Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

325 messages starting Apr 01 14 and ending Apr 30 14
Date index | Thread index | Author index

Tuesday, 01 April

[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details) Security Explorations
Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details) Security Explorations
CBS Sports/CBS Interactive Security Contacts? sec . research
Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Bipin Gautam
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Philip Whitehouse
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Bipin Gautam
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Philip Whitehouse
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Willie Gillespie
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Mario Vilas
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Eric Rand
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Andreas Lindh
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Sven 'Darkman' Michels
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Ron
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction coderaptor
Sorry I can't do this anymore. List closed! Fyodor
Re: CBS Sports/CBS Interactive Security Contacts? Jeffrey Walton

Wednesday, 02 April

[Quantum Leap Advisory] #QLA140402 - A10 Networks remote Buffer Overflow Francesco Perna
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Źmicier Januszkiewicz
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction Joerg Mertin
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities Vulnerability Lab
SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager SEC Consult Vulnerability Lab
[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability Florent Daigniere
Unusual XSS in Kyocera FS5250 printer control panel. Jeff Sergeant
Security flaw in Full Disclosure mailing list Nick Lindridge
Re: Security flaw in Full Disclosure mailing list Ron
Re: Security flaw in Full Disclosure mailing list Fyodor
Re: Security flaw in Full Disclosure mailing list Reindl Harald
Re: Security flaw in Full Disclosure mailing list Eric G
Re: [Full-disclosure] Bank of the West security contact? raccoon
Re: Security flaw in Full Disclosure mailing list Jimmy Crossley
Re: Security flaw in Full Disclosure mailing list Fyodor
Re: Security flaw in Full Disclosure mailing list Jim Popovitch
Re: [Full-disclosure] Bank of the West security contact? Stefan Weimar
Re: Security flaw in Full Disclosure mailing list Ron
Re: [Full-disclosure] Bank of the West security contact? Sholes, Joshua
Re: Security flaw in Full Disclosure mailing list Jim Popovitch
Re: Security flaw in Full Disclosure mailing list Michal Zalewski
Re: Security flaw in Full Disclosure mailing list Brandon Perry
Re: Security flaw in Full Disclosure mailing list Brandon Perry
0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day] 0a29 40
Capstone 2.1.2 released! Nguyen Anh Quynh
Drupal Custom Search module XSS Justin Klein Keane
Re: Security flaw in Full Disclosure mailing list Jeffrey Walton
Re: Fulldisclosure Digest, Vol 2, Issue 3 Greg Bromage
Re: [Full-disclosure] Bank of the West security contact? Eric Rand
Re: [Full-disclosure] Bank of the West security contact? raccoon
Re: [Full-disclosure] Bank of the West security contact? Stefan Weimar

Thursday, 03 April

Re: [Full-disclosure] Bank of the West security contact? Jeffrey Walton
Re: Security flaw in Full Disclosure mailing list George Chatzisofroniou
Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability Vulnerability Lab
Announcing sysdig: a new open source system exploration tool Loris Degioanni
Re: CBS Sports/CBS Interactive Security Contacts? sec . research
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction illwill
XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331) William Costa
Re: Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction William Reyor

Friday, 04 April

Security Industry Scams and Lies Pete Herzog
Uncontrolled Resource Consumption with Highly-Compressed XMPP Stanzas Giancarlo Pellegrino
Phrack Security Advisory 2014-001 - Paper leak on release timeout Phrack Staff
Remote Command Execution within the ASUS RT-AC68U Managing Web Interface Palula Brasil
Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface Palula Brasil
Legality of Open Source Tools Bryan Bickford
Re: Legality of Open Source Tools Brandon Perry
Re: Legality of Open Source Tools Andres Riancho
Re: Legality of Open Source Tools Andres Riancho
Call for Papers: Privacy-Preserving IR (PIR) Workshop At SIGIR 2014 lei cen
Credit Cards for 1.2 Million Drivers Vulnerable at TxTag.org David Longenecker
Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface Craig Young
Re: Legality of Open Source Tools Ryan Dewhurst
Re: Legality of Open Source Tools Sullo
Re: Legality of Open Source Tools Not EcksKaySeeDee
Re: Legality of Open Source Tools Brunner, Mark
Re: Legality of Open Source Tools Volker Tanger

Saturday, 05 April

Re: Legality of Open Source Tools Toni Korpela
Re: Legality of Open Source Tools Toni Korpela
Re: Legality of Open Source Tools John Young

