[FD] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class

Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Yorick Koster, May 2015 ---

[FD] Insufficient certificate validation in EMC Secure Remote Services Virtual Edition

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition Han Sahin, November 2014

[FD] Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal Han Sahin, November 2014 -

Re: [FD] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class

Microsoft released MS15-101 that addresses this issue: https://technet.microsoft.com/library/security/ms15-101 On 25-07-15 09:02, Securify B.V. wrote: Integer overflow in .NET Framework

[FD] Synology Video Station command injection and multiple SQL injection vulnerabilities

Synology Video Station command injection and multiple SQL injection vulnerabilities Han Sahin, September 2015 -

[FD] Multiple Cross-Site Scripting vulnerabilities in Synology Download Station

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Han Sahin, September 2015 --

[FD] Cisco AnyConnect elevation of privileges via DLL side loading

Cisco AnyConnect elevation of privileges via DLL side loading Yorick Koster, June 2015

[FD] Cisco AnyConnect elevation of privileges via DMG install script

Cisco AnyConnect elevation of privileges via DMG install script Yorick Koster, July 2015 --

Re: [FD] Cisco AnyConnect elevation of privileges via DLL side loading

has released bug ID CSCuv01279 [5] for registered users, which contains additional details and an up-to-date list of affected product versions. On 22-09-15 18:18, Securify B.V. wrote: Cisco AnyConnect elevation of privileges

Re: [FD] Cisco AnyConnect elevation of privileges via DMG install script

has released bug ID CSCuv11947 for registered users, which contains additional details and an up-to-date list of affected product versions. On 23-09-15 19:14, Securify B.V. wrote: Cisco AnyConnect elevation of privileges via

[FD] COM+ Services DLL side loading vulnerability

COM+ Services DLL side loading vulnerability Yorick Koster, August 2015 Abstra

[FD] Event Viewer Snapin multiple DLL side loading vulnerabilities

Event Viewer Snapin multiple DLL side loading vulnerabilities Yorick Koster, August 2015 --

[FD] Windows Authentication UI DLL side loading vulnerability

Windows Authentication UI DLL side loading vulnerability Yorick Koster, August 2015 ---

[FD] Shutdown UX DLL side loading vulnerability

Shutdown UX DLL side loading vulnerability Yorick Koster, November 2015 Abstra

[FD] Shockwave Flash Object DLL side loading vulnerability

Shockwave Flash Object DLL side loading vulnerability Yorick Koster, August 2015 --

[FD] OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

OLE DB Provider for Oracle multiple DLL side loading vulnerabilities Yorick Koster, August 2015 ---

[FD] LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Yorick Koster, September 2015 -

[FD] HP ToComMsg DLL side loading vulnerability

HP ToComMsg DLL side loading vulnerability Yorick Koster, September 2015 Abstr

[FD] HP LaserJet Fax Preview DLL side loading vulnerability

HP LaserJet Fax Preview DLL side loading vulnerability Yorick Koster, September 2015 --

[FD] NPS Datastore server DLL side loading vulnerability

NPS Datastore server DLL side loading vulnerability Yorick Koster, September 2015 -

[FD] BDA MPEG2 Transport Information Filter DLL side loading vulnerability

BDA MPEG2 Transport Information Filter DLL side loading vulnerability Yorick Koster, September 2015 ---

[FD] MapsUpdateTask Task DLL side loading vulnerability

MapsUpdateTask Task DLL side loading vulnerability Yorick Koster, November 2015 ---

Re: [FD] OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

Fix Microsoft released MS16-014 that fixes this vulnerability. On 16-12-15 19:26, Securify B.V. wrote

[FD] Windows Mail Find People DLL side loading vulnerability

Windows Mail Find People DLL side loading vulnerability Yorick Koster, September 2015 -

Re: [FD] Windows Mail Find People DLL side loading vulnerability

Hi Stefan, See below. On 09-03-16 12:48, Stefan Kanthak wrote: "Securify B.V." wrote: Windows Mail Find People DLL side loading vul

[FD] .NET Framework 4.6 allows side loading of Windows API Set DLL

.NET Framework 4.6 allows side loading of Windows API Set DLL Yorick Koster, February 2016

[FD] EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection Han Sahin, November 2014 --

[FD] Microsoft Visio multiple DLL side loading vulnerabilities

Microsoft Visio multiple DLL side loading vulnerabilities Yorick Koster, August 2015 --

[FD] Craft CMS affected by server side template injection

Craft CMS affected by server side template injection Nelson Berg & Jurgen Kloosterman, June 2016 --

