Mail Index

• Thread Index

• [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability
  • From: info@xxxxxxxxxxxxxxx
• [FD] SQLi - Faculty Evaluation System
  • From: Andrey Stoykov
• [FD] APPLE-SA-2023-06-21-1 Safari 16.5.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-4 macOS Ventura 13.4.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-5 macOS Monterey 12.6.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-6 macOS Big Sur 11.7.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-7 watchOS 9.5.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-8 watchOS 8.8.1
  • From: Apple Product Security via Fulldisclosure
• [FD] ServiceNow Account Takeover to Full Admin Compromise
  • From: Luke Symons
• [FD] SEC Consult SA-20230627-0 :: Multiple high risk vulnerabilities in ILIAS eLearning platform
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer
  • From: SEC Consult Vulnerability Lab, Research via Fulldisclosure
• Re: [FD] Ransom.Haron / Code Execution
  • From: malvuln
• [FD] Unquoted Path - XAMPP 8.2.4
  • From: Andrey Stoykov
• [FD] APPLE-SA-2023-07-10-1 Safari 16.5.2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1
  • From: Apple Product Security via Fulldisclosure
• Re: [FD] [tool] tc - anonymous and cyphered chat over Tor circuits in PGP
  • From: bo0od via Fulldisclosure
• [FD] Asterisk Release 16.30.1
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 18.18.1
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 19.8.1
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release certified-18.9-cert5
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 20.3.1
  • From: Asterisk Development Team via Fulldisclosure
• Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability
  • From: Jens Timmerman
• [FD] WBCE - Stored XSS
  • From: Andrey Stoykov
• [FD] [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer
  • From: RedTeam Pentesting GmbH
• [FD] CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
  • From: Qualys Security Advisory via Fulldisclosure
• Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability
  • From: Jeffrey Walton
• [FD] Boom CMS v8.0.7 - Cross Site Scripting Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)
  • From: Matthias Deeg via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-1 Safari 16.6
  • From: Deven Kishore via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-1 Safari 16.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-4 macOS Ventura 13.5
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-7 tvOS 16.6
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-8 watchOS 9.6
  • From: Apple Product Security via Fulldisclosure
• [FD] Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload
  • From: Andrey Stoykov