Full Disclosure: by author

28 messages starting Jun 17 25 and ending Jun 03 25
Date index | Thread index | Author index

0610648533

Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025) 0610648533 (Jun 17)

Andrey Stoykov

IDOR "Change Password" Functionality - adaptcmsv3.0.3 Andrey Stoykov (Jun 03)
Stored XSS via File Upload - adaptcmsv3.0.3 Andrey Stoykov (Jun 03)
Authenticated File Upload to RCE - adaptcmsv3.0.3 Andrey Stoykov (Jun 03)
Stored XSS in "Description" Functionality - cubecartv6.5.9 Andrey Stoykov (Jun 03)
Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Andrey Stoykov (Jun 03)

Brian Carpenter via Fulldisclosure

Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Brian Carpenter via Fulldisclosure (Jun 25)

Housma mardini

Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) Housma mardini (Jun 03)

Jacek Lipkowski via Fulldisclosure

Youpot honeypot Jacek Lipkowski via Fulldisclosure (Jun 03)

Jeroen Hermans via Fulldisclosure

Disclosure Yealink Cloud vulnerabilities Jeroen Hermans via Fulldisclosure (Jun 23)

josephgoyd via Fulldisclosure

iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5) josephgoyd via Fulldisclosure (Jun 30)
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure (Jun 09)
: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure (Jun 17)

Juho Forsén via Fulldisclosure

CVE-2024-47081: Netrc credential leak in PSF requests library Juho Forsén via Fulldisclosure (Jun 03)

malvuln

RansomLord (NG v1.0) anti-ransomware exploit tool malvuln (Jun 23)

Michał Majchrowicz via Fulldisclosure

Multiple Vulnerabilities in SAP GuiXT Scripting Michał Majchrowicz via Fulldisclosure (Jun 03)

Qualys Security Advisory via Fulldisclosure

Local information disclosure in apport and systemd-coredump Qualys Security Advisory via Fulldisclosure (Jun 03)

Ron E

ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page Ron E (Jun 03)
ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path Ron E (Jun 03)

Sanjay Singh

CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 Sanjay Singh (Jun 03)

SEC Consult Vulnerability Lab via Fulldisclosure

SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem SEC Consult Vulnerability Lab via Fulldisclosure (Jun 17)
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) SEC Consult Vulnerability Lab via Fulldisclosure (Jun 17)
SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version SEC Consult Vulnerability Lab via Fulldisclosure (Jun 09)

Seralys Research Team via Fulldisclosure

CVE-2025-32976 - Quest KACE SMA 2FA Bypass Seralys Research Team via Fulldisclosure (Jun 23)
CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload Seralys Research Team via Fulldisclosure (Jun 23)
CVE-2025-32975 - Quest KACE SMA Authentication Bypass Seralys Research Team via Fulldisclosure (Jun 23)
CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement Seralys Research Team via Fulldisclosure (Jun 23)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection Stefan Kanthak (Jun 03)

Previous period

Next period