Sunday, 06 April

Re: Legality of Open Source Tools Henri Salo
Re: Legality of Open Source Tools coderman
Re: Legality of Open Source Tools Jeffrey Walton
Re: AUTO: Bryant Smith is out of the office (returning 04/08/2014) coderman
Re: Legality of Open Source Tools coderman
Re: [Full-disclosure] SCADA StrangeLove 30C3 releases: all in one coderman
Re: Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface coderman
Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface coderman
Re: Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface Palula Brasil
MacOSX 10.9.2/XNU HFS Multiple Vulnerabilities [CXSEC]
Re: Legality of Open Source Tools Toni Korpela
Re: Legality of Open Source Tools Toni Korpela

Monday, 07 April

Advisory: Security Industry Scams and Lies Nico Le Moin
Re: Legality of Open Source Tools Daniel Wood
NoSuchCon 2014 CFP is now open NoSuchCon
heartbleed OpenSSL bug CVE-2014-0160 Kirils Solovjovs
Re: heartbleed OpenSSL bug CVE-2014-0160 Andrew Case

Tuesday, 08 April

Re: heartbleed OpenSSL bug CVE-2014-0160 David H
Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability Vulnerability Lab
Re: heartbleed OpenSSL bug CVE-2014-0160 Fraser Scott
Re: heartbleed OpenSSL bug CVE-2014-0160 Joerg Mertin
Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev
Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn
Re: heartbleed OpenSSL bug CVE-2014-0160 Chris Schmidt
Re: heartbleed OpenSSL bug CVE-2014-0160 Justin Bull
Re: heartbleed OpenSSL bug CVE-2014-0160 Francesc Guitart
Re: heartbleed OpenSSL bug CVE-2014-0160 David H
Re: heartbleed OpenSSL bug CVE-2014-0160 Matthew Musingo
Re: heartbleed OpenSSL bug CVE-2014-0160 Nik Mitev
Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos
Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn
Re: heartbleed OpenSSL bug CVE-2014-0160 Tim Schütt
Re: heartbleed OpenSSL bug CVE-2014-0160 Chris Schmidt

Wednesday, 09 April

iis cgi 0day yuange
Re: heartbleed OpenSSL bug CVE-2014-0160 Fabien Bourdaire
Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald
Re: heartbleed OpenSSL bug CVE-2014-0160 Jeremy Voorhis
Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry
Re: heartbleed OpenSSL bug CVE-2014-0160 Daniel Franke
Re: heartbleed OpenSSL bug CVE-2014-0160 Aidan Thornton
Re: heartbleed OpenSSL bug CVE-2014-0160 Rob van der Putten
Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone
Re: heartbleed OpenSSL bug CVE-2014-0160 Peter Malone
Re: heartbleed OpenSSL bug CVE-2014-0160 Coderaptor
Re: heartbleed OpenSSL bug CVE-2014-0160 Craig Holmes
Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel
Re: heartbleed OpenSSL bug CVE-2014-0160 Ronny Lauenstein
Re: heartbleed OpenSSL bug CVE-2014-0160 Walt Williams
Re: iis cgi 0day yuange
Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski
Re: heartbleed OpenSSL bug CVE-2014-0160 Menso Heus

Thursday, 10 April

Re: heartbleed OpenSSL bug CVE-2014-0160 *
Re: heartbleed OpenSSL bug CVE-2014-0160 Txalin
Re: iis cgi 0day YiFei Yang
When two-factor authentication is not enough Alfie John
Re: heartbleed OpenSSL bug CVE-2014-0160 Javier Reoyo
Re: heartbleed OpenSSL bug CVE-2014-0160 Pål Nilsen
Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald
AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability Vulnerability Lab
BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability Vulnerability Lab
iVault Private P&V 1.1 iOS - Path Traversal Vulnerability Vulnerability Lab
New tool: sn00p - Automation framework for security tests. Levon Kayan
Re: When two-factor authentication is not enough Jeff Sergeant
Malware + Analyse = Malwarelyse mschratt
Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Vincent (Student)
Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P
heartbleed.c Hacker Fantastic
Re: heartbleed OpenSSL bug CVE-2014-0160 Ken Connelly
Re: heartbleed OpenSSL bug CVE-2014-0160 Pål Nilsen
Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald
Re: heartbleed OpenSSL bug CVE-2014-0160 Ingo Schmitt
Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry
Re: heartbleed OpenSSL bug CVE-2014-0160 David Tomaschik
Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca
Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn
Re: heartbleed.c Hacker Fantastic
Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski
Re: heartbleed.c Hacker Fantastic
Heartbleed exploited since 2013 des-apare . cido_77
NEW VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities "VMware Security Response Center"
Re: iis cgi 0day YiFei Yang
FW: dve bypass dep+aslr+emet+cfi yuange
Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie
Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie

