Full Disclosure: by thread
RSS Feed
About List
All Lists
Previous period
60 messages
starting Sep 02 24 and
ending Sep 30 24
Date index |
Thread index |
Author index
- SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456) David Brown via Fulldisclosure (Sep 02)
- Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Gionathan Armando Reale via Fulldisclosure (Sep 02)
- CFP No cON Name 2024 - Barcelona Jose Nicolas Castellano via Fulldisclosure (Sep 02)
- Asterisk Security Release 18.24.3 Asterisk Development Team via Fulldisclosure (Sep 05)
- Asterisk Security Release 20.9.3 Asterisk Development Team via Fulldisclosure (Sep 05)
- Asterisk Security Release 21.4.3 Asterisk Development Team via Fulldisclosure (Sep 05)
- Certified Asterisk Security Release certified-18.9-cert12 Asterisk Development Team via Fulldisclosure (Sep 05)
- Certified Asterisk Security Release certified-20.7-cert3 Asterisk Development Team via Fulldisclosure (Sep 05)
- [SYSS-2024-020]: C-MOR Video Surveillance - Reflected Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284) Matthias Deeg via Fulldisclosure (Sep 05)
- Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage malvuln (Sep 05)
- Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution malvuln (Sep 05)
- Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials malvuln (Sep 05)
- HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage malvuln (Sep 05)
- Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) malvuln (Sep 05)
- [SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) Matthias Deeg via Fulldisclosure (Sep 05)
- [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) Matthias Deeg via Fulldisclosure (Sep 05)
- OXAS-ADV-2024-0005: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Sep 09)
- KL-001-2024-011: VICIdial Unauthenticated SQL Injection KoreLogic Disclosures via Fulldisclosure (Sep 10)
- KL-001-2024-012: VICIdial Authenticated Remote Code Execution KoreLogic Disclosures via Fulldisclosure (Sep 10)
- CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication RUBEN LOPEZ HERRERA (Sep 11)
- CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
- CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
- CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking RUBEN LOPEZ HERRERA (Sep 11)
- CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0 RUBEN LOPEZ HERRERA (Sep 11)
- APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-2 macOS Sequoia 15 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-3 tvOS 18 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-4 watchOS 11 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-5 visionOS 2 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-6 Safari 18 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-7 Xcode 16 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-9 macOS Sonoma 14.7 Apple Product Security via Fulldisclosure (Sep 16)
- APPLE-SA-09-16-2024-10 macOS Ventura 13.7 Apple Product Security via Fulldisclosure (Sep 16)
- Stored XSS to Account Takeover - htmlyv2.9.9 Andrey Stoykov (Sep 16)
- SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release SEC Consult Vulnerability Lab via Fulldisclosure (Sep 16)
- Backdoor.Win32.Delf.yj / Information Disclosure malvuln (Sep 18)
- Backdoor.Win32.CCInvader.10 / Authentication Bypass malvuln (Sep 18)
- Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution malvuln (Sep 18)
- Stored XSS in "Menu Editor" - htmlyv2.9.9 Andrey Stoykov (Sep 18)
- Stored XSS in "Edit Profile" - htmlyv2.9.9 Andrey Stoykov (Sep 18)
- Submit Exploit CVE-2024-42831 arfaoui haythem (Sep 23)
- CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204 Thomas Weber via Fulldisclosure (Sep 23)
- Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass) Patrick via Fulldisclosure (Sep 28)
- SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214) SEC Consult Vulnerability Lab via Fulldisclosure (Sep 28)
- Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73 Stefan Kanthak (Sep 28)
- Backdoor.Win32.Boiling / Remote Command Execution malvuln (Sep 28)
- Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH) malvuln (Sep 28)
- Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE) malvuln (Sep 28)
- Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH) malvuln (Sep 28)
- Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution malvuln (Sep 28)
- SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288) SEC Consult Vulnerability Lab via Fulldisclosure (Sep 30)