Re: [FD] CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information

us.com/archive/1/536257 Is that issue related? Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Sent through the Full Disclosure mailin

[FD] Netgear CG3000 modem/router set password vulnerability

ems or routers. I reported the issue to Netgear (support case #26592620) but they did not seem interested. Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of S

[FD] Mathematica10.0.0 on Linux /tmp/MathLink vulnerability

The problem reported for Mathematica is present still at version 10.0.0 for the GUI interface (the command-line interface may be "safe"). Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney

[FD] Java 8u40 released: why?

l says the "security baseline" is 1.8.0_31 (unchanged). I do not notice any major "useability" issues fixed. So: why this out-of-band release? Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics Uni

Re: [FD] Java 8u40 released: why?

d, unusual that Oracle would release out-of-band. Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Sent through the Full Disclosure mai

Re: [FD] Java 8u40 released: why?

8u40_released My observation in the past was that Java updates came with the rest of the "quarterly CPU" cycle. Was that wrong, has something changed? Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics Univer

Re: [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs

en loaded and executed ... > ... > Vendor statement: > The MSRC assigned case 57439 to the above report, and replied with the > following statements: > | After investigation, our engineers have determine this this behavior > | is by-design and does not constitute as a vulnerability

[FD] Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack

stitution 9 July 2023 Qualys contacted via "community" post 16 July 2023 Qualys contacted via secur...@qualys.com 26 July 2023 CVE requested from bugrep...@qualys.com (a CNA partner) ==== -- Paul Szabo p...@m

[FD] BeyondTrust PRA connection takeover - CVE-2025-0217

=== Details Vendor: BeyondTrust Product: Privileged Remote Access (PRA) Subject: PRA connection takeover CVE ID: CVE-2025-0217 CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Author: Paul Szabo Date: 2025-05