Mail Thread Index

• Date Index

• [FD] CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation, John Torakis
• [FD] SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution, Maor Shwartz
• [FD] SSD Advisory – Mac OS X 10.12 Quarantine Bypass, Maor Shwartz
• [FD] SSD Advisory – Horde Groupware Unauthorized File Download, Maor Shwartz
• [FD] SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure, Maor Shwartz
• [FD] CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability, Giovanni Cerrato
• [FD] DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1, DefenseCode
• [FD] DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2, DefenseCode
• [FD] SmartBear SoapUI - Remote Code Execution via Deserialization, Etnies
• [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection, Marcin Wołoszyn
  • <Possible follow-ups>
  • [FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection, Marcin Wołoszyn
• [FD] APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update, Apple Product Security
• [FD] ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• [FD] ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities, EMC Product Security Response Center
• [FD] Nullcon Goa 2018 Call For Papers is Open!, Yuliya Pliavaka
• [FD] CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability, Barkın Kılıç
• [FD] WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts, dxw Security
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities, DefenseCode
• [FD] DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability, DefenseCode
• [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE, Harrison Neal
  • Re: [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE, Harrison Neal
• Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization, Harrison Neal
• Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-), kvnjs
• [FD] SSD Advisory – Vacron NVR Remote Command Execution, Maor Shwartz
• [FD] SSD Advisory – PHP Melody Multiple Vulnerabilities, Maor Shwartz
• [FD] SSD Advisory – QNAP HelpDesk SQL Injection, Maor Shwartz
• [FD] Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows, Stefan Kanthak
• [FD] Bad rolling code in keyfob for many Subaru cars, Tom Wimmenhove
• [FD] Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks, X41 D-Sec GmbH Advisories
• [FD] Advisory X41-2017-010: Command Execution in Shadowsocks-libev, X41 D-Sec GmbH Advisories
• [FD] Multiple vulnerabilities in OpenText Documentum Content Server, Andrey B. Panfilov
• [FD] Bezeq, Israel Telco, allows resetting its home subscribers, Baruch via Fulldisclosure
• [FD] [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure, Julien Ahrens
• [FD] SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++, SEC Consult Vulnerability Lab
• [FD] ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability, EMC Product Security Response Center
• [FD] ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability, EMC Product Security Response Center
• [FD] SSD Advisory – ZTE uSmartView DLL Hijacking, Maor Shwartz
• [FD] [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal, Jens Regel
• [FD] SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component, SEC Consult Vulnerability Lab
• [FD] [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass, Hakan Küsne
• [FD] SSD Advisory – FiberHome Directory Traversal, Maor Shwartz
• [FD] SSD Advisory – Microsoft Office SMB Information Disclosure, Maor Shwartz
• [FD] SSD Advisory – Webmin Multiple Vulnerabilities, Maor Shwartz
• [FD] SSD Advisory – Ikraus Anti Virus Remote Code Execution, Maor Shwartz
• [FD] SSD Advisory – Linux Kernel AF_PACKET Use-After-Free, Maor Shwartz
• [FD] SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products, SEC Consult Vulnerability Lab
• [FD] CVE-2017-12579 Local root privesc in Hashicorp vagrant-vmware-fusion 4.0.24, Mark Wadham
• [FD] [RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure, Julien Ahrens
• [FD] [RCE] TP-Link Remote Code Execution CVE-2017-13772, Kurtis Brown
• [FD] SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS, Maor Shwartz
• [FD] SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution, Maor Shwartz
• [FD] Multiple vulnerabilities in BMC Remedy, Simon Rawet
• [FD] [KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability, Egidio Romano
• [FD] KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation, KoreLogic Disclosures
• [FD] KL-001-2017-018 : Infoblox NetMRI Administration Shell Factory Reset Persistence, KoreLogic Disclosures
• [FD] KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation, KoreLogic Disclosures
• [FD] KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions, KoreLogic Disclosures
• [FD] KL-001-2017-021 : Sophos UTM 9 Management Appplication Local File Inclusion, KoreLogic Disclosures
• [FD] Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO, Juan Diego
• [FD] Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996), VSR Advisories
• [FD] PIA Android App Can Be Crashed via Large Download [CVE-2017-15882], Nightwatch Cybersecurity Research
• [FD] ESA-2017-134: RSA® Authentication Manager Security Update for Reflected Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• [FD] Windows Attachment Manager *potential* feature bypass, Stevie Lamb (WLT GB)
• [FD] Advisory SyncBreeze Enterprise 10.1.16 Buffer Overflow [CVE-2017-15950], filipe
• [FD] JanTek JTC-200 Vulnerabilities, Karn Ganeshen
• [FD] [ICS] SpiderControl SCADA Web Server Improper Privilege Management Vulnerability, Karn Ganeshen
• [FD] [ICS] Progea Movicon SCADA/HMI Vulnerabilities, Karn Ganeshen
• [FD] [CVE-2017-15867] Multiple Cross-Site Scripting (XSS) vulnerabilities in User Login History Wordpress Plugin, nicolas.buzy-debat
• [FD] ESA-2017-141: EMC AppSync Hardcoded Password Vulnerability, EMC Product Security Response Center
• [FD] ESA-2017-137: EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability, EMC Product Security Response Center