fulldisclosure  

Messages by Date

• 2019/03/26 [FD] APPLE-SA-2019-3-25-7 Xcode 10.2 Apple Product Security via Fulldisclosure
• 2019/03/26 [FD] APPLE-SA-2019-3-25-4 Safari 12.1 Apple Product Security via Fulldisclosure
• 2019/03/26 [FD] APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra Apple Product Security via Fulldisclosure
• 2019/03/26 [FD] [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400) Matthias Deeg
• 2019/03/26 [FD] [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311) Matthias Deeg
• 2019/03/26 [FD] [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341) Matthias Deeg
• 2019/03/26 [FD] CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion Kevin R
• 2019/03/26 [FD] Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada cfp
• 2019/03/26 [FD] Repeat of CVE-2018-4251 in Razer Laptops Bailey Fox
• 2019/03/26 [FD] [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple RedTeam Pentesting GmbH
• 2019/03/22 Re: [FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] Give 2.3.0 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 Re: [FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/22 [FD] CVE-2018-17057: phar deserialization in TCPDF might lead to RCE Paolo G
• 2019/03/20 [FD] [SE-2019-01] Java Card vulnerabilities Security Explorations
• 2019/03/19 [FD] CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error Timo Lindfors
• 2019/03/19 [FD] 2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481] (RS) Tyler Schroder via Fulldisclosure
• 2019/03/19 Re: [FD] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion Henri Salo
• 2019/03/16 [FD] SQL injection in joshcam/mysqli-database-class library Jaroslav Lobačevski
• 2019/03/16 [FD] IPv6 Security for IPv4 Engineers Fernando Gont
• 2019/03/16 [FD] Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) David Coomber
• 2019/03/16 [FD] [**UPDATED] Microsoft Windows .Reg File / Dialog Box Message Spoofing 0day hyp3rlinx
• 2019/03/16 [FD] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion Manuel Garcia Cardenas
• 2019/03/12 [FD] FlexPaper <= 2.3.6 Remote Command Execution redazione
• 2019/03/12 [FD] CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Kevin R
• 2019/03/12 [FD] CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Kevin R
• 2019/03/12 Re: [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin) Henri Salo
• 2019/03/12 [FD] Microsoft Windows .Reg File / Dialog Box Message Spoofing Vulnerability hyp3rlinx
• 2019/03/09 [FD] DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities secure
• 2019/03/09 Re: [FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/09 Re: [FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin) Henri Salo
• 2019/03/09 [FD] UFONet v-1.3 - [SLY] SingularitY! psy
• 2019/03/07 [FD] Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities Vulnerability Lab
• 2019/03/05 [FD] Sagemcom router insufficient default PSK entropy Ryan Delaney
• 2019/03/05 [FD] Open Redirection vulnerability in Babel (CMSMS Module) Jan Kopriva
• 2019/03/05 Re: [FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin) Henri Salo
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/05 [FD] SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) Ece örsel
• 2019/03/01 [FD] DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability secure
• 2019/03/01 [FD] DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities secure
• 2019/03/01 [FD] [CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378 Rafael Pedrero
• 2019/03/01 [FD] Apache UNO API RCE Axel Boesenach
• 2019/03/01 [FD] SHAREit for Android Authentication Bypass and Remote File Download RedForce Advisory
• 2019/03/01 [FD] [CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 advisories
• 2019/02/28 [FD] AST-2019-001: Remote crash vulnerability with SDP protocol violation Asterisk Security Team
• 2019/02/26 [FD] Defense in depth -- the Microsoft way (part 60): same old sins and incompetence! Stefan Kanthak
• 2019/02/26 [FD] [CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4) Rafael Pedrero
• 2019/02/26 [FD] CVE-2019-1000032: Memory corruption / DoS in nanosvg Sebastian Neef
• 2019/02/22 [FD] CVE-2019-8939: XSS in Tautulli Geeknik Labs via Fulldisclosure
• 2019/02/21 [FD] Kanboard 1.2.7 Multiple Vulnerabilities Will Boucher via Fulldisclosure
• 2019/02/21 [FD] Multiple issues in Teracue ENC-400 including pre-authenticated remote code execution Stephen Shkardoon
• 2019/02/21 [FD] [CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17 Rafael Pedrero
• 2019/02/21 [FD] [CVE-2018-18845] Cross Site Scripting in Advanced comment system v1.0 Rafael Pedrero
• 2019/02/21 [FD] [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
• 2019/02/21 [FD] [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous) Rafael Pedrero
• 2019/02/21 [FD] CA20190212-01: Security Notice for CA Privileged Access Manager Kevin Kotas via Fulldisclosure
