Full Disclosure Archive by Thread 2018/10-Oct

• Date Index

• Re: [FD] Skype Debian package: allows complete machine takeover for Microsoft, Seth Arnold
  • Re: [FD] Skype Debian package: allows complete machine takeover for Microsoft, Michael Lazin - Tue Oct 02 15:46:55 GMT 2018
    • Re: [FD] Skype Debian package: allows complete machine takeover for Microsoft, coderaptor - Fri Oct 12 19:24:37 GMT 2018
• [FD] Nullcon Goa 2019 Call For Papers is Open - 10th Anniversary edition!, Yuliya Pliavaka
• [FD] e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key, Stefan Pietsch
• [FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument, Securify B.V. via Fulldisclosure
• [FD] Ivanti Workspace Control local privilege escalation via Named Pipe, Securify B.V. via Fulldisclosure
• [FD] Ivanti Workspace Control Data Security bypass via localhost UNC path, Securify B.V. via Fulldisclosure
• [FD] Stored credentials Ivanti Workspace Control can be retrieved from Registry, Securify B.V. via Fulldisclosure
• [FD] Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument, Securify B.V. via Fulldisclosure
• [FD] SEC Consult SA-20181001-0 :: Password disclosure vulnerability & XSS in PTC ThingWorx (CVE-2018-17216, CVE-2018-17217, CVE-2018-17218), SEC Consult Vulnerability Lab
• Re: [FD] Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 and below, Henri Salo
• [FD] [CFP] The Fourth International Conference on Information Security and Digital Forensics (ISDF2018), Frelyn SDIWC
• [FD] CVE-2018-15903 - Stored XSS on Claromentis, David Vargas
• [FD] Facebook Platform Hack - Critical Access Token Vulnerabilities, Vulnerability Lab
• [FD] [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple, advisories
• [FD] [CVE-2018-15379] Unauth RCE as root in Cisco Prime Infrastructure, Pedro Ribeiro
• [FD] net-snmp 5.7.3 unauthenticated remote DoS, Magnus Klaaborg Stubman
• [FD] Dancho Danchev's 2010 Disappearance - An Elaboration - Part Two, Dancho Danchev via Fulldisclosure
• [FD] APPLE-SA-2018-10-08-1 iOS 12.0.1, Apple Product Security
• [FD] APPLE-SA-2018-10-08-2 iCloud for Windows 7.7, Apple Product Security
• [FD] Multiple vulnerabilities in NPLUG wireless repeater, Patrick Costa
• [FD] Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596), alt3kx via Fulldisclosure
• [FD] [CFP] The Sixth International Conference on Cyber Security, Cyber Welfare and Digital Forensic (CyberSec2018), Frelyn SDIWC
• [FD] Responsive Filemanager 9.8.1 Authentication Bypass, yavuz atlas
• [FD] Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS), yavuz atlas
• [FD] SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919), SEC Consult Vulnerability Lab
• [FD] SD-WAN Harvester v 0.99, SCADA StrangeLove
• [FD] Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540), Simon Uvarov via Fulldisclosure
• [FD] [SBA-ADV-20180319-01] CVE-2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection, SBA Research Advisory
• [FD] [SBA-ADV-20180319-02] CVE-2018-17534: Teltonika RUT9XX Missing Access Control to UART Root Terminal, SBA Research Advisory
• [FD] [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS), SBA Research Advisory
• [FD] Vulnerability Disclose, Murat Aydemir
• [FD] CVE-2018-8532 / Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / XML Injection, hyp3rlinx
• [FD] CVE-2018-8527 Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / xel filetype XML Injection, hyp3rlinx
• [FD] CVE-2018-8533 Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 / REGSRVR file handling XML Injection, hyp3rlinx
• [FD] Multiple vulnerabilities in D-Link routers, Błażej Adamczyk
• [FD] DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities, secure
• [FD] [waraxe-2018-SA#109] - Multiple vulnerabilities in Wordfence Wordpress plugin, Janek Vind via Fulldisclosure
• [FD] Riverbed SteelConnect Vulnerabilities, Denis Kolegov
• [FD] CA20181017-01: Security Notice for CA Identity Governance, Kotas, Kevin J
• [FD] Stored XSS in Viprinet VPN Hub Router, Denis Kolegov
• [FD] Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload, Murat Aydemir
• [FD] CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution, Kyriakos Economou
• [FD] RootedCON 2019 Call For Papers is open!, omarbv
• [FD] Vulnerabilities in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4, SCADA StrangeLove
• [FD] CVEs 2018-7633, 2018-7632, 2018-7631 RCE, DoS and Script Injection vulnerabilities in ADB EpiCentro Firmware 7.3.2+, Felix Schallock
• [FD] Critical vulnerability in Cisco WebEx - "WebExec", Ron Bowes
• [FD] HID ActivID ActivClient - DoS or Heap Spray via SC, Harrison Neal
• [FD] [CORE-2018-0005] - ASRock Drivers Elevation of Privilege Vulnerabilities, advisories
• [FD] CVE-2018-16789: denial of service in shellinabox, Imre Rad
• [FD] HID ActivID ActivClient - JasPer DoS CVE-2017-{5499, 5500, 5502}, Harrison Neal
• [FD] CVE-2018-10532 - EE 4GEE HH70 Home Router Hardcoded Root SSH Credentials, James Hemmings via Fulldisclosure
• [FD] DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability, secure