from:"Securify B.V."

Adobe Reader for Android exposes insecure Javascript interfaces

2014-04-15 Thread Securify B.V.

Adobe Reader for Android exposes insecure Javascript interfaces Yorick Koster, April 2014

Outlook.com for Android fails to validate server certificates

2014-08-18 Thread Securify B.V.

Outlook.com for Android fails to validate server certificates Yorick Koster, April 2014

Glype proxy cookie jar path traversal allows code execution

2014-09-23 Thread Securify B.V.

Glype proxy cookie jar path traversal allows code execution Securify, September 2014

Glype proxy privacy settings can be disabled via CSRF

2014-09-23 Thread Securify B.V.

Glype proxy privacy settings can be disabled via CSRF Securify, September 2014

Glype proxy local address filter bypass

2014-09-23 Thread Securify B.V.

Glype proxy local address filter bypass Securify, September 2014 Abstract

Cisco RV Series multiple vulnerabilities

2014-11-06 Thread Securify B.V.

Cisco RV Series multiple vulnerabilities Yorick Koster, June 2013 Abstract

Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting

2015-03-18 Thread Securify B.V.

Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting Han Sahin, September 2014

Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view

2015-03-18 Thread Securify B.V.

Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view Han Sahin, September 2014

Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting

2015-03-18 Thread Securify B.V.

Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting Han Sahin, September 2014

Multiple Cross-Site Scripting vulnerabilities in Websense Reporting

2015-03-18 Thread Securify B.V.

Multiple Cross-Site Scripting vulnerabilities in Websense Reporting Han Sahin, September 2014

Path traversal vulnerability in EMC MR (Watch4net) Device Discovery

2015-03-19 Thread Securify B.V.

Path traversal vulnerability in EMC MR (Watch4net) Device Discovery Han Sahin, November 2014

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal Report Favorites

2015-03-19 Thread Securify B.V.

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal Report Favorites Han Sahin, November 2014

Command injection vulnerability in EMC Secure Remote Services Virtual Edition

2015-03-19 Thread Securify B.V.

Command injection vulnerability in EMC Secure Remote Services Virtual Edition Han Sahin, November 2014

EMC MR (Watch4net) data storage collector credentials are not properly protected

2015-03-19 Thread Securify B.V.

EMC MR (Watch4net) data storage collector credentials are not properly protected Han Sahin, November 2014

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized Management Console

2015-03-19 Thread Securify B.V.

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized Management Console Han Sahin, November 2014

Path traversal vulnerability in EMC MR (Watch4net) MIB Browser

2015-03-19 Thread Securify B.V.

Path traversal vulnerability in EMC MR (Watch4net) MIB Browser Han Sahin, November 2014

EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection

2015-03-19 Thread Securify B.V.

EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection Han Sahin, November 2014

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting Frontend

2015-03-19 Thread Securify B.V.

Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting Frontend Han Sahin, November 2014

Command injection vulnerability in network diagnostics tool of Websense Appliance Manager

2015-03-18 Thread Securify B.V.

Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Han Sahin, September 2014

Missing access control on Websense Explorer web folder

2015-03-18 Thread Securify B.V.

Missing access control on Websense Explorer web folder Han Sahin, September 2014

Cross-Site Scripting vulnerability in Websense Explorer report scheduler

2015-03-18 Thread Securify B.V.

Cross-Site Scripting vulnerability in Websense Explorer report scheduler Han Sahin, September 2014

Viber for Android exposes insecure Javascript interface

2015-03-20 Thread Securify B.V.

Viber for Android exposes insecure Javascript interface Yorick Koster, April 2014

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users

2015-03-19 Thread Securify B.V.

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users Han Sahin, August 2014

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting

2015-03-19 Thread Securify B.V.

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting Han Sahin, August 2014

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

2015-03-19 Thread Securify B.V.

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting Han Sahin, August 2014

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

2015-03-19 Thread Securify B.V.

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page Han Sahin, August 2014

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation

2015-04-08 Thread Securify B.V.

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation Radjnies Bhansingh, March 2014

Command injection vulnerability in Synology Photo Station

2015-05-25 Thread Securify B.V.

Command injection vulnerability in Synology Photo Station Han Sahin, May 2015

Synology Photo Station multiple Cross-Site Scripting vulnerabilities

2015-05-25 Thread Securify B.V.

