for Papers open for RootedCON Madrid 2017! Román Ramírez (Nov 07)
- VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever (Nov 07)
- [KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability Egidio Romano (Nov 07)
- [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow Pedro Ribeiro (Nov 08)
- Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723] Nightwatch Cybersecurity Research (Nov 08)
- Cross Site Scripting Vulnerability In Verint Impact 360 Sanehdeep Singh (Nov 08)
- YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Nov 08)
- Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Summer of Pwnage (Nov 08)
- Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin Summer of Pwnage (Nov 08)
- Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Summer of Pwnage (Nov 08)
- Cross-Site Scripting in Calendar WordPress Plugin Summer of Pwnage (Nov 08)
- Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Summer of Pwnage (Nov 08)
- Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability (APSB16-35) [CVE-2016-7851] Vulnerability Lab (Nov 09)
- VBScript RegExpComp::PnodeParse out-of-bounds read details (MSIE 8-11, IIS, CScript.exe/WScript.exe) Berend-Jan Wever (Nov 09)
- Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM) Rio Sherri (Nov 09)
- MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details Berend-Jan Wever (Nov 10)
- WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
- Re: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details Berend-Jan Wever (Nov 10)
- Vlany: A Linux (LD_PRELOAD) rootkit eov eov (Nov 10)
- CA20161109-02: Security Notice for CA Service Desk Manager Williams, Ken (Nov 10)
- CA20161109-01: Security Notice for CA Unified Infrastructure Management Williams, Ken (Nov 10)
- Release - Shellcode Compiler Ionut Popescu (Nov 10)
- MyBB 1.8.6: XSS Curesec Research Team (CRT) (Nov 10)
- e107 CMS <= 2.1.2 Privilege Escalation Kacper Szurek (Nov 10)
- [CT-2016-1110] Unauthenticated RCE in Observium network monitor Ronald Volgers (Nov 10)
- Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF Summer of Pwnage (Nov 10)
- Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin Summer of Pwnage (Nov 10)
- Information disclosure race condition in W3 Total Cache WordPress Plugin Summer of Pwnage (Nov 10)
- Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin Summer of Pwnage (Nov 10)
- Teradata Virtual Machine Community Edition v15.10 has insecure file permission Larry W. Cashdollar (Nov 10)
- Google Chrome blink Serializer::doSerialize bad cast details Berend-Jan Wever (Nov 11)
- Trango Systems hidden default root login (all models) Ian Ling (Nov 11)
- Unexpected behavior of cmd.exe while processing .bat files leads to potential command injection vulnerabilities Julian Horoszkiewicz (Nov 13)
- New VMSA-2016-0019 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Nov 13)
- New VMSA-2016-0020 - VMware product updates address multiple information disclosure issues VMware Security Response Center (Nov 15)
- SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 SEC Consult Vulnerability Lab (Nov 14)
- CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details Berend-Jan Wever (Nov 14)
- Microsoft Edge edgehtml CAttrArray::Destroy use-after-free details Berend-Jan Wever (Nov 15)
- CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 15)
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert (Nov 15)
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 15)
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 16)
- OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Ralf Spenneberg (Nov 15)
- OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl Ralf Spenneberg (Nov 15)
- Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Dawid Golunski (Nov 16)
- Cross-Site Scripting in All In One WP Security & Firewall WordPress Plugin Summer of Pwnage (Nov 16)
- Re: QUANTUMSQUIRREL - attrition.org unmasked as NSA TAO OP jericho (Nov 16)
- Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab (Nov 18)
- <Possible follow-ups>
- Apple iOS 10.1 - Multiple Access Permission Vulnerabilities Vulnerability Lab (Nov 28)
- Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability Vulnerability Lab (Nov 18)
- EditMe CMS - CSRF Privilege Escalate Web Vulnerability Vulnerability Lab (Nov 18)
- Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability Vulnerability Lab (Nov 18)
- CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call 0xr0ot (Nov 18)
- CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details Berend-Jan Wever (Nov 18)
- Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details Berend-Jan Wever (Nov 18)
- MyLittleForum 2.3.6.1: XSS & RPO Curesec Research Team (CRT) (Nov 18)
- SPIP 3.1: XSS & Host Header Injection Curesec Research Team (CRT) (Nov 18)
- Mezzanine 4.2.0: XSS Curesec Research Team (CRT) (Nov 18)
- MyLittleForum 2.3.6.1: CSRF Curesec Research Team (CRT) (Nov 18)
- MoinMoin 1.9.8: XSS Curesec Research Team (CRT) (Nov 18)
- Lepton 2.2.2: SQL Injection Curesec Research Team (CRT) (Nov 18)
- Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling Curesec Research Team (CRT) (Nov 18)
- Lepton 2.2.2: Code Execution Curesec Research Team (CRT) (Nov 18)