[FD] Persistent Cross-Site Scripting in WP Live Chat Support plugin

Persistent Cross-Site Scripting in WP Live Chat Support plugin Han Sahin, July 2016 ---

[FD] DLL side loading vulnerability in VMware Host Guest Client Redirector

DLL side loading vulnerability in VMware Host Guest Client Redirector Yorick Koster, December 2015

[FD] Internet Explorer iframe sandbox local file name disclosure vulnerability

Internet Explorer iframe sandbox local file name disclosure vulnerability Yorick Koster, March 2016 ---

[FD] Authentication bypass vulnerability in Western Digital My Cloud

Authentication bypass vulnerability in Western Digital My Cloud Remco Vermeulen, Januari 2017 -

[FD] Multiple persistent Cross-Site Scripting vulnerabilities in osTicket

Multiple persistent Cross-Site Scripting vulnerabilities in osTicket Han Sahin, July 2016 -

[FD] Adobe Reader for Android exposes insecure Javascript interfaces

Adobe Reader for Android exposes insecure Javascript interfaces Yorick Koster, April 2014 -

Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)

This issue was originally reported as CVE-2011-3426. We can confirm that Mobile Safari on iOS 7.1.2 is still affected. We've reported this to Apple on February 25, 2014. You can test is yourself at: http://www.securify.nl/cve-2011-3426.html This test page sets the following HTTP headers: Conte

Re: [FD] Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)

Attached is a screenshot that demonstrates this issue on Yahoo! Mail. Despite the Content-Disposition header, (HTML) attachments are rendered by Mobile Safari. On 30-07-14 19:01, Securify B.V. wrote: This issue was originally reported as CVE-2011-3426. We can confirm that Mobile Safari on

[FD] Outlook.com for Android fails to validate server certificates

Outlook.com for Android fails to validate server certificates Yorick Koster, April 2014 ---

[FD] Glype proxy cookie jar path traversal allows code execution

Glype proxy cookie jar path traversal allows code execution Securify, September 2014 --

[FD] Glype proxy privacy settings can be disabled via CSRF

Glype proxy privacy settings can be disabled via CSRF Securify, September 2014

[FD] Glype proxy privacy settings can be disabled via CSRF

Glype proxy privacy settings can be disabled via CSRF Securify, September 2014

[FD] Glype proxy local address filter bypass

Glype proxy local address filter bypass Securify, September 2014 Abstract

[FD] Cisco RV Series multiple vulnerabilities

Cisco RV Series multiple vulnerabilities Yorick Koster, June 2013 Abstract ---

[FD] Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting

Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting Han Sahin, September 2014 -

[FD] Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view

Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view Han Sahin, September 2014 -

[FD] Command injection vulnerability in network diagnostics tool of Websense Appliance Manager

Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Han Sahin, September 2014 ---

[FD] Source code disclosure of Websense Triton JSP files via double quote character

Source code disclosure of Websense Triton JSP files via double quote character Han Sahin, September 2014 --

[FD] Missing access control on Websense Explorer web folder

Missing access control on Websense Explorer web folder Han Sahin, September 2014 --

[FD] Cross-Site Scripting vulnerability in Websense Data Security block page

Cross-Site Scripting vulnerability in Websense Data Security block page Han Sahin, September 2014 -

[FD] Cross-Site Scripting vulnerability in Websense Explorer report scheduler

Cross-Site Scripting vulnerability in Websense Explorer report scheduler Han Sahin, September 2014

[FD] Multiple Cross-Site Scripting vulnerabilities in Websense Reporting

Multiple Cross-Site Scripting vulnerabilities in Websense Reporting Han Sahin, September 2014 -

[FD] Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting

Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting Han Sahin, September 2014 ---

[FD] EMC M&R (Watch4net) data storage collector credentials are not properly protected

EMC M&R (Watch4net) data storage collector credentials are not properly protected Han Sahin, November 2014

[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites

Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites Han Sahin, November 2014

[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console

Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console Han Sahin, November 2014 -

[FD] Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend

Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend Han Sahin, November 2014 --

[FD] Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser

Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser Han Sahin, November 2014 --

[FD] Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery

Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery Han Sahin, November 2014 -

[FD] Command injection vulnerability in EMC Secure Remote Services Virtual Edition

Command injection vulnerability in EMC Secure Remote Services Virtual Edition Han Sahin, November 2014

[FD] EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection

EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection Han Sahin, November 2014 ---

[FD] Citrix Command Center allows downloading of configuration files

Citrix Command Center allows downloading of configuration files Han Sahin, August 2014

[FD] Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users Han Sahin, August 2014 --

[FD] Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting Han Sahin, August 2014 -

[FD] Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page Han Sahin, August 2014

