fulldisclosure  

Messages by Thread

• • Re: [FD] Microsoft Internet Explorer v11 / XML External Entity Injection 0day hyp3rlinx
• [FD] Nagios XI 5.5.10: XSS to root RCE (CVE-2019-9164, 9165, 9166, 9167, 9202, 9203, 9204) Abdel Adim `smaury` Oisfi
• [FD] Security Analysis of the TP-Link Archer C50 Router Harley A.W. Lorenzo via Fulldisclosure
• [FD] HD Pan/Tilt Wi-Fi Camera NC450 Hard-Coded Credential Vulnerability Sachin Wagh
• [FD] EasyIO 30P: CVE-2018-15820 (Stored XSS) and CVE-2018-15819 (Authentication bypass) Daniel dos Santos
• [FD] Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion) Daniel dos Santos
• [FD] WordPress plugin Contact Form by WD [CSRF → LFI] Panagiotis Vagenas
  • Re: [FD] WordPress plugin Contact Form by WD [CSRF → LFI] Henri Salo
• [FD] WordPress Plugin Form Maker by WD [CSRF → LFI] Panagiotis Vagenas
  • Re: [FD] WordPress Plugin Form Maker by WD [CSRF → LFI] Henri Salo
• [FD] Arris Touchstone TG1672 Administrative Login Vulnerabilities Harley A.W. Lorenzo via Fulldisclosure
• [FD] hardwear.io 2019 Call For Papers is Open - USA & Netherlands Yuliya Pliavaka
• [FD] SphereFTP 2.0 Denial Of Service Sachin Wagh
• [FD] DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities secure
  • [FD] DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities secure
• [FD] CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution Red Timmy Sec -
• [FD] c0c0n XII | The cy0ps c0n - Call For Papers & Call For Workshops Prajwal Panchmahalkar
• [FD] Open-Xchange Security Advisory 2019-04-01 Open-Xchange GmbH via Fulldisclosure
• [FD] Uniqkey Password Manager 1.14 - Remote Credential Disclosure gionreale
  • [FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845] gionreale
  • [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload gionreale
  • Re: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload gionreale
• [FD] Various vulnerabilities in Lupusec XT2 Plus home alarm system Dan Fabian
• [FD] APPLE-SA-2019-3-27-1 watchOS 5.2 Apple Product Security via Fulldisclosure
• [FD] [SAUTH-2019-0002] - Pydio 8 Multiple Vulnerabilities SecureAuth Advisories
• [FD] [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval RedTeam Pentesting GmbH
• [FD] [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH
• [FD] [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH
• [FD] ESA-2017-123: EMC Networker Remote Code Execution Vulnerability secure
• [FD] APPLE-SA-2019-3-25-1 iOS 12.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-6 iCloud for Windows 7.11 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-3 tvOS 12.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-7 Xcode 10.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-4 Safari 12.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra Apple Product Security via Fulldisclosure
• [FD] [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400) Matthias Deeg
• [FD] [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311) Matthias Deeg
• [FD] [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341) Matthias Deeg
• [FD] CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion Kevin R
• [FD] Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada cfp
• [FD] Repeat of CVE-2018-4251 in Razer Laptops Bailey Fox
• [FD] [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple RedTeam Pentesting GmbH
• [FD] CVE-2018-17057: phar deserialization in TCPDF might lead to RCE Paolo G
• [FD] [SE-2019-01] Java Card vulnerabilities Security Explorations
• [FD] CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error Timo Lindfors
• [FD] 2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481] (RS) Tyler Schroder via Fulldisclosure
• [FD] SQL injection in joshcam/mysqli-database-class library Jaroslav Lobačevski
• [FD] IPv6 Security for IPv4 Engineers Fernando Gont
• [FD] Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723) David Coomber
• [FD] [**UPDATED] Microsoft Windows .Reg File / Dialog Box Message Spoofing 0day hyp3rlinx
• [FD] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion Manuel Garcia Cardenas
  • Re: [FD] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion Henri Salo
• [FD] FlexPaper <= 2.3.6 Remote Command Execution redazione
• [FD] CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Kevin R
• [FD] CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Kevin R
• [FD] Microsoft Windows .Reg File / Dialog Box Message Spoofing Vulnerability hyp3rlinx
• [FD] UFONet v-1.3 - [SLY] SingularitY! psy
• [FD] Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities Vulnerability Lab
• [FD] Sagemcom router insufficient default PSK entropy Ryan Delaney
• [FD] Open Redirection vulnerability in Babel (CMSMS Module) Jan Kopriva
• [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
  • [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
  • [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
  • [FD] SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS) Ece örsel
• [FD] SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) Ece örsel
  • [FD] SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) Ece örsel
• [FD] DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability secure
• [FD] DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities secure
  • [FD] DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities secure
• [FD] [CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378 Rafael Pedrero
• [FD] Apache UNO API RCE Axel Boesenach
• [FD] SHAREit for Android Authentication Bypass and Remote File Download RedForce Advisory
• [FD] [CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 advisories
• [FD] AST-2019-001: Remote crash vulnerability with SDP protocol violation Asterisk Security Team
• [FD] Defense in depth -- the Microsoft way (part 60): same old sins and incompetence! Stefan Kanthak
• [FD] [CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4) Rafael Pedrero
• [FD] CVE-2019-1000032: Memory corruption / DoS in nanosvg Sebastian Neef
• [FD] CVE-2019-8939: XSS in Tautulli Geeknik Labs via Fulldisclosure
• [FD] Kanboard 1.2.7 Multiple Vulnerabilities Will Boucher via Fulldisclosure
• [FD] Multiple issues in Teracue ENC-400 including pre-authenticated remote code execution Stephen Shkardoon
• [FD] [CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17 Rafael Pedrero
• [FD] [CVE-2018-18845] Cross Site Scripting in Advanced comment system v1.0 Rafael Pedrero
• [FD] [CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
• [FD] [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous) Rafael Pedrero