Friday, 11 April

Re: heartbleed OpenSSL bug CVE-2014-0160 Paul Vixie
SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server SEC Consult Vulnerability Lab
Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue Vulnerability Lab
Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski
CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player Portcullis Advisories
Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca
Re: FW: dve bypass dep+aslr+emet+cfi YiFei Yang
Re: heartbleed OpenSSL bug CVE-2014-0160 Manuel Tiago Pereira
The state of infection in Uanet 2013 MustLive
Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry
Re: heartbleed OpenSSL bug CVE-2014-0160 Ricardo Iramar dos Santos
AIMSICD: Developers for Android-App WANTED! SecUpwN
CSRF and stored XSS in Quick Page/Post Redirect Plugin (WordPress plugin) dxw Security
CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin) dxw Security
MRI Rubies may contain statically linked, vulnerable OpenSSL glitch
Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald
Re: heartbleed OpenSSL bug CVE-2014-0160 HaCKsPy
Re: heartbleed OpenSSL bug CVE-2014-0160 Marco Davids (priv)
Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel
Re: heartbleed OpenSSL bug CVE-2014-0160 Ferenc Kovacs
Andrew "Weev" Auernheimer's Conviction Thrown Out g () 1337 io
Re: heartbleed OpenSSL bug CVE-2014-0160 Joerg Mertin
Re: heartbleed OpenSSL bug CVE-2014-0160 Seth Arnold
Re: heartbleed OpenSSL bug CVE-2014-0160 Schmidt, Michael
Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150 MustLive
Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Jeffrey Paul
Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski
Re: Andrew "Weev" Auernheimer's Conviction Thrown Out Groundworks Technologies Advisories
DoS condition mt-daapd/Firefly Media Server 0.2.4.2 Eric Michaud
Re: DoS condition mt-daapd/Firefly Media Server 0.2.4.2 Brandon Vincent (Student)
Re: heartbleed OpenSSL bug CVE-2014-0160 Afonso Araújo Neto

Saturday, 12 April

Synergy's Crypto Sucks Taylor Hornby

Sunday, 13 April

Adobe Reader for Android exposes insecure Javascript interfaces Securify B.V.
Socialtext as a DoS tool? Brandon Perry
New multiple CSRF and XSS vulnerabilities in D-Link DAP 1150 MustLive
Two Possible Vulnerabilities in courier-imapd? Peter Malone
Re: Two Possible Vulnerabilities in courier-imapd? Dan Anderson
Re: Two Possible Vulnerabilities in courier-imapd? Peter Malone

Monday, 14 April

CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux Portcullis Advisories
CVE-2014-2591 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in BMC Patrol for AIX Portcullis Advisories
PDF Album v1.7 iOS - File Include Web Vulnerability Vulnerability Lab
New PHP-Attack Vector ? Thomas Lußnig
Re: New PHP-Attack Vector ? Michael Baker

Tuesday, 15 April

Re: New PHP-Attack Vector ? Martti Kühne
Unitrends enterprise backup remote unauthenticated root Brandon Perry
Xerox DocuShare authenticated SQL injection Brandon Perry
WebTitan 4.01 multiple vulnerabilities Brandon Perry
HackMiami 2014 Hackers Conference in Miami Beach, FL - May 9-11, 2014 Alex HackMiami
Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski
Auditing systems for vulnerable 3rd-party OpenSSL Gabriel Brezi
lxml (python lib) vulnerability Максим Кочкин
Re: Auditing systems for vulnerable 3rd-party OpenSSL Dotzero
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Hanno Böck
Re: Auditing systems for vulnerable 3rd-party OpenSSL Mike Iglesias

Wednesday, 16 April

Audit: don't only focus on heartbleed issue Shawn
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski
Re: Auditing systems for vulnerable 3rd-party OpenSSL James Lay
Re: iis cgi 0day Davide Davini
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Hanno Böck
Re: iis cgi 0day Reindl Harald
Re: Audit: don't only focus on heartbleed issue Ron Bowes
CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server Portcullis Advisories
[CORE-2014-0003] - SAP Router Password Timing Attack CORE Advisories Team
Reflected XSS Attacks vulnerabilities F-Secure Messaging Security Gateway V7.5.0.892 (CVE-2014-2844) William Costa
Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS) Justin Bull
ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517 David Longenecker
Buggy insecure "security" software executes rogue binary during installation and uninstallation Stefan Kanthak
Re: Audit: don't only focus on heartbleed issue Hanno Böck
Re: Audit: don't only focus on heartbleed issue Paul McMillan
Re: Audit: don't only focus on heartbleed issue antisnatchor
Re: Audit: don't only focus on heartbleed issue Reindl Harald
Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC Gregory Disney
Re: Audit: don't only focus on heartbleed issue Tim
Re: Audit: don't only focus on heartbleed issue Reindl Harald
Re: Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS) Andrew Klaus
Re: Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS) Joe Pierini

