Full Disclosure: by date

PreviousPrevious period
Next periodNext

85 messages starting Sep 02 16 and ending Sep 30 16
Date index | Thread index | Author index

Friday, 02 September

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability Vulnerability Lab
Kaspersky Company Account - Response XSS Vulnerability Vulnerability Lab
Kaspersky Company Account - FileManager Vulnerability Vulnerability Lab

Tuesday, 06 September

SEC Consult SA-20160906-0 :: Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products SEC Consult Vulnerability Lab

Thursday, 08 September

Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability Vulnerability Lab
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names Summer of Pwnage
Unrar 0.0.1 Memory Corruption Rio Sherri
Multiple vulnerabilities - Powerlogic/Schneider Electric IONXXXX series Smart Meters Karn Ganeshen
ELNet Energy & Electrical Power Meter - Mulitple Vulnerabilities Karn Ganeshen
Heap 'two-write-where-and-what' format string (FMS) technique bashis
Defense in depth -- the Microsoft way (part 43): restricting the DLL load order fails Stefan Kanthak
cve request: Airmail URLScheme render and file:// xss vulnerability redrain root
CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability Dawid Golunski
CVE request - Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue 0xr0ot
AST-2016-006: Crash on ACK from unknown endpoint Asterisk Security Team
AST-2016-007: RTP Resource Exhaustion Asterisk Security Team

Saturday, 10 September

Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters plugin Summer of Pwnage
Command injection in InfiniteWP Admin Panel Summer of Pwnage
Authorization bypass in InfiniteWP Admin Panel Summer of Pwnage
Persistent Cross-Site Scripting in Woocommerce WordPress plugin Summer of Pwnage

Monday, 12 September

[oss-security] CVE request - Airmail URLScheme render and file:// xss vulnerability redrain root
Brute force every Samsung repair customer's info with ease Justa Person
CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski
[RCESEC-2016-006] XenForo ToggleME 3.1.2 "/admin.php?options/list/toggleME" Multiple Persistent Cross-Site Scriptings Julien Ahrens
XSS found on www.google.fr Sysdream Labs

Thursday, 15 September

APPLE-SA-2016-09-13-1 iOS 10 Apple Product Security
APPLE-SA-2016-09-13-2 Xcode 8 Apple Product Security
APPLE-SA-2016-09-13-3 watchOS 3 Apple Product Security
APPLE-SA-2016-09-14-1 iOS 10.0.1 Apple Product Security
Re: Brute force every Samsung repair customer's info with ease Nick
Re: Brute force every Samsung repair customer's info with ease Justa Person
Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Paul Baade
Re: Brute force every Samsung repair customer's info with ease Justa Person
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Mark Koek
Keypatch v2.0 is out! Nguyen Anh Quynh
Multiple vulnerabilities in ASUS RT-N10 MustLive
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] Nightwatch Cybersecurity
Peel Shopping 8.0.2: Object Injection Curesec Research Team (CRT)
Kajona 4.7: XSS & Directory Traversal Curesec Research Team (CRT)
MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords Curesec Research Team (CRT)
MyBB 1.8.6: SQL Injection Curesec Research Team (CRT)
MyBB 1.8.6: Improper validation of data passed to eval Curesec Research Team (CRT)
Oxwall 1.8.0: XSS & Open Redirect Curesec Research Team (CRT)
BINOM3 Electric Power Quality Meter Vulnerabilities Karn Ganeshen

Monday, 19 September

Segmentation fault in Oracle Outside In File ID 8.5.3 Brandon Perry
Facebook Privacy Issue - IRL Direct Human Reference Hicham A. Tolimat
ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Iraklis A. Mathiopoulos
Unrestricted Upload/RCE in Neosense theme for WordPress Walter Hop

Tuesday, 20 September

Critical Vulnerabilities in Sparkassen Bank Server discovered by German Security Researchers Vulnerability Lab
Joomla! session id not hashed. Blazej Adamczyk
Blind SQL Injection in Exponent CMS <= v2.3.9 Manuel Garcia Cardenas

Wednesday, 21 September

XSS Wordpress W3 Total Cache <= 0.9.4.1 Fernando A. Lagos Berardi
CVE-2016-5725 - JCraft/JSch Java Secure Channel <= 0.1.53 recursive sftp-get path traversal (client-side, windows) oststrom (public)

Thursday, 22 September

SEC Consult SA-20160922-0 :: Potential backdoor access through multiple vulnerabilities in Kerio Control Unified Threat Management SEC Consult Vulnerability Lab

Friday, 23 September

DllHijackAuditor 3.5 - Stack Buffer Overflow Vulnerability Vulnerability Lab
3GP Player 4.7.0 - DLL Hijacking Vulnerability Vulnerability Lab

Tuesday, 27 September

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium cfpbrussels2017
Call for Papers 0x7E0 hack4 in Berlin Daniel Ashton
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski
Vulnerability Note VU#667480 - AVer EH6108H+ hybrid DVR contains multiple vulnerabilities Travis Lee
Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform Francisco Amato
Re: XSS Wordpress W3 Total Cache <= 0.9.4.1 Fernando A. Lagos Berardi
skype installer dll hijacking vulnerability - CVE-2016-5720 Tien Phan
[Adobe Flash] local-with-filesystem sandbox bypass via navigateToURL() and UI redressing TRUEL IT | Leone Pontorieri
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Mark Koek
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Mark Koek
IE11 is not following CORS specification for local files Ricardo Iramar dos Santos
Re: XSS Wordpress W3 Total Cache <= 0.9.4.1 Simon Rawet

Wednesday, 28 September

Edward Snowden won Glas of Reason - (Glas der Vernunft) Award 2016 Vulnerability Lab
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) Pierre Kim
Symantec Messaging Gateway <= 10.6.1 Directory Traversal Rio Sherri
[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities Matteo Beccati
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Larry W. Cashdollar
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Larry W. Cashdollar

Thursday, 29 September

KeepNote 0.7.8 Remote Command Execution Rio Sherri
Persistent XSS in Abus Security Center - CVSS 8.0 Tim Schughart

Friday, 30 September

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Larry W. Cashdollar
[SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345) Matthias Deeg
[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) Matthias Deeg
[SYSS-2016-061] PERIDUO-710W - Insufficient Verification of Data Authenticity (CWE-345) Matthias Deeg
Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice Matthias Deeg
Multiple exposures in Sophos UTM Tim Schughart
Critical Vulnerability in Ubiquiti UniFi Tim Schughart
CompTIA Security+ and its insecure support system user09990
PreviousPrevious period
Next periodNext