Full Disclosure Archive by Thread 2018/10-Oct
- Re: [FD] Skype Debian package: allows complete machine takeover for Microsoft,
Seth Arnold
- [FD] Nullcon Goa 2019 Call For Papers is Open - 10th Anniversary edition!,
Yuliya Pliavaka
- [FD] e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key,
Stefan Pietsch
- [FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument,
Securify B.V. via Fulldisclosure
- [FD] Ivanti Workspace Control local privilege escalation via Named Pipe,
Securify B.V. via Fulldisclosure
- [FD] Ivanti Workspace Control Data Security bypass via localhost UNC path,
Securify B.V. via Fulldisclosure
- [FD] Stored credentials Ivanti Workspace Control can be retrieved from Registry,
Securify B.V. via Fulldisclosure
- [FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument,
Securify B.V. via Fulldisclosure
- [FD] SEC Consult SA-20181001-0 :: Password disclosure vulnerability & XSS in PTC ThingWorx (CVE-2018-17216, CVE-2018-17217, CVE-2018-17218),
SEC Consult Vulnerability Lab
- Re: [FD] Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below,
Henri Salo
- [FD] [CFP] The Fourth International Conference on Information Security and Digital Forensics (ISDF2018),
Frelyn SDIWC
- [FD] CVE-2018-15903 - Stored XSS on Claromentis,
David Vargas
- [FD] Facebook Platform Hack - Critical Access Token Vulnerabilities,
Vulnerability Lab
- [FD] [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple,
advisories
- [FD] [CVE-2018-15379] Unauth RCE as root in Cisco Prime Infrastructure,
Pedro Ribeiro
- [FD] net-snmp 5.7.3 unauthenticated remote DoS,
Magnus Klaaborg Stubman
- [FD] Dancho Danchev's 2010 Disappearance - An Elaboration - Part Two,
Dancho Danchev via Fulldisclosure
- [FD] APPLE-SA-2018-10-08-1 iOS 12.0.1,
Apple Product Security
- [FD] APPLE-SA-2018-10-08-2 iCloud for Windows 7.7,
Apple Product Security
- [FD] Multiple vulnerabilities in NPLUG wireless repeater,
Patrick Costa
- [FD] Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596),
alt3kx via Fulldisclosure
- [FD] [CFP] The Sixth International Conference on Cyber Security, Cyber Welfare and Digital Forensic (CyberSec2018),
Frelyn SDIWC
- [FD] Responsive Filemanager 9.8.1 Authentication Bypass,
yavuz atlas
- [FD] Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS),
yavuz atlas
- [FD] SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919),
SEC Consult Vulnerability Lab
- [FD] SD-WAN Harvester v 0.99,
SCADA StrangeLove
- [FD] Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540),
Simon Uvarov via Fulldisclosure
- [FD] [SBA-ADV-20180319-01] CVE-2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection,
SBA Research Advisory
- [FD] [SBA-ADV-20180319-02] CVE-2018-17534: Teltonika RUT9XX Missing Access Control to UART Root Terminal,
SBA Research Advisory
- [FD] [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS),
SBA Research Advisory
- [FD] Vulnerability Disclose,
Murat Aydemir
- [FD] CVE-2018-8532 / Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / XML Injection,
hyp3rlinx
- [FD] CVE-2018-8527 Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / xel filetype XML Injection,
hyp3rlinx
- [FD] CVE-2018-8533 Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / REGSRVR file handling XML Injection,
hyp3rlinx
- [FD] Multiple vulnerabilities in D-Link routers,
Błażej Adamczyk
- [FD] DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities,
secure
- [FD] [waraxe-2018-SA#109] - Multiple vulnerabilities in Wordfence Wordpress plugin,
Janek Vind via Fulldisclosure
- [FD] Riverbed SteelConnect Vulnerabilities,
Denis Kolegov
- [FD] CA20181017-01: Security Notice for CA Identity Governance,
Kotas, Kevin J
- [FD] Stored XSS in Viprinet VPN Hub Router,
Denis Kolegov
- [FD] Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload,
Murat Aydemir
- [FD] CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution,
Kyriakos Economou
- [FD] RootedCON 2019 Call For Papers is open!,
omarbv
- [FD] Vulnerabilities in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4,
SCADA StrangeLove
- [FD] CVEs 2018-7633, 2018-7632, 2018-7631 RCE, DoS and Script Injection vulnerabilities in ADB EpiCentro Firmware 7.3.2+,
Felix Schallock
- [FD] Critical vulnerability in Cisco WebEx - "WebExec",
Ron Bowes
- [FD] HID ActivID ActivClient - DoS or Heap Spray via SC,
Harrison Neal
- [FD] [CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities,
advisories
- [FD] CVE-2018-16789: denial of service in shellinabox,
Imre Rad
- [FD] HID ActivID ActivClient - JasPer DoS CVE-2017-{5499, 5500, 5502},
Harrison Neal
- [FD] CVE-2018-10532 - EE 4GEE HH70 Home Router Hardcoded Root SSH Credentials,
James Hemmings via Fulldisclosure
- [FD] DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability,
secure
Mail converted by MHonArc