Full Disclosure: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

173 messages starting Jun 01 14 and ending Jun 30 14
Date index | Thread index | Author index

• Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress Yarubo Security Research Team (Jun 01)
• LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues advisories (Jun 02)
• NG WifiTransfer Pro 1.1 - File Include Vulnerability Vulnerability Lab (Jun 03)
• Files Desk Pro v1.4 iOS - File Include Web Vulnerability Vulnerability Lab (Jun 03)
• Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability Vulnerability Lab (Jun 03)
• TigerCom My Assistant v1.1 iOS - File Include Vulnerability Vulnerability Lab (Jun 03)
• Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities Vulnerability Lab (Jun 03)
• CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 Portcullis Advisories (Jun 03)
• iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability Vulnerability Lab (Jun 03)
• GoAgent vulnerabilities: CA cert with known private key, TLS MITM David Fifield (Jun 03)
  • Re: GoAgent vulnerabilities: CA cert with known private key, TLS MITM Dave Howe (Jun 08)
• CVE-2013-6876 s3dvt Root shell Hector Marco (Jun 03)
• CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco (Jun 03)
• CVE-2014-1226 s3dvt Root shell (still) Hector Marco (Jun 03)
• Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 03)
  • Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran (Jun 04)
    • Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists (Jun 05)
    • Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 05)
      • Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton (Jun 05)
• Is Your Antivirus Tracking You? You'd Be Surprised At What It Sends Ivan .Heca (Jun 03)
• [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies Fran (Jun 03)
• Re: TrueCrypt? Dave Howe (Jun 03)
  • Re: TrueCrypt? Dave Warren (Jun 04)
    • Re: TrueCrypt? surivaton surivaton (Jun 08)
      • Re: TrueCrypt? Dave Warren (Jun 08)
• Re: TrueCrypt 7.1 repos on GitHub - forking starting point Dave Howe (Jun 03)
• Re: TrueCrypt 7.1 repos on GitHub - forking starting point Greg Bromage (Jun 03)
• IPSwitch IMail Server WEB client 12.4 persistent XSS fulldisclosure (Jun 04)
• More /tmp fun (PHP, Lynis) A B (Jun 04)
• Linksys E4200 Authentication Bypass Jordan Bradley (Jun 04)
• [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager RedTeam Pentesting GmbH (Jun 05)
• More OpenSSL issues Jordan Urie (Jun 05)
  • Re: More OpenSSL issues Brandon Vincent (Jun 05)
  • Re: More OpenSSL issues P Vixie (Jun 06)
    • Re: More OpenSSL issues Craig Young (Jun 07)
• Scrumworks Pro authenticated arbitrary password reset Brandon Perry (Jun 05)
• PHPBTTracker+ 2.2 SQL Injection Enrico Cinquini (Jun 05)
• Computer hackers face life in prison under new Government crackdown on cyber terrorism | Mail Online Ivan .Heca (Jun 05)
  • Re: Computer hackers face life in prison under new Government crackdown on cyber terrorism | Mail Online Jeffrey Walton (Jun 05)
• SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan SEC Consult Vulnerability Lab (Jun 06)
• [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components Onapsis Research Labs (Jun 06)
• [Onapsis Security Advisory 2014-020] SAP SLD Information Tampering Onapsis Research Labs (Jun 06)
• [Tool] Pcredz laurent gaffie (Jun 08)
• Xornic Contact Us Form - Captcha Bypass / XSS Scott Arciszewski (Jun 08)
• CVE-2014-3740 - SpiceWorks Cross-site scripting Dolev Farhi (Jun 08)
• Responsible disclosure: terms and conditions Pedro Ribeiro (Jun 08)
  • Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
    • Re: Responsible disclosure: terms and conditions Daniel Wood (Jun 08)
    • Re: Responsible disclosure: terms and conditions Dave Warren (Jun 08)
      • Re: Responsible disclosure: terms and conditions Daniel Wood (Jun 09)
    • Message not available
      • Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
    • Re: Responsible disclosure: terms and conditions coderman (Jun 09)
      • Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
  • Message not available
    • Re: Responsible disclosure: terms and conditions Pedro Ribeiro (Jun 08)
  • <Possible follow-ups>
  • Re: Responsible disclosure: terms and conditions codeinject.org (Jun 08)
    • Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
      • Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
