Mail Index

• Thread Index

• [FD] Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
  • From: Egidio Romano
• [FD] [CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated (Guest+) SQL Injection
  • From: Julien Ahrens (RCE Security)
• [FD] Intel Data Center Manager <= 5.1 Local Privileges Escalation
  • From: Julien Ahrens (RCE Security)
• [FD] Backdoor.Win32.Delf.gj / Information Disclosure
  • From: malvuln
• [FD] Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
  • From: Qualys Security Advisory via Fulldisclosure
• [FD] SEC Consult SA-20221130-0 :: Multiple critical vulnerabilities in Planet Enterprises Ltd - Planet eStream
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] CyberDanube Security Research 20221130-0 | Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN
  • From: Thomas Weber
• [FD] CyberDanube Security Research 20221130-1 | Authenticated Command Injection in Delta Electronics DVW-W02W2-E2
  • From: Thomas Weber
• [FD] Microsoft PlayReady security research
  • From: Security Explorations
• [FD] Vulnerabilities Disclosure - Shoplazza Stored XSS
  • From: Andrey Stoykov
• [FD] SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• Re: [FD] CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh
  • From: Thomas Weber
• [FD] Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption
  • From: malvuln
• [FD] 4images RCE
  • From: Andrey Stoykov
• [FD] [CFP] BSides San Francisco – April 2023
  • From: BSidesSF CFP via Fulldisclosure
• [FD] Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials
  • From: malvuln
• [FD] Ransom.Win64.AtomSilo / Crypto Logic Flaw
  • From: malvuln
• [FD] Adversary3 updated / Malware vulnerability intel tool for third-party attackers
  • From: malvuln
• [FD] APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-3 iOS 16.1.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-4 macOS Ventura 13.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-7 tvOS 16.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-8 watchOS 9.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-9 Safari 16.2
  • From: Apple Product Security via Fulldisclosure
• [FD] SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SugarCRM 0-day Auth Bypass + RCE Exploit
  • From: sw33t.0day via Fulldisclosure