Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

95 messages starting Jul 24 17 and ending Jul 17 17
Date index | Thread index | Author index

Allen F

MEDHOST Connex contains hard-coded database credentials Allen F (Jul 24)

Allen Franks

MEDHOST Document Management System contains multiple hard-coded credentials Allen Franks (Jul 28)
CVE-2017-11743 MEDHOST Connex contains hard-coded Mirth Connect admin password Allen Franks (Jul 31)
Re: MEDHOST Connex contains hard-coded database credentials Allen Franks (Jul 26)

Apple Product Security

APPLE-SA-2017-07-19-6 iTunes 12.6.2 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-5 Safari 10.1.2 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-2 macOS 10.12.6 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-3 watchOS 3.2.2 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-1 iOS 10.3.3 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 Apple Product Security (Jul 20)
APPLE-SA-2017-07-19-4 tvOS 10.2.2 Apple Product Security (Jul 20)

Daniel Correa

PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities Daniel Correa (Jul 17)

DefenseCode

DefenseCode Security Advisory: IBM Informix DB-Access Buffer Overflow DefenseCode (Jul 11)

dxw Security

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme could allow logged-in users to do almost anything an admin can (WordPress plugin) dxw Security (Jul 31)
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin (WordPress plugin) dxw Security (Jul 26)
Stop User Enumeration allows user enumeration via the REST API (WordPress plugin) dxw Security (Jul 26)

EMC Product Security Response Center

ESA-2017-075: EMC Data Protection Advisor Multiple Vulnerabilities EMC Product Security Response Center (Jul 07)
ESA-2017-084: RSA® Authentication Manager Self-Service Console Brute Force PIN-Guessing Vulnerability EMC Product Security Response Center (Jul 12)
ESA-2017-011: EMC ESRS Policy Manager Undocumented Account Vulnerability EMC Product Security Response Center (Jul 07)
ESA-2017-068: RSA® Authentication Manager Stored Cross-Site Scripting Vulnerability EMC Product Security Response Center (Jul 12)
ESA-2017-076: RSA Identity Governance and Lifecycle Multiple Vulnerabilities EMC Product Security Response Center (Jul 12)
ESA-2017-089: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Undocumented Accounts Vulnerability EMC Product Security Response Center (Jul 12)

ERPScan inc

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) ERPScan inc (Jul 20)
File Upload in Integration Gateway (PSIGW) ERPScan inc (Jul 20)
Directory Traversal vulnerability in Integration Gateway (PSIGW) ERPScan inc (Jul 20)

Florian Bogner

CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client Florian Bogner (Jul 11)

Francisco Amato

Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jul 24)
ekoparty: Call for Papers 2017! Open! Francisco Amato (Jul 12)

Hal Martin

CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation Hal Martin (Jul 24)

Henri Salo

Re: libao memory corruption vulnerability Henri Salo (Jul 31)

Ilia Shnaidman

[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm Ilia Shnaidman (Jul 13)
[CVE-2017-7727] - SSRF vulnerability in iSmartAlarm Ilia Shnaidman (Jul 12)
[CVE-2017-7726] - Missing SSL Certificate Validation in iSmartAlarm Ilia Shnaidman (Jul 12)
[CVE-2017-7728] -Denial of Service in iSmartAlarm Ilia Shnaidman (Jul 17)

InterN0T via Fulldisclosure

Virtual Postage (VPA) - Remote Code Execution via MITM InterN0T via Fulldisclosure (Jul 21)
SKILLS.com.au Industry App - Remote Code Execution via MITM InterN0T via Fulldisclosure (Jul 21)
Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities InterN0T via Fulldisclosure (Jul 17)

Karsten König

CIPH-2017-1: Advisory for StashCat Karsten König (Jul 31)

Kasper Karlsson

[CVE-2017-10798] ObjectPlanet Opinio 7.6.3 Cross-Site Scripting (XSS) Kasper Karlsson (Jul 11)

KoreLogic Disclosures

KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure KoreLogic Disclosures (Jul 06)
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials KoreLogic Disclosures (Jul 06)
KL-001-2017-010 : Barracuda WAF Early Boot Root Shell KoreLogic Disclosures (Jul 06)
KL-001-2017-012 : Barracuda WAF Grub Password Complexity KoreLogic Disclosures (Jul 06)
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack KoreLogic Disclosures (Jul 06)
KL-001-2017-013 : Barracuda WAF Management Application Username and Session ID Leak KoreLogic Disclosures (Jul 06)

