fulldisclosure  

Messages by Thread

• [FD] CVE-2020-2656 - Low impact information disclosure via Solaris xlock Marco Ivaldi
• [FD] CVE-2019-19697 / Trend Micro Security 2019 (Consumer) / Security Bypass Protected Service Tampering hyp3rlinx
• [FD] CVE-2019-20357 / Trend Micro Security (Consumer) / Persistent Arbitrary Code Execution hyp3rlinx
• [FD] [TOOL] Permanent SD Card Locker (Read Only) Thierry Zoller
• [FD] [TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) Thierry Zoller
• [FD] [TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG) Thierry Zoller
• [FD] [TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS) Thierry Zoller
• [FD] [TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size) Thierry Zoller
• [FD] [PATCH] (security) launcher: don't attempt to execute arbitrary binaries Enrico Weigelt, metux IT consult
• [FD] [TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2) Thierry Zoller
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext 11.1.47 Daniel Bishtawi
• [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS Q C
• [FD] Microsoft Windows VCF Card / Mailto Link Denial Of Service hyp3rlinx
• [FD] Fortinet FortiSIEM Hardcoded SSH Key Andrew Klaus
  • Re: [FD] Fortinet FortiSIEM Hardcoded SSH Key Fortinet PSIRT
• [FD] [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information) Thierry Zoller
  • Re: [FD] [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information) Thierry Zoller
• [FD] [TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag) Thierry Zoller
• [FD] [TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO) Thierry Zoller
• [FD] Open-Xchange Security Advisory 2020-01-02 Open-Xchange GmbH via Fulldisclosure
• [FD] CA20191218-01: Security Notice for CA Client Automation Agent for Windows Kevin Kotas via Fulldisclosure
• [FD] New BlackArch Linux ISOs + OVA Image available! Black Arch
• [FD] Microsoft Windows .Group File / URL Field Code Execution hyp3rlinx
• [FD] Microsoft Exchange Server, External Service Interaction (DNS) Alphan YAVAS
• [FD] [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes RedTeam Pentesting GmbH
• [FD] [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts RedTeam Pentesting GmbH
• [FD] Deutsche Bahn Ticket Vending Machine Windows XP - Local Kiosk Privilege Escalation Vulnerability Vulnerability Lab
• [FD] D-Link DIR-615 — Vertical Prviliege Escalation Sanyam Chawla
• [FD] Squiz Matrix CMS <= 5.5.3.2 - Multiple Issues may lead to Remote Code Execution Stephen Shkardoon
• [FD] CSV injection vulnerability in SolarWinds Serv-U FTP Server Richard Tan via Fulldisclosure
• [FD] Stored Cross-Site Scripting in Serv-U FTP Server Richard Tan via Fulldisclosure
• [FD] Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) Qualys Security Advisory
• [FD] APPLE-SA-2019-12-10-8 watchOS 6.1.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-7 Xcode 11.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-6 Safari 13.0.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-5 tvOS 13.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-4 watchOS 5.3.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-2 iOS 12.4.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 Apple Product Security via Fulldisclosure
• [FD] CA20191210-01: Security Notice for CA Automic Sysload Ken Williams via Fulldisclosure
• [FD] CVE-2019-12750 - Exploitation Write-ups Kyriakos Economou
• [FD] SEC Consult SA-20191211-0 :: File Extension Spoofing in Windows Defender Antivirus SEC Consult Vulnerability Lab
• [FD] CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server Rick Verdoes via Fulldisclosure
• [FD] CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server Rick Verdoes via Fulldisclosure
• [FD] CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server Rick Verdoes via Fulldisclosure
