Full Disclosure: by date

PreviousPrevious period
Next periodNext

41 messages starting Aug 04 24 and ending Aug 27 24
Date index | Thread index | Author index

Sunday, 04 August

Blind SQL Injection - dolphinv7.4.2. Andrey Stoykov

Monday, 05 August

CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber masquerad3r
CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series Thomas Weber via Fulldisclosure

Wednesday, 07 August

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting KoreLogic Disclosures via Fulldisclosure
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal KoreLogic Disclosures via Fulldisclosure
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce KoreLogic Disclosures via Fulldisclosure
KL-001-2024-008: Journyx Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure
KL-001-2024-009: Journyx Reflected Cross Site Scripting KoreLogic Disclosures via Fulldisclosure
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection KoreLogic Disclosures via Fulldisclosure

Saturday, 10 August

Certified Asterisk Security Release certified-18.9-cert11 Asterisk Development Team via Fulldisclosure
Certified Asterisk Security Release certified-20.7-cert2 Asterisk Development Team via Fulldisclosure
Asterisk Security Release 18.24.2 Asterisk Development Team via Fulldisclosure
Asterisk Security Release 20.9.2 Asterisk Development Team via Fulldisclosure
Asterisk Security Release 21.4.2 Asterisk Development Team via Fulldisclosure
Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution malvuln

Tuesday, 13 August

Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations
Re: Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations

Saturday, 17 August

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive Aki Tuomi via Fulldisclosure
Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message Aki Tuomi via Fulldisclosure
Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893 Moritz Abrell via Fulldisclosure
Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892 Moritz Abrell via Fulldisclosure
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896 Moritz Abrell via Fulldisclosure
Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895 Moritz Abrell via Fulldisclosure
Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894 Moritz Abrell via Fulldisclosure
Improper Authentication (CWE-287) CVE-2024-33897 Moritz Abrell via Fulldisclosure
Authenticated Code Injection - smfv2.1.4 Andrey Stoykov

Thursday, 22 August

` Piano ` Teri Olson
Re: Improper Authentication (CWE-287) CVE-2024-33897 Jeffrey Walton
[SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure
[SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure
[SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort Sebastian Hamann via Fulldisclosure
[SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Sebastian Hamann via Fulldisclosure
[SYSS-2024-039] DiCal-RED - Path Traversal Sebastian Hamann via Fulldisclosure
[SYSS-2024-040] DiCal-RED - Improper Authentication Sebastian Hamann via Fulldisclosure
[SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components Sebastian Hamann via Fulldisclosure
[SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor Sebastian Hamann via Fulldisclosure
OXAS-ADV-2024-0004: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
OXAS-ADV-2024-0003: OX App Suite Security Advisory Martin Heiland via Fulldisclosure

Saturday, 24 August

SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP David Brown via Fulldisclosure
Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Jeffrey Walton

Tuesday, 27 August

Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication J. Hellenthal via Fulldisclosure
PreviousPrevious period
Next periodNext