Full Disclosure: by thread

Full Disclosure: by thread

Previous period

40 messages starting Jul 07 25 and ending Jul 29 25
Date index | Thread index | Author index

Session Fixation - bluditv3.16.2 Andrey Stoykov (Jul 07)
Stored XSS "Add New Content" Functionality - bluditv3.16.2 Andrey Stoykov (Jul 07)
XSS via SVG File Uploa - bluditv3.16.2 Andrey Stoykov (Jul 07)
Directory Traversal "Site Title" - bluditv3.16.2 Andrey Stoykov (Jul 07)
eSIM security research (GSMA eUICC compromise and certificate theft) Security Explorations (Jul 09)
KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery KoreLogic Disclosures via Fulldisclosure (Jul 09)
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities Egidio Romano (Jul 09)
SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function Office nullFaktor GmbH (Jul 11)
Missing Critical Security Headers in OpenBlow Tifa Lockhart via Fulldisclosure (Jul 12)
Multiple vulnerabilities in the web management interface of Intelbras routers Gabriel Augusto Vaz de Lima via Fulldisclosure (Jul 19)
- Re: Multiple vulnerabilities in the web management interface of Intelbras routers Palula Brasil (Jul 29)
KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal KoreLogic Disclosures via Fulldisclosure (Jul 28)
AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361) Marcus Krueppel (Jul 29)
[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability Egidio Romano (Jul 29)
Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Open Redirect "Login Page" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Stored XSS "Create Page" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability Egidio Romano (Jul 29)
CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL) Sanjay Singh (Jul 29)
Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability Egidio Romano (Jul 29)
APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-2 iPadOS 17.7.9 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-6 watchOS 11.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-7 tvOS 18.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-8 visionOS 2.6 Apple Product Security via Fulldisclosure (Jul 29)
St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini Thomas Weber | CyberDanube via Fulldisclosure (Jul 29)
Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission Stefan Kanthak via Fulldisclosure (Jul 29)

Previous period