• [FD] CA20191209-01: Security Notice for CA Nolio (Release Automation) Kevin Kotas via Fulldisclosure
• [FD] [AIT-SA-20191129-01] CVE-2019-16885: Unauthenticated remote code execution in OkayCMS sec-advisory
• [FD] Authentication vulnerabilities in OpenBSD Qualys Security Advisory
• [FD] SiteVision Insufficient Module Access Control Oscar Hjelm
• [FD] SiteVision Remote Code Execution Oscar Hjelm
• [FD] Symantec Endoint Security LPE CVE-2019-12750 Kyriakos Economou
• [FD] External Service Interaction (DNS) on Skype for Business Alphan YAVAS
• [FD] [KIS-2019-10] YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability Egidio Romano
• [FD] Windows Kernel DirectX - Local Denial Of Service Victor Portal Gonzalez
• [FD] CarolinaCon 16 CFP is now OPEN Carolina Con
• [FD] XXE in BMC Smart Reporting 7.3 20180418 - CVE-2019-11216 david herrero
• [FD] Reflected XSS in CSS Hero (v.4.0.3) Ho oper Ca ry
• [FD] Microsoft Windows Media Center / XXE MotW Bypass (Anniversary Edition) hyp3rlinx
• [FD] Microsoft Visual Studio 2008 Express IDE / XML External Entity Injection hyp3rlinx
• [FD] Microsoft Excel 2016 v1901 / Import Error XML External Entity Injection hyp3rlinx
• [FD] SEC Consult SA-20191203-0 :: Multiple vulnerabilites in Fronius Solar Inverter Series SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20191202-0 :: Multiple Critical Vulnerabilities in SALTO ProAccess SPACE SEC Consult Vulnerability Lab
• [FD] Max Secure Anti Virus Plus - 19.0.4.020 / CVE-2019-19382 Insecure Permissions hyp3rlinx
• [FD] CVE-2019-18922; Directory Traversal; Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] Sprenger, Nicolas Hendrik
• [FD] [SYSS-2019-027]: Inateck BCST-60 Barcode Scanner - Keystroke Injection Vulnerability (CVE-2019-12503) Matthias Deeg
• [FD] NAPC Xinet Elegant 6 Asset Library Web Interface v6.1.655 / Pre-Auth SQL Injection 0Day hyp3rlinx
• [FD] CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable Marcin Kozlowski
• [FD] Vulnerability in MiBox3 Bug Reporter
• [FD] pari/gp on debian stable allow arbitrary file write Georgi Guninski
• [FD] Anhui Huami Mi Fit Android Application - Unencrypted Update Check David Coomber
  • Re: [FD] Anhui Huami Mi Fit Android Application - Unencrypted Update Check Tim
• [FD] [CFP] Security BSides Ljubljana 0x7E4 | April 4, 2020 Andraz Sraka
• [FD] SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products SEC Consult Vulnerability Lab
  • Re: [FD] SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products SEC Consult Vulnerability Lab
• [FD] arbitrary file capture in Kaspersky Total Security 2019 p3rd1d0s via Fulldisclosure
• [FD] AST-2019-008: Re-invite with T.38 and malformed SDP causes crash. Asterisk Security Team
• [FD] AST-2019-007: AMI user could execute system commands. Asterisk Security Team
• [FD] AST-2019-006: SIP request can change address of a SIP peer. Asterisk Security Team
• [FD] CVE-2019-16758 Lexmark Services Monitor 2.27.4.0.39 Directory Traversal Kevin R
• [FD] XSSer v.1.8[2] - "The Hiv3!" released psy
• [FD] [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius sec-advisory
• [FD] c0c0n 2020 Middle East| Abu Dhabhi | The cy0ps c0n - CFP & CFW is Open ! Prajwal Panchmahalkar
• [FD] Raritan CommandCenter Secure Gateway XSS Vulnerability on < 8.0 okan coskun
• [FD] Raritan CommandCenter Secure Gateway XML External Entity < 8.0 okan coskun
• [FD] Stored XSS Vulnerability on TP-Link Archer VR300 v1 okan coskun
• [FD] WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution Prestigia
• [FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311] infinitybuzz via Fulldisclosure
• [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299] infinitybuzz via Fulldisclosure
• [FD] Centraleyezer: Unrestricted File Upload -[CVE-2019-12271] infinitybuzz via Fulldisclosure
• [FD] Getting the server ip from a hosted XenForo CMS Hacxx Under 2
