Full Disclosure: by date

PreviousPrevious period
Next periodNext

56 messages starting Dec 04 18 and ending Dec 31 18
Date index | Thread index | Author index

Tuesday, 04 December

SolarWinds SFTP Vulnerabilities Alex Craggs
CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage hyp3rlinx
Multiple Reflected Cross-site Scripting Vulnerabilities in Seopanel 3.13.0 Daniel Bishtawi
Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Daniel Bishtawi
Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Daniel Bishtawi
Reflected Cross-site Scripting Vulnerability in Typesetter 5.1 Daniel Bishtawi
SQL Injection and Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Daniel Bishtawi
Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4 Daniel Bishtawi
Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0 Daniel Bishtawi

Wednesday, 05 December

SEC Consult SA-20181205-0 :: Inadequate cryptography implementation in Kerio Control VPN protocol SEC Consult Vulnerability Lab

Friday, 07 December

Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877) Gustavo Sorondo
APPLE-SA-2018-12-05-1 iOS 12.1.1 Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-3 tvOS 12.1.1 Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-4 Safari 12.0.2 Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 Apple Product Security via Fulldisclosure
APPLE-SA-2018-12-06-1 watchOS 5.1.2 Apple Product Security via Fulldisclosure
[CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method Rafael Pedrero
[CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) Rafael Pedrero

Sunday, 09 December

Multiple vulnerabilities found in Trendnet routers and IP Cameras. Prashast Srivastava

Tuesday, 11 December

[CFP] Security BSides Ljubljana 0x7E3 | March 16, 2019 Andraz Sraka
Vmware airwatch feature Jacek Lipkowski
Dynamic Loader Oriented Programming - Wiedergaenger PoC (Proof of Concept) on Ubuntu 16.04.5 LTS - 2018 Marcin Kozlowski
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API. Murat Aydemir

Friday, 14 December

CVE-2018-7690 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure
CVE-2018-7691 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities alt3kx via Fulldisclosure
Mikrotik RouterOS telnet arbitrary root file creation 0day Hacker Fantastic via Fulldisclosure
GNU inetutils <= 1.9.4 telnet.c multiple overflows Hacker Fantastic via Fulldisclosure
YSTS 13th Edition - CFP Luiz Eduardo
Tracking Linux Kernel Vulnerabilities Nicholas Luedtke

Friday, 21 December

LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) zzt0907
Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) zzt0907
[CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities advisories
[CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities advisories
Capstone disassembler v4.0 is out! Nguyen Anh Quynh
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API Murat Aydemir
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section Murat Aydemir
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section Murat Aydemir
New vulnerabilities in Transcend Wi-Fi SD Card MustLive
DAVOSET v.1.3.7 MustLive
CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631) Rafael Pedrero
CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 Rafael Pedrero
[CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
[CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui
[CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) Henri Salo

Monday, 31 December

[KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability Egidio Romano
[KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability Egidio Romano
[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability Egidio Romano
[KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability Egidio Romano
[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability Egidio Romano
PreviousPrevious period
Next periodNext