Full Disclosure: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

41 messages starting Aug 04 24 and ending Aug 27 24
Date index | Thread index | Author index

• Blind SQL Injection - dolphinv7.4.2. Andrey Stoykov (Aug 04)
• CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber masquerad3r (Aug 05)
• CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series Thomas Weber via Fulldisclosure (Aug 05)
• KL-001-2024-005: Open WebUI Stored Cross-Site Scripting KoreLogic Disclosures via Fulldisclosure (Aug 07)
• KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal KoreLogic Disclosures via Fulldisclosure (Aug 07)
• KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce KoreLogic Disclosures via Fulldisclosure (Aug 07)
• KL-001-2024-008: Journyx Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Aug 07)
• KL-001-2024-009: Journyx Reflected Cross Site Scripting KoreLogic Disclosures via Fulldisclosure (Aug 07)
• KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection KoreLogic Disclosures via Fulldisclosure (Aug 07)
• Certified Asterisk Security Release certified-18.9-cert11 Asterisk Development Team via Fulldisclosure (Aug 10)
• Certified Asterisk Security Release certified-20.7-cert2 Asterisk Development Team via Fulldisclosure (Aug 10)
• Asterisk Security Release 18.24.2 Asterisk Development Team via Fulldisclosure (Aug 10)
• Asterisk Security Release 20.9.2 Asterisk Development Team via Fulldisclosure (Aug 10)
• Asterisk Security Release 21.4.2 Asterisk Development Team via Fulldisclosure (Aug 10)
• Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution malvuln (Aug 10)
• Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations (Aug 13)
  • Re: Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5) Security Explorations (Aug 13)
• CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive Aki Tuomi via Fulldisclosure (Aug 17)
• Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message Aki Tuomi via Fulldisclosure (Aug 17)
• Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893 Moritz Abrell via Fulldisclosure (Aug 17)
• Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892 Moritz Abrell via Fulldisclosure (Aug 17)
• Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896 Moritz Abrell via Fulldisclosure (Aug 17)
• Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895 Moritz Abrell via Fulldisclosure (Aug 17)
• Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894 Moritz Abrell via Fulldisclosure (Aug 17)
• Improper Authentication (CWE-287) CVE-2024-33897 Moritz Abrell via Fulldisclosure (Aug 17)
  • Re: Improper Authentication (CWE-287) CVE-2024-33897 Jeffrey Walton (Aug 22)
• Authenticated Code Injection - smfv2.1.4 Andrey Stoykov (Aug 17)
• ` Piano ` Teri Olson (Aug 22)
• [SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Sebastian Hamann via Fulldisclosure (Aug 22)
  • Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication Jeffrey Walton (Aug 24)
    • Re: [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication J. Hellenthal via Fulldisclosure (Aug 27)
• [SYSS-2024-039] DiCal-RED - Path Traversal Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-040] DiCal-RED - Improper Authentication Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components Sebastian Hamann via Fulldisclosure (Aug 22)
• [SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor Sebastian Hamann via Fulldisclosure (Aug 22)
• OXAS-ADV-2024-0004: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Aug 22)
• OXAS-ADV-2024-0003: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Aug 22)
• SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP David Brown via Fulldisclosure (Aug 24)

Previous period

Next period