• [FD] ScanGuard Antivirus (latest version) / Insecure Permissions hyp3rlinx
• [FD] Vulnerability Disclosure and CVE assign Alphan YAVAS
• [FD] Minor security issue in punbb with SQLite Georgi Guninski
• [FD] Insecure Defaults in Adobe’s Mobile SDKs Nightwatch Cybersecurity Research
• [FD] Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23 Daniel Bishtawi
• [FD] APPLE-SA-2019-11-01-1 Xcode 11.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-3 tvOS 13.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-4 watchOS 6.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-5 Safari 13.0.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13 Apple Product Security via Fulldisclosure
• [FD] RootedCON 2020 Call For Papers is open! omarbv
• [FD] SEC Consult SA-20191029-0 :: Authentication Bypass in eIDAS-Node (European #eGovernment cross-border authentication) SEC Consult Vulnerability Lab
• [FD] [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC RedTeam Pentesting GmbH
• [FD] [RT-SA-2019-013] Unsafe Storage of Credentials in Carel pCOWeb HVAC RedTeam Pentesting GmbH
• [FD] Gift Certificates and More: A complete lack of security Security Researcher
• [FD] Trend Micro Anti-Threat Toolkit (ATTK) <= v1.62.0.1218 Remote Code Execution 0day CVE-2019-9491 hyp3rlinx
• [FD] Sangoma SBC bypass authentication via argument injection - CVE-2019-12148 Security Team Appsecco via Fulldisclosure
• [FD] Sangoma SBC local sudo user creation vulnerability without authentication - CVE-2019-12147 Security Team Appsecco via Fulldisclosure
• [FD] CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver Marco Ivaldi
• [FD] CVE 2019-2215 Android Binder Use After Free Marcin Kozlowski
• [FD] CA20191015-01: Security Notice for CA Performance Management Kevin Kotas via Fulldisclosure
• [FD] Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001] CERT
• [FD] WiKID 2FA Enterprise Server Multiple Issues Aaron Bishop
• [FD] reinersct: receiving annual awards for trivial insecurity Thegirl Wholearnedtocode
• [FD] Tomedo Server - Weak encryption mech. ProSec Security Team
• [FD] APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu Apple Product Security via Fulldisclosure
• [FD] Reflected XSS via Broken Link Checker v.1.11.8 WordPress Plugin Ismail Doe
• [FD] [CFP] BSides San Francisco – February 2020 BSidesSF CFP via Fulldisclosure
• [FD] SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject SEC Consult Vulnerability Lab
• [FD] [SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg
• [FD] [SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg
• [FD] [SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Matthias Deeg
• [FD] Open-Xchange Security Advisory 2019-10-09 Martin Heiland via Fulldisclosure
• [FD] Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Daniel Bishtawi
• [FD] [KIS-2019-09] SugarCRM <= 9.0.1 Multiple Phar Deserialization Vulnerabilities Egidio Romano
• [FD] [KIS-2019-08] SugarCRM <= 9.0.1 Multiple PHP Object Injection Vulnerabilities Egidio Romano
• [FD] [KIS-2019-07] SugarCRM <= 9.0.1 Multiple PHP Code Injection Vulnerabilities Egidio Romano
• [FD] [KIS-2019-06] SugarCRM <= 9.0.1 Multiple Path Traversal Vulnerabilities Egidio Romano
• [FD] [KIS-2019-05] SugarCRM <= 9.0.1 Multiple Broken Access Control Vulnerabilities Egidio Romano
• [FD] [KIS-2019-04] SugarCRM <= 9.0.1 Multiple SQL Injection Vulnerabilities Egidio Romano
• [FD] [KIS-2019-03] SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano
• [FD] RENPHO iOS missing encryption and integrity check ProSec Security Team
• [FD] APPLE-SA-2019-10-07-4 iCloud for Windows 7.14 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-1 macOS Catalina 10.15 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-3 iCloud for Windows 10.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1 Apple Product Security via Fulldisclosure
