Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
103 messages
starting Oct 03 16 and
ending Oct 30 16
Date index |
Thread index |
Author index
Monday, 03 October
Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging Onapsis Research
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski
Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV Matías Mevied
Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva
[RootedHONGKONG 2016] Call for papers opened today! Román Ramírez Giménez
Re: Critical Vulnerability in Ubiquiti UniFi Tim Schughart
Tuesday, 04 October
Aura Video Converter v1.6.3 - DLL Hijacking Exploit Vulnerability Lab
AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit Vulnerability Lab
FaceDancer 21 - New Universal Case for PenTests Vulnerability Lab
Sparkasse (Bank) - Service Security Advisory WB021 2016 Vulnerability Lab
Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities Vulnerability Lab
Re: Critical Vulnerability in Ubiquiti UniFi Gregory Sloop
Wednesday, 05 October
Clean Master v1.0 - Unquoted Path Privilege Escalation Vulnerability Lab
Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability Vulnerability Lab
Flash Operator Panel 2.31.03 - CSV Persistent Vulnerability Vulnerability Lab
KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service KoreLogic Disclosures
KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials KoreLogic Disclosures
KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion KoreLogic Disclosures
KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access KoreLogic Disclosures
Thursday, 06 October
RealEstate CMS 3.00.50 - Cross Site Scripting Vulnerability Vulnerability Lab
[KIS-2016-12] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability Egidio Romano
NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability VMware Security Response Center
Tuesday, 11 October
SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) SEC Consult Vulnerability Lab
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability Vulnerability Lab
Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG Onapsis Research
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities admin () evolution-sec com
CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski
[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities Gergely Eberhardt
Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] Nightwatch Cybersecurity Research
Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos
Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos
[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg
[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks Matthias Deeg
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg
IBM WebSphere deserialization of untrusted data Agazzini Maurizio
[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas
BFS-SA-2016-004: LG PC Suite Insecure Update Mechanism Blue Frost Security Research Lab
Billion Router 7700NR4 Remote Root Command Execution Rio Sherri
Re: Critical Vulnerability in Ubiquiti UniFi Rob Thomas
Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research
Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research
NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability VMware Security Response Center
Wednesday, 12 October
[SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability Matthias Deeg
[SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack Matthias Deeg
New OpenSSL double-free and invalid free vulnerabilities in X509 parsing Guido Vranken
Wednesday, 19 October
CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code Elar Lang
[ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability ERPScan inc
[ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value ERPScan inc
[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability ERPScan inc
cgiemail (included with cPanel) local file inclusion vulnerability Finbar Crago
Man in the Middle Remote Code Execution Vulnerability in WineBottler and its Bundles Bogner Florian
OpenSSL 1.1.0 remote client memory corruption Guido Vranken
CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs
CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs
CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs
CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs
CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update Stefan Kanthak
Evernote for Windows DLL Loading Remote Code Execution Himanshu Mehta
Ghostscript sadbox bypass lead ImageMagick to remote code execution redrain root
Multiple Vulnerabilities in Plone CMS Sebastian Perez
Ubiquiti Tim Schughart
Re: Critical Vulnerability in Ubiquiti UniFi Carlos Silva
Re: Critical Vulnerability in Ubiquiti UniFi kvnjs
Thursday, 20 October
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory Stefan Kanthak
Sunday, 23 October
New release: UFONet v0.8 - "U-NATi0n!" psy
XSS on public PGP servers John Strander
Monday, 24 October
Security Vulnerability : Cisco web site CSRF in change password lead to full account take over mohamed sayed
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS [CXSEC]
APPLE-SA-2016-10-24-1 iOS 10.1 Apple Product Security
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1 Apple Product Security
APPLE-SA-2016-10-24-3 Safari 10.0.1 Apple Product Security
APPLE-SA-2016-10-24-4 tvOS 10.0.1 Apple Product Security
APPLE-SA-2016-10-24-5 watchOS 3.1 Apple Product Security
daloRADIUS 0.9-9 - Multiple vulnerabilities leading to arbitrary shell execution fwagglechop
Tuesday, 25 October
AST-2016-007: UPDATE Asterisk Security Team
New VMSA-2016-0017 - VMware product updates address multiple information disclosure issues VMware Security Response Center
Wednesday, 26 October
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski
[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) Harry Sintonen
Friday, 28 October
Wickr Inc - When honesty disappears behind the VCP Mountain Vulnerability Lab
APPLE-SA-2016-10-27-1 Xcode 8.1 Apple Product Security
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 Apple Product Security
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows Apple Product Security
[FOXMOLE SA 2016-07-20] Lupusec XT1 Alarm System - Multiple Issues FOXMOLE Advisories
Sunday, 30 October
[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update Harry Sintonen