Synology Photo Station multiple Cross-Site Scripting vulnerabilities Han Sahin, May 2015

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition

2015-08-17 Thread Securify B.V.

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition Han Sahin, November 2014

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal

2015-08-17 Thread Securify B.V.

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal Han Sahin, November 2014

Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class

2015-07-27 Thread Securify B.V.

Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class Yorick Koster, May 2015

Re: Cisco AnyConnect elevation of privileges via DMG install script

2015-09-30 Thread Securify B.V.

has released bug ID CSCuv11947 for registered users, which contains additional details and an up-to-date list of affected product versions. On 23-09-15 19:15, Securify B.V. wrote: Cisco AnyConnect elevation of privileges via

Synology Video Station command injection and multiple SQL injection vulnerabilities

2015-09-09 Thread Securify B.V.

Synology Video Station command injection and multiple SQL injection vulnerabilities Han Sahin, September 2015

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station

2015-09-09 Thread Securify B.V.

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Han Sahin, September 2015

Cisco AnyConnect elevation of privileges via DMG install script

2015-09-23 Thread Securify B.V.

Cisco AnyConnect elevation of privileges via DMG install script Yorick Koster, July 2015

Cisco AnyConnect elevation of privileges via DLL side loading

2015-09-22 Thread Securify B.V.

Cisco AnyConnect elevation of privileges via DLL side loading Yorick Koster, June 2015

Event Viewer Snapin multiple DLL side loading vulnerabilities

2015-12-16 Thread Securify B.V.

Event Viewer Snapin multiple DLL side loading vulnerabilities Yorick Koster, August 2015

Shutdown UX DLL side loading vulnerability

2015-12-16 Thread Securify B.V.

Shutdown UX DLL side loading vulnerability Yorick Koster, November 2015

Shockwave Flash Object DLL side loading vulnerability

2015-12-16 Thread Securify B.V.

Shockwave Flash Object DLL side loading vulnerability Yorick Koster, August 2015

COM+ Services DLL side loading vulnerability

2015-12-12 Thread Securify B.V.

COM+ Services DLL side loading vulnerability Yorick Koster, August 2015

Windows Authentication UI DLL side loading vulnerability

2015-12-12 Thread Securify B.V.

Windows Authentication UI DLL side loading vulnerability Yorick Koster, August 2015

Microsoft Visio multiple DLL side loading vulnerabilities

2016-06-15 Thread Securify B.V.

Microsoft Visio multiple DLL side loading vulnerabilities Yorick Koster, August 2015

Craft CMS affected by server side template injection

2016-06-27 Thread Securify B.V.

Craft CMS affected by server side template injection Nelson Berg & Jurgen Kloosterman, June 2016

NPS Datastore server DLL side loading vulnerability

2016-02-10 Thread Securify B.V.

NPS Datastore server DLL side loading vulnerability Yorick Koster, September 2015

MapsUpdateTask Task DLL side loading vulnerability

2016-02-10 Thread Securify B.V.

MapsUpdateTask Task DLL side loading vulnerability Yorick Koster, November 2015

BDA MPEG2 Transport Information Filter DLL side loading vulnerability

2016-02-10 Thread Securify B.V.

BDA MPEG2 Transport Information Filter DLL side loading vulnerability Yorick Koster, September 2015

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

2016-02-11 Thread Securify B.V.

On 11-02-16 14:14, Stefan Kanthak wrote: "Securify B.V." <li...@securify.nl> wrote: Microsoft released MS16-014 that fixes this vulnerability. Such vulnerabilities can be exploited without Office or OLE (see "Example 7" of <http://seclists.org/fulldisclosure/201

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

2016-02-10 Thread Securify B.V.

Fix Microsoft released MS16-014 that fixes this vulnerability. On 16-12-15 19:27, Securify B.V. wrote

HP ToComMsg DLL side loading vulnerability

2016-01-25 Thread Securify B.V.

HP ToComMsg DLL side loading vulnerability Yorick Koster, September 2015

HP LaserJet Fax Preview DLL side loading vulnerability

2016-01-25 Thread Securify B.V.

HP LaserJet Fax Preview DLL side loading vulnerability Yorick Koster, September 2015

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities

2016-01-25 Thread Securify B.V.

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities Yorick Koster, September 2015

Re: Windows Mail Find People DLL side loading vulnerability

2016-03-09 Thread Securify B.V.