• 2019/02/21 Re: [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Henri Salo
• 2019/02/21 [FD] Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4 Daniel Bishtawi
• 2019/02/21 [FD] Open Redirection Vulnerability in GetSimpleCMS 3.3.13 Daniel Bishtawi
• 2019/02/21 [FD] [SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities advisories
• 2019/02/20 [FD] [SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset Adam Gowdiak
• 2019/02/13 Re: [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations
• 2019/02/12 [FD] KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset Kingkaustubh via Fulldisclosure
• 2019/02/12 [FD] KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices Kingkaustubh via Fulldisclosure
• 2019/02/12 [FD] KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices Kingkaustubh via Fulldisclosure
• 2019/02/12 [FD] KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products Kingkaustubh via Fulldisclosure
• 2019/02/12 [FD] KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall Kingkaustubh via Fulldisclosure
• 2019/02/12 [FD] KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. Kingkaustubh via Fulldisclosure
• 2019/02/08 [FD] Content Injection in Amazon's FireOS [CVE-2019-7399] Nightwatch Cybersecurity Research
• 2019/02/08 [FD] [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
• 2019/02/08 [FD] [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service Rafael Pedrero
• 2019/02/08 [FD] [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3 Rafael Pedrero
• 2019/02/08 [FD] [CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2 Rafael Pedrero
• 2019/02/08 [FD] APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Apple Product Security via Fulldisclosure
• 2019/02/08 [FD] APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update Apple Product Security via Fulldisclosure
• 2019/02/08 [FD] APPLE-SA-2019-2-07-1 iOS 12.1.4 Apple Product Security via Fulldisclosure
• 2019/02/08 [FD] Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) David Coomber
• 2019/02/05 [FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal
• 2019/02/05 [FD] Give 2.3.0 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin) Tim Coen
• 2019/02/05 [FD] DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability secure
• 2019/02/05 [FD] [Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root Pedro Ribeiro
• 2019/02/05 [FD] SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government SEC Consult Vulnerability Lab
• 2019/02/01 [FD] Reflected XSS in n SolarWinds Serv-U FTP Server Chris
• 2019/02/01 [FD] Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP Server Chris
• 2019/02/01 [FD] [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration Sysdream Labs
• 2019/02/01 [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Daniel Bishtawi
• 2019/02/01 [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Daniel Bishtawi
• 2019/01/29 Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Henri Salo
• 2019/01/25 [FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security via Fulldisclosure
• 2019/01/25 [FD] CA20190124-01: Security Notice for CA Automic Workload Automation James Williams via Fulldisclosure
• 2019/01/25 [FD] Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Daniel Bishtawi
• 2019/01/25 [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Daniel Bishtawi
• 2019/01/25 [FD] Cross-site Scripting Vulnerability in Abantecart 1.2.12 Daniel Bishtawi
• 2019/01/25 [FD] Cross-site Scripting via XML Vulnerability in DNN 9.1 Daniel Bishtawi
• 2019/01/25 [FD] Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution hyp3rlinx
• 2019/01/24 [FD] SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab
• 2019/01/24 [FD] RVAsec 2019 Call for Presentations (CFP) Sullo
• 2019/01/24 [FD] [RT-SA-2018-004] Cisco RV320 Command Injection RedTeam Pentesting GmbH
• 2019/01/24 [FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH
• 2019/01/24 [FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH
• 2019/01/22 [FD] [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE Pedro Ribeiro
• 2019/01/22 [FD] CA20190117-01: Security Notice for CA Service Desk Manager Kevin Kotas via Fulldisclosure
• 2019/01/22 [FD] Call For Paper - leHACK - July 6th - July 7th, 2019 Hackira via Fulldisclosure
• 2019/01/22 [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations
• 2019/01/18 [FD] Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability Stefan Kanthak
• 2019/01/18 [FD] Open-Xchange Security Advisory 2019-01-18 Open-Xchange GmbH
• 2019/01/18 [FD] Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution hyp3rlinx
• 2019/01/18 [FD] Become a speaker at PHDays 9! Alexander Lashkov
• 2019/01/15 [FD] SCP client multiple vulnerabilities Harry Sintonen
• 2019/01/15 [FD] secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler Simon Bieber
• 2019/01/15 [FD] EuskalHack Security Congress Call For Papers Joxean Koret via Fulldisclosure
