Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

91 messages starting Mar 18 17 and ending Mar 18 17
Date index | Thread index | Author index

Alexander Korznikov

TS Session Hijacking / Privilege escalation all windows versions Alexander Korznikov (Mar 18)

Andrew Griffiths

SICUNET Physical Access Controller - Multiple Vulnerabilities Andrew Griffiths (Mar 10)

Apple Product Security

APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite Apple Product Security (Mar 28)
APPLE-SA-2017-03-22-2 iTunes for Mac 12.6 Apple Product Security (Mar 24)
APPLE-SA-2017-03-27-7 macOS Server 5.3 Apple Product Security (Mar 28)
APPLE-SA-2017-03-27-5 watchOS 3.2 Apple Product Security (Mar 28)
APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security (Mar 29)
APPLE-SA-2017-03-27-2 Safari 10.1 Apple Product Security (Mar 28)
APPLE-SA-2017-03-27-4 iOS 10.3 Apple Product Security (Mar 28)
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 Apple Product Security (Mar 24)
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 Apple Product Security (Mar 29)
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS Apple Product Security (Mar 27)

Aromal Raj

CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility Aromal Raj (Mar 06)
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility Aromal Raj (Mar 06)

bashis

0-Day: Dahua backdoor Generation 2 and 3 bashis (Mar 05)
Re: 0-Day: Dahua backdoor Generation 2 and 3 bashis (Mar 07)
Re: 0-Day: Dahua backdoor Generation 2 and 3 bashis (Mar 20)

Black Arch

New BlackArch Linux ISOs (2017.03.01) released! Black Arch (Mar 02)

Carlos Silva

Re: SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products Carlos Silva (Mar 20)

Chris Holland

Re: 0-Day: Dahua backdoor Generation 2 and 3 Chris Holland (Mar 06)

cr0hn

[Tool] Docker Scan: Security analysis tools for Docker Images and Docker Registries cr0hn (Mar 07)

Curesec Research Team (CRT)

pfsense 2.3.2: CSRF Curesec Research Team (CRT) (Mar 27)
HumHub 0.20.1 / 1.0.0-beta.3: Code Execution Curesec Research Team (CRT) (Mar 17)
phplist 3.2.6: XSS Curesec Research Team (CRT) (Mar 17)
pfsense 2.3.2: Code Execution Curesec Research Team (CRT) (Mar 27)
phplist 3.2.6: SQL Injection Curesec Research Team (CRT) (Mar 17)
HumHub 1.0.1: XSS Curesec Research Team (CRT) (Mar 17)
pfsense 2.3.2: XSS Curesec Research Team (CRT) (Mar 27)

David Wearing

Axis Camera Multiple Vulnerabilities David Wearing (Mar 16)

Douglas Held

Re: Hidden malicious modules in MS VBA (Visual Basic for Applications Douglas Held (Mar 31)

ERPScan inc

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM ERPScan inc (Mar 24)

erythronium23

Adium vulnerable to remote code execution via libpurple erythronium23 (Mar 21)

FOXMOLE Advisories

[FOXMOLE SA 2017-01-25] inoERP - Multiple Issues FOXMOLE Advisories (Mar 27)

Francisco Amato

Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Mar 24)

fulldisclosure

Re: Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe fulldisclosure (Mar 07)

Haifei Li

Outlook Remote Crashing Bug Haifei Li (Mar 28)

Hossein Lotfi

Microsoft Windows "LoadUvsTable()" Buffer Overflow Vulnerability Hossein Lotfi (Mar 16)

hyp3rlinx

Splunk Enterprise Information Theft - CVE-2017-5607 hyp3rlinx (Mar 30)
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service hyp3rlinx (Mar 20)
Windows DVD Maker XML External Entity File Disclosure hyp3rlinx (Mar 16)
DzSoft PHP Editor v4.2.7 File Enumeration [**UPDATED FIXED TYPO] hyp3rlinx (Mar 28)
CVE-2017-6805 MobaXterm Personal Edition v9.4 Directory Traversal File Disclosure hyp3rlinx (Mar 14)
FTP Voyager Scheduler v16.2.0 CSRF Remote Command Execution hyp3rlinx (Mar 10)

