VE identifier requested
[24/03/2024] - CVE identifier assigned
[05/04/2024] - Coordinated public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2024-30162 to this vulnerability.
[-] Credits:
Vulnerability discovered by
2024] - Vulnerability details sent to SSD Secure Disclosure
[12/03/2024] - Version 4.7.16 released
[20/03/2024] - CVE identifier requested
[24/03/2024] - CVE identifier assigned
[05/04/2024] - Coordinated public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (
ssigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Other References:
https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728
[-] Original Advisory:
http://karmainsecurity.com/KIS-2024-01
___
Sent
lic GitHub
issue: https://github.com/pkp/pkp-lib/issues/9464
[05/11/2023] - CVE identifier assigned
[17/11/2023] - Version 3.4.0-4 released
[14/12/2023] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assign
23] - Version 3.2.11p1 released
[27/10/2023] - CVE identifier assigned
[07/12/2023] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-46818 to this vulnerability.
[-] Credits:
Vulnerability discove
osure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-46817 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
https://karmainsecurity.com/KIS-2023-12
[-] Other References:
h
uested
[26/10/2023] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
https://karmainsecuri
erabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
https://karmainsecurity.com/KIS-2023-10
[-] Other References:
https://support.sugarcrm.com/resour
CVE-2023-4136 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano, working with IMQ Minded
Security.
[-] Original Advisory:
https://karmainsecurity.com/KIS-2023-09
[-] Other References:
https://docs.craftercms.org/en/4.1/security/advisory.html#cv-2023080
CVE-2023-35811 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
https://karmainsecurity.com/KIS-2023-08
[-] Other References:
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-
rability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
https://karmainsecurity.com/KIS-2023-07
[-] Other References:
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/
___
Sent through the Full Disclo
- Vendor notified
[12/04/2023] - Fixed versions released
[17/06/2023] - CVE number assigned
[23/08/2023] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-35809 to this vulnerability.
[-]
number assigned
[23/08/2023] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-35808 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://kar
leased
[09/01/2023] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-22851 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/K
.items.add(file);
fileInput.files = dataTransfer.files;
document.forms[0].submit();
[-] Solution:
Upgrade to version 24.1 or later.
[-] Disclosure Timeline:
[07/03/2022] - Vendor notified
[23/08/2022] - Version 24.1 released
[09/01/2023]
[08/03/2022] - Vendor notified
[23/08/2022] - Version 24.1 released
[09/01/2023] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-22853 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egi
ied
[09/01/2023] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2023-22852 to this vulnerability.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2
roject (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Other References:
https://security.drupal.org/node/175968
[-] Original Advisory:
http://karmainsecurity.com/KIS-2022-06
__
Hello list,
Just wanted to share with you my latest blog post:
http://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
Best regards,
/EgiX
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisc
ged by the vendor
[21/02/2021] - Vendor sent details about a proposed patch
[21/02/2021] - Sent feedback about the patch correctness
[29/03/2022] - Vendor update released
[29/03/2022] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has as
Hello again,
Just wanted to let you know I updated the blog post with some more details:
apparently, this technique could be abused to bypass WAFs such as OWASP
ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out!
/EgiX
On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano
wrote:
> He
Hello list,
I'd like to share with you my latest blog post. Hope you may find this
SQL injection exploitation technique interesting and potentially useful
for your penetration tests. Enjoy it!
Link: http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce
Best regards,
/EgiX
__
eased
[22/03/2022] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2021-26599 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Other References:
https://hackerone.com/reports/1081
es and Exposures project (cve.mitre.org)
has assigned the name CVE-2021-26598 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Other References:
https://hackerone.com/reports/1081137
[-] Original Advisory:
http://karmainsecurity.com/KIS-2022-03
___
d Exposures project (cve.mitre.org)
has assigned the name CVE-2021-26601 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Other References:
https://hackerone.com/reports/1081878
[-] Original Advisory:
http://karmainsecurity.com/KIS-2022-02
__
resolved and will be in
ImpressCMS 1.4.3
[03/02/2021] - CVE number assigned
[06/02/2022] - Version 1.4.3 released
[22/03/2022] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2021-26600 to this vulnerability
fixed
[02/06/2021] - Asked for an update, no response
[06/07/2021] - Asked for an update, no response
[16/07/2021] - CVE number assigned
[19/07/2021] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2021-36766 to t
tified through HackerOne
[27/12/2020] - Vendor released a targeted patch
[05/01/2021] - Vendor released version 4.5.4.2
[05/01/2021] - CVE number assigned
[06/01/2021] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name
the end of the year
[30/12/2020] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-26165 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio
org)
has assigned the name CVE-2020-17373
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17373> to this
vulnerability.
