Full Disclosure: by date

PreviousPrevious period
Next periodNext

126 messages starting Jul 01 15 and ending Jul 29 15
Date index | Thread index | Author index

Wednesday, 01 July

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability Vulnerability Lab
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability Vulnerability Lab
FCS Scanner v1.0 & v1.4 iOS - Command Inject Vulnerability Vulnerability Lab
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability Vulnerability Lab
Re: Google Chrome Address Spoofing (Request For Comment) David Leo
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) Pierre Kim
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak
Re: Google Chrome Address Spoofing (Request For Comment) Mike K Gorski
Re: Google Chrome Address Spoofing (Request For Comment) Valentinas Bakaitis

Thursday, 02 July

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 Alessandro Zala
Re: Google Chrome Address Spoofing (Request For Comment) Big Whale
Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont
Re: Google Chrome Address Spoofing (Request For Comment) Mustafa Al-Bassam

Friday, 03 July

Re: [oss-security] Re: Google Chrome Address Spoofing (Request For Comment) anidear
Re: Google Chrome Address Spoofing (Request For Comment) Daniel Wood
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Kevin Beaumont
SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar
Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability Password Manager Pro Support
ipTIME n104r3 vulnerable to CSRF and XSS attacks Pierre Kim
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied Stefan Kanthak

Saturday, 04 July

WK UDID v1.0.1 iOS - Command Inject Vulnerability Vulnerability Lab
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability Vulnerability Lab
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab

Sunday, 05 July

Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability Gynvael Coldwind
Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass MustLive
Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 Nitin Venkatesh
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim

Monday, 06 July

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection CORE Advisories Team
WideImage Demo Code Cross Site Scripting (XSS) 47
Auditing folders ACLs with Powershell Darío B
Orchard CMS - Persistent XSS vulnerability Paris Zoumpouloglou
WideImage Demo Code Cross Site Scripting (XSS) sikkandar.lynx

Tuesday, 07 July

Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root David Jorm
Google Chrome Address Spoofing - Google's Opinion David Leo
Fake links in Skype Jaanus
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar
Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Larry W. Cashdollar
[CFP] Hackito Ergo Sum 2015 tAd

Wednesday, 08 July

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection CORE Advisories Team

Thursday, 09 July

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability VMware Security Response Center

Friday, 10 July

CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution Kyriakos Economou
J2Store 3.1.6 unauthenticated SQL injections Brandon Perry
SOPlanning - Simple Online Planning Tool multiple vulnerabilities Dau, Huy-Ngoc (FR - Paris)
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution Dau, Huy-Ngoc (FR - Paris)
Re: Fake links in Skype Joshua Rogers
CVE-2014-7952, Android ADB backup APK injection vulnerability Imre RAD
Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar
SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar
CFP: Passwords 2015, Dec 7-9, Cambridge, UK Per Thorsheim
Local File Include vulnerability in GD bbPress Attachments allows attackers to include arbitrary PHP files (WordPress plugin) dxw Security
Reflected XSS in GD bbPress Attachments allows an attacker to do almost anything an admin can (WordPress plugin) dxw Security
Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh
Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution xistence
Broken, Abandoned, and Forgotten Code, Part 10 Zach C

Saturday, 11 July

Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Seamus Caveney

Monday, 13 July

CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS Portcullis Advisories
CVE-2015-4426 - SQL Injection In Pimcore CMS Portcullis Advisories
CVE-2015-3621 - Privilege Escalation In SAP ECC Portcullis Advisories
CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe Portcullis Advisories
CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products Portcullis Advisories
Vulnerability in Apache Tomcat Juan Martinez
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect Pedro Ribeiro
Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar
Remote file download vulnerability in Wordpress Plugin image-export v1.1 Larry W. Cashdollar
Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029) William Costa
Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin) dxw Security
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin) dxw Security
Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm Jeffrey Walton

Tuesday, 14 July

Re: Vulnerability in Apache Tomcat Mark Thomas
Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin) dxw Security
CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5 (WordPress plugin) dxw Security
Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 Nitin Venkatesh
Re: Vulnerability in Apache Tomcat ZhangTianqi

Thursday, 16 July

Capstone disassembly engine 3.0.4 is out! Nguyen Anh Quynh
SAP Security Notes July 2015 Darya Maenkova
15 TOTOLINK router models vulnerable to multiple RCEs Pierre Kim
4 TOTOLINK router models vulnerable to CSRF and XSS attacks Pierre Kim
Backdoor credentials found in 4 TOTOLINK router models Pierre Kim
Backdoor and RCE found in 8 TOTOLINK router models Pierre Kim
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express SEC Consult Vulnerability Lab
New CVE's to be released the 17th of June. Kasper Westphal Bertelsen
Re: 15 TOTOLINK router models vulnerable to multiple RCEs Joshua Wright
double free's in glibc (and tcmalloc/jemalloc) PIN
Broken, Abandoned, and Forgotten Code, Part 11 Zach C

Friday, 17 July

UDID+ v2.5 iOS - Mail Command Inject Vulnerability Vulnerability Lab
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
AirDroid ID - Client Side JSONP Callback Vulnerability Vulnerability Lab
1503A - Chrome - ui::AXTree::Unserialize use-after-free Berend-Jan Wever
UDID+ v2.5 iOS - Mail Command Inject Vulnerability Douglas Held
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar
Re: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar
OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) king cope
weblogin software cross site request Juan Martinez

Saturday, 18 July

Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel
Re: weblogin software cross site request jericho
Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below Nitin Venkatesh
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden

Monday, 20 July

Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability Vulnerability Lab

Tuesday, 21 July

Ashley Madison Hacked Brian Offenheim
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Dirk-Willem van Gulik
Joomla! plugin Helpdesk Pro < 1.4.0 Simon Rawet
CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Shi,Tong
Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Nitin Venkatesh
RainbowCrack Plugin for Oracle hashes (<=10g) bob secse
Why Full Disclosure is the solution ? An example with RIPE Pierre Kim
Re: CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti Henri Salo
Re: Ashley Madison Hacked Dave Horsfall

Thursday, 23 July

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability Vulnerability Lab
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory

Saturday, 25 July

Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Securify B.V.
CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross
Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Nitin Venkatesh
Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Nitin Venkatesh
CVE Requested: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS Mark Cross

Sunday, 26 July

Re: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Pierre Kim
Multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager Sijmen Ruwhof

Monday, 27 July

Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability Vulnerability Lab
Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Federico Fazzi
Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne Samuel Lavitt - CVE-2015-0942

Tuesday, 28 July

SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities SEC Consult Vulnerability Lab
CSRF and XSS vulnerabilities in D-Link DCS-2103 MustLive
Reflected XSS in Flickr Justified Gallery could allows unauthenticated attackers to do almost anything an admin can do (WordPress plugin) dxw Security

Wednesday, 29 July

Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report Dancho Danchev
Fwd: CVE_for_Vulnerability_theholidaycalendar Luciano Pedreira
PreviousPrevious period
Next periodNext