Full Disclosure: by date

PreviousPrevious period
Next periodNext

40 messages starting Jul 07 25 and ending Jul 29 25
Date index | Thread index | Author index

Monday, 07 July

Session Fixation - bluditv3.16.2 Andrey Stoykov
Stored XSS "Add New Content" Functionality - bluditv3.16.2 Andrey Stoykov
XSS via SVG File Uploa - bluditv3.16.2 Andrey Stoykov
Directory Traversal "Site Title" - bluditv3.16.2 Andrey Stoykov

Wednesday, 09 July

eSIM security research (GSMA eUICC compromise and certificate theft) Security Explorations
KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection KoreLogic Disclosures via Fulldisclosure
KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure
KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery KoreLogic Disclosures via Fulldisclosure
KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution KoreLogic Disclosures via Fulldisclosure
KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation KoreLogic Disclosures via Fulldisclosure
KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery KoreLogic Disclosures via Fulldisclosure
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities Egidio Romano

Friday, 11 July

SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function Office nullFaktor GmbH

Saturday, 12 July

Missing Critical Security Headers in OpenBlow Tifa Lockhart via Fulldisclosure

Saturday, 19 July

Multiple vulnerabilities in the web management interface of Intelbras routers Gabriel Augusto Vaz de Lima via Fulldisclosure

Monday, 28 July

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure
KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator KoreLogic Disclosures via Fulldisclosure
KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service KoreLogic Disclosures via Fulldisclosure
KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal KoreLogic Disclosures via Fulldisclosure

Tuesday, 29 July

AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361) Marcus Krueppel
[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability Egidio Romano
Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 Andrey Stoykov
Open Redirect "Login Page" Functionality - seotoasterv2.5.0 Andrey Stoykov
Stored XSS "Create Page" Functionality - seotoasterv2.5.0 Andrey Stoykov
Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0 Andrey Stoykov
Re: Multiple vulnerabilities in the web management interface of Intelbras routers Palula Brasil
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability Egidio Romano
CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL) Sanjay Singh
Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability Egidio Romano
APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-2 iPadOS 17.7.9 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-6 watchOS 11.6 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-7 tvOS 18.6 Apple Product Security via Fulldisclosure
APPLE-SA-07-29-2025-8 visionOS 2.6 Apple Product Security via Fulldisclosure
St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini Thomas Weber | CyberDanube via Fulldisclosure
Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission Stefan Kanthak via Fulldisclosure
PreviousPrevious period
Next periodNext