Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

71 messages starting Jan 18 19 and ending Jan 04 19
Date index | Thread index | Author index

Alexander Lashkov

Become a speaker at PHDays 9! Alexander Lashkov (Jan 18)

Apple Product Security via Fulldisclosure

APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security via Fulldisclosure (Jan 25)

Daniel Bishtawi

Cross-site Scripting via XML Vulnerability in DNN 9.1 Daniel Bishtawi (Jan 25)
Reflected Cross-site Scripting in Mantis 2.11.1 Daniel Bishtawi (Jan 08)
Cross-site Scripting Vulnerability in Abantecart 1.2.12 Daniel Bishtawi (Jan 25)
Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Daniel Bishtawi (Jan 25)
Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Daniel Bishtawi (Jan 25)
Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Daniel Bishtawi (Jan 11)
Open Redirection Vulnerabilities in OrangeForum 1.4.0 Daniel Bishtawi (Jan 11)
Vulnerabilities in Zurmo 2.3.4 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Daniel Bishtawi (Jan 04)
Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 08)
Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0 Daniel Bishtawi (Jan 04)
Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6 Daniel Bishtawi (Jan 01)
Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 04)
Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14 Daniel Bishtawi (Jan 08)
XML External Entity Injection Vulnerability in BlogEngine 3.3 Daniel Bishtawi (Jan 11)

Daniel Jones via Fulldisclosure

CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb Daniel Jones via Fulldisclosure (Jan 04)

dxw Security

CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin) dxw Security (Jan 08)

Filip Palian

BMC Network Automation v8.7 - remote session hijacking. Filip Palian (Jan 04)
BMC Remedy + ITAM - multiple security issues. Filip Palian (Jan 04)

Hackira via Fulldisclosure

Call For Paper - leHACK - July 6th - July 7th, 2019 Hackira via Fulldisclosure (Jan 22)

Harry Sintonen

SCP client multiple vulnerabilities Harry Sintonen (Jan 15)

Henri Salo

Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo (Jan 15)
Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo (Jan 11)
Re: Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Henri Salo (Jan 29)
Re: Vulnerabilities in Zurmo 2.3.4 Henri Salo (Jan 08)
Re: Reflected Cross-site Scripting in Mantis 2.11.1 Henri Salo (Jan 11)
Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo (Jan 08)

hyp3rlinx

Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution hyp3rlinx (Jan 18)
Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution hyp3rlinx (Jan 25)
Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day hyp3rlinx (Jan 11)

James Williams via Fulldisclosure

CA20190124-01: Security Notice for CA Automic Workload Automation James Williams via Fulldisclosure (Jan 25)

Jaroslav Lobačevski

Path Traversal in Aspose.ZIP library Jaroslav Lobačevski (Jan 08)

Joxean Koret via Fulldisclosure

EuskalHack Security Congress Call For Papers Joxean Koret via Fulldisclosure (Jan 15)

Kevin Kotas via Fulldisclosure

CA20190117-01: Security Notice for CA Service Desk Manager Kevin Kotas via Fulldisclosure (Jan 22)

martin . heiland . lists

Open-Xchange Security Advisory 2018-12-31 martin . heiland . lists (Jan 04)

Nguyen Anh Quynh

Capstone v4.0.1 is out! Nguyen Anh Quynh (Jan 11)

Nightwatch Cybersecurity Research

Chrome Browser for Android Reveals Sensitive Hardware Information Nightwatch Cybersecurity Research (Jan 01)

Open-Xchange GmbH

Open-Xchange Security Advisory 2019-01-18 Open-Xchange GmbH (Jan 18)

Pedro Ribeiro

[Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE Pedro Ribeiro (Jan 22)

ProSec

CWE-80 XSS Bose Soundtouch App ProSec (Jan 04)

psy

New Release: UFONet v1.2 - "Armageddon!" psy (Jan 08)

Qualys Security Advisory

System Down: A systemd-journald exploit Qualys Security Advisory (Jan 11)

RedTeam Pentesting GmbH

[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH (Jan 24)
[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH (Jan 24)
[RT-SA-2018-004] Cisco RV320 Command Injection RedTeam Pentesting GmbH (Jan 24)

Rob Fuller

Call for Papers for ShmooCon Epilogue Closes Jan 1 Rob Fuller (Jan 01)

Sahil Dhar

Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x Sahil Dhar (Jan 08)

SEC Consult Vulnerability Lab

SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series) SEC Consult Vulnerability Lab (Jan 09)
SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab (Jan 24)

secure

DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability secure (Jan 04)
DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability secure (Jan 01)

Security Explorations

[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations (Jan 22)

Simon Bieber

secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler Simon Bieber (Jan 15)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability Stefan Kanthak (Jan 18)

Sullo

RVAsec 2019 Call for Presentations (CFP) Sullo (Jan 24)

Sysdream Labs

[CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones Sysdream Labs (Jan 11)
[CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones Sysdream Labs (Jan 11)

Tyler Cui

Re: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)
Re: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)
Re: [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui (Jan 01)

X41 D-Sec GmbH Advisories

X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser X41 D-Sec GmbH Advisories (Jan 11)

zzt0907

/bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) zzt0907 (Jan 04)

Previous period

Next period