fulldisclosure  

Messages by Thread

• [FD] APPLE-SA-01-27-2025-9 Safari 18.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-8 tvOS 18.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-7 watchOS 11.3 Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms in Wind River Software VxWorks RTOS SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-4 macOS Sequoia 15.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-3 iPadOS 17.7.4 Apple Product Security via Fulldisclosure
• [FD] Host Header Injection - atutorv2.2.4 Andrey Stoykov
• [FD] APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-27-2025-1 visionOS 2.3 Apple Product Security via Fulldisclosure
• [FD] AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310 Shaikh Shahnawaz
• [FD] Reflected XSS - atutorv2.2.4 Andrey Stoykov
• [FD] CVE-2024-48463 Rodolfo Tavares via Fulldisclosure
• [FD] CyberDanube Security Research 20250107-0 | Multiple Vulnerabilities in ABB AC500v3 Thomas Weber | CyberDanube via Fulldisclosure
• [FD] Asterisk Security Release 22.1.1 Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert4 Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-18.9-cert13 Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 18.26.1 Asterisk Development Team via Fulldisclosure
• [FD] [asterisk-dev] Asterisk Security Release 21.6.1 Asterisk Development Team
• [FD] [asterisk-dev] Asterisk Security Release 20.11.1 Asterisk Development Team
• [FD] Microsoft PlayReady - complete client identity compromise Security Explorations
• [FD] secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki Simon Bieber via Fulldisclosure
• [FD] OXAS-ADV-2024-0002: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] Microsoft PlayReady toolkit - codes release Security Explorations
• [FD] Live2D Cubism refusing to fix validation issue leading to heap corruption. PT via Fulldisclosure
• [FD] Microsoft PlayReady white-box cryptography weakness Security Explorations
• [FD] Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak
• [FD] Response to CVE-2023-26756 - Revive Adserver Matteo Beccati
• [FD] BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln
• [FD] SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure
• [FD] CVE-2024-31705 V3locidad
• [FD] SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano
• [FD] [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano
• [FD] Multiple Issues in concretecmsv9.2.7 Andrey Stoykov
• [FD] OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln
• [FD] CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet
• [FD] [CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine
• [FD] Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln
• [FD] CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure
• [FD] SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure
• [FD] SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure
• [FD] SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure
• [FD] Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations
• [FD] Intel PowerGadget 3.6 Local Privilege Escalation Julian Horoszkiewicz via Fulldisclosure
• [FD] Application is Vulnerable to Session Fixation YOGESH BHANDAGE
• [FD] APPLE-SA-03-25-2024-1 Safari 17.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-25-2024-6 visionOS 1.1.1 Apple Product Security via Fulldisclosure
• [FD] Escape sequence injection in util-linux wall (CVE-2024-28085) Skyler Ferrante (RIT Student) via Fulldisclosure
• [FD] Circontrol EV Charger vulnerabilities (CVE-2020-8006, CVE-2020-8007) Dariusz G
• [FD] Backdoor.Win32.Emegrab.b / Remote Stack Buffer Overflow (SEH) malvuln
• [FD] MetaFox Remote Shell Upload Exploit j0ck1ng@tempr.email
• [FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670) SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] HNS-2024-05 - HN Security Advisory - Multiple vulnerabilities in RT-Thread RTOS Marco Ivaldi
• [FD] APPLE-SA-03-12-2024-1 GarageBand 10.4.11 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-7 visionOS 1.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-6 tvOS 17.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-5 watchOS 10.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-07-2024-1 Safari 17.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 Apple Product Security via Fulldisclosure
• [FD] Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution malvuln
• [FD] StimulusReflex CVE-2024-28121 lixts via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier Valentin Lobstein via Fulldisclosure
