Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

103 messages starting Feb 07 17 and ending Feb 15 17
Date index | Thread index | Author index

Andrzej Dyjak

interpreter bugs Andrzej Dyjak (Feb 07)

Apple Product Security

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Apple Product Security (Feb 21)
APPLE-SA-2017-02-21-1 GarageBand 10.1.6 Apple Product Security (Feb 21)

bashis

QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and "Heack Combo" to pwn bashis (Feb 01)
Synology NAS "Auto Block IP" bypass and hide real IP in Synology logs bashis (Feb 22)

Ben N

CVE-2017-5344 : dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1 Ben N (Feb 15)

cfpmontreal2017

Recon Montreal 2017 Call For Papers - June 16 - 18 - Montreal, Canada cfpmontreal2017 (Feb 21)

Curesec Research Team (CRT)

Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS Curesec Research Team (CRT) (Feb 16)
Plone: XSS Curesec Research Team (CRT) (Feb 16)
Elefant CMS 1.3.12-RC: CSRF Curesec Research Team (CRT) (Feb 16)
Elefant CMS 1.3.12-RC: Code Execution Curesec Research Team (CRT) (Feb 16)
Elefant CMS 1.3.12-RC: Code Execution Curesec Research Team (CRT) (Feb 16)

Egidio Romano

[KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability Egidio Romano (Feb 06)

elendil el

Re: Free ebook to learn ethical hacking techniques elendil el (Feb 02)

Eric Flokstra

[Kodi v17.1] - Local File Inclusion Eric Flokstra (Feb 14)

Estación Informática

Vulnerability Open Redirect LogicBoard CMS Estación Informática (Feb 01)

Felipe Soares de Souza

D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities Felipe Soares de Souza (Feb 28)

FOXMOLE Advisories

[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories (Feb 02)

Graph-X

Teleopti WFM <= 7.1.0 Multiple Vulnerabilities Graph-X (Feb 06)

Harrison Neal

Teradici Management Console 2.2.0 - Privilege Escalation Harrison Neal (Feb 22)

Harry Sintonen

QNAP QTS 4.2.x multiple vulnerabilities Harry Sintonen (Feb 15)

hyp3rlinx

EasyCom PHP API Stack Buffer Overflow hyp3rlinx (Feb 22)
PHPShell v2.4 Session Fixation hyp3rlinx (Feb 21)
PHPShell v2.4 Cross Site Scripting hyp3rlinx (Feb 21)
EasyCom SQL iPlug Denial Of Service hyp3rlinx (Feb 22)
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass hyp3rlinx (Feb 21)

Ian Ling

Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0) Ian Ling (Feb 21)

Indrajith AN

Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router Indrajith AN (Feb 24)
Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router Indrajith AN (Feb 21)

Info

HP Printers Wi-Fi Direct Improper Access Control Info (Feb 02)

Jack Cha

Re: Teradici Management Console 2.2.0 - Privilege Escalation Jack Cha (Feb 28)

Jason Geffner

CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 Jason Geffner (Feb 27)

Jeff Bollinger

Call for Papers: FIRST Amsterdam Technical Colloquium (TC) April 2017 Jeff Bollinger (Feb 07)

Jérémy BEAUME

Suricata IDS - IPv4 evasion Jérémy BEAUME (Feb 15)

John Marzella

ZoneMinder - multiple vulnerabilities John Marzella (Feb 04)

Kacper Szurek

ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation Kacper Szurek (Feb 14)
IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Kacper Szurek (Feb 06)
Viscosity for Windows 1.6.7 Privilege Escalation Kacper Szurek (Feb 01)

Karn Ganeshen

Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution Karn Ganeshen (Feb 28)

KoreLogic Disclosures

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write KoreLogic Disclosures (Feb 15)
KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability KoreLogic Disclosures (Feb 15)
KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability KoreLogic Disclosures (Feb 15)

Kroppoloe

NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Kroppoloe (Feb 21)

Manuel Garcia Cardenas

WordPress Plugin Kama Click Counter 3.4.9 - Blind SQL Injection Manuel Garcia Cardenas (Feb 27)
WordPress Plugin Easy Table 1.6 - Persistent Cross-Site Scripting Manuel Garcia Cardenas (Feb 14)

Matthias Deeg

[SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks Matthias Deeg (Feb 21)

Ming

CFP for Speaker Workshops at the Packet Hacking Village at DEF CON 25 Now Open Ming (Feb 14)

MustLive

Cross-Site Scripting vulnerability in Bitrix Site Manager MustLive (Feb 01)
Backdoored Web Application v.1.0.2 MustLive (Feb 14)