Hi Stefan, See below. On 09-03-16 13:18, Stefan Kanthak wrote: "Securify B.V." wrote: Windows Mail Find People DLL side loading vul

Windows Mail Find People DLL side loading vulnerability

2016-03-08 Thread Securify B.V.

Windows Mail Find People DLL side loading vulnerability Yorick Koster, September 2015

.NET Framework 4.6 allows side loading of Windows API Set DLL

2016-04-12 Thread Securify B.V.

.NET Framework 4.6 allows side loading of Windows API Set DLL Yorick Koster, February 2016

EMC M (Watch4net) lacks Cross-Site Request Forgery protection

2016-04-27 Thread Securify B.V.

EMC M (Watch4net) lacks Cross-Site Request Forgery protection Han Sahin, November 2014

Internet Explorer iframe sandbox local file name disclosure vulnerability

2016-08-09 Thread Securify B.V.

Internet Explorer iframe sandbox local file name disclosure vulnerability Yorick Koster, March 2016

DLL side loading vulnerability in VMware Host Guest Client Redirector

2016-08-05 Thread Securify B.V.

DLL side loading vulnerability in VMware Host Guest Client Redirector Yorick Koster, December 2015

Authentication bypass vulnerability in Western Digital My Cloud

2017-02-13 Thread Securify B.V.

Authentication bypass vulnerability in Western Digital My Cloud Remco Vermeulen, Januari 2017

Microsoft Edge Fetch API allows setting of arbitrary request headers

2017-03-14 Thread Securify B.V.

Microsoft Edge Fetch API allows setting of arbitrary request headers Yorick Koster, January 2017

Multiple local privilege escalation vulnerabilities in Proxifier for Mac

2017-04-11 Thread Securify B.V.

Multiple local privilege escalation vulnerabilities in Proxifier for Mac Yorick Koster, April 2017

Microsoft Office OneNote 2007 DLL side loading vulnerability

2017-04-11 Thread Securify B.V.

Microsoft Office OneNote 2007 DLL side loading vulnerability Yorick Koster, September 2015

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution

2017-03-07 Thread Securify B.V.

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution Remco Vermeulen, January 2017

Multiple persistent Cross-Site Scripting vulnerabilities in osTicket

2017-02-28 Thread Securify B.V.

Multiple persistent Cross-Site Scripting vulnerabilities in osTicket Han Sahin, July 2016

InsomniaX loader allows loading of arbitrary Kernel Extensions

2017-07-03 Thread Securify B.V.

InsomniaX loader allows loading of arbitrary Kernel Extensions Yorick Koster, April 2017

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

2017-04-25 Thread Securify B.V.

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Remco Vermeulen, April 2017

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X

2017-05-01 Thread Securify B.V.

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Han Sahin, April 2017

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options

2017-05-01 Thread Securify B.V.

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Yorick Koster, February 2017

Arbitrary file read in Kaseya VSA

2018-01-15 Thread Securify B.V.

Arbitrary file read in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017

Authentication bypass in Kaseya VSA

2018-01-15 Thread Securify B.V.

Authentication bypass in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017

Code execution in Kaseya VSA

2018-01-15 Thread Securify B.V.

Code execution in Kaseya VSA Kin Hung Cheng, Robert Hartshorn, May 2017

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links

2018-03-26 Thread Securify B.V.

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links Stephan Kaag, January 2018

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument

2018-10-01 Thread Securify B.V.

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument Yorick Koster, August 2018

Ivanti Workspace Control local privilege escalation via Named Pipe

2018-10-01 Thread Securify B.V.

Ivanti Workspace Control local privilege escalation via Named Pipe Yorick Koster, August 2018

Ivanti Workspace Control Data Security bypass via localhost UNC path

2018-10-01 Thread Securify B.V.

Ivanti Workspace Control Data Security bypass via localhost UNC path Yorick Koster, August 2018

Stored credentials Ivanti Workspace Control can be retrieved from Registry

2018-10-01 Thread Securify B.V.

Stored credentials Ivanti Workspace Control can be retrieved from Registry Yorick Koster, August 2018

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument

2018-10-01 Thread Securify B.V.

Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS command line argument Yorick Koster, August 2018

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

2018-09-18 Thread Securify B.V.

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges Remco Vermeulen, September 2018

78 matches

Mail list logo