Full Disclosure: by author

Previous period
Next period

41 messages starting Aug 17 24 and ending Aug 05 24
Date index | Thread index | Author index

Aki Tuomi via Fulldisclosure

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive Aki Tuomi via Fulldisclosure (Aug 17)
Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message Aki Tuomi via Fulldisclosure (Aug 17)

Andrey Stoykov

Authenticated Code Injection - smfv2.1.4 Andrey Stoykov (Aug 17)
Blind SQL Injection - dolphinv7.4.2. Andrey Stoykov (Aug 04)

Asterisk Development Team via Fulldisclosure

Certified Asterisk Security Release certified-20.7-cert2 Asterisk Development Team via Fulldisclosure (Aug 10)
Certified Asterisk Security Release certified-18.9-cert11 Asterisk Development Team via Fulldisclosure (Aug 10)
Asterisk Security Release 20.9.2 Asterisk Development Team via Fulldisclosure (Aug 10)
Asterisk Security Release 18.24.2 Asterisk Development Team via Fulldisclosure (Aug 10)
Asterisk Security Release 21.4.2 Asterisk Development Team via Fulldisclosure (Aug 10)

David Brown via Fulldisclosure

SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP David Brown via Fulldisclosure (Aug 24)

Jeffrey Walton

Re: Improper Authentication (CWE-287) CVE-2024-33897 Jeffrey Walton (Aug 22)
Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Jeffrey Walton (Aug 24)

J. Hellenthal via Fulldisclosure

Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication J. Hellenthal via Fulldisclosure (Aug 27)

KoreLogic Disclosures via Fulldisclosure

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection KoreLogic Disclosures via Fulldisclosure (Aug 07)
KL-001-2024-009: Journyx Reflected Cross Site Scripting KoreLogic Disclosures via Fulldisclosure (Aug 07)
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal KoreLogic Disclosures via Fulldisclosure (Aug 07)
KL-001-2024-008: Journyx Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Aug 07)
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting KoreLogic Disclosures via Fulldisclosure (Aug 07)
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce KoreLogic Disclosures via Fulldisclosure (Aug 07)

malvuln

Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution malvuln (Aug 10)

Martin Heiland via Fulldisclosure

OXAS-ADV-2024-0003: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Aug 22)
OXAS-ADV-2024-0004: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Aug 22)

masquerad3r

CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber masquerad3r (Aug 05)

Moritz Abrell via Fulldisclosure

Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893 Moritz Abrell via Fulldisclosure (Aug 17)
Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895 Moritz Abrell via Fulldisclosure (Aug 17)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896 Moritz Abrell via Fulldisclosure (Aug 17)
Improper Authentication (CWE-287) CVE-2024-33897 Moritz Abrell via Fulldisclosure (Aug 17)
Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894 Moritz Abrell via Fulldisclosure (Aug 17)
Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892 Moritz Abrell via Fulldisclosure (Aug 17)

Sebastian Hamann via Fulldisclosure

[SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-040] DiCal-RED - Improper Authentication Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-039] DiCal-RED - Path Traversal Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components Sebastian Hamann via Fulldisclosure (Aug 22)
[SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Sebastian Hamann via Fulldisclosure (Aug 22)

Security Explorations

Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations (Aug 13)
Re: Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations (Aug 13)

Teri Olson

` Piano ` Teri Olson (Aug 22)

Thomas Weber via Fulldisclosure

CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series Thomas Weber via Fulldisclosure (Aug 05)
Previous period
Next period