• [FD] CA20190212-01: Security Notice for CA Privileged Access Manager Kevin Kotas via Fulldisclosure
• [FD] Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4 Daniel Bishtawi
• [FD] Open Redirection Vulnerability in GetSimpleCMS 3.3.13 Daniel Bishtawi
• [FD] [SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities advisories
• [FD] [SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset Adam Gowdiak
• [FD] KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products Kingkaustubh via Fulldisclosure
• [FD] KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall Kingkaustubh via Fulldisclosure
• [FD] KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. Kingkaustubh via Fulldisclosure
• [FD] Content Injection in Amazon's FireOS [CVE-2019-7399] Nightwatch Cybersecurity Research
• [FD] [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Rafael Pedrero
• [FD] [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service Rafael Pedrero
• [FD] [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3 Rafael Pedrero
• [FD] [CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2 Rafael Pedrero
• [FD] APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-2-07-1 iOS 12.1.4 Apple Product Security via Fulldisclosure
• [FD] Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) David Coomber
• [FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal
• [FD] Give 2.3.0 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] Give 2.3.0 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin) Tim Coen
  • Re: [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin) Henri Salo
• [FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin) Tim Coen
  • Re: [FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin) Henri Salo
• [FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin) Tim Coen
  • Re: [FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin) Henri Salo
• [FD] DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability secure
• [FD] [Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root Pedro Ribeiro
• [FD] SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government SEC Consult Vulnerability Lab
• [FD] Reflected XSS in n SolarWinds Serv-U FTP Server Chris
• [FD] Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP Server Chris
• [FD] [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration Sysdream Labs
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Daniel Bishtawi
• [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Daniel Bishtawi
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Henri Salo
• [FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security via Fulldisclosure
• [FD] CA20190124-01: Security Notice for CA Automic Workload Automation James Williams via Fulldisclosure
• [FD] Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Daniel Bishtawi
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Daniel Bishtawi
  • Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Henri Salo
• [FD] Cross-site Scripting Vulnerability in Abantecart 1.2.12 Daniel Bishtawi
• [FD] Cross-site Scripting via XML Vulnerability in DNN 9.1 Daniel Bishtawi
• [FD] Microsoft Windows .CONTACT File / HTML Injection Mailto: Remote Code Execution hyp3rlinx
• [FD] SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab
• [FD] RVAsec 2019 Call for Presentations (CFP) Sullo
• [FD] [RT-SA-2018-004] Cisco RV320 Command Injection RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting GmbH
• [FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting GmbH
• [FD] [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE Pedro Ribeiro
• [FD] CA20190117-01: Security Notice for CA Service Desk Manager Kevin Kotas via Fulldisclosure
• [FD] Call For Paper - leHACK - July 6th - July 7th, 2019 Hackira via Fulldisclosure
• [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations
  • Re: [FD] [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets Security Explorations
• [FD] Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability Stefan Kanthak
• [FD] Open-Xchange Security Advisory 2019-01-18 Open-Xchange GmbH
• [FD] Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution hyp3rlinx
• [FD] Become a speaker at PHDays 9! Alexander Lashkov
• [FD] SCP client multiple vulnerabilities Harry Sintonen
• [FD] secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler Simon Bieber
• [FD] EuskalHack Security Congress Call For Papers Joxean Koret via Fulldisclosure
• [FD] System Down: A systemd-journald exploit Qualys Security Advisory
  • Re: [FD] System Down: A systemd-journald exploit Qualys Security Advisory
• [FD] [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones Sysdream Labs
• [FD] [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones Sysdream Labs
• Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Henri Salo
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Daniel Bishtawi
• [FD] XML External Entity Injection Vulnerability in BlogEngine 3.3 Daniel Bishtawi
• [FD] Open Redirection Vulnerabilities in OrangeForum 1.4.0 Daniel Bishtawi
• [FD] Capstone v4.0.1 is out! Nguyen Anh Quynh
• [FD] Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day hyp3rlinx
• [FD] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser X41 D-Sec GmbH Advisories
• [FD] SEC Consult SA-20190109-0 :: Multiple Vulnerabilities in Cisco VoIP Phones (88xx series) SEC Consult Vulnerability Lab
• [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x Sahil Dhar
• [FD] Path Traversal in Aspose.ZIP library Jaroslav Lobačevski
• Re: [FD] Vulnerabilities in Zurmo 2.3.4 Henri Salo
• [FD] New Release: UFONet v1.2 - "Armageddon!" psy
• [FD] Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14 Daniel Bishtawi
• [FD] Reflected Cross-site Scripting in Mantis 2.11.1 Daniel Bishtawi
  • Re: [FD] Reflected Cross-site Scripting in Mantis 2.11.1 Henri Salo
• [FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin) dxw Security
• [FD] DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability secure
• [FD] BMC Network Automation v8.7 - remote session hijacking. Filip Palian
• [FD] BMC Remedy + ITAM - multiple security issues. Filip Palian
• [FD] Open-Xchange Security Advisory 2018-12-31 martin . heiland . lists
• [FD] CWE-80 XSS Bose Soundtouch App ProSec
• [FD] CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb Daniel Jones via Fulldisclosure
• [FD] Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0 Daniel Bishtawi
• [FD] Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Daniel Bishtawi
• [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo
  • Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi

• Later messages