Mail Thread Index

• Date Index

• Re: [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
  • <Possible follow-ups>
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
  • Re: [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
• [FD] KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device, Kaustubh Padwad via Fulldisclosure
• [FD] KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender, Kaustubh Padwad via Fulldisclosure
• [FD] KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender, Kaustubh Padwad via Fulldisclosure
• [FD] APPLE-SA-2021-05-03-2 iOS 12.5.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-03-3 watchOS 7.4.1, Apple Product Security via Fulldisclosure
• Re: [FD] Three vulnerabilities found in MikroTik's RouterOS, Q C
  • Re: [FD] Three vulnerabilities found in MikroTik's RouterOS, Gynvael Coldwind
    • Re: [FD] Three vulnerabilities found in MikroTik's RouterOS, Q C
      • Re: [FD] Three vulnerabilities found in MikroTik's RouterOS, Gynvael Coldwind
  • <Possible follow-ups>
  • Re: [FD] Three vulnerabilities found in MikroTik's RouterOS, Q C
• Re: [FD] Four vulnerabilities found in MikroTik's RouterOS, Q C
• [FD] Four vulnerabilities found in MikroTik's RouterOS, Q C
  • <Possible follow-ups>
  • [FD] Four vulnerabilities found in MikroTik's RouterOS, Q C
• [FD] Trojan.Win32.Agent.xdtv / Insecure Permissions, malvuln
• [FD] Trojan.Win32.Siscos.bqe / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Floder.gqe / Insecure Permissions, malvuln
• [FD] Packed.Win32.Black.d / Unauthenticated Open Proxy, malvuln
• [FD] Backdoor.Win32.NinjaSpy.c / Remote Command Execution, malvuln
• [FD] SEC Consult SA-20210511-0 :: Cross-site Scripting Vulnerabilities in REWE GO, SEC Consult Vulnerability Lab
• [FD] Backdoor.Win32.MotivFTP.12 / Authentication Bypass RCE, malvuln
• [FD] Backdoor.Win32.Antilam.13.a / Unauthenticated Remote Command Execution, malvuln
• [FD] CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter., Marcel Keiffenheim
• [FD] Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0, Stefan Pietsch
• [FD] Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0, Stefan Pietsch
• [FD] [CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021), Call For Papers CPSIOTSEC21
  • <Possible follow-ups>
  • [FD] [CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021), Call For Papers CPSIOTSEC21
  • [FD] [CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021), Call For Papers CPSIOTSEC21
• [FD] Backdoor.Win32.Delf.zho / Authentication Bypass RCE, malvuln
• [FD] (u)rxvt terminal (+bash) remoteish code execution 0day, def
  • Re: [FD] (u)rxvt terminal (+bash) remoteish code execution 0day, def
• [FD] NiceHash Miner Excavator API Cross-Site Request Forgery, Harry Sintonen via Fulldisclosure
• [FD] Backdoor.Win32.Delf.abb / Insecure Transit, malvuln
• [FD] Backdoor.Win32.Agent.cy / Weak Hardcoded Credentials, malvuln
• [FD] Backdoor.Win32.Agent.cy / Insecure Transit, malvuln
• [FD] Backdoor.Win32.Agent.cy / Denial of Service, malvuln
• [FD] Backdoor.Win32.Agent.lyw / Remote Stack Buffer Overflow (UDP), malvuln
• [FD] Backdoor.Win32.Danton.43 / Weak Hardcoded Credentials RCE, malvuln
• [FD] Backdoor.Win32.Danton.43 / MITM Port Bounce Scan, malvuln
• [FD] Backdoor.Win32.Agent.oda / Remote Stack Buffer Overflow (UDP), malvuln
• [FD] Backdoor.Win32.Antilam.14.d / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.DarkMoon.a / Weak Hardcoded Password, malvuln
• [FD] Backdoor.Win32.DarkMoon.a / Insecure Transit, malvuln
• [FD] Backdoor.Win32.Delf.aez / Unauthenticated Remote Command Execution, malvuln
• [FD] Defense in depth -- the Microsoft way (part 77): access without access permission, Stefan Kanthak
• [FD] Backdoor.Win32.Psychward.c / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.Psychward.ds / Weak Hardcoded Password, malvuln
• [FD] Backdoor.Win32.RMFdoor.c / Authentication Bypass RCE, malvuln
• [FD] CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology, Roman Fiedler
• [FD] Cross-Site Scripting Vulnerability in Zen Cart 1.5.7, Daniel Bishtawi via Fulldisclosure
• [FD] Vol. 2 (2021) No. 1 of Journal of Cyber Forensics and Advanced Threat Investigations - Now Published, Andrew Zayine
• [FD] Backdoor.Win32.Singu.a / Remote Stack Buffer Overflow (UDP Datagram), malvuln
• [FD] Backdoor.Win32.SkyDance.216 / Remote Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Spirit.12.b / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Upload.a / Remote Denial of Service, malvuln
• [FD] Backdoor.Win32.Spion4 / Insecure Transit, malvuln
• [FD] Backdoor.Win32.Tonerok.d / Unauthenticated Remote Command Execution, malvuln
• ***UNCHECKED*** [FD] X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability, X41 D-Sec GmbH Advisories
• [FD] Unicorn Emulator 1.0.3 is out!, Nguyen Anh Quynh
• [FD] APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-8 Boot Camp 6.1.14, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-5 Safari 14.1.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-7 tvOS 14.6, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-2 macOS Big Sur 11.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-05-25-6 watchOS 7.5, Apple Product Security via Fulldisclosure
• [FD] KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account, KoreLogic Disclosures via Fulldisclosure
• [FD] QNAP MusicStation/MalwareRemover Pre-Auth Root Remote Code Execution, polict of Shielder via Fulldisclosure
• [FD] [KIS-2021-04] IPS Community Suite <= 4.5.4.2 (previewBlock) PHP Code Injection Vulnerability, research