273 messages starting Feb 01 14 and ending Feb 28 14 Date index | Thread index | Author index
Vulnerabilities in Contact Form 7 for WordPress MustLive
CVE-2014-1213 - Denial of Service in Sophos Anti Virus advisories CVE-2014-1610 description incorrect Brandon Perry Bypass the Stop User Enumeration WordPress Plugin Andrew Horton Router D-Link DIR-100 Multiple Vulnerabilities root [CVE-2014-1403] DOM XSS in EasyXDM 2.4.18 Krzysztof Kotowicz MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) Pichaya Morimoto Revision 1 (PoC added): MediaWiki <= 1.22.1 PdfHandler Remote Code Execution Exploit (CVE-2014-1610) Pichaya Morimoto [SECURITY] [DSA 2851-1] drupal6 security update Salvatore Bonaccorso Jetro Cockpit Secure Browsing vulnerability - remote code execution on all enterprise workstations simultaneously Ronen Z
pMap v1.10 Gregory Pickett Various Vulnerabilities - SiteCore CMS / Mura CMS / Ektron CMS / SmarterMail / Yahoo / Paypal Mark Litchfield Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Pedro Ribeiro [CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues Pedro Ribeiro XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181) William Costa Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182) William Costa H2HC 10 - FX Keynote Video is Up Rodrigo Rubira Branco (BSDaemon)
Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration security curmudgeon Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Benji CVE-2014-1237 (XSS in i-doit Pro) Stephan Rickauer Happy chines new year kaveh ghaemmaghami [SECURITY] [DSA 2854-1] mumble security update Salvatore Bonaccorso [SECURITY] [DSA 2855-1] libav security update Moritz Muehlenhoff [Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure security-news [Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation security-news [Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure security-news Re: [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Randal T. Rioux CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability CORE Advisories Team [Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS) security-news
[SECURITY] [DSA 2853-1] horde3 security update Luciano Bello [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail ISecAuditors Security Advisories [CVE-2013-2055] Apache Wicket information disclosure vulnerability Martin Grigorov Core FTP Server Vulnerabilities Rustein, Fara Denise (LATCO - Buenos Aires) Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Mark Thomas German Telekom Bug Bounty #9 - Code Execution Vulnerability Vulnerability Lab German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability Vulnerability Lab German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability Vulnerability Lab [SECURITY] [DSA 2852-1] libgadu security update Florian Weimer
CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin advisories Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano Information on recently-fixed Oracle VM VirtualBox vulnerabilities Matthew Daley Visa (Europe) XSS Vulnerability Nicholas Lemonias. Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Mario Vilas gpEasy v4.3.x CMS - Multiple Web Vulnerabilities Vulnerability Lab Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability Vulnerability Lab New vulnerabilities in Google Maps plugin for Joomla MustLive [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update Florian Weimer
Bank of the West security contact? Kristian Erik Hermansen Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Jann Horn Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Jeffrey Walton Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Justin Ferguson Re: Bank of the West security contact? Jeffrey Walton Re: extension for Firefox to force HTTPS always? Kristian Erik Hermansen [SECURITY] [DSA 2857-1] libspring-java security update Moritz Muehlenhoff Re: Bank of the West security contact? Daniel Wood Re: Bank of the West security contact? Justin Ferguson Fwd: Re: Bank of the West security contact? Justin Ferguson Fwd: Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering Justin Ferguson Fwd: Fwd: Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering kaveh ghaemmaghami Re: Bank of the West security contact? Jeffrey Walton
