Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

40 messages starting Jul 29 25 and ending Jul 12 25
Date index | Thread index | Author index

Andrey Stoykov

Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Open Redirect "Login Page" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Stored XSS "Create Page" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
XSS via SVG File Uploa - bluditv3.16.2 Andrey Stoykov (Jul 07)
Session Fixation - bluditv3.16.2 Andrey Stoykov (Jul 07)
Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)
Stored XSS "Add New Content" Functionality - bluditv3.16.2 Andrey Stoykov (Jul 07)
Directory Traversal "Site Title" - bluditv3.16.2 Andrey Stoykov (Jul 07)

Apple Product Security via Fulldisclosure

APPLE-SA-07-29-2025-8 visionOS 2.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-2 iPadOS 17.7.9 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-6 watchOS 11.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 Apple Product Security via Fulldisclosure (Jul 29)
APPLE-SA-07-29-2025-7 tvOS 18.6 Apple Product Security via Fulldisclosure (Jul 29)

Egidio Romano

Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability Egidio Romano (Jul 29)
[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability Egidio Romano (Jul 29)
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability Egidio Romano (Jul 29)
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities Egidio Romano (Jul 09)

Gabriel Augusto Vaz de Lima via Fulldisclosure

Multiple vulnerabilities in the web management interface of Intelbras routers Gabriel Augusto Vaz de Lima via Fulldisclosure (Jul 19)

KoreLogic Disclosures via Fulldisclosure

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution KoreLogic Disclosures via Fulldisclosure (Jul 09)
KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information KoreLogic Disclosures via Fulldisclosure (Jul 28)
KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Jul 09)

Marcus Krueppel

AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361) Marcus Krueppel (Jul 29)

Office nullFaktor GmbH

SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function Office nullFaktor GmbH (Jul 11)

Palula Brasil

Re: Multiple vulnerabilities in the web management interface of Intelbras routers Palula Brasil (Jul 29)

Sanjay Singh

CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL) Sanjay Singh (Jul 29)

Security Explorations

eSIM security research (GSMA eUICC compromise and certificate theft) Security Explorations (Jul 09)

Stefan Kanthak via Fulldisclosure

Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission Stefan Kanthak via Fulldisclosure (Jul 29)

Thomas Weber | CyberDanube via Fulldisclosure

St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini Thomas Weber | CyberDanube via Fulldisclosure (Jul 29)

Tifa Lockhart via Fulldisclosure

Missing Critical Security Headers in OpenBlow Tifa Lockhart via Fulldisclosure (Jul 12)

Previous period

Next period