Mail Index

• Thread Index

• [FD] CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation
  • From: John Torakis
• [FD] SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – Mac OS X 10.12 Quarantine Bypass
  • From: Maor Shwartz
• [FD] SSD Advisory – Horde Groupware Unauthorized File Download
  • From: Maor Shwartz
• [FD] SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure
  • From: Maor Shwartz
• [FD] CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability
  • From: Giovanni Cerrato
• [FD] DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1
  • From: DefenseCode
• [FD] DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2
  • From: DefenseCode
• [FD] SmartBear SoapUI - Remote Code Execution via Deserialization
  • From: Etnies
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection
  • From: Marcin Wołoszyn
• [FD] APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update
  • From: Apple Product Security
• [FD] ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities
  • From: EMC Product Security Response Center
• [FD] Nullcon Goa 2018 Call For Papers is Open!
  • From: Yuliya Pliavaka
• [FD] CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability
  • From: Barkın Kılıç
• [FD] WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts
  • From: dxw Security
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities
  • From: DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability
  • From: DefenseCode
• [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE
  • From: Harrison Neal
• Re: [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE
  • From: Harrison Neal
• Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization
  • From: Harrison Neal
• Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)
  • From: kvnjs
• [FD] SSD Advisory – Vacron NVR Remote Command Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – PHP Melody Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] SSD Advisory – QNAP HelpDesk SQL Injection
  • From: Maor Shwartz
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection
  • From: Marcin Wołoszyn
• [FD] Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows
  • From: Stefan Kanthak
• [FD] Bad rolling code in keyfob for many Subaru cars
  • From: Tom Wimmenhove
• [FD] Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks
  • From: X41 D-Sec GmbH Advisories
• [FD] Advisory X41-2017-010: Command Execution in Shadowsocks-libev
  • From: X41 D-Sec GmbH Advisories
• [FD] Multiple vulnerabilities in OpenText Documentum Content Server
  • From: Andrey B. Panfilov
• [FD] Bezeq, Israel Telco, allows resetting its home subscribers
  • From: Baruch via Fulldisclosure
• [FD] [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure
  • From: Julien Ahrens
• [FD] SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++
  • From: SEC Consult Vulnerability Lab
• [FD] ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability
  • From: EMC Product Security Response Center
• [FD] SSD Advisory – ZTE uSmartView DLL Hijacking
  • From: Maor Shwartz
• [FD] [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal
  • From: Jens Regel
• [FD] SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component
  • From: SEC Consult Vulnerability Lab
• [FD] [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass
  • From: Hakan Küsne
• [FD] SSD Advisory – FiberHome Directory Traversal
  • From: Maor Shwartz
• [FD] SSD Advisory – Microsoft Office SMB Information Disclosure
  • From: Maor Shwartz
• [FD] SSD Advisory – Webmin Multiple Vulnerabilities
  • From: Maor Shwartz
• [FD] SSD Advisory – Ikraus Anti Virus Remote Code Execution
  • From: Maor Shwartz
• [FD] SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
  • From: Maor Shwartz
• [FD] SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun
  • From: SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products
  • From: SEC Consult Vulnerability Lab
• [FD] CVE-2017-12579 Local root privesc in Hashicorp vagrant-vmware-fusion 4.0.24
  • From: Mark Wadham
• [FD] [RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure
  • From: Julien Ahrens
• [FD] [RCE] TP-Link Remote Code Execution CVE-2017-13772
  • From: Kurtis Brown
• [FD] SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS
  • From: Maor Shwartz
• [FD] SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution
  • From: Maor Shwartz
• [FD] Multiple vulnerabilities in BMC Remedy
  • From: Simon Rawet
• [FD] [KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-018 : Infoblox NetMRI Administration Shell Factory Reset Persistence
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions
  • From: KoreLogic Disclosures
• [FD] KL-001-2017-021 : Sophos UTM 9 Management Appplication Local File Inclusion
  • From: KoreLogic Disclosures
• [FD] Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO
  • From: Juan Diego
• [FD] Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996)
  • From: VSR Advisories
• [FD] PIA Android App Can Be Crashed via Large Download [CVE-2017-15882]
  • From: Nightwatch Cybersecurity Research
• [FD] ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability
  • From: EMC Product Security Response Center
• [FD] Windows Attachment Manager *potential* feature bypass
  • From: Stevie Lamb (WLT GB)
• [FD] Advisory SyncBreeze Enterprise 10.1.16 Buffer Overflow [CVE-2017-15950]
  • From: filipe
• [FD] JanTek JTC-200 Vulnerabilities
  • From: Karn Ganeshen
• [FD] [ICS] SpiderControl SCADA Web Server Improper Privilege Management Vulnerability
  • From: Karn Ganeshen
• [FD] [ICS] Progea Movicon SCADA/HMI Vulnerabilities
  • From: Karn Ganeshen
• [FD] [CVE-2017-15867] Multiple Cross-Site Scripting (XSS) vulnerabilities in User Login History Wordpress Plugin
  • From: nicolas.buzy-debat
• [FD] ESA-2017-141: EMC AppSync Hardcoded Password Vulnerability
  • From: EMC Product Security Response Center
• [FD] ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability
  • From: EMC Product Security Response Center