Mail Index

• Thread Index

• [FD] [Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022**
  • From: alcaraz
• [FD] 🐞 CFP for Hardwear.io NL 2022 is OPEN!
  • From: Andrea Simonca
• [FD] typeorm CVE-2022-33171
  • From: lixts via Fulldisclosure
• [FD] BigBlueButton - Stored XSS in username (CVE-2022-31064)
  • From: Rick Verdoes via Fulldisclosure
• [FD] Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials
  • From: malvuln
• [FD] Backdoor.Win32.Coredoor.10.a / Authentication Bypass
  • From: malvuln
• [FD] Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials
  • From: malvuln
• [FD] JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function
  • From: Eldar Marcussen
• [FD] CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
  • From: Aki Tuomi via Fulldisclosure
• [FD] EQS Integrity Line: Multiple Vulnerabilities
  • From: Giovanni Pellerano
• [FD] Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)
  • From: malvuln
• [FD] Ransom Lockbit 3.0 / Code Execution
  • From: malvuln
• [FD] Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password
  • From: malvuln
• [FD] Builder XtremeRAT v3.7 / Insecure Permissions
  • From: malvuln
• [FD] Builder XtremeRAT v3.7 / Insecure Crypto Bypass
  • From: malvuln
• [FD] [CFP] 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges CFTIC 2022 (Virtual)
  • From: Andrew Zayine
• Re: [FD] AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine
  • From: chan chan
• [FD] Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials
  • From: malvuln
• [FD] Open-Xchange Security Advisory 2022-07-21
  • From: Martin Heiland via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-5 tvOS 15.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-6 watchOS 8.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-7 Safari 15.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-07-20-2 macOS Monterey 12.5
  • From: Apple Product Security via Fulldisclosure
• [FD] [CVE-2021-24910] Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2021-24911] Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site Scripting
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2021-24912] Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2022-2461] Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2022-2462] Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2022-25810] Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2022-25811] Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections
  • From: Julien Ahrens (RCE Security)
• [FD] [CVE-2022-25812] Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection
  • From: Julien Ahrens (RCE Security)