Mail Thread Index

• Date Index

• [FD] Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability, Egidio Romano
• [FD] [CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated (Guest+) SQL Injection, Julien Ahrens (RCE Security)
• [FD] Intel Data Center Manager <= 5.1 Local Privileges Escalation, Julien Ahrens (RCE Security)
• [FD] Backdoor.Win32.Delf.gj / Information Disclosure, malvuln
• [FD] Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328), Qualys Security Advisory via Fulldisclosure
• [FD] SEC Consult SA-20221130-0 :: Multiple critical vulnerabilities in Planet Enterprises Ltd - Planet eStream, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels), SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] CyberDanube Security Research 20221130-0 | Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN, Thomas Weber
• [FD] CyberDanube Security Research 20221130-1 | Authenticated Command Injection in Delta Electronics DVW-W02W2-E2, Thomas Weber
• [FD] Microsoft PlayReady security research, Security Explorations
• [FD] Vulnerabilities Disclosure - Shoplazza Stored XSS, Andrey Stoykov
• [FD] SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol), SEC Consult Vulnerability Lab, Research via Fulldisclosure
• Re: [FD] CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh, Thomas Weber
• [FD] Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption, malvuln
• [FD] 4images RCE, Andrey Stoykov
• [FD] [CFP] BSides San Francisco – April 2023, BSidesSF CFP via Fulldisclosure
• [FD] Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials, malvuln
• [FD] Ransom.Win64.AtomSilo / Crypto Logic Flaw, malvuln
• [FD] Adversary3 updated / Malware vulnerability intel tool for third-party attackers, malvuln
• [FD] APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-3 iOS 16.1.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-4 macOS Ventura 13.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-7 tvOS 16.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-8 watchOS 9.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2022-12-13-9 Safari 16.2, Apple Product Security via Fulldisclosure
• [FD] SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT), SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SugarCRM 0-day Auth Bypass + RCE Exploit, sw33t.0day via Fulldisclosure