Mail Thread Index

• Date Index

• [FD] The Knights of NYNEX presents: Morgawr's feast, Knights of Nynex via Fulldisclosure
• [FD] Backdoor.Win32.Wollf.m / Weak Hardcoded Password, malvuln
• [FD] Backdoor.Win32.Zxman / Unauthenticated Remote Code Execution, malvuln
• [FD] Backdoor.Win32.Small.bu (KGB- RAT server v0.1) / Unauthenticated Remote Command Execution, malvuln
• [FD] SEC Consult SA-20220126-0 :: Denial of service & User Enumeration in WAGO 750-8xxx PLC, SEC Consult Vulnerability Lab, Research
• [FD] SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products, SEC Consult Vulnerability Lab, Research
• [FD] SEC Consult SA-20220202-0 :: Broken access control & Cross-Site Scripting in Shopmetrics Mystery Shopping Software, SEC Consult Vulnerability Lab, Research
• [FD] Trovent Security Advisory 2108-01 / Vivellio: User account enumeration in password reset function, Stefan Pietsch
• [FD] North Korean APT Attacks Security Researchers in Social Media 2022, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] CVE-2021-38130: Business Logic Bypass - Mail Relay (Post-authenticated) for Voltage SecureMail Server <v7.3.0.1, Ting Meng Yean via Fulldisclosure
• [FD] CA20220203-01: Security Notice for CA Harvest Software Change Manager, Ken Williams via Fulldisclosure
• [FD] Code Scanning using many Tools/Scanners - Scanmycode CE (Community Edition) released, Marcin Kozlowski
• [FD] getenv("=A") works (no particular vulnerability), Askar Safin via Fulldisclosure
  • Re: [FD] getenv("=A") works (no particular vulnerability), Andy Bach
  • Re: [FD] getenv("=A") works (no particular vulnerability), bo0od via Fulldisclosure
• [FD] Backdoor.Win32.Small.er / Unauthenticated Remote Command Execution, malvuln
• [FD] [CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022, ESORICS 2022 - publicity chair
• [FD] Nokia BTS Authentication Bypass, Cristiano Maruti
• [FD] APPLE-SA-2022-02-10-1 iOS 15.3.1 and iPadOS 15.3.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-02-10-2 macOS Monterey 12.2.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-02-10-3 Safari 15.3, Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] Facebook DNS misconfiguration, Carlo Di Dato via Fulldisclosure
  • Re: [FD] Facebook DNS misconfiguration, Joey Kelly
• [FD] CFP: The 24th International Conference on Information and Communications Security (ICICS 2022), CFP - ICICS 2022
• [FD] Backdoor.Win32.Frauder.jt / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.XRat.k / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.Wdoor.11 / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.Prexot.a / Authentication Bypass, malvuln
• [FD] Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM), malvuln
• [FD] Backdoor.Win32.Freddy.2001 / Authentication Bypass Command Execution, malvuln
• [FD] Finding secrets in mirrored Git repositories, Nightwatch Cybersecurity Research
• [FD] Zepl Notebook - Remote Code Execution, ghost
• [FD] Zepl Notebook - Sandbox Escape, ghost
• [FD] Algorithmia MSOL - Remote Code Execution, ghost
• [FD] Backdoor.Win32.Zombam.b / Remote Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Zombam.b / Unauthenticated Information Disclosure, malvuln
• [FD] Backdoor.Win32.Zombam.b / Cross Site Scripting (XSS), malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password, malvuln
• [FD] Email-Worm.Win32.Lama / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Prosti.b / Insecure Permissions, malvuln
• [FD] Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder / Insecure Permissions, malvuln
• [FD] SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] Car Portal Template - (Search) Persistent Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Wordpress v5.9 - Reflected Cross Site Scripting Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] MartFury Marketplace - Cross Site Scripting Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Datarobot -- Remote Code Execution, Michael Coers
• [FD] Trojan.Win32.Cosmu.abix / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Agent.baol / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password, malvuln
• [FD] CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies, YEUNG, Tsz Ko
• [FD] Backdoor.Win32.Acropolis.10 / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.FTP.Ics / Authentication Bypass, malvuln
• [FD] Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.FTP.Ics / Port Bounce Scan (MITM), malvuln
• [FD] Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4, YEUNG, Tsz Ko