Adobe Reader for Android exposes insecure Javascript interfaces
Yorick Koster, April 2014
Outlook.com for Android fails to validate server certificates
Yorick Koster, April 2014
Glype proxy cookie jar path traversal allows code execution
Securify, September 2014
Glype proxy privacy settings can be disabled via CSRF
Securify, September 2014
Glype proxy local address filter bypass
Securify, September 2014
Abstract
Cisco RV Series multiple vulnerabilities
Yorick Koster, June 2013
Abstract
Websense Data Security DLP incident Forensics Preview is vulnerable to
Cross-Site Scripting
Han Sahin, September 2014
Websense Email Security vulnerable to persistent Cross-Site Scripting in
audit log details view
Han Sahin, September 2014
Error messages of Websense Content Gateway are vulnerable to Cross-Site
Scripting
Han Sahin, September 2014
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting
Han Sahin, September 2014
Path traversal vulnerability in EMC MR (Watch4net) Device Discovery
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal
Report Favorites
Han Sahin, November 2014
Command injection vulnerability in EMC Secure Remote Services Virtual
Edition
Han Sahin, November 2014
EMC MR (Watch4net) data storage collector credentials are not properly
protected
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized
Management Console
Han Sahin, November 2014
Path traversal vulnerability in EMC MR (Watch4net) MIB Browser
Han Sahin, November 2014
EMC Secure Remote Services Virtual Edition Provisioning component is
affected by SQL injection
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting
Frontend
Han Sahin, November 2014
Command injection vulnerability in network diagnostics tool of Websense
Appliance Manager
Han Sahin, September 2014
Missing access control on Websense Explorer web folder
Han Sahin, September 2014
Cross-Site Scripting vulnerability in Websense Explorer report scheduler
Han Sahin, September 2014
Viber for Android exposes insecure Javascript interface
Yorick Koster, April 2014
Advent JMX Servlet of Citrx Command Center is accessible to
unauthenticated users
Han Sahin, August 2014
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
Han Sahin, August 2014
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
Han Sahin, August 2014
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page
Han Sahin, August 2014
Reflected Cross-Site Scripting vulnerability in asdoc generated
documentation
Radjnies Bhansingh, March 2014
Command injection vulnerability in Synology Photo Station
Han Sahin, May 2015
Synology Photo Station multiple Cross-Site Scripting vulnerabilities
Han Sahin, May 2015
Insufficient certificate validation in EMC Secure Remote Services
Virtual Edition
Han Sahin, November 2014
Weak authentication in EMC Secure Remote Services Virtual Edition Web
Portal
Han Sahin, November 2014
Integer overflow in .NET Framework
System.DirectoryServices.Protocols.Utility class
Yorick Koster, May 2015
has released bug ID CSCuv11947 for registered users, which
contains additional details and an up-to-date list of affected product
versions.
On 23-09-15 19:15, Securify B.V. wrote:
Cisco AnyConnect elevation of privileges via
Synology Video Station command injection and multiple SQL injection
vulnerabilities
Han Sahin, September 2015
Multiple Cross-Site Scripting vulnerabilities in Synology Download
Station
Han Sahin, September 2015
Cisco AnyConnect elevation of privileges via DMG install script
Yorick Koster, July 2015
Cisco AnyConnect elevation of privileges via DLL side loading
Yorick Koster, June 2015
Event Viewer Snapin multiple DLL side loading vulnerabilities
Yorick Koster, August 2015
Shutdown UX DLL side loading vulnerability
Yorick Koster, November 2015
Shockwave Flash Object DLL side loading vulnerability
Yorick Koster, August 2015
COM+ Services DLL side loading vulnerability
Yorick Koster, August 2015
Windows Authentication UI DLL side loading vulnerability
Yorick Koster, August 2015
Microsoft Visio multiple DLL side loading vulnerabilities
Yorick Koster, August 2015
Craft CMS affected by server side template injection
Nelson Berg & Jurgen Kloosterman, June 2016
NPS Datastore server DLL side loading vulnerability
Yorick Koster, September 2015
MapsUpdateTask Task DLL side loading vulnerability
Yorick Koster, November 2015
BDA MPEG2 Transport Information Filter DLL side loading vulnerability
Yorick Koster, September 2015
On 11-02-16 14:14, Stefan Kanthak wrote:
"Securify B.V." <li...@securify.nl> wrote:
Microsoft released MS16-014 that fixes this vulnerability.
Such vulnerabilities can be exploited without Office or OLE
(see "Example 7" of <http://seclists.org/fulldisclosure/201
Fix
Microsoft released MS16-014 that fixes this vulnerability.
On 16-12-15 19:27, Securify B.V. wrote
HP ToComMsg DLL side loading vulnerability
Yorick Koster, September 2015
HP LaserJet Fax Preview DLL side loading vulnerability
Yorick Koster, September 2015
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities
Yorick Koster, September 2015
Hi Stefan,
See below.
On 09-03-16 13:18, Stefan Kanthak wrote:
"Securify B.V." wrote:
Windows Mail Find People DLL side loading vul
Windows Mail Find People DLL side loading vulnerability
Yorick Koster, September 2015
.NET Framework 4.6 allows side loading of Windows API Set DLL
Yorick Koster, February 2016
EMC M (Watch4net) lacks Cross-Site Request Forgery protection
Han Sahin, November 2014
Internet Explorer iframe sandbox local file name disclosure
vulnerability
Yorick Koster, March 2016
DLL side loading vulnerability in VMware Host Guest Client Redirector
Yorick Koster, December 2015
Authentication bypass vulnerability in Western Digital My Cloud
Remco Vermeulen, Januari 2017
Microsoft Edge Fetch API allows setting of arbitrary request headers
Yorick Koster, January 2017
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
Yorick Koster, April 2017
Microsoft Office OneNote 2007 DLL side loading vulnerability
Yorick Koster, September 2015
Stack-based buffer overflow in Western Digital My Cloud allows for
remote code execution
Remco Vermeulen, January 2017
Multiple persistent Cross-Site Scripting vulnerabilities in osTicket
Han Sahin, July 2016
InsomniaX loader allows loading of arbitrary Kernel Extensions
Yorick Koster, April 2017
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
Remco Vermeulen, April 2017
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
Han Sahin, April 2017
SyntaxHighlight MediaWiki extension allows injection of arbitrary
Pygments options
Yorick Koster, February 2017
Arbitrary file read in Kaseya VSA
Kin Hung Cheng, Robert Hartshorn, May 2017
Authentication bypass in Kaseya VSA
Kin Hung Cheng, Robert Hartshorn, May 2017
Code execution in Kaseya VSA
Kin Hung Cheng, Robert Hartshorn, May 2017
Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to
the way it handles attachment links
Stephan Kaag, January 2018
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE
command line argument
Yorick Koster, August 2018
Ivanti Workspace Control local privilege escalation via Named Pipe
Yorick Koster, August 2018
Ivanti Workspace Control Data Security bypass via localhost UNC path
Yorick Koster, August 2018
Stored credentials Ivanti Workspace Control can be retrieved from
Registry
Yorick Koster, August 2018
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /RWS
command line argument
Yorick Koster, August 2018
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
Remco Vermeulen, September 2018
78 matches
Mail list logo