date:20240313

[FD] MetaFox Remote Shell Upload Exploit

2024-03-13 Thread j0ck1ng@tempr.email

#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: "Social network for niche communities"# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport requestsimport sysif len(sys.argv) != 4: sys.exit("Usage: %s " % sys.a

[FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

2024-03-13 Thread SEC Consult Vulnerability Lab, Research via Fulldisclosure

SEC Consult Vulnerability Lab Security Advisory < 20240307-0 > === title: Local Privilege Escalation via writable files product: Checkmk Agent vulnerable version: 2.0.0, 2.1.0, 2.2.0 fixed versi

[FD] HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS

2024-03-13 Thread Marco Ivaldi

Hi, Please find attached a security advisory that describes multiple vulnerabilities we discovered in RT-Thread RTOS. * Title: Multiple vulnerabilities in RT-Thread RTOS * OS: RT-Thread <= 5.0.2 * Author: Marco Ivaldi * Date: 2024-03-05 * CVE IDs and advisory URLs: * CVE-2024-24334 - https://g

[FD] APPLE-SA-03-12-2024-1 GarageBand 10.4.11

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-12-2024-1 GarageBand 10.4.11 GarageBand 10.4.11 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214090. Apple maintains a Security Updates page at https://support.a

[FD] APPLE-SA-03-07-2024-7 visionOS 1.1

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-7 visionOS 1.1 visionOS 1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214087. Apple maintains a Security Releases page at https://support.apple.com

[FD] APPLE-SA-03-07-2024-6 tvOS 17.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-6 tvOS 17.4 tvOS 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214086. Apple maintains a Security Releases page at https://support.apple.com/HT201

[FD] APPLE-SA-03-07-2024-5 watchOS 10.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-5 watchOS 10.4 watchOS 10.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214088. Apple maintains a Security Releases page at https://support.apple.com

[FD] APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 macOS Monterey 12.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214083. Apple maintains a Security Releases page at https:/

[FD] APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 macOS Ventura 13.6.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214085. Apple maintains a Security Releases page at https://s

[FD] APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 macOS Sonoma 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214084. Apple maintains a Security Releases page at https://support

[FD] APPLE-SA-03-07-2024-1 Safari 17.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-07-2024-1 Safari 17.4 Safari 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214089. Apple maintains a Security Releases page at https://support.apple.com/H

[FD] APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6 iOS 16.7.6 and iPadOS 16.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214082. Apple maintains a Security Releases p

[FD] APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

2024-03-13 Thread Apple Product Security via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 iOS 17.4 and iPadOS 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214081. Apple maintains a Security Releases page at h

[FD] Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

2024-03-13 Thread malvuln

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Beastdoor.oq Vulnerability: Unauthenticated Remote Command Execution Des

[FD] StimulusReflex CVE-2024-28121

2024-03-13 Thread lixts via Fulldisclosure

StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. ## Vulnerable code excerpt stimulus_reflex/lib/stimulus_reflex/reflex.rb ``` # Invoke the reflex action specified by `name` and run all callback

[FD] [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

2024-03-13 Thread Valentin Lobstein via Fulldisclosure

CVE ID: CVE-2024-25228 Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A critical security vulnerability has been discovered in the `getVerifydiyResult` function within the `ManoeuvreHandler.cl

[FD] MetaFox Remote Shell Upload Exploit

[FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

[FD] HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS

[FD] APPLE-SA-03-12-2024-1 GarageBand 10.4.11

[FD] APPLE-SA-03-07-2024-7 visionOS 1.1

[FD] APPLE-SA-03-07-2024-6 tvOS 17.4

[FD] APPLE-SA-03-07-2024-5 watchOS 10.4

[FD] APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

[FD] APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

[FD] APPLE-SA-03-07-2024-2 macOS Sonoma 14.4

[FD] APPLE-SA-03-07-2024-1 Safari 17.4

[FD] APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6

[FD] APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4

[FD] Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

[FD] StimulusReflex CVE-2024-28121

[FD] [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

16 matches

Site Navigation

Mail list logo

Footer information