Mail Index

• Thread Index

• [FD] ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Stored XSS - Perch
  • From: Andrey Stoykov
• [FD] Pentest Paper - Introduction to Web Pentest
  • From: Andrey Stoykov
• [FD] Unauthorized MFA Code Delivery in EmpowerID
  • From: Patel, Nirav
• [FD] CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)
  • From: Rick Verdoes via Fulldisclosure
• [FD] Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba
  • From: Stefan Pietsch
• [FD] Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)
  • From: Mahmoud Noureldin
• [FD] RansomLord v1 / Anti-Ransomware Exploit Tool
  • From: malvuln
• [FD] OXAS-ADