Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
19 messages
starting Aug 02 25 and
ending Aug 18 25
Date index |
Thread index |
Author index
Saturday, 02 August
APPLE-SA-07-30-2025-1 Safari 18.6 Apple Product Security via Fulldisclosure
Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci via Fulldisclosure
Monday, 04 August
Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension Stefan Kanthak via Fulldisclosure
Tuesday, 12 August
PlayReady Activation protocol issues (weak auth / fake client identities) Security Explorations
Kigen eUICC issue (custom backdoor vs. FW update bug) Security Explorations
Monday, 18 August
iOS 18.6 - Undocumented TCC Access to Multiple Privacy Domains via preflight=yes josephgoyd via Fulldisclosure
[tool] CRSprober Jozef Sudolsky
Piciorgros TMO-100: Unauthorized log data access Georg Lukas
Piciorgros TMO-100: Unauthorized configuration change via TFTP (CVE-2025-29617) Georg Lukas
liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service Ron E
liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS) Ron E
CSV Injection in iDempiere WebUI 12.0.0.202508171158 Ron E
Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158 Ron E
Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3 Ron E
CSV Injection in nopcommerce v4.10 and 4.80.3 Ron E
Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality Ron E
SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission SEC Consult Vulnerability Lab via Fulldisclosure
SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS SEC Consult Vulnerability Lab via Fulldisclosure
Multi-Protocol Traceroute Usman Saeed via Fulldisclosure