- Jaws 1.1.1: Code Execution Curesec Research Team (CRT) (Nov 18)
- FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF Curesec Research Team (CRT) (Nov 18)
- Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags Curesec Research Team (CRT) (Nov 18)
- FUDforum 3.0.6: LFI Curesec Research Team (CRT) (Nov 18)
- [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 18)
- [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 18)
- Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Larry W. Cashdollar (Nov 18)
- /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Larry W. Cashdollar (Nov 18)
- SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin) dxw Security (Nov 18)
- Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
- Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
- SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin) dxw Security (Nov 18)
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody Stefan Kanthak (Nov 18)
- Huawei Flybox B660 3G/4G Router - Auth Bypass Vulnerability Vulnerability Lab (Nov 18)
- CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details Berend-Jan Wever (Nov 18)
- Tetris heap spraying: spraying the heap on a budget Berend-Jan Wever (Nov 18)
- Cross-Site Scripting in Check Email WordPress Plugin Summer of Pwnage (Nov 19)
- Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin Summer of Pwnage (Nov 19)
- Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF Summer of Pwnage (Nov 19)
- Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 19)
- Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Larry W. Cashdollar (Nov 20)
- Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Summer of Pwnage (Nov 20)
- Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin Larry W. Cashdollar (Nov 20)
- Joomla plugin K2 RCE via CSRF or WCI Anti Räis (Nov 20)
- [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution Julien Ahrens (Nov 20)
- [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure Julien Ahrens (Nov 20)
- [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting Julien Ahrens (Nov 20)
- Multiple issues in OpManager 12100 & 12200 Michael Heydon (Nov 20)
- Reflected XSS in WonderCMS <= v0.9.8 Manuel Garcia Cardenas (Nov 22)
- PHDays VII Call for Papers: How to Stand Up at the Standoff Alexander Lashkov (Nov 22)
- MSIE8 MSHTML Ptls5::LsFindSpanVisualBoundaries memory corruption Berend-Jan Wever (Nov 22)
- [x33fcon] Call for Papers (and Trainers) x33fcon.office (Nov 22)
- [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability ERPScan inc (Nov 22)
- [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 22)
- [CVE-2016-7434] ntpd remote pre-auth DoS Magnus Stubman (Nov 22)
- [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities CORE Advisories Team (Nov 22)
- Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin Summer of Pwnage (Nov 23)
- [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting GmbH (Nov 24)
- MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 25)
- CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details Berend-Jan Wever (Nov 25)
- CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details Berend-Jan Wever (Nov 25)
- Microsoft Internet Explorer 11 MSHTML CGeneratedContent::HasGeneratedSVGMarker type confusion Berend-Jan Wever (Nov 25)
- CVE-2013-3120 MSIE 10 MSHTML CEditAdorner::Detach use-after-free details Berend-Jan Wever (Nov 25)
- The HS-110 Smart Plug aka Projekt Kasa Curesec Research Team (CRT) (Nov 25)
- [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition Dawid Golunski (Nov 25)
- Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 25)
- Red Hat JBoss EAP deserialization of untrusted data Agazzini Maurizio (Nov 25)
- [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) Matthias Deeg (Nov 25)
- [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
- [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
- [SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
- [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks Matthias Deeg (Nov 25)
- [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) Matthias Deeg (Nov 25)
- NEW VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Response Center (Nov 25)
- NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability VMware Security Response Center (Nov 25)
- UCanCode multiple vulnerabilities Carlo Di Dato (Nov 25)
- Schoolhos CMS v2.29 - userberita SQL injection Vulnerability Vulnerability Lab (Nov 28)
- Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability Vulnerability Lab (Nov 28)
- Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Vulnerability Lab (Nov 28)
- Re: Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Simon Waters (Surevine) (Nov 28)
- SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic SEC Consult Vulnerability Lab (Nov 28)
- CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details Berend-Jan Wever (Nov 28)
- [ndhXV] Call For Paper - 15th anniversary - 24-25 June 2017 Freeman (Nov 28)
- CFP - BloomCON 0x02 - March 24-25, 2017 Bloomsburg, PA Philip Polstra (Nov 28)
- Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin Summer of Pwnage (Nov 29)