Next Last 1. 2016-12-31 [1] [FD] 0-day: QNAP NAS Devices suffer of heap overflow full-disclos bashis 2. 2016-12-31 [2] [FD] Executable installers are vulnerable^WEVIL (case 42): SoftMaker's F full-disclos Stefan Kanthak 3. 2016-12-30 [1] [FD] Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016 full-disclos Dawid Golunski 4. 2016-12-30 [5] [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto full-disclos Tim 5. 2016-12-28 [1] [FD] SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) full-disclos Dawid Golunski 6. 2016-12-28 [1] [FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016 full-disclos Dawid Golunski 7. 2016-12-27 [3] [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] full-disclos Dawid Golunski 8. 2016-12-26 [1] [FD] BlackArch Linux OVA Image released! full-disclos Black Arch 9. 2016-12-25 [1] [FD] kernel vuln status question - how can I be protected full-disclos BENCSATH Boldizsar 10. 2016-12-23 [1] [FD] Arbitrary file deletion vulnerability in Image Slider allows authen full-disclos dxw Security 11. 2016-12-21 [1] [FD] =?utf-8?q?CVE-2014-4138=3A_MSIE_11_MSHTML_CPaste=C2=ADComman?= =?ut full-disclos Berend-Jan Wever 12. 2016-12-21 [1] [FD] copy-me vulnerable to CSRF allowing unauthenticated attacker to cop full-disclos dxw Security 13. 2016-12-20 [1] [FD] [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 full-disclos Pedro Ribeiro 14. 2016-12-20 [1] [FD] NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripti full-disclos VMware Security Respo 15. 2016-12-20 [1] [FD] [ERPSCAN-16-035] SAP Solman - user accounts disclosure full-disclos ERPScan inc 16. 2016-12-20 [1] [FD] CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-a full-disclos Berend-Jan Wever 17. 2016-12-20 [1] [FD] New BlackArch Linux ISOs (2016.12.20) released! full-disclos Black Arch 18. 2016-12-19 [1] [FD] Hotlinking Vulnerability in Glype (All Versions) full-disclos Celso Bento 19. 2016-12-19 [1] [FD] CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>:: full-disclos Berend-Jan Wever 20. 2016-12-17 [2] [FD] SQL injection in Joomla extension DT Register full-disclos Elar Lang 21. 2016-12-16 [1] [FD] CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free full-disclos Berend-Jan Wever 22. 2016-12-15 [2] [FD] XenForo 1.5.x Unauthenticated Remote Code Injection full-disclos Julien Ahrens 23. 2016-12-15 [1] [FD] CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Nex full-disclos dxw Security 24. 2016-12-15 [1] [FD] =?utf-8?q?MSIE_9_IEFRAME_CMarkup=C2=ADPointer=3A=3AMove?= =?utf-8?q full-disclos Berend-Jan Wever 25. 2016-12-15 [1] [FD] Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] full-disclos Dawid Golunski 26. 2016-12-15 [1] [FD] Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code E full-disclos Dawid Golunski 27. 2016-12-14 [1] [FD] =?utf-8?q?CVE-2013-3143=3A_MSIE_9_IEFRAME_CMarkup=2E=2ERemov?= =?ut full-disclos Berend-Jan Wever 28. 2016-12-14 [1] [FD] Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability full-disclos hyp3rlinx 29. 2016-12-13 [1] [FD] MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free full-disclos Berend-Jan Wever 30. 2016-12-13 [1] [FD] Reflected XSS in MailChimp for WordPress could allow an attacker to full-disclos dxw Security Next Last