      • Re: Responsible disclosure: terms and conditions Eric Rand (Jun 09)
• SCADA StrangeLove at PHDays IV scadastrangelove (Jun 08)
  • Re: SCADA StrangeLove at PHDays IV scadastrangelove (Jun 08)
• Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289 William Costa (Jun 09)
• [Tool] Responder v2.0.9 laurent gaffie (Jun 09)
• CSRF in Featured Comments 1.2.1 allows an attacker to set and unset comment statuses (WordPress plugin) dxw Security (Jun 10)
• CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin) dxw Security (Jun 10)
• CSRF in JW Player for Flash & HTML5 Video 2.1.2 permits deletion of players (WordPress plugin) dxw Security (Jun 10)
• PayPal supports terrorism MustLive (Jun 10)
  • Re: PayPal supports terrorism † (Jun 10)
    • Re: PayPal supports terrorism Fyodor (Jun 10)
• Multiple Vulns in Openfiler 2.99 dsa dsa (Jun 10)
• Oracle Access Manager (OAM) Vulnerabilities (CVEs) Jing Wang (Jun 10)
• Embeded Device Security Conference 2014 // CFP Michael Eddington (Jun 10)
• NEW : VMSA-2014-0006 - VMware product updates address OpenSSL security vulnerabilities "VMware Security Response Center" (Jun 10)
• CVE-2014-3977 - Privilege Escalation in IBM AIX Portcullis Advisories (Jun 11)
• XSS on Samsung Site Roberto Garcia Amoriz (Jun 11)
• CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones J. Oquendo (Jun 12)
• AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Asterisk Security Team (Jun 13)
• AST-2014-006: Asterisk Manager User Unauthorized Shell Access Asterisk Security Team (Jun 13)
• AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections Asterisk Security Team (Jun 13)
• AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions Asterisk Security Team (Jun 13)
• [SE-2014-01] Security vulnerabilities in Oracle Database Java VM Security Explorations (Jun 15)
• T-Mobile webConnect Manager sysauth cookie leak in plain text via http request Americas Testkitchen (Jun 16)
• [Tool] XXE exploit automation - On The Outside, Reaching In 0.2 Ben Lincoln (F7EFC8C9) (Jun 16)
• [CFP] Hacktivity 2014 CFP is open Ferenc Spala (Jun 16)
• chatcrypt.com insecure, bad setup for secure chat johan nestaas (Jun 16)
• Securing Ubuntu-Desktop From the Bad-Guys, and the Good-Guys. Joshua Rogers (Jun 16)
• Onnto RAID Master rev358 for OS X - multiple remote vulnerabilities Reed Black (Jun 16)
• Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable) Kristian Erik Hermansen (Jun 16)
• [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack pnig0spnig0s (Jun 17)
• Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability Vulnerability Lab (Jun 18)
• Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Vulnerability Lab (Jun 18)
  • <Possible follow-ups>
  • Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Vulnerability Lab (Jun 18)
    • Re: Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities Secunia Research (Jun 18)
• Vulnerabilities in CDVI ACAC22 [2-Door Controller] gassyjack (Jun 18)
• [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack pnig0spnig0s (Jun 18)
• XSS on Dell Site Roberto Garcia Amoriz (Jun 18)
• Call For Papers for 2nd Balkan Computer Congress - BalCCon2k14 Milos Krasojevic (Jun 18)
• Project un1c0rn hits 70k hosts Project Un1c0rn (Jun 20)
  • Re: Project un1c0rn hits 70k hosts surivaton surivaton (Jun 20)
    • Re: Project un1c0rn hits 70k hosts Project Un1c0rn (Jun 20)
• XSS on Panasonic site Roberto Garcia Amoriz (Jun 20)
  • Re: XSS on Panasonic site Adrien Jolibert (Jun 21)
• XSS on Epson site Roberto Garcia Amoriz (Jun 20)
• keybase.io Rikairchy (Jun 21)
  • Re: keybase.io Dennis E. Hamilton (Jun 22)
  • Re: keybase.io Attilla de Groot (Jun 22)
  • Re: keybase.io Tony Arcieri (Jun 22)
  • Re: keybase.io Robert Dannhauer (Jun 22)
    • Re: keybase.io Tony Arcieri (Jun 23)
      • Re: keybase.io Jonathan Care (Jun 23)
      • Re: keybase.io Tony Arcieri (Jun 25)
    • Re: keybase.io Sam Stewart (Jun 25)
  • Re: keybase.io Nick Boyce (Jun 23)
• BF and XSS vulnerabilities in Zyxel P660RT2 EE MustLive (Jun 22)
• Fwd: CFP ekoparty 2014 Juan Pablo Daniel (Jun 23)
• Android KeyStore Stack Buffer Overflow (CVE-2014-3100) Roee Hay (Jun 23)
• Session Hijack Vulnerabilty on ebays german want ad? Christian K. (Jun 23)
  • Re: Session Hijack Vulnerabilty on ebays german want ad? Cengizhan.Yuecel (Jun 24)
  • Re: Session Hijack Vulnerabilty on ebays german want ad? felsenkotzer (Jun 24)