*• Credits:*
Vulnerability discovered by Egidio Romano.
___
Sent through the Full Disclosure mailing list
https://nmap.or
blic disclosure
*• CVE Reference:*
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-17372
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17372> to these
vulnerabilities.
*• Credits:*
Vulnerabilities discov
numbers assigned
[30/06/2020] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-13380 to vulnerabilities (1) and (2),
and name CVE-2020-13381 for the other vulnerabilities.
[-] Credits:
Vulnerabilities discovered
xed
[22/05/2020] - CVE number assigned
[30/06/2020] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-13383 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisor
20] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-13382 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS
d
[10/02/2020] - Version 7.11.11 released
[12/02/2020] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-8804 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Origina
has assigned the name CVE-2020-8803 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2020-04
___
Sent through the Full Disclosure mailing list
https://nmap.or
sure intention, no
response
[07/02/2020] - CVE number assigned
[12/02/2020] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-8802 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Roma
mitre.org)
has assigned the name CVE-2020-8801 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2020-02
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
CVE-2020-8800 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2020-01
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/full
it.io/JeD2U
[02/11/2019] - CVE number assigned
[02/12/2019] - Versions 7.8 released
[04/12/2019] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-18662 to this vulnerability.
[-] Credits:
Vulnerabili
ary PHP objects into the application
scope
(PHP Object Injection via phar:// stream wrapper), allowing them to
carry
out a variety of attacks, such as executing arbitrary PHP code.
[-] Solution:
Upgrade to version 9.0.2, 8.0.4, or later.
[-] Disclosure Timeline:
[07/02/2019] - Vendor notified
ary PHP code.
15) The vulnerability exists because the "authenticateDownloadKey()"
function is using the
unserialize() function with the "license_validation_key" setting
variable, and such a value
can be arbitrarily manipulated in different ways. This can be exploit
to .php the file extension for the system log file.
Successful
exploitation of this vulnerability requires a System Administrator
account.
[-] Solution:
Upgrade to version 9.0.2, 8.0.4, or later.
[-] Disclosure Timeline:
[07/02/2019] - Vendor notified
[01/10/2019] - Versions 9.0.2 and 8
meline:
[07/02/2019] - Vendor notified
[01/10/2019] - Versions 9.0.2 and 8.0.4 released
[10/10/2019] - Publication of this advisory
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2
parameter to
"Administration" and the "parent_type"
parameter to "expandDatabase" or any other action which does not
implement ACL checks).
[-] Solution:
Upgrade to version 9.0.2, 8.0.4, or later.
[-] Disclosure Timeline:
[07/02/2019] - Vendor notified
[01/10/
d before being used to construct a SQL query. This can
be exploited
by malicious users to e.g. read sensitive data from the database through
in-band SQL Injection attacks.
[-] Solution:
Upgrade to version 9.0.2, 8.0.4, or later.
[-] Disclosure Timeline:
[07/02/2019] - Vendor notified
[01
[-] Disclosure Timeline:
[07/02/2019] - Vendor notified
[01/10/2019] - Versions 9.0.2 and 8.0.4 released
[10/10/2019] - Publication of this advisory
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2019-03
[-] Other References:
htt
posures project (cve.mitre.org)
has assigned the name CVE-2019-17132 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2019-02
___
Sent through the Full Disclosur
ties and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-17271 to these vulnerabilities.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2019-01
___
Sent through the Full Dis
published
[31/12/2018] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainse
ublished
[31/12/2018] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecu
ublished
[31/12/2018] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecu
s advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2018-05
[-] Other Referenc
- Fixed versions released and security advisory published
[31/12/2018] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio R
t assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2018-03
[-] Other References:
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2018-003/
__
12/2018] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-
16/01/2018] - Oracle fixed the issue in the January Critical Patch Update (CPU)
[31/12/2018] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2018-2699 to this vulnerability.
[-] Credits:
Vulnerability discove
Exposures project (cve.mitre.org) has assigned
the name CVE-2017-7411 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2017-02
___
Sent through the Full Disclosure mai
Hello list,
Tonight I'd like to share with you my latest blog post. Enjoy!
Link: http://karmainsecurity.com/tales-of-sugarcrm-security-horrors
Best regards,
/EgiX
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/full
/02/security
[06/02/2017] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2017-5677 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-
se
[17/02/2016] - Bug bounty received
[11/04/2016] - Version 2.16.1 released:
http://piwik.org/changelog/piwik-2-16-1/
[16/06/2016] - CVE number requested
[07/11/2016] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned
bilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2016-5313 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-12
___
Sent through th
er assigned
[07/07/2016] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2016-6174 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecuri
advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-10
[-] Other References
;post('msgstr'));
116.}
User input passed through the "msgstr" POST parameter is not properly sanitized
before being stored.
