Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

89 messages starting Dec 23 17 and ending Dec 19 17
Date index | Thread index | Author index

Aloyce J. Makalanga

[CVE-2017-17752] Cross-Site Scripting (XSS) vulnerability in Ability Mail Server 3.3.2 Aloyce J. Makalanga (Dec 23)

Andraz Sraka

[CFP] Security BSides Ljubljana 0x7E2 Andraz Sraka (Dec 19)

Antoine Neuenschwander

CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Antoine Neuenschwander (Dec 19)

Apple Product Security

APPLE-SA-2017-12-6-2 iOS 11.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2 Apple Product Security (Dec 15)
APPLE-SA-2017-12-6-3 watchOS 4.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-13-3 iCloud for Windows 7.2 Apple Product Security (Dec 15)
APPLE-SA-2017-12-12-1 AirPort Base Station Firmware Update 7.6.9 Apple Product Security (Dec 12)
APPLE-SA-2017-12-13-2 tvOS 11.2.1 Apple Product Security (Dec 15)
APPLE-SA-2017-12-13-5 Safari 11.0.2 Apple Product Security (Dec 15)
APPLE-SA-2017-12-6-4 tvOS 11.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9 Apple Product Security (Dec 12)
APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2 Apple Product Security (Dec 15)
APPLE-SA-2017-12-13-1 iOS 11.2.1 Apple Product Security (Dec 15)
APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows Apple Product Security (Dec 15)
APPLE-SA-2017-11-29-1 Security Update 2017-001 Apple Product Security (Dec 01)
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan Apple Product Security (Dec 08)
APPLE-SA-2017-11-29-2 Security Update 2017-001 Apple Product Security (Dec 01)

Asterisk Security Team

AST-2017-014: Crash in PJSIP resource when missing a contact header Asterisk Security Team (Dec 22)
AST-2017-013: DOS Vulnerability in Asterisk chan_skinny Asterisk Security Team (Dec 01)
: Asterisk Security Team (Dec 01)
AST-2017-012: Remote Crash Vulnerability in RTCP Stack Asterisk Security Team (Dec 13)

bashis

Vitek RCE and Information Disclosure (and possible other OEM) bashis (Dec 23)
0-day: Remote Stack Format String in 'nsd' binary from multiple OEM bashis (Dec 15)
Axis Communications MPQT/PACS Heap Overflow and Information Leakage bashis (Dec 01)

BSidesSF CFP via Fulldisclosure

[CFP] BSides San Francisco - April 2018 BSidesSF CFP via Fulldisclosure (Dec 05)

Core Security Advisories Team

[CORE-2017-0008] - Trend Micro Smart Protection Server Multiple Vulnerabilities Core Security Advisories Team (Dec 21)

David Tomaschik via Fulldisclosure

[CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House David Tomaschik via Fulldisclosure (Dec 19)

DefenseCode

DefenseCode ThunderScan SAST Advisory: WordPress Booking Calendar Multiple Security Vulnerabilities DefenseCode (Dec 19)
DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability DefenseCode (Dec 19)
DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin SQL Injection Security Vulnerability DefenseCode (Dec 19)

EMC Product Security Response Center

ESA-2017-157: EMC Data Domain DD OS Memory Overflow Vulnerability EMC Product Security Response Center (Dec 19)
ESA-2017-161: EMC Isilon OneFS NFS Export Security Setting Fallback Vulnerability EMC Product Security Response Center (Dec 19)
ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX Control Station EMC Product Security Response Center (Dec 23)
ESA-2017-153: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Product Security Response Center (Dec 12)

Fernando A. Lagos Berardi

Re: CVE-2017-15944: Palo Alto Networks firewalls remote root code execution Fernando A. Lagos Berardi (Dec 19)

Gabriel Quadros

[CONVISO-17-002] - Zoom Linux Client Stack-based Buffer Overflow Vulnerability Gabriel Quadros (Dec 15)
[CONVISO-17-003] - Zoom Linux Client Command Injection Vulnerability (RCE) Gabriel Quadros (Dec 15)

Hans Jerry Illikainen

Re: [oss-security] CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 19)
CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 15)

Harry Sintonen

aws-cfn-bootstrap local code execution as root [CVE-2017-9450] Harry Sintonen (Dec 01)

Himanshu Mehta

ZKTime Web Software 2.0.1.12280 CVE-2017-17056 Cross Site Request Forgery Himanshu Mehta (Dec 01)
ZKTime Web Software 2.0.1.12280 CVE-2017-17057 Cross Site Scripting Himanshu Mehta (Dec 01)
Amazon Audible Software CVE-2017-17069 Privilege Escalation Vulnerability Himanshu Mehta (Dec 05)

hyp3rlinx

Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884 hyp3rlinx (Dec 01)
Abyss Web Server < v2.11.6 Memory Heap Corruption hyp3rlinx (Dec 01)
Artica Web Proxy v3.06 Remote Code Execution / CVE-2017-17055 hyp3rlinx (Dec 01)