Maor Shwartz

SSD Advisory – EMC IsilonSD Edge Command Injection Maor Shwartz (Jul 07)
SSD Advisory – Odoo CRM Code Execution Maor Shwartz (Jul 07)
SSD Advisory – Geneko Routers Unauthenticated Path Traversal Maor Shwartz (Jul 17)
SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities Maor Shwartz (Jul 24)
SSD Advisory – McAfee Security Scan Plus Remote Command Execution Maor Shwartz (Jul 31)

Mark Wadham

CVE-2017-7642 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.20 Mark Wadham (Jul 17)

MustLive

CSRF vulnerabilities in D-Link DVG-5402SP MustLive (Jul 31)
DAVOSET v.1.3.5 MustLive (Jul 26)

Nightwatch Cybersecurity Research

Google’s Android News and Weather App Doesn’t Always Use SSL [CVE-2017-9245] Nightwatch Cybersecurity Research (Jul 20)
Chrome for Android Didn’t Use FLAG_SECURE for Credit Card Prefill Settings [CVE-2017-5082] Nightwatch Cybersecurity Research (Jul 28)
Boozt Fashion Android App Didn’t Use SSL for Login [CVE-2017-11706] Nightwatch Cybersecurity Research (Jul 28)

Oscar Martinez

Broken mutual tls authentication on bluemix Oscar Martinez (Jul 28)

qflb.wu

libao memory corruption vulnerability qflb.wu (Jul 31)
Links buffer over-read vulnerability qflb.wu (Jul 31)
vorbis-tools oggenc vulnerability qflb.wu (Jul 31)
libvorbis multiple vulnerabilities qflb.wu (Jul 31)
OpenExif multiple vulnerabilities qflb.wu (Jul 31)
libjpeg-turbo denial of service vulnerability qflb.wu (Jul 26)
SoundTouch multiple vulnerabilities qflb.wu (Jul 26)
TiMidity++ multiple vulnerabilities qflb.wu (Jul 31)
libid3tag multiple vulnerabilities qflb.wu (Jul 31)
DivFix++ denial of service vulnerability qflb.wu (Jul 31)
mpg123 buffer over-read vulnerability qflb.wu (Jul 26)
Nosefart denial of service vulnerability qflb.wu (Jul 31)
libmad memory corruption vulnerability qflb.wu (Jul 31)
LAME multiple vulnerabilities qflb.wu (Jul 26)
Sound eXchange (SoX) multiple vulnerabilities qflb.wu (Jul 31)

RedTeam Pentesting GmbH

[RT-SA-2017-011] Remote Command Execution in PDNS Manager RedTeam Pentesting GmbH (Jul 05)
[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2016-007] Cross-Site Scripting in TYPO3 Formhandler Extension RedTeam Pentesting GmbH (Jul 27)
[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)
[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting GmbH (Jul 24)

SEC Consult Vulnerability Lab

SEC Consult SA-20170727-1 :: Kathrein UFSconnect 916 multiple vulnerabilities SEC Consult Vulnerability Lab (Jul 27)
SEC Consult SA-20170727-0 :: Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities SEC Consult Vulnerability Lab (Jul 27)
SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Jul 24)
SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Jul 24)
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products SEC Consult Vulnerability Lab (Jul 12)

Securify B.V. via Fulldisclosure

InsomniaX loader allows loading of arbitrary Kernel Extensions Securify B.V. via Fulldisclosure (Jul 02)
Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator Securify B.V. via Fulldisclosure (Jul 05)

Security Researcher

CVE-2017-11173 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests Security Researcher (Jul 12)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 48): privilege escalation for dummies -- they didn't make SUCH a stupid blunder? Stefan Kanthak (Jul 07)

tamqm

PaulShop CMS - Sql Injection and stored XSS tamqm (Jul 31)

The Gambler

CVE request: Multiple vulnerabilities in Cisco DDR2200 Series The Gambler (Jul 13)

Whatis Yourbug

Spider Player 2.5.3 [ Unsafe DLL Loading Vulnerability ] Whatis Yourbug (Jul 31)
FTP Commander 8.02 [ Unsafe DLL Loading Vulnerability ] Whatis Yourbug (Jul 31)

xiaotian.wang () dbappsecurity com cn

DotCMS /servlets/ajax_file_upload Arbitrary File Upload Vulnerability xiaotian.wang () dbappsecurity com cn (Jul 17)

Previous period

Next period