• [FD] KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability KoreLogic Disclosures via Fulldisclosure
• [FD] SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318 Shaikh Shahnawaz
• [FD] Multiple XSS Issues in boidcmsv2.0.1 Andrey Stoykov
• [FD] XAMPP 5.6.40 - Error Based SQL Injection Andrey Stoykov
• [FD] BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass malvuln
• [FD] Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials malvuln
• [FD] BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution malvuln
• [FD] BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials malvuln
• [FD] Multilaser Router - Access Control Bypass through Cookie Manipulation - CVE-2023-38946 Vinícius Moraes
• [FD] Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945 Vinícius Moraes
• [FD] Multilaser Router - Access Control Bypass through Header Manipulation - CVE-2023-38944 Vinícius Moraes
• [FD] SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool Jeroen J.A.W. Hermans via Fulldisclosure
• [FD] Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass hyp3rlinx
• [FD] Microsoft Windows Defender / VBScript Detection Bypass hyp3rlinx
• [FD] Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3 hyp3rlinx
• [FD] 44CON 2024 September 18th - 20th CFP Florent Daigniere via Fulldisclosure
• [FD] SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] Stored XSS and RCE - adaptcmsv3.0.3 Andrey Stoykov
• [FD] OXAS-ADV-2023-0007: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] Android passkeys unexpectedly deleted or useless after sync Erik van Straten (FD)
• [FD] Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables Austin DeFrancesco via Fulldisclosure
• [FD] Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) Austin DeFrancesco via Fulldisclosure
• [FD] Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 2. hyp3rlinx
• [FD] Wyrestorm Apollo VX20 / Incorrect Access Control - Credentials Disclosure / CVE-2024-25735 hyp3rlinx
• [FD] Wyrestorm Apollo VX20 / Account Enumeration / CVE-2024-25734 hyp3rlinx
• [FD] Wyrestorm Apollo VX20 / Incorrect Access Control - DoS / CVE-2024-25736 hyp3rlinx
• [FD] IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318 hyp3rlinx
• [FD] APPLE-SA-02-02-2024-1 visionOS 1.0.2 Apple Product Security via Fulldisclosure
• [FD] Out-of-bounds read & write in the glibc's qsort() Qualys Security Advisory via Fulldisclosure
• [FD] CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() Qualys Security Advisory via Fulldisclosure
• [FD] Research about usage & possible issues of the NVD Andreas Hammer
• [FD] TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH) malvuln
• [FD] [KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability Egidio Romano
• [FD] CVEs based on commit messages Mark Esler
• [FD] Buffer overflow in Sane Meng Ruijie
• [FD] null pointer deference in tex-live Meng Ruijie
• [FD] null pointer deference in MiniZinc via a crafted Preferences.json file Meng Ruijie
• [FD] null pointer deference in LLVM Meng Ruijie
• [FD] null pointer deference in tex-live via a crafted cmr10.pfb Meng Ruijie
• [FD] null pointer deference in Sane via a crafted config file Meng Ruijie
• [FD] null pointer deference in MiniZinc via a crafted .mzn file Meng Ruijie
• [FD] Buffer Overflow in graphviz via via a crafted config6a file Meng Ruijie
  • Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file Matthew Fernandez
  • Re: [FD] Buffer Overflow in graphviz via via a crafted config6a file Matthew Fernandez
• [FD] NULL pointer dereference in QT via the function QXcbConnection::initializeAllAtoms() Meng Ruijie
• [FD] null pointer deference in nano via read_the_list() Meng Ruijie
  • Re: [FD] null pointer deference in nano via read_the_list() Mark Esler
• [FD] NULL pointer dereference in freedesktop Mesa via check_xshm() Meng Ruijie
  • Re: [FD] NULL pointer dereference in freedesktop Mesa via check_xshm() Dan Cross
• [FD] null pointer deference in gnome gtk via parse_settings() at xsettings-client.c Meng Ruijie
• [FD] SEGV in S-Lang via fixup_tgetstr() Meng Ruijie
• [FD] null pointer deference in gnome gtk via init_randr15() at gdkscreen-x11.c Meng Ruijie
• [FD] arithmetic exception in S-lang via the function tt_sprintf() Meng Ruijie
• [FD] null pointer deference in gnome gdk-pixbuf Meng Ruijie
• [FD] null pointer deference in GNU Midnight at /tty/x11conn.c Meng Ruijie
