Full Disclosure: by date

PreviousPrevious period
Next periodNext

28 messages starting Jun 03 25 and ending Jun 30 25
Date index | Thread index | Author index

Tuesday, 03 June

Youpot honeypot Jacek Lipkowski via Fulldisclosure
Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) Housma mardini
CVE-2024-47081: Netrc credential leak in PSF requests library Juho Forsén via Fulldisclosure
Multiple Vulnerabilities in SAP GuiXT Scripting Michał Majchrowicz via Fulldisclosure
Stored XSS in "Description" Functionality - cubecartv6.5.9 Andrey Stoykov
Authenticated File Upload to RCE - adaptcmsv3.0.3 Andrey Stoykov
Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Andrey Stoykov
IDOR "Change Password" Functionality - adaptcmsv3.0.3 Andrey Stoykov
Stored XSS via File Upload - adaptcmsv3.0.3 Andrey Stoykov
Local information disclosure in apport and systemd-coredump Qualys Security Advisory via Fulldisclosure
ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path Ron E
ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page Ron E
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 Sanjay Singh
Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection Stefan Kanthak

Monday, 09 June

Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure
SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version SEC Consult Vulnerability Lab via Fulldisclosure

Tuesday, 17 June

Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025) 0610648533
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem SEC Consult Vulnerability Lab via Fulldisclosure
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) SEC Consult Vulnerability Lab via Fulldisclosure
: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure

Monday, 23 June

Disclosure Yealink Cloud vulnerabilities Jeroen Hermans via Fulldisclosure
RansomLord (NG v1.0) anti-ransomware exploit tool malvuln
CVE-2025-32975 - Quest KACE SMA Authentication Bypass Seralys Research Team via Fulldisclosure
CVE-2025-32976 - Quest KACE SMA 2FA Bypass Seralys Research Team via Fulldisclosure
CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload Seralys Research Team via Fulldisclosure
CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement Seralys Research Team via Fulldisclosure

Wednesday, 25 June

Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag Brian Carpenter via Fulldisclosure

Monday, 30 June

iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5) josephgoyd via Fulldisclosure
PreviousPrevious period
Next periodNext