This can be exploited by an authenticated attacker to permanently store
arbitrary script code within the
database, which might be executed by anoth
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-08
[-] Other References:
https://hackerone.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-07
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
olution is currently available against the SSRF and XSS attack
vectors.
[-] Disclosure Timeline:
[15/10/2014] - Vendor notified
[15/12/2014] - Version 6.5.19 CE released: http://bit.do/sugar6519
[29/04/2015] - CVE number requested
[23/06/2016] - Public disclosure
[-] CVE Reference:
T
-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-05
_
abilities and Exposures project (cve.mitre.org)
has not assigned a CVE identifier for these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-04
___
Sent through the Fu
tre.org)
has not assigned a CVE identifier for this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2016-03
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Hello list,
Tonight I'd like to share with you my latest blog post. Seeing my personal
experience with the
Magento bug bounty program (and even experiences from other security
researchers), it looks like
they truly believe in a "security through obscurity" methodology. I'm quite
disappointed by
Hello list,
Tonight I'd like to share with you my latest blog post. Seeing my personal
experience with the
Magento bug bounty program (and even experiences from other security
researchers), it looks like
they truly believe in a "security through obscurity" methodology. I'm quite
disappointed by
re in RSS feed) have been accepted and you will be
receiving a bounty of USD $9,000."
[02/02/2016] - CVE number assigned
[12/02/2016] - Bug bounty received
[23/02/2016] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assign
n updated
[01/12/2015] - CVE number requested
[01/12/2015] - CVE number assigned
[12/01/2016] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2015-8379 to this vulnerability.
[-] Credits:
Vulnerability discove
-2015-7816 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2015-10
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
angelog/piwik-2-15-0
[04/11/2015] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2015-7815 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
er requested
[05/10/2015] - CVE number assigned
[06/10/2015] - After one year still no official solution available
[04/11/2015] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2015-7712 to this vulnerability.
[-]
e.mitre.org)
has assigned the name CVE-2015-7711 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2015-07
___
Sent through the Full Disclosure mailing list
https://nma
er requested
[05/10/2015] - CVE number assigned
[04/11/2015] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-9753 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisor
-9752 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2015-05
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archive
E number assigned
[11/09/2015] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2015-6497 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano of Minded Security.
[-] Original Advisory:
4] - CVE number requested
[11/06/2014] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has not
assigned a name to this vulnerability yet.
[-] Credits:
Vulnerability discovered by Egidio Romano of Minded Security.
[-] O
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
[-] Software Link:
https://www.concrete5.org/
[-] Affected Vers
isory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has not
assigned a name to this vulnerability yet.
[-] Credits:
Vulnerability discovered by Egidio Romano of Minded Security.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2015-01
[-] Other Refer
ssigned the name CVE-2014-7285 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano, Secunia Research.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-19
___
Sent through the Full Disclosure mailing list
http
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-7146 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-18
__
(cve.mitre.org)
has assigned the name CVE-2014-8790 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-17
___
Sent through the Full Disclosure mailing list
http:
[31/12/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-8085 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/K
pdate to version 3.4.3 or later.
[-] Disclosure Timeline:
[29/09/2014] - Vendor notified
[29/09/2014] - Vendor response
[09/10/2014] - Version 3.4.3 released:
http://blog.osclass.org/2014/10/09/osclass-3-4-3
[09/10/2014] - CVE number requested
[11/10/2014] - CVE number assigned
[31/12/2014] - Pub
3 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-14
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
W
[11/10/2014] - CVE number requested
[13/11/2014] - CVE number assigned
[13/11/2014] - Version 7.7 released
[27/11/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-8791 to this vulnerability.
[-] Credits
rg)
has assigned the name CVE-2014-8082 to this weakness.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-12
___
Sent through the Full Disclosure mailing list
http://nmap.org/
/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-8081 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karma
mon Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-5298 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-10
___
Sent through the F
http://x2community.com/?showtopic=1804
[01/08/2014] - CVE number requested
[16/08/2014] - CVE number assigned
[05/09/2014] - Version 4.2 released
[23/09/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-52
Vendor replied there's no need to alert its users because the
vulnerability is very weak
[14/07/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3990 to this vulnerability.
[-]
ty to publish as well the the ability to manage your own
> media.
>
> Feel free to edit as you would like and make a pull request!
>
> https://gist.github.com/brandonprry/efc0765c342a44a0dedb
>
>
> On Wed, Ma
r requested
[19/05/2014] - CVE number assigned
[21/05/2014] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3783 to this vulnerability.
[-] Credits:
Vulnerability disc
its:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-06
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://secli
1 - 100 of 101 matches
Mail list logo
