Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
102 messages
starting Jan 01 18 and
ending Jan 30 18
Date index |
Thread index |
Author index
Monday, 01 January
"." (period) in file extension(s) in windows debug
FAQin congress CFP Esteban Dauksis
SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Maor Shwartz
SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities Maor Shwartz
Tuesday, 02 January
Re: "." (period) in file extension(s) in windows Gynvael Coldwind
Gain Access to SSH Group via ssh-agent and OpenSSL halfdog
EMC xDashboard - SQL Injection Vulnerability Paweł Gocyla
ChromeOS Doesn’t Always Use SSL During Startup [CVE-2017-15397] Nightwatch Cybersecurity Research
Re: "." (period) in file extension(s) in windows Dave Horsfall
Thursday, 04 January
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability Vulnerability Lab
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities Vulnerability Lab
Friday, 05 January
AMD-PSP: fTPM Remote Code Execution via crafted EK certificate Cfir Cohen via Fulldisclosure
[CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability Sydream Labs
[CVE-2017-7997] Gespage SQL Injection vulnerability Sydream Labs
SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities Maor Shwartz
RCE in DuoLingo’s TinyCards App for Android [CVE-2017-16905] Nightwatch Cybersecurity Research
ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities EMC Product Security Response Center
Saturday, 06 January
Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty Vulnerability Lab
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities Vulnerability Lab
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Vulnerability Lab
Tuesday, 09 January
Re: AMD-PSP: fTPM Remote Code Execution via crafted EK certificate Cfir Cohen via Fulldisclosure
Handy Password 4.9.3 Buffer Overflow filipe
Call For Paper - Nuit du Hack - June 30th - July 1st, 2018 Freeman
SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access Maor Shwartz
beVX Security Conference - Call For Papers / Workshops Maor Shwartz
FiberHome MIFI LM53Q1 Multiple Vulnerabilities Ibad Shah
Wapiti 3.0.0 released! Web vulnerability scanner Nicolas SURRIBAS
Social Media Widget by Acurax [CSRF] Panagiotis Vagenas
CMS Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas
Admin Menu Tree Page View [CSRF, Privilege Escalation] Panagiotis Vagenas
WordPress Download Manager [CSRF] Panagiotis Vagenas
APPLE-SA-2018-1-8-1 iOS 11.2.2 Apple Product Security
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update Apple Product Security
APPLE-SA-2018-1-8-3 Safari 11.0.2 Apple Product Security
CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass oststrom (public)
Sangoma SBC Remote Command Execution - CVE-2017–17430 Security Team Appsecco
WordPress LearnDash LMS: Unauthenticated arbitrary file upload NinTechNet
Thursday, 11 January
SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Maor Shwartz
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability DefenseCode
[CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Kurtis
Friday, 12 January
Flash Operator Panel v2.31.03 - Command Execution Vulnerability Vulnerability Lab
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities Vulnerability Lab
Magento Connect T1 - (Claim) Persistent Vulnerability Vulnerability Lab
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability Vulnerability Lab
Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Lab
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability Vulnerability Lab
Saturday, 13 January
Arbitrary file read in Kaseya VSA Securify B.V. via Fulldisclosure
Code execution in Kaseya VSA Securify B.V. via Fulldisclosure
Authentication bypass in Kaseya VSA Securify B.V. via Fulldisclosure
Broken TLS certificate validation in VTech DigiGo browser Summer of Pwnage via Fulldisclosure
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack Summer of Pwnage via Fulldisclosure
Broken TLS certificate pinning in VTech DigiGo Kid Connect app Summer of Pwnage via Fulldisclosure
PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH) Manuel Garcia Cardenas
Seagate Media Server allows deleting of arbitrary files and folders Summer of Pwnage via Fulldisclosure
[Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Kurtis
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability Vulnerability Lab
Monday, 15 January
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting GmbH
MagicSpam 2.0.13 - Insecure File Permission Vulnerability Vulnerability Lab
Zenario v7.6 CMS - SQL Injection Web Vulnerability Vulnerability Lab
Tuesday, 16 January
Multiple vulnerabilities in all versions of ASUS routers Blazej Adamczyk
Adminer <= v4.3.1 Server Side Request Forgery hyp3rlinx
[CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes
SSD Advisory – GitStack Unauthenticated Remote Code Execution Maor Shwartz
Re: [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes
[v2] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation Rodrigo Menezes
Wednesday, 17 January
Positive Hack Days 8 CFP is now open Alexander Lashkov
Friday, 19 January
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability Vulnerability Lab
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities Vulnerability Lab
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities Vulnerability Lab
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities Vulnerability Lab
Sunday, 21 January
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability Vulnerability Lab
Monday, 22 January
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities Vulnerability Lab
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications SEC Consult Vulnerability Lab
Tuesday, 23 January
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities DefenseCode
SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Maor Shwartz
HACKTRICK'18 | Case Study Summit Mustafa Kaan Demirhan
ESA-2018-002: RSA® Authentication Manager SQL Injection Vulnerability EMC Product Security Response Center
CMS Made Simple 2.2.5 [Stored Cross-Site Scripting] Kyaw Min Thein
CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] Kyaw Min Thein
CMS Made Simple 2.2.5[Reflected Cross-Site Scripting] Kyaw Min Thein
Wednesday, 24 January
APPLE-SA-2018-1-23-1 iOS 11.2.5 Apple Product Security
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan Apple Product Security
APPLE-SA-2018-1-23-3 watchOS 4.2.2 Apple Product Security
APPLE-SA-2018-1-23-4 tvOS 11.2.5 Apple Product Security
APPLE-SA-2018-1-23-5 Safari 11.0.3 Apple Product Security
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows Apple Product Security
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 Apple Product Security
Friday, 26 January
[CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin nicolas.buzy-debat
[CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4 Pedro Ribeiro
Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Pedro Ribeiro
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability KoreLogic Disclosures
Tuesday, 30 January
Banknotes Misproduction security & biometric weakness Vulnerability Lab
SSD Advisory – iBall Multiple Vulnerabilities Maor Shwartz
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks Matthias Deeg
XSS and CSRF vulnerabilities in ASUS RT-N10 MustLive
Re: Banknotes Misproduction security & biometric weakness Jeffrey Walton
Defense in depth -- the Microsoft way (part 49): fun with application manifests Stefan Kanthak
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 SEC Consult Vulnerability Lab