• [FD] NULL pointer dereference in glXGetDrawableScreen() of OpenGL libglvnd Meng Ruijie
• [FD] NULL pointer dereference in XIQueryDevice() of gnome gtk Meng Ruijie
• [FD] NULL pointer dereference in __glXGetDrawableAttribute() of Mesa Meng Ruijie
• [FD] NULL pointer dereference in the function handle_viminfo_register() of vim Meng Ruijie
  • [FD] NULL pointer dereference in the function handle_viminfo_register() of vim Christian Brabandt
• [FD] Null pointer deference in XGetWMHints() of Xfig Meng Ruijie
• [FD] Buffer Overflow in glXQueryServerString() of mesa Meng Ruijie
• [FD] NULL pointer dereference in tgetstr() of ncurses Meng Ruijie
• [FD] Null pointer dereference in Xedit Meng Ruijie
  • Re: [FD] Null pointer dereference in Xedit Alan Coopersmith
• [FD] Null pointer deference in freedesktop mesa Meng Ruijie
• [FD] Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031) Rahim, Mohaiman via Fulldisclosure
• [FD] Yet another fork()/malloc() bomb in javascript + SIGILL in Chrome Georgi Guninski
• [FD] TrojanSpy Win32 Nivdort / Insecure Permissions - EoP (SYSTEM) malvuln
• [FD] APPLE-SA-01-22-2024-9 tvOS 17.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-8 watchOS 10.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-01-22-2024-1 Safari 17.3 Apple Product Security via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-22903: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier Valentin Lobstein via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-22902: Default Root Credentials in Vinchin Backup & Recovery v7.2 and Earlier Valentin Lobstein via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier Valentin Lobstein via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-22899: Unpatched Command Injection in Vinchin Backup and Recovery Versions 7.2 and Earlier Valentin Lobstein via Fulldisclosure
• [FD] [Full Disclosure] CVE-2024-22900: Unpatched Command Injection in Vinchin Backup and Recovery Versions 7.2 and Earlier Balgogan via Fulldisclosure
• [FD] [SBA-ADV-20200707-02] CVE-2020-36772: CloudLinux CageFS 7.0.8-2 or below Insufficiently Restricted Proxy Command SBA - Advisory via Fulldisclosure
• [FD] [SBA-ADV-20200707-01] CVE-2020-36771: CloudLinux CageFS 7.1.1-1 or below Token Disclosure SBA - Advisory via Fulldisclosure
• [FD] Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2) Georgi Guninski
• [FD] Legends of IdleOn - I Reject Your RNG And Substitute My Own Soatok Dreamseeker
• [FD] Buffer over-read in dtls_sha256_update of TinyDTLS Meng Ruijie
• [FD] Misues same epoch number within TCP lifetime in TinyDTLS Meng Ruijie
• [FD] Assertion failure in check_certificate_request() of TinyDTLS Meng Ruijie
• [FD] Buffer over-read in TinyDTLS Meng Ruijie
• [FD] Infinite loop leading to buffer overflow in TinyDTLS Meng Ruijie
• [FD] Mishandle epoch number in TinyDTLS servers Meng Ruijie
• [FD] Incorrect handshake in TinyDTLS Meng Ruijie
• [FD] ODR violation in Redis Raft Meng Ruijie
  • Re: [FD] ODR violation in Redis Raft Jeffrey Walton
• [FD] Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL malvuln
• [FD] CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series Thomas Weber via Fulldisclosure
• [FD] cpio privilege escalation vulnerability via setuid files in cpio archive Georgi Guninski
  • Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive fulldisclosure
  • Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive Harry Sintonen via Fulldisclosure
  • Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive Georgi Guninski
  • Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive Harry Sintonen via Fulldisclosure
• [FD] OXAS-ADV-2023-0006: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] OXAS-ADV-2023-0005: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
• [FD] SSH-Snake: Automated SSH-Based Network Traversal Joshua Rogers
• [FD] RansomLord v2 - Anti-Ransomware Exploitation Tool / New Release hyp3rlinx
• [FD] Windows PowerShell Single Quote Code Execution / Event Log Bypass hyp3rlinx
• [FD] [ES2023-02] FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation Sandro Gauci
• [FD] asterisk release 20.5.1 Asterisk Development Team via Fulldisclosure
• [FD] asterisk release 18.20.1 Asterisk Development Team via Fulldisclosure
• [FD] CORRECTED asterisk release 21.0.1 Asterisk Development Team
• [FD] CORRECTED asterisk release certified-18.9-cert6 Asterisk Development Team
• [FD] [ES2023-03] RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation Sandro Gauci

• Earlier messages