• [FD] CVE-2019-17128: OmniCenter 12.1.1 – Unauthenticated SQL Injection Luis Rios
• [FD] Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 TIMMERMAN, Jens
• [FD] [KIS-2019-02] vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability Egidio Romano
• [FD] vBulletin <= 5.5.4 Two SQL Injection Vulnerabilities Egidio Romano
• [FD] [AIT-SA-20190930-01] CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus Wolfgang
• [FD] CA20190930-01: Security Notice for CA Network Flow Analysis Kevin Kotas via Fulldisclosure
• [FD] Bsides Lisbon 2019 Trainings Claudio Andre
• [FD] APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1 Apple Product Security via Fulldisclosure
• [FD] PDFex: Security weakness in PDF encryption Jens Müller via Fulldisclosure
• [FD] Duplicator Pro <= 1.3.14: Local Information Disclosure Fulldisclosure Team
• [FD] Metasploit Pro Includes a 4 year old Java Runtime with 223 vulnerabilities 53 being critical Anthony Cicalla
• [FD] Fortinet FortiSIEM - Improper Certificate Validation Andrew Klaus
• [FD] APPLE-SA-2019-9-26-9 Safari 13.0.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-7 Xcode 11.0 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-6 tvOS 13 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-5 watchOS 6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-3 iOS 13 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-4 Safari 13 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-9-26-1 iOS 12.4.2 Apple Product Security via Fulldisclosure
• [FD] DOM based XSS (Login page) in "GFI Kerio Control" Firewalls v9.3.0 / CVE-2019-16414 - working exploit attached Michael Eissele
• [FD] SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade SEC Consult Vulnerability Lab
• [FD] [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android FotaAgent Component flanker
• [FD] [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component flanker
• [FD] vBulletin 5.x 0day pre-auth RCE exploit i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure
• [FD] XSSer v.1.8[1] - "The Hive!" released psy
• [FD] Bug Bounty Competition 2019 Vulnerability Lab
• [FD] Reflected XSS – HRworks Login (v1.16.1) Georg Ph E Heise via Fulldisclosure
• [FD] SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF SEC Consult Vulnerability Lab
• [FD] Insecure tmpdir() use in dbtoepub.rb in docbook / xslt10-stylesheets Shlomi Fish
• [FD] Piwigo - Version 2.9.5 [CVE-2019-13363, CVE-2019-13364 ] rant
• [FD] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery Manuel Garcia Cardenas
• [FD] SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey SEC Consult Vulnerability Lab
• [FD] [CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections Info
• [FD] [CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS Info
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1 Daniel Bishtawi
• [FD] NtFileSins v2.1 / Windows NTFS Privileged File Access Enumeration Tool hyp3rlinx
• [FD] CVE-2018-18809 Path traversal in Tibco JasperSoft Elar Lang
• [FD] CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA) Kevin Kotas via Fulldisclosure
• Re: [FD] CVE 2019-13224 (UAF in PHP and Ruby regex lib) Marcin Kozlowski
• [FD] NtFileSins v2 / Windows NTFS Privileged File Access Enumeration Tool hyp3rlinx
• [FD] Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability Vulnerability Lab
• Re: [FD] Totaljs CMS authenticated path traversal (could lead to RCE) paw
• [FD] Windows NTFS / Privileged File Access Enumeration hyp3rlinx
• [FD] AST-2019-005: Remote Crash Vulnerability in audio transcoding Asterisk Security Team
• [FD] AST-2019-004: Crash when negotiating for T.38 with a declined stream Asterisk Security Team
• [FD] SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X SEC Consult Vulnerability Lab

• Later messages