Mail Index

• Thread Index

• [FD] The Knights of NYNEX presents: Morgawr's feast
  • From: Knights of Nynex via Fulldisclosure
• [FD] Backdoor.Win32.Wollf.m / Weak Hardcoded Password
  • From: malvuln
• [FD] Backdoor.Win32.Zxman / Unauthenticated Remote Code Execution
  • From: malvuln
• [FD] Backdoor.Win32.Small.bu (KGB- RAT server v0.1) / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] SEC Consult SA-20220126-0 :: Denial of service & User Enumeration in WAGO 750-8xxx PLC
  • From: SEC Consult Vulnerability Lab, Research
• [FD] SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products
  • From: SEC Consult Vulnerability Lab, Research
• [FD] SEC Consult SA-20220202-0 :: Broken access control & Cross-Site Scripting in Shopmetrics Mystery Shopping Software
  • From: SEC Consult Vulnerability Lab, Research
• [FD] Trovent Security Advisory 2108-01 / Vivellio: User account enumeration in password reset function
  • From: Stefan Pietsch
• [FD] North Korean APT Attacks Security Researchers in Social Media 2022
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] CVE-2021-38130: Business Logic Bypass - Mail Relay (Post-authenticated) for Voltage SecureMail Server <v7.3.0.1
  • From: Ting Meng Yean via Fulldisclosure
• [FD] CA20220203-01: Security Notice for CA Harvest Software Change Manager
  • From: Ken Williams via Fulldisclosure
• [FD] Code Scanning using many Tools/Scanners - Scanmycode CE (Community Edition) released
  • From: Marcin Kozlowski
• [FD] getenv("=A") works (no particular vulnerability)
  • From: Askar Safin via Fulldisclosure
• Re: [FD] getenv("=A") works (no particular vulnerability)
  • From: Andy Bach
• Re: [FD] getenv("=A") works (no particular vulnerability)
  • From: bo0od via Fulldisclosure
• [FD] Backdoor.Win32.Small.er / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] [CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022
  • From: ESORICS 2022 - publicity chair
• [FD] Nokia BTS Authentication Bypass
  • From: Cristiano Maruti
• [FD] APPLE-SA-2022-02-10-1 iOS 15.3.1 and iPadOS 15.3.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-02-10-2 macOS Monterey 12.2.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-02-10-3 Safari 15.3
  • From: Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] Facebook DNS misconfiguration
  • From: Carlo Di Dato via Fulldisclosure
• [FD] CFP: The 24th International Conference on Information and Communications Security (ICICS 2022)
  • From: CFP - ICICS 2022
• [FD] Backdoor.Win32.Frauder.jt / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.XRat.k / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.Wdoor.11 / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.Prexot.a / Authentication Bypass
  • From: malvuln
• [FD] Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM)
  • From: malvuln
• [FD] Backdoor.Win32.Freddy.2001 / Authentication Bypass Command Execution
  • From: malvuln
• [FD] Finding secrets in mirrored Git repositories
  • From: Nightwatch Cybersecurity Research
• Re: [FD] Facebook DNS misconfiguration
  • From: Joey Kelly
• [FD] Zepl Notebook - Remote Code Execution
  • From: ghost
• [FD] Zepl Notebook - Sandbox Escape
  • From: ghost
• [FD] Algorithmia MSOL - Remote Code Execution
  • From: ghost
• [FD] Backdoor.Win32.Zombam.b / Remote Stack Buffer Overflow
  • From: malvuln
• [FD] Backdoor.Win32.Zombam.b / Unauthenticated Information Disclosure
  • From: malvuln
• [FD] Backdoor.Win32.Zombam.b / Cross Site Scripting (XSS)
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password
  • From: malvuln
• [FD] Email-Worm.Win32.Lama / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Prosti.b / Insecure Permissions
  • From: malvuln
• [FD] Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder / Insecure Permissions
  • From: malvuln
• [FD] SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] Car Portal Template - (Search) Persistent Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Wordpress v5.9 - Reflected Cross Site Scripting Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] MartFury Marketplace - Cross Site Scripting Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Datarobot -- Remote Code Execution
  • From: Michael Coers
• [FD] Trojan.Win32.Cosmu.abix / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Agent.baol / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password
  • From: malvuln
• [FD] CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies
  • From: YEUNG, Tsz Ko
• [FD] Backdoor.Win32.Acropolis.10 / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.FTP.Ics / Authentication Bypass
  • From: malvuln
• [FD] Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.FTP.Ics / Port Bounce Scan (MITM)
  • From: malvuln
• [FD] Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
  • From: YEUNG, Tsz Ko