[FD] Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting Han Sahin, August 2014 -

[FD] Viber for Android exposes insecure Javascript interface

Viber for Android exposes insecure Javascript interface Yorick Koster, April 2014 -

[FD] Reflected Cross-Site Scripting vulnerability in asdoc generated documentation

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation Radjnies Bhansingh, March 2014 --

[FD] Command injection vulnerability in Synology Photo Station

Command injection vulnerability in Synology Photo Station Han Sahin, May 2015

[FD] Reflected Cross-Site Scripting in Synology DiskStation Manager

Reflected Cross-Site Scripting in Synology DiskStation Manager Han Sahin, May 2015

[FD] Synology Photo Station multiple Cross-Site Scripting vulnerabilities

Synology Photo Station multiple Cross-Site Scripting vulnerabilities Han Sahin, May 2015 --

[FD] Western Digital My Cloud vulnerable to multiple command injection vulnerabilities

Western Digital My Cloud vulnerable to multiple command injection vulnerabilities Remco Vermeulen, January 2017 ---

[FD] Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability

Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability Remco Vermeulen, January 2017 -

[FD] Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Remco Vermeulen, January 2017

[FD] Microsoft Edge Fetch API allows setting of arbitrary request headers

Microsoft Edge Fetch API allows setting of arbitrary request headers Yorick Koster, January 2017 --

[FD] Multiple local privilege escalation vulnerabilities in Proxifier for Mac

Multiple local privilege escalation vulnerabilities in Proxifier for Mac Yorick Koster, April 2017

[FD] Microsoft Office OneNote 2007 DLL side loading vulnerability

Microsoft Office OneNote 2007 DLL side loading vulnerability Yorick Koster, September 2015

[FD] Persistent Cross-Site Scripting in Scriptler Jenkins Plugin

Persistent Cross-Site Scripting in Scriptler Jenkins Plugin Burak Kelebek, April 2017 -

[FD] Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Remco Vermeulen, April 2017 -

[FD] Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Han Sahin, April 2017 ---

[FD] Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS

Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS Han Sahin, April 2017 -

[FD] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Yorick Koster, February 2017 ---

Re: [FD] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options

MediaWiki version 1.28.2 and version 1.27.3 were release that include a fix for this issue. https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html On 29-04-17 16:41, Securify B.V. wrote

[FD] InsomniaX loader allows loading of arbitrary Kernel Extensions

InsomniaX loader allows loading of arbitrary Kernel Extensions Yorick Koster, April 2017 --

[FD] Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator

Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator Sipke Mellema, July 2017 -

[FD] Xamarin Studio for Mac API documentation update affected by local privilege escalation

Xamarin Studio for Mac API documentation update affected by local privilege escalation Yorick Koster, April 2017 --

[FD] Clickjacking vulnerability in CSRF error page pfSense

Clickjacking vulnerability in CSRF error page pfSense Yorick Koster, November 2017

[FD] bugt...@securityfocus.com

Clickjacking vulnerability in CSRF error page pfSense Yorick Koster, November 2017

[FD] Arbitrary file read in Kaseya VSA

Arbitrary file read in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017 A

[FD] Code execution in Kaseya VSA

Code execution in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017 Abstra

[FD] Authentication bypass in Kaseya VSA

Authentication bypass in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017

[FD] Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links Stephan Kaag, January 2018

[FD] Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Remco Vermeulen, September 2018 -

[FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument Yorick Koster, August 2018 -

[FD] Ivanti Workspace Control local privilege escalation via Named Pipe

Ivanti Workspace Control local privilege escalation via Named Pipe Yorick Koster, August 2018 -

[FD] Ivanti Workspace Control Data Security bypass via localhost UNC path

Ivanti Workspace Control Data Security bypass via localhost UNC path Yorick Koster, August 2018 ---

[FD] Stored credentials Ivanti Workspace Control can be retrieved from Registry

Stored credentials Ivanti Workspace Control can be retrieved from Registry Yorick Koster, August 2018 -

[FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument Yorick Koster, August 2018 -

[FD] ZoneAlarm TrueVector Internet Monitor service insecure NTFS permissions vulnerability

ZoneAlarm TrueVector Internet Monitor service insecure NTFS permissions vulnerability Yorick Koster, December 2019 -

[FD] Unauthorized access to QRadar configuration sets via default password

Unauthorized access to QRadar configuration sets via default password Yorick Koster, September 2019

[FD] QRadar RssFeedItem Server-Side Request Forgery vulnerability

QRadar RssFeedItem Server-Side Request Forgery vulnerability Yorick Koster, September 2019 -

  1   2   >