Mail Thread Index

• Date Index

• [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability, info@xxxxxxxxxxxxxxx
  • Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability, Jens Timmerman
    • Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability, Jeffrey Walton
• [FD] SQLi - Faculty Evaluation System, Andrey Stoykov
• [FD] APPLE-SA-2023-06-21-1 Safari 16.5.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-4 macOS Ventura 13.4.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-5 macOS Monterey 12.6.7, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-6 macOS Big Sur 11.7.8, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-7 watchOS 9.5.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-06-21-8 watchOS 8.8.1, Apple Product Security via Fulldisclosure
• [FD] ServiceNow Account Takeover to Full Admin Compromise, Luke Symons
• [FD] SEC Consult SA-20230627-0 :: Multiple high risk vulnerabilities in ILIAS eLearning platform, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• [FD] SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer, SEC Consult Vulnerability Lab, Research via Fulldisclosure
• Re: [FD] Ransom.Haron / Code Execution, malvuln
• [FD] Unquoted Path - XAMPP 8.2.4, Andrey Stoykov
• [FD] APPLE-SA-2023-07-10-1 Safari 16.5.2, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-10-2 Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-10-3 Rapid Security Responses for macOS Ventura 13.4.1, Apple Product Security via Fulldisclosure
• Re: [FD] [tool] tc - anonymous and cyphered chat over Tor circuits in PGP, bo0od via Fulldisclosure
• [FD] Asterisk Release 16.30.1, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 18.18.1, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 19.8.1, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release certified-18.9-cert5, Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Release 20.3.1, Asterisk Development Team via Fulldisclosure
• [FD] WBCE - Stored XSS, Andrey Stoykov
• [FD] [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer, RedTeam Pentesting GmbH
• [FD] CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent, Qualys Security Advisory via Fulldisclosure
• [FD] Boom CMS v8.0.7 - Cross Site Scripting Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335), Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334), Matthias Deeg via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-1 Safari 16.6, Deven Kishore via Fulldisclosure
  • <Possible follow-ups>
  • [FD] APPLE-SA-2023-07-24-1 Safari 16.6, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-4 macOS Ventura 13.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-7 tvOS 16.6, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2023-07-24-8 watchOS 9.6, Apple Product Security via Fulldisclosure
• [FD] Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload, Andrey Stoykov