Re: Fwd: Re: Bank of the West security contact? doxingtheidiots Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4 Egidio Romano Re: Fwd: Re: Bank of the West security contact? Justin Ferguson Re: Fwd: Re: Bank of the West security contact? Justin Ferguson Re: Fwd: Re: Bank of the West security contact? Jeffrey Walton Re: Fwd: Re: Bank of the West security contact? Justin Ferguson
DoS via tables corruption in WordPress MustLive Re: DoS via tables corruption in WordPress Aris Adamantiadis Re: DoS via tables corruption in WordPress Harry Metcalfe [SECURITY] [DSA 2858-1] iceweasel security update Moritz Muehlenhoff OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski Re: OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski Re: OT 11.Feb.2014 declared 'The Day we Fight Back' against NSA et al Georgi Guninski [SECURITY] [DSA 2859-1] pidgin security update Moritz Muehlenhoff
Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843] Rustein, Fara Denise (LATCO - Buenos Aires) TWSL2014-003: Blind SQL Injection Vulnerability in Tableau Server Trustwave Advisories Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24 (CVE-2013-5013) William Costa WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities Vulnerability Lab Re: DoS via tables corruption in WordPress Andrew Nacin Freepbx , php code execution exploit 0u7 5m4r7 Re: DoS via tables corruption in WordPress Aris Adamantiadis [ MDVSA-2014:025 ] pidgin security 0x07 SEC-T.org 2014 CALL FOR PAPERS Process Start Mattias Bååth [SECURITY] [DSA 2860-1] parcimonie security update Salvatore Bonaccorso
[Call for Papers] (And Call for Mentors) Proving Ground Speaker Development Program BSidesLV Info [SECURITY] [DSA 2850-2] libyaml regression update Salvatore Bonaccorso Multiple vulnerabilities in NETGEAR N300 WIRELESS ADSL2+ MODEM ROUTER DGN2200 Horton, Andrew (AU Melbourne) Barracuda Load Balancer Remote Authenticated Root Brandon Perry Work Practices of Cyber Security Professionals Muhammad Adnan Re: DoS via tables corruption in WordPress Timothy Goddard Reflected XSS Attacks vulnerabilities in DELL SonicWALL Universal Management Suite v7.1 (CVE-2014-0332) William Costa jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities Vulnerability Lab [Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014 Shay Chen List Charter John Cartwright Re: Freepbx , php code execution exploit Rob Thomas [ MDVSA-2014:026 ] openldap security Re: DoS via tables corruption in WordPress (Timothy Goddard) Mikhail A. Utin Re: DoS via tables corruption in WordPress MustLive Re: DoS via tables corruption in WordPress Harry Metcalfe CVE-2014-1221 - Local Code Execution in Dameware Mini Remote Control Portcullis Advisories CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option Portcullis Advisories yahoo open redirect vulnerability full disclosur Jing Wang Re: DoS via tables corruption in WordPress Aris Adamantiadis Re: DoS via tables corruption in WordPress MustLive [ MDVSA-2014:027 ] php security Ebay, Inc Bug Bounty - GoStoreGo Administrative Authentication Bypass to all online stores Mark Litchfield Re: DoS via tables corruption in WordPress jen140 [Security-news] SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass security-news [Security-news] SA-CONTRIB-2014-015 - FileField - Access Bypass security-news [Security-news] SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability security-news [Security-news] SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS) security-news [Security-news] SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS) security-news
[ MDVSA-2014:028 ] mariadb security [ MDVSA-2014:029 ] mysql security DAVOSET v.1.1.7 MustLive
[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com) ISecAuditors Security Advisories Critical security flaws in Nagios NRPE client/server crypto Aaron Zauner CVE-2012-2627 not *really* fixed Brandon Perry Re: yahoo open redirect vulnerability full disclosur Ronny Vasquez Re: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option Williams, James K [ MDVSA-2014:031 ] drupal security [ MDVSA-2014:032 ] flite security [ MDVSA-2014:033 ] socat security [ MDVSA-2014:034 ] yaml security
CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger Portcullis Advisories CVE-2014-1220 - Disclosure Of Database Credentials in IT2 Workstation Portcullis Advisories Office Assistant Pro v2.2.2 iOS - File Include Vulnerability Vulnerability Lab mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities Vulnerability Lab File Hub v1.9.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab
XSS and CS vulnerabilities in DSMS MustLive [SECURITY] [DSA 2861-1] file security update Salvatore Bonaccorso
Shopify (Bug Bounty) - XML External Entity Vulnerability Mark Litchfield [SECURITY] [DSA 2862-1] chromium-browser security update Michael Gilbert SQL Injection i-doit Pro (CVE-2014-1597) Stephan Rickauer Re: DoS via tables corruption in WordPress Harry Metcalfe [ MDVSA-2014:035 ] libpng security My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities Vulnerability Lab Recon 2014 Call For Papers - June 27-29, 2014 - Montreal, Quebec cfp2014 [ MDVSA-2014:036 ] varnish security [ MDVSA-2014:037 ] ffmpeg security [ MDVSA-2014:038 ] kernel security
Re: CVE-2013-1643 - Unauthorised Access To Other Users Email Messages in Symantec PGP Universal Web Messenger Tim Brown My experiences with the GiftCards.com Bug Bounty Program Stefan Schurtz SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection SEC Consult Vulnerability Lab [WooYun-2014-00049] Mac osx & ios Kernel Module Uninitialization En.wooyun.org RootedArena 2014: Information Omar Benbouazza Re: 0x07 SEC-T.org 2014 CALL FOR PAPERS Process Start NEW CONFERENCE DATES! Mattias Bååth [ MDVSA-2014:039 ] libgadu security [ MDVSA-2014:040 ] puppet security Three vulnerabilities in BP Group Documents 1.2.1 (WordPress plugin) Harry Metcalfe Directory traversal in NextGEN Gallery 2.0.0 (WordPress plugin) Harry Metcalfe
CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server Portcullis Advisories [SECURITY] [DSA 2863-1] libtar security update Luciano Bello CA20140218-01: Security Notice for CA 2E Web Option Williams, James K Sinopec Ltd. (XSS) Web App Vulnerabilities Nicholas Lemonias. CISCO Systems Inc. Security Report, Web App Vulnerabilities (XSS) Nicholas Lemonias. [ MDVSA-2014:041 ] python security [ MDVSA-2014:042 ] tomcat6 security Barracuda Message Archiver 650 - Persistent Web Vulnerability Vulnerability Lab [ MDVSA-2014:043 ] gnutls security Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Cisco Systems Product Security Incident Response Team A question for the list - WordPress plugin inspections Harry Metcalfe VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution Julien Ahrens [Security-news] SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS) security-news [Security-news] SA-CONTRIB-2014-022 - Slickgrid - Access bypass security-news Re: A question for the list - WordPress plugin inspections Seth Arnold [ MDVSA-2014:044 ] zarafa security Re: A question for the list - WordPress plugin inspections Harry Metcalfe GrrCON 2014 CFP chris.payne Re: A question for the list - WordPress plugin inspections Thomas MacKenzie CVE-2014-0053 Information Disclosure when using Grails Pivotal Security Team RC Trojan 1.1d (Undetected) ICSS Security
[HITB-Announce] Haxpo CFP Hafez Kamal Re: A question for the list - WordPress plugin inspections Henri Salo Re: RC Trojan 1.1d (Undetected) Źmicier Januszkiewicz Re: A question for the list - WordPress plugin inspections Jerome Athias Re: A question for the list - WordPress plugin inspections Harry Metcalfe [CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware <= 1.8.005 Pedro Ribeiro Re: A question for the list - WordPress plugin inspections Jerome Athias Barracuda Bug Bounty #30 Firewall - Multiple Persistent Web Vulnerabilities Vulnerability Lab [ MDVSA-2014:045 ] libtar security Re: RC Trojan 1.1d (Undetected) ICSS Security [SECURITY] [DSA 2864-1] postgresql-8.4 security update Moritz Muehlenhoff [SECURITY] [DSA 2865-1] postgresql-9.1 security update Moritz Muehlenhoff [OT] pls ignore Gaurang Pandya