Indrajith AN

Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router. Indrajith AN (Mar 20)
Bypassing Authentication on iball Baton Routers Indrajith AN (Mar 07)
Bypassing Authentication on iball Baton Routers Indrajith AN (Mar 10)

Jens Regel

[CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal Jens Regel (Mar 24)

Joey Kelly

Re: Vulnerabilities in Transcend Wi-Fi SD Card Joey Kelly (Mar 28)

Kevin Beaumont

Re: TS Session Hijacking / Privilege escalation all windows versions Kevin Beaumont (Mar 20)

KoreLogic Disclosures

KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery KoreLogic Disclosures (Mar 10)

Kyle Neideck

Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck (Mar 05)

Larry W. Cashdollar

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar (Mar 02)

Luke Symons

CVE-2017-5900 Luke Symons (Mar 27)

Martin Kolárik

CVE-2017-6466 - Remote Code Execution under SYSTEM via MITM in F-Secure AV Martin Kolárik (Mar 10)

Michael Benich

CVE-2017-6550: Kinsey Infor-Lawson - Multiple SQL Injections Michael Benich (Mar 10)
CVE-2017-6443: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Michael Benich (Mar 05)

Milos Krasojevic

Call for Papers for 5th Balkan Computer Congress – BalCCon2k17 Milos Krasojevic (Mar 05)

MustLive

Vulnerabilities in Transcend Wi-Fi SD Card MustLive (Mar 27)
DAVOSET v.1.3 MustLive (Mar 10)

Nicholas von Pechmann

Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Nicholas von Pechmann (Mar 10)

Pasquale Fiorillo

QNAP QTS Domain Privilege Escalation Vulnerability Pasquale Fiorillo (Mar 24)

Pierre Kim

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead Pierre Kim (Mar 07)

Roee Hay

Aleph Research: Attacking Nexus 9 with Malicious Headphones (CVE-2017-0510) Roee Hay (Mar 14)

Sachin Wagh

USB Pratirodh XML External Entity Injection Vulnerability Sachin Wagh (Mar 16)
USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability Sachin Wagh (Mar 16)
Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll) Sachin Wagh (Mar 16)

SEC Consult Vulnerability Lab

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud SEC Consult Vulnerability Lab (Mar 07)
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices SEC Consult Vulnerability Lab (Mar 22)
SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave SEC Consult Vulnerability Lab (Mar 01)
SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint SEC Consult Vulnerability Lab (Mar 08)
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products SEC Consult Vulnerability Lab (Mar 16)

Securify B.V.

Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability Securify B.V. (Mar 07)
Western Digital My Cloud vulnerable to multiple command injection vulnerabilities Securify B.V. (Mar 07)
Microsoft Edge Fetch API allows setting of arbitrary request headers Securify B.V. (Mar 14)
Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Securify B.V. (Mar 07)

Stefan Kanthak

Re: Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak (Mar 28)
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" Stefan Kanthak (Mar 24)
Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe Stefan Kanthak (Mar 05)
Defense in depth -- the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier" Stefan Kanthak (Mar 24)
Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe Stefan Kanthak (Mar 06)

Summer of Pwnage

WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage (Mar 06)
Cross-Site Request Forgery in WordPress Press This function allows DoS Summer of Pwnage (Mar 06)

Sydream Labs

[CVE-2017-6088] EON 5.0 Multiple SQL Injection Sydream Labs (Mar 24)
[CVE-2017-5869] Nuxeo Platform remote code execution Sydream Labs (Mar 24)
[CVE-2017-6087] EON 5.0 Remote Code Execution Sydream Labs (Mar 24)

Thegrideon Software

Hidden malicious modules in MS VBA (Visual Basic for Applications) Thegrideon Software (Mar 29)

Thomas Deutschmann

Re: Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Thomas Deutschmann (Mar 20)

Wolfgang

OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) Wolfgang (Mar 06)

x ksi

URL spoofing in UC browser. x ksi (Mar 14)

Yuliya Pliavaka

Hardwear.io Call For Papers 2017 is open! Yuliya Pliavaka (Mar 10)

陈彦羽

[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting 陈彦羽 (Mar 18)

Previous period

Next period