Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
60 messages
starting Sep 02 24 and
ending Sep 30 24
Date index |
Thread index |
Author index
Monday, 02 September
SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456) David Brown via Fulldisclosure
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Gionathan Armando Reale via Fulldisclosure
CFP No cON Name 2024 - Barcelona Jose Nicolas Castellano via Fulldisclosure
Thursday, 05 September
Asterisk Security Release 18.24.3 Asterisk Development Team via Fulldisclosure
Asterisk Security Release 20.9.3 Asterisk Development Team via Fulldisclosure
Asterisk Security Release 21.4.3 Asterisk Development Team via Fulldisclosure
Certified Asterisk Security Release certified-18.9-cert12 Asterisk Development Team via Fulldisclosure
Certified Asterisk Security Release certified-20.7-cert3 Asterisk Development Team via Fulldisclosure
[SYSS-2024-020]: C-MOR Video Surveillance - Reflected Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure
[SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure
[SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352) Matthias Deeg via Fulldisclosure
[SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89) Matthias Deeg via Fulldisclosure
[SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284) Matthias Deeg via Fulldisclosure
Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage malvuln
Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials malvuln
HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage malvuln
Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) malvuln
[SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23) Matthias Deeg via Fulldisclosure
[SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434) Matthias Deeg via Fulldisclosure
[SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269) Matthias Deeg via Fulldisclosure
[SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312) Matthias Deeg via Fulldisclosure
[SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) Matthias Deeg via Fulldisclosure
[SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) Matthias Deeg via Fulldisclosure
Monday, 09 September
OXAS-ADV-2024-0005: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
Tuesday, 10 September
KL-001-2024-011: VICIdial Unauthenticated SQL Injection KoreLogic Disclosures via Fulldisclosure
KL-001-2024-012: VICIdial Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure
Wednesday, 11 September
CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication RUBEN LOPEZ HERRERA
CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0 RUBEN LOPEZ HERRERA
CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA
CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking RUBEN LOPEZ HERRERA
CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA
Monday, 16 September
APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-2 macOS Sequoia 15 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-3 tvOS 18 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-4 watchOS 11 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-5 visionOS 2 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-6 Safari 18 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-7 Xcode 16 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-9 macOS Sonoma 14.7 Apple Product Security via Fulldisclosure
APPLE-SA-09-16-2024-10 macOS Ventura 13.7 Apple Product Security via Fulldisclosure
Stored XSS to Account Takeover - htmlyv2.9.9 Andrey Stoykov
SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release SEC Consult Vulnerability Lab via Fulldisclosure
Wednesday, 18 September
Backdoor.Win32.Delf.yj / Information Disclosure malvuln
Backdoor.Win32.CCInvader.10 / Authentication Bypass malvuln
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution malvuln
Stored XSS in "Menu Editor" - htmlyv2.9.9 Andrey Stoykov
Stored XSS in "Edit Profile" - htmlyv2.9.9 Andrey Stoykov
Monday, 23 September
Submit Exploit CVE-2024-42831 arfaoui haythem
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204 Thomas Weber via Fulldisclosure
Saturday, 28 September
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass) Patrick via Fulldisclosure
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214) SEC Consult Vulnerability Lab via Fulldisclosure
Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73 Stefan Kanthak
Backdoor.Win32.Boiling / Remote Command Execution malvuln
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH) malvuln
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE) malvuln
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH) malvuln
Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution malvuln
Monday, 30 September
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288) SEC Consult Vulnerability Lab via Fulldisclosure