Mail Thread Index

• Date Index

• [FD] [tool] ModSecurity backdoor, Jozef Sudolsky
• [FD] Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877, Numan TÜRLE
• [FD] [KIS-2023-01] Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery Vulnerabilities, Egidio Romano
• [FD] [KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability, Egidio Romano
• [FD] [KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability, Egidio Romano
• [FD] Citrix Linux client logs session credentials, Russell Howe
• [FD] wolfSSL before 5.5.0: Denial-of-service with session resumption, Maximilian Ammann via Fulldisclosure
  • <Possible follow-ups>
  • [FD] wolfSSL before 5.5.0: Denial-of-service with session resumption, Maximilian Ammann via Fulldisclosure
• [FD] wolfSSL 5.3.0: Denial-of-service, Maximilian Ammann via Fulldisclosure
• [FD] wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS, Maximilian Ammann via Fulldisclosure
• [FD] HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm, Marco Ivaldi
  • Re: [FD] HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm, Marco Ivaldi
• [FD] SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM), SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-3 iOS 12.5.7, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-4 macOS Ventura 13.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-7 watchOS 9.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-01-23-8 Safari 16.3, Apple Product Security via Fulldisclosure
• [FD] t2'23: Call For Papers 2023 (Helsinki, Finland), Tomi Tuominen via Fulldisclosure
• [FD] [RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin, RedTeam Pentesting GmbH
• [FD] [SYSS-2022-047] Razer Synapse - Local Privilege Escalation, Oliver Schwarz via Fulldisclosure
• [FD] APPLE-SA-2023-01-24-1 tvOS 16.3, Apple Product Security via Fulldisclosure
• [FD] Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL, Stefan Pietsch