Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

Latest Posts

SEC Consult SA-20251029-0 :: Unprotected NFC card manipulation leading to free top-up in GiroWeb Cashless Catering Solutions (only legacy customer infrastructure) SEC Consult Vulnerability Lab via Fulldisclosure (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20251029-0 >
=======================================================================
title: Unprotected NFC card manipulation leading to free top-up
product: GiroWeb Cashless Catering Solutions
vulnerable version: Only legacy customer infrastructure using outdated
Legic Prime or other insecure NFC cards
fixed version: -
CVE...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure (Oct 29)
The exploit I caught in the wild and the flow of the attack chain are in this repo:
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

The report was constructed via log analysis.

-------- Original Message --------

It seems, the whole account is down

Re: : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Christoph Gruber (Oct 29)
It seems, the whole account is down

Dovecot CVE-2025-30189: Auth cache causes access to wrong account Aki Tuomi via Fulldisclosure (Oct 29)
Affected product: Dovecot IMAP Server
Internal reference: DOV-7830
Vulnerability type: CWE-1250 (Improper Preservation of Consistency Between Independent Representations of Shared State)
Vulnerable version: 2.4.0, 2.4.1
Vulnerable component: auth
Report confidence: Confirmed
Solution status: Fixed in 2.4.2
Researcher credits: Erik <erik () broadlux com>
Vendor notification: 2025-07-25
CVE reference: CVE-2025-30189
CVSS: 7.4...

SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055 SEC Consult Vulnerability Lab via Fulldisclosure (Oct 28)
SEC Consult Vulnerability Lab Security Advisory < 20251027-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing
Execution System
vulnerable version: 10.14.STD, MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8
Maintenance versions until week...

Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored Cross-Site Scripting (XSS) via SVG File Upload -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-46-stored.html

Stored Cross-Site Scripting (XSS) via SVG File Upload:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Visit "Files" and click "Upload"
3....

Stored HTML Injection - Layout Functionality - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored HTML Injection - Layout Functionality - totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-45-stored.html

Stored HTML Injection - Layout Functionality:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Click on "Create" and enter name for the layout
3. Trap the HTTP...

Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored Cross-Site Scripting (XSS) - Layout Functionality -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-44-stored.html

Stored Cross-Site Scripting (XSS) - Layout Functionality:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Click on "Create" and enter name for the...

Current Password not Required When Changing Password - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Current Password not Required When Changing Password -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-43-current.html

Current Password not Required When Changing Password:

Steps to Reproduce:
1. Login with user and click on profile icon
2. Select "Change Credentials"
3. The user would not be...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Noor Christensen (Oct 28)
Hi Joseph,

Looks like your post with the technical details is down; I'm getting a 404 since
yesterday.

-- kchr

Struts2 and Related Framework Array/Collection DoS Daniel Owens via Fulldisclosure (Oct 28)
Struts2 has, since its inception and to today, contained a significant denial of service (DoS) vulnerability stemming
from how the Struts2 default deserialiser parses and deserialises arrays, collections (including maps), and related
objects. Specifically, Struts2 and related frameworks allow attackers to specify indices and adhere to the
user-supplied indices such that attackers can make arbitrarily large data structures with extremely tiny...

[REVIVE-SA-2025-002] Revive Adserver Vulnerability Matteo Beccati (Oct 25)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-002
------------------------------------------------------------------------
Date: 2025-10-24
Risk Level: High
Applications affected: Revive...

[REVIVE-SA-2025-001] Revive Adserver Vulnerability Matteo Beccati (Oct 25)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-001
------------------------------------------------------------------------
CVE-ID: CVE-2025-27208
Date: 2025-10-22
Risk Level:...

SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641) SEC Consult Vulnerability Lab via Fulldisclosure (Oct 21)
SEC Consult Vulnerability Lab Security Advisory < 20251021-0 >
=======================================================================
title: Multiple Vulnerabilities
product: EfficientLab WorkExaminer Professional
vulnerable version: <= 4.0.0.52001
fixed version: -
CVE number: CVE-2025-10639, CVE-2025-10640, CVE-2025-10641
impact: Critical
homepage:...

[SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure (Oct 21)
Advisory ID: SYSS-2025-017
Product: Store 'n' Go Secure Portable HDD
Manufacturer: Verbatim
Affected Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Tested Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High...

More Lists

Dozens of other network security lists are archived at SecLists.Org.