Jakub Palaczynski

Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access Jakub Palaczynski (Dec 12)
Re: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Jakub Palaczynski (Dec 15)
Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload Jakub Palaczynski (Dec 12)
Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Jakub Palaczynski (Dec 12)

James McLean

Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747 James McLean (Dec 19)

Jeffrey Walton

Re: Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files Jeffrey Walton (Dec 12)

Julien Ahrens

[CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions Julien Ahrens (Dec 23)

Kyriakos Economou

Symantec Encryption Desktop & Endpoint Encryption Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS Kyriakos Economou (Dec 01)

Maelstrom Security via Fulldisclosure

Sony PS4 Remote Play - DLL Hijack vulnerability Maelstrom Security via Fulldisclosure (Dec 12)

Manuel Garcia Cardenas

SyncBreeze <= 10.2.12 - Denial of Service Manuel Garcia Cardenas (Dec 15)

Maor Shwartz

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities Maor Shwartz (Dec 05)
SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities Maor Shwartz (Dec 19)
SSD Advisory – Trustwave SWG Unauthorized Access Maor Shwartz (Dec 26)
SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution Maor Shwartz (Dec 12)
SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Maor Shwartz (Dec 15)
SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow Maor Shwartz (Dec 19)
SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Maor Shwartz (Dec 15)

Mark Wadham

macOS High Sierra 10.13.1 insecure cron system Mark Wadham (Dec 08)
CVE-2017-16895 Local root privesc in Arq Backup <= 5.9.7 Mark Wadham (Dec 05)
Owning VirtualBox via MITM Mark Wadham (Dec 05)
CVE-2017-15357 Local root privesc in Arq Backup <= 5.9.6 Mark Wadham (Dec 05)

Matthias Deeg

[SYSS-2017-027] Microsoft Windows Hello Face Authentication - Authentication Bypass by Spoofing (CWE-290) Matthias Deeg (Dec 19)

nicolas.buzy-debat

[CVE-2017-17753] Multiple Cross-Site Scripting (XSS) vulnerabilities in CSV Import-Export Wordpress Plugin nicolas.buzy-debat (Dec 19)
[CVE-2017-17719] Cross-Site Scripting (XSS) vulnerability in WordPress Concours Plugin nicolas.buzy-debat (Dec 19)
[CVE-2017-17744] Cross-Site Scripting (XSS) vulnerability in Custom Map WordPress Plugin nicolas.buzy-debat (Dec 19)

Nightwatch Cybersecurity Research

Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files Nightwatch Cybersecurity Research (Dec 08)

oststrom (public)

CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface oststrom (public) (Dec 05)

Philip Pettersson

CVE-2017-15944: Palo Alto Networks firewalls remote root code execution Philip Pettersson (Dec 12)

Pierre-David Oriol - Northsec Conference

Announcing NorthSec 2018 CFP + Reg - Montreal, May 14-20 Pierre-David Oriol - Northsec Conference (Dec 01)

Qualys Security Advisory

Qualys Security Advisory - Buffer overflow in glibc's ld.so Qualys Security Advisory (Dec 12)

Ryan Dewhurst

Re: [CVE-2017-17719] Cross-Site Scripting (XSS) vulnerability in WordPress Concours Plugin Ryan Dewhurst (Dec 23)

SEC Consult Vulnerability Lab

SEC Consult SA-20171130-0 :: Critical CODESYS vulnerabilities in WAGO PFC 200 Series SEC Consult Vulnerability Lab (Dec 02)
SEC Consult SA-20171129-0 :: FortiGate SSL VPN Portal XSS Vulnerability SEC Consult Vulnerability Lab (Dec 02)
SEC Consult SA-20171213-0 :: VPN credentials disclosure in Fortinet FortiClient SEC Consult Vulnerability Lab (Dec 13)
SEC Consult SA-20171130-1 :: OS Command Injection & Reflected Cross Site Scripting in OpenEMR SEC Consult Vulnerability Lab (Dec 02)

Silas

Three exploits for Zivif Web Cameras (may impact others) Silas (Dec 12)

Stefan Kanthak

AMD's buddies for Intel's FDIV bug: _llrem and _ullrem yield wrong remainders! Stefan Kanthak (Dec 01)

Stiepan

Re: [oss-security] CVE-2017-17670: vlc: type conversion vulnerability Stiepan (Dec 15)

Vulnerability Lab

Re: Edward Snowden free speech at JBFone - Future, Data Security & Privacy Vulnerability Lab (Dec 05)

Zmx

Re: Google supported XSS kit aka AdExchange iframe buster kit Zmx (Dec 23)
Google supported XSS kit aka AdExchange iframe buster kit Zmx (Dec 19)
Re: Google supported XSS kit aka AdExchange iframe buster kit Zmx (Dec 19)

Previous period

Next period