Nguyen Anh Quynh

Unicorn Emulator v1.0 is out! Nguyen Anh Quynh (Feb 24)

Nitesh Shilpkar

CVE-2017-6189-Amazon Kindle for Windows Nitesh Shilpkar (Feb 28)

NL Deloitte Zero Day (NL - Amsterdam)

CVE-2017-6061 - SAP BusinessObjects XSS NL Deloitte Zero Day (NL - Amsterdam) (Feb 27)

Peter Kruse

Call for Speakers for CCCC17 in Copenhagen Peter Kruse (Feb 02)

Pierre Kim

TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules Pierre Kim (Feb 09)
Remote DoS against OpenBSD http server (up to 6.0) Pierre Kim (Feb 06)
Re: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) Pierre Kim (Feb 02)

Sandra Evans

[Call for Papers] InfoSec2017 in Bratislava, Slovakia | June 29-July 1, 2017 Sandra Evans (Feb 10)

SEC Consult Vulnerability Lab

SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server SEC Consult Vulnerability Lab (Feb 07)

Securify B.V.

Authentication bypass vulnerability in Western Digital My Cloud Securify B.V. (Feb 08)
Multiple persistent Cross-Site Scripting vulnerabilities in osTicket Securify B.V. (Feb 28)

Stefan Kanthak

"long" filenames mishandled by Fujitsu's ScanSnap software Stefan Kanthak (Feb 16)
Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege Stefan Kanthak (Feb 07)

Summer of Pwnage

Cross-Site Scripting vulnerability in WP-Filebase Download Manager WordPress Plugin Summer of Pwnage (Feb 28)
Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Feb 28)
Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting Summer of Pwnage (Feb 28)
Cross-Site Scripting in Magic Fields 1 WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Scripting vulnerability in Trust Form WordPress Plugin Summer of Pwnage (Feb 28)
Persistent Cross-Site Scripting in the WordPress NewStatPress plugin Summer of Pwnage (Feb 28)
Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery Summer of Pwnage (Feb 28)
Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery Summer of Pwnage (Feb 28)
Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Request Forgery in WordPress Download Manager Plugin Summer of Pwnage (Feb 28)
Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field Summer of Pwnage (Feb 28)
Cross-Site Scripting vulnerability in WP-SpamFree Anti-Spam WordPress Plugin Summer of Pwnage (Feb 28)
Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Request Forgery in Atahualpa WordPress Theme Summer of Pwnage (Feb 28)
Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Scripting in Atahualpa WordPress Theme Summer of Pwnage (Feb 28)
Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Feb 28)
Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Request Forgery in Global Content Blocks WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Scripting vulnerability in Tribulant Slideshow Galleries WordPress Plugin Summer of Pwnage (Feb 28)
WordPress Adminer plugin allows public (local) database login Summer of Pwnage (Feb 28)
Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin Summer of Pwnage (Feb 28)
VaultPress - Remote Code Execution via Man in The Middle attack Summer of Pwnage (Feb 28)
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin Summer of Pwnage (Feb 28)
Cross-Site Request Forgery in File Manager WordPress plugin Summer of Pwnage (Feb 28)

Sven Blumenstein

Veritas NetBackup v6.x, v7.x, v8.0 and NetBackup appliances v2.x, v3.0 - Multiple Critical Vulnerabilities Sven Blumenstein (Feb 28)

Sydream Labs

CVE-2017-5670 : Riverbed RiOS insecure cryptographic storage Sydream Labs (Feb 14)

Timothy D. Morgan

Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 21)

Tobias Glemser

secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server Tobias Glemser (Feb 01)
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server Tobias Glemser (Feb 01)

Vulnerability Lab

ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Vulnerability Lab (Feb 22)
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability Vulnerability Lab (Feb 20)
Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability Vulnerability Lab (Feb 22)
Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities Vulnerability Lab (Feb 23)
Lithium Forum - (Compose Message) SSRF Vulnerability Vulnerability Lab (Feb 20)
Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities Vulnerability Lab (Feb 20)
Album Lock v4.0 iOS - Directory Traversal Vulnerability Vulnerability Lab (Feb 20)

Wiswat A

Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion Wiswat A (Feb 07)

X41 D-Sec GmbH Advisories

Advisory X41-2017-001: Multiple Vulnerabilities in X.org X41 D-Sec GmbH Advisories (Feb 28)
Advisory X41-2017-004: Multiple Vulnerabilities in tnef X41 D-Sec GmbH Advisories (Feb 24)
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef X41 D-Sec GmbH Advisories (Feb 15)

Previous period

Next period