Mail Thread Index

• Date Index

• [FD] Email-Worm.Win32.Deltad / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Coredoor.10.a / Port Bounce Scan, malvuln
• [FD] Backdoor.Win32.Coredoor.10.a / Authentication Bypass RCE, malvuln
• [FD] CA20211201-01: Security Notice for CA Network Flow Analysis, Ken Williams via Fulldisclosure
• [FD] CVE-2021-37253: M-Files Web Improper Range Header Processing Denial of Services (DoS) Vulnerability, Murat Aydemir
• [FD] SEC Consult SA-20211202-0 :: Multiple vulnerabilities in OrbiTeam BSCW Server, Functional Account, SEC Consult Vulnerability Lab
• [FD] usd AG Security Advisories 11/2021, Responsible Disclosure via Fulldisclosure
• [FD] Trojan.Win32.Mucc.ivk / Insecure Service Path, malvuln
• [FD] Backdoor.Win32.Vernet.axt / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Bionet.10 / Authentication Bypass RCE, malvuln
• [FD] Backdoor.Win32.WinShell.50 / Weak Hardcoded Password, malvuln
  • <Possible follow-ups>
  • [FD] Backdoor.Win32.WinShell.50 / Weak Hardcoded Password, malvuln
• [FD] [RT-SA-2021-004] Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass, RedTeam Pentesting GmbH
• [FD] [RT-SA-2021-005] Auerswald COMpact Privilege Escalation, RedTeam Pentesting GmbH
• [FD] [RT-SA-2021-006] Auerswald COMpact Arbitrary File Disclosure, RedTeam Pentesting GmbH
• [FD] [RT-SA-2021-007] Auerswald COMpact Multiple Backdoors, RedTeam Pentesting GmbH
• [FD] Microsoft Internet Explorer / ActiveX Control Security Bypass, hyp3rlinx
• [FD] (Reprise License Manager) RLM 14.2 - Unauthenticated User Enumeration, Gionathan Reale via Fulldisclosure
  • [FD] (Reprise License Manager) RLM 14.2 - Unauthenticated Password Change, Gionathan Reale via Fulldisclosure
    • [FD] (Reprise License Manager) RLM 14.2 - Unauthenticated Session Hijacking, Gionathan Reale via Fulldisclosure
  • [FD] (Reprise License Manager) RLM 14.2 - Authenticated Buffer Overflow, Gionathan Reale via Fulldisclosure
    • [FD] (Reprise License Manager) RLM 14.2 - Authenticated Remote Binary Execution, Gionathan Reale via Fulldisclosure
• [FD] [SYSS-2021-061] Oracle Database - NNE Connection Hijacking, Moritz Bechler
• [FD] [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation, Moritz Bechler
• [FD] SEC Consult SA-20211213-0 :: Multiple vulnerabilities in AbanteCart e-commerce platform, ., SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20211213-1 :: Stored Cross Site Scripting in Sofico Miles RIA, ., SEC Consult Vulnerability Lab
• [FD] Backdoor.Win32.Mechbot.a / Insecure Permissions, malvuln
• [FD] Backdoor.IRC.Subhuman / Unauthenticated Open Proxy, malvuln
• [FD] Backdoor.Win32.Asylum.014 / Cleartext Password Storage, malvuln
• [FD] Backdoor.Win32.Nucleroot.mf / Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Ncx.b / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.Ncx.b / Remote Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.BackAttack.20 / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.BackAttack.20 / Authentication Bypass RCE, malvuln
• [FD] Backdoor.Win32.FTP.Matiteman / Weak Hardcoded Password, malvuln
• [FD] Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Ramus / Unauthenticated Remote Code Execution, malvuln
• [FD] Backdoor.Win32.Phase.11 / Unauthenticated Remote Command Execution, malvuln
• [FD] SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG, ħ, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG, ħ, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20211214-2 :: Remote ABAP Code Injection in SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER, ħ, SEC Consult Vulnerability Lab
• [FD] Trovent Security Advisory 2109-01 / CVE-2021-41843: Authenticated SQL injection in OpenEMR calendar search, Stefan Pietsch
• [FD] APPLE-SA-2021-12-15-1 iOS 15.2 and iPadOS 15.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-2 macOS Monterey 12.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-3 macOS Big Sur 11.6.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-5 tvOS 15.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-6 watchOS 8.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-12-15-7 Safari 15.2, Apple Product Security via Fulldisclosure
• [FD] RootedCON 2022 Call For Papers is open!, omarbv
• [FD] Backdoor.Win32.BNLite / Remote Heap Based Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Mellpon.b / Remote Unauthenticated Information Disclosure, malvuln
• [FD] Aver EVC300 and others, protostsu via Fulldisclosure