Re: [OT] pls ignore Pedro Worcel DC4420 meeting Tuesday, 25th February 2014 Tony Naggs Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability Vulnerability Lab [ MDVSA-2014:046 ] phpmyadmin security CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability Vulnerability Lab 44CON 2014 September 11th - 12th CFP Steve [ MDVSA-2014:047 ] postgresql security Google XXE Vulnerability Mark Litchfield Re: DoS via tables corruption in WordPress MustLive
CVE-2014-1223 - Cross-site Scripting in Telligent Evolution Portcullis Advisories [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files peng . deng ASUS router drive-by code execution via XSS and authentication bypass Harry Sintonen Re: [OT] pls ignore Trevor Bergeron temporary file creation vulnerability in Redis Matthew Hall [SECURITY] [DSA 2866-1] gnutls26 security update Salvatore Bonaccorso Apple SSL fail imipak Re: Apple SSL fail Reed Black
Re: [OT] pls ignore Rick Olson Re: [OT] pls ignore Michal Zalewski Multiple vulnerabilities in JoomLeague for Joomla MustLive [SECURITY] [DSA 2867-1] otrs2 security update Salvatore Bonaccorso
Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Larry W. Cashdollar Re: [SECURITY] [DSA 2867-1] otrs2 security update Milan Berger Re: [OT] pls ignore Gynvael Coldwind Freepbx 2.x , Command Execution vuln 0u7 5m4r7 Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability Vulnerability Lab JORJWEB Ltda (all versions) - SQL Injection Vulnerability Vulnerability Lab WiFiles HD v1.3 iOS - File Include Web Vulnerability Vulnerability Lab Re: Freepbx 2.x , Command Execution vuln Rob Thomas
[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Mark Thomas [SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) Mark Thomas [SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) Mark Thomas [SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Mark Thomas Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities Vulnerability Lab Private Camera Pro v5.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard RedTeam Pentesting GmbH MS 2k8 DNS server trivial DDoS contributor Pedro Luis Karrasquillo Re: MS 2k8 DNS server trivial DDoS contributor Georgi Guninski Hacking in Schools Pete Herzog Multiple vulnerabilities in Joomla-Base MustLive Re: Hacking in Schools Brandon Perry Re: Hacking in Schools Hinky Dink Re: Hacking in Schools Benji
Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability Vulnerability Lab Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability Cisco Systems Product Security Incident Response Team [Security-news] SA-CONTRIB-2014-023 - Project Issue File Review - XSS security-news [Security-news] SA-CONTRIB-2014-025 - Open Omega - Access Bypass security-news [Security-news] SA-CONTRIB-2014-024 - Content Lock - CSRF security-news Microsoft DNS server unwitting DDoS contributor Pedro Luis Karrasquillo Re: Hacking in Schools Paul Ammann British Sky Broadcasting Corporation - Web App vulnerabilities (XSS) Nicholas Lemonias. Re: Hacking in Schools Dan Ballance Re: Hacking in Schools Sanguinarious Rose [Security-news] SA-CONTRIB-2014-026 - Mime Mail - Access bypass security-news Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability Vulnerability Lab
SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System) SEC Consult Vulnerability Lab Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities Vulnerability Lab Telekom Bug Bounty #12 - File Include Web Vulnerability Vulnerability Lab Update: CVE-2014-0053 Information Disclosure when using Grails Pivotal Security Team Web App Sec: (AT&T Corporation) former American Telecommunication & Telegraph Vulnerabilities (Cross-Site Scripting / OWASP Top 10) Nicholas Lemonias.
SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch SEC Consult Vulnerability Lab SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server SEC Consult Vulnerability Lab Whonix Anonymous Operating System Version 8 Released! Patrick Schleizer Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability Vulnerability Lab
RSS Feed
About List
All Lists
Previous period