Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
60 messages
starting Sep 18 24 and
ending Sep 23 24
Date index |
Thread index |
Author index
Andrey Stoykov
Stored XSS in "Edit Profile" - htmlyv2.9.9 Andrey Stoykov (Sep 18)
Stored XSS in "Menu Editor" - htmlyv2.9.9 Andrey Stoykov (Sep 18)
Stored XSS to Account Takeover - htmlyv2.9.9 Andrey Stoykov (Sep 16)
Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-7 Xcode 16 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-5 visionOS 2 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-10 macOS Ventura 13.7 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-4 watchOS 11 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-6 Safari 18 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-2 macOS Sequoia 15 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-9 macOS Sonoma 14.7 Apple Product Security via Fulldisclosure (Sep 16)
APPLE-SA-09-16-2024-3 tvOS 18 Apple Product Security via Fulldisclosure (Sep 16)
arfaoui haythem
Submit Exploit CVE-2024-42831 arfaoui haythem (Sep 23)
Asterisk Development Team via Fulldisclosure
Asterisk Security Release 21.4.3 Asterisk Development Team via Fulldisclosure (Sep 05)
Certified Asterisk Security Release certified-18.9-cert12 Asterisk Development Team via Fulldisclosure (Sep 05)
Asterisk Security Release 18.24.3 Asterisk Development Team via Fulldisclosure (Sep 05)
Asterisk Security Release 20.9.3 Asterisk Development Team via Fulldisclosure (Sep 05)
Certified Asterisk Security Release certified-20.7-cert3 Asterisk Development Team via Fulldisclosure (Sep 05)
David Brown via Fulldisclosure
SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456) David Brown via Fulldisclosure (Sep 02)
Gionathan Armando Reale via Fulldisclosure
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Gionathan Armando Reale via Fulldisclosure (Sep 02)
Jose Nicolas Castellano via Fulldisclosure
CFP No cON Name 2024 - Barcelona Jose Nicolas Castellano via Fulldisclosure (Sep 02)
KoreLogic Disclosures via Fulldisclosure
KL-001-2024-012: VICIdial Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Sep 10)
KL-001-2024-011: VICIdial Unauthenticated SQL Injection KoreLogic Disclosures via Fulldisclosure (Sep 10)
malvuln
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE) malvuln (Sep 28)
Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage malvuln (Sep 05)
Backdoor.Win32.CCInvader.10 / Authentication Bypass malvuln (Sep 18)
Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution malvuln (Sep 28)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH) malvuln (Sep 28)
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH) malvuln (Sep 28)
Backdoor.Win32.Delf.yj / Information Disclosure malvuln (Sep 18)
Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution malvuln (Sep 05)
HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage malvuln (Sep 05)
Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) malvuln (Sep 05)
Backdoor.Win32.Boiling / Remote Command Execution malvuln (Sep 28)
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution malvuln (Sep 18)
Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials malvuln (Sep 05)
Martin Heiland via Fulldisclosure
OXAS-ADV-2024-0005: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Sep 09)
Matthias Deeg via Fulldisclosure
[SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-020]: C-MOR Video Surveillance - Reflected Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312) Matthias Deeg via Fulldisclosure (Sep 05)
[SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284) Matthias Deeg via Fulldisclosure (Sep 05)
Patrick via Fulldisclosure
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass) Patrick via Fulldisclosure (Sep 28)
RUBEN LOPEZ HERRERA
CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking RUBEN LOPEZ HERRERA (Sep 11)
CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication RUBEN LOPEZ HERRERA (Sep 11)
CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
SEC Consult Vulnerability Lab via Fulldisclosure
SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release SEC Consult Vulnerability Lab via Fulldisclosure (Sep 16)
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288) SEC Consult Vulnerability Lab via Fulldisclosure (Sep 30)
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214) SEC Consult Vulnerability Lab via Fulldisclosure (Sep 28)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73 Stefan Kanthak (Sep 28)
Thomas Weber via Fulldisclosure
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204 Thomas Weber via Fulldisclosure (Sep 23)