  • Re: Session Hijack Vulnerabilty on ebays german want ad? uname -a (Jun 24)
    • Re: Session Hijack Vulnerabilty on ebays german want ad? R D (Jun 25)
      • Re: Session Hijack Vulnerabilty on ebays german want ad? Christian K. (Jun 27)
      • Re: Session Hijack Vulnerabilty on ebays german want ad? Michael Brown (Jun 28)
• SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965 William Costa (Jun 23)
• Boolean algebra and CSS history theft Michal Zalewski (Jun 24)
  • Re: Boolean algebra and CSS history theft Diego Rodriguez (Jun 25)
• CVE-2014-3868: ZeusCart 4.x Remote SQL Injection Vulnerability Kenny Mathis (Jun 24)
• Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Pichaya Morimoto (Jun 24)
  • Re: Wordpress TimThumb 2.8.13 WebShot Remote Code Execution (0-day) Ryan Dewhurst (Jun 25)
• R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES Pablo A. (Jun 24)
• Exploiting Wildcard Expansion on Linux Stephen Chavez (Jun 24)
• [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting GmbH (Jun 25)
• [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting RedTeam Pentesting GmbH (Jun 25)
• CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014 Portcullis Advisories (Jun 25)
• CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux) Portcullis Advisories (Jun 25)
• HP Enterprise Maps 1.00 Authenticated XXE Brandon Perry (Jun 25)
• Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable Stefan Kanthak (Jun 25)
• FCC Net Neutrality laurent gaffie (Jun 25)
• XSS and CSRF vulnerabilities in Zyxel P660RT2 EE MustLive (Jun 25)
• Back To The Future: Unix Wildcards Gone Wild defensecode (Jun 26)
  • Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski (Jun 26)
  • Re: Back To The Future: Unix Wildcards Gone Wild Julius Kivimäki (Jun 27)
    • Re: Back To The Future: Unix Wildcards Gone Wild fulldisclosure (Jun 28)
      • Re: Back To The Future: Unix Wildcards Gone Wild Daniel Miller (Jun 28)
      • Re: Back To The Future: Unix Wildcards Gone Wild Nico Le Moin (Jun 29)
  • Re: Back To The Future: Unix Wildcards Gone Wild gremlin (Jun 27)
  • Re: Back To The Future: Unix Wildcards Gone Wild Nick Lindridge (Jun 27)
    • Re: Back To The Future: Unix Wildcards Gone Wild steel-wing (Jun 28)
      • Re: Back To The Future: Unix Wildcards Gone Wild Cley Faye (Jun 28)
      • Re: Back To The Future: Unix Wildcards Gone Wild * (Jun 28)
  • Re: Back To The Future: Unix Wildcards Gone Wild Ivan Delalande (Jun 27)
    • Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski (Jun 27)
    • Re: Back To The Future: Unix Wildcards Gone Wild Peter Stamfest (Jun 29)
• Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Onur Alanbel (Jun 26)
• CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin) dxw Security (Jun 26)
• [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution RedTeam Pentesting GmbH (Jun 26)
• check_dhcp - Nagios Plugins = 2.0.2 Race Condition Dawid Golunski (Jun 27)
• Microsoft no longer sending e-mail based security notifications Reed Loden (Jun 27)
  • Re: Microsoft no longer sending e-mail based security notifications Zurd (Jun 28)
• SECV-05-1401 - Vulnerability on World of Tanks servers info (Jun 27)
  • <Possible follow-ups>
  • Re: SECV-05-1401 - Vulnerability on World of Tanks servers jen140 (Jun 28)
• SECV-05-1402 - Reportico php admin credentials leak info (Jun 27)
• CSRF Vulnerability on LinkedIn Kishor Sonawane (Jun 27)
• openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability Ubani Balogun (Jun 27)
• openSIS 4.5 - 5.3 SQL Injection vulnerability Ubani Balogun (Jun 27)
• Fwd: Re: Microsoft no longer sending e-mail based security notifications Peter Nas (Jun 28)
• Horde Framework Unserialize PHP Code Execution - metasploit port / standalone exploit Akra Macha (Jun 29)
• Sun/Oracle GlassFish Server Authenticated Code Execution - metasploit port / Standalone exploit Akra Macha (Jun 29)
• Asterisk Phreaking How-To Akra Macha (Jun 29)
• Flussonic Media Server 4.3.3 Multiple Vulnerabilities Onur Alanbel (Jun 29)
• AV scan on read vs write debate.... Exibar (Jun 29)
  • Re: AV scan on read vs write debate.... Reindl Harald (Jun 29)
• Local File Inclusion in Theme My Login 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution (WordPress plugin) dxw Security (Jun 30)
• SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS SEC Consult Vulnerability Lab (Jun 30)

Previous period

Next period