Thursday, 17 April

ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi) Douglas Held
Re: ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi) Tim Heckman
Re: Audit: don't only focus on heartbleed issue Stephane Bortzmeyer
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Pavel Kankovsky
NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution golunski
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Jeffrey Walton
Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Jakob Rößler

Friday, 18 April

Remote Command Injection in Ruby Gem sfpagent 0.4.14 Larry W. Cashdollar
CS and XSS vulnerabilities in CU3ER MustLive
Re: iis cgi 0day Homer Parker
CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150 MustLive
Re: iis cgi 0day YiFei Yang
no good signals in infosec coderman

Sunday, 20 April

phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability Chapp
Re: [ANN] Struts 2.3.16.1 GA release available - security fix Takeshi Terada
Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone MustLive

Monday, 21 April

CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress MustLive
BlackArch Linux / New ISOs released Levon Kayan
RAT C2 Domains Kevin Breen

Tuesday, 22 April

Parallels Plesk Panel 12.x & 11.x /etc/psa/private/secret_key leakage Tim Rots
(CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability William Costa

Wednesday, 23 April

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances SEC Consult Vulnerability Lab
CVE-2014-2383 - Arbitrary file read in dompdf Portcullis Advisories
CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive Portcullis Advisories
CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive Portcullis Advisories
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability Vulnerability Lab
Request for help exploiting seunshare Andrew Lutomirski

Thursday, 24 April

[ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen
Advisory: jruby-sandbox Breakout joernchen

Friday, 25 April

Multiple Vulnerabilities in iMember360 (Wordpress plugin) Everett Griffiths
Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities Vulnerability Lab
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim
UI redress attack on live.com (affected all pages) Sandeep Kamble
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen
Legitimacy of new Heartbleed exploit? Dillon Korman
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim
Re: Legitimacy of new Heartbleed exploit? Jann Horn
CS, XSS and FPD vulnerabilities in multiple themes with CU3ER for WordPress MustLive
Re: Legitimacy of new Heartbleed exploit? Michal Zalewski
Re: Legitimacy of new Heartbleed exploit? H. Dong
Re: Legitimacy of new Heartbleed exploit? Bennett Todd
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim
Re: Legitimacy of new Heartbleed exploit? Peter Malone
Re: Legitimacy of new Heartbleed exploit? david switzer

Saturday, 26 April

Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Alexander Georgiev
Divx plugin suite heap-based buffer overflow Andres Gomez Ramirez
Symantec Endpoint Protection – Remote Buffer Overflow PoC (CVE-2013-1612) Jérôme Nokin
DAVOSET v.1.2 MustLive
Re: DAVOSET v.1.2 laurent gaffie

Sunday, 27 April

Re: DAVOSET v.1.2 Brandon Perry
Exploit: McAfee ePolicy 0wner (ePowner) – Release Jérôme Nokin
Re: Exploit: McAfee ePolicy 0wner (ePowner) – Release Jérôme Nokin
Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen

Monday, 28 April

Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen
Re: Legitimacy of new Heartbleed exploit? Ivan Kwiatkowski
Telegram authentication bypass jdiaz
[Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager Onapsis Research Labs
Re: Telegram authentication bypass Dominik Schürmann
Re: Telegram authentication bypass Hanno Böck
What the hell am I reading? (was: Telegram authentication bypass) Munchausen
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150 MustLive
[Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC Onapsis Research Labs
[Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance Onapsis Research Labs
[Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure Onapsis Research Labs
[Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check Onapsis Research Labs
[Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting Onapsis Research Labs

Tuesday, 29 April

Re: Telegram authentication bypass jdiaz
Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) dxw Security
AOL confirms compromise Daniel Hadfield
DoS - Intuit QuickBase Scott Arciszewski
Re: Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) Illwill
Re: Telegram authentication bypass Mario Vilas
Re: Telegram authentication bypass Tony Arcieri
Re: AOL confirms compromise Jeffrey Walton
Re: Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) Dave Warren
Re: AOL confirms compromise Brandon Perry

Wednesday, 30 April

SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex SEC Consult Vulnerability Lab
Re: Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) Harry Metcalfe
Re: Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin) Harry Metcalfe
LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access LSE Leading Security Experts GmbH (Security Advisories)
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Felipe Daragon
Re: lxml (python lib) vulnerability Źmicier Januszkiewicz
Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak
Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Alton Blom
Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Gynvael Coldwind
Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Alton Blom
Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Mike Cramer

Previous period

Next period