• 2019/01/15 Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo
• 2019/01/11 [FD] System Down: A systemd-journald exploit Qualys Security Advisory
• 2019/01/11 [FD] [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones Sysdream Labs
• 2019/01/11 [FD] [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones Sysdream Labs
• 2019/01/11 Re: [FD] Reflected Cross-site Scripting in Mantis 2.11.1 Henri Salo
• 2019/01/11 Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo
• 2019/01/11 [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Daniel Bishtawi
• 2019/01/11 [FD] XML External Entity Injection Vulnerability in BlogEngine 3.3 Daniel Bishtawi
• 2019/01/11 [FD] Open Redirection Vulnerabilities in OrangeForum 1.4.0 Daniel Bishtawi
• 2019/01/11 [FD] Capstone v4.0.1 is out! Nguyen Anh Quynh
• 2019/01/11 [FD] Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day hyp3rlinx
• 2019/01/11 [FD] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser X41 D-Sec GmbH Advisories
• 2019/01/09 [FD] SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series) SEC Consult Vulnerability Lab
• 2019/01/08 [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x Sahil Dhar
• 2019/01/08 [FD] Path Traversal in Aspose.ZIP library Jaroslav Lobačevski
• 2019/01/08 Re: [FD] Vulnerabilities in Zurmo 2.3.4 Henri Salo
• 2019/01/08 Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo
• 2019/01/08 [FD] New Release: UFONet v1.2 - "Armageddon!" psy
• 2019/01/08 [FD] Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14 Daniel Bishtawi
• 2019/01/08 [FD] Reflected Cross-site Scripting in Mantis 2.11.1 Daniel Bishtawi
• 2019/01/08 Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi
• 2019/01/08 [FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin) dxw Security
• 2019/01/04 [FD] DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability secure
• 2019/01/04 [FD] BMC Network Automation v8.7 - remote session hijacking. Filip Palian
• 2019/01/04 [FD] BMC Remedy + ITAM - multiple security issues. Filip Palian
• 2019/01/04 [FD] Open-Xchange Security Advisory 2018-12-31 martin . heiland . lists
• 2019/01/04 [FD] CWE-80 XSS Bose Soundtouch App ProSec
• 2019/01/04 [FD] CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb Daniel Jones via Fulldisclosure
• 2019/01/04 [FD] Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0 Daniel Bishtawi
• 2019/01/04 [FD] Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Daniel Bishtawi
• 2019/01/04 [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi
• 2019/01/04 [FD] Vulnerabilities in Zurmo 2.3.4 Daniel Bishtawi
• 2019/01/04 [FD] Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10 Daniel Bishtawi
• 2019/01/04 [FD] /bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) zzt0907
• 2019/01/01 Re: [FD] [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2019/01/01 Re: [FD] [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2019/01/01 Re: [FD] [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2019/01/01 [FD] DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability secure
• 2019/01/01 [FD] Chrome Browser for Android Reveals Sensitive Hardware Information Nightwatch Cybersecurity Research
• 2019/01/01 [FD] Call for Papers for ShmooCon Epilogue Closes Jan 1 Rob Fuller
• 2019/01/01 [FD] Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6 Daniel Bishtawi
• 2018/12/31 [FD] [KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability Egidio Romano
• 2018/12/31 [FD] [KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability Egidio Romano
• 2018/12/21 Re: [FD] LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) Henri Salo
• 2018/12/21 [FD] [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2018/12/21 [FD] [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2018/12/21 [FD] [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials Tyler Cui
• 2018/12/21 [FD] CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 Rafael Pedrero
• 2018/12/21 [FD] CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631) Rafael Pedrero
• 2018/12/21 [FD] DAVOSET v.1.3.7 MustLive
• 2018/12/21 [FD] New vulnerabilities in Transcend Wi-Fi SD Card MustLive
• 2018/12/21 [FD] Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section Murat Aydemir
• 2018/12/21 [FD] Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section Murat Aydemir
• 2018/12/21 [FD] Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API Murat Aydemir
• 2018/12/21 [FD] Capstone disassembler v4.0 is out! Nguyen Anh Quynh
• 2018/12/21 [FD] [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities advisories
• 2018/12/21 [FD] [CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities advisories
• 2018/12/21 [FD] Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231) zzt0907
• 2018/12/21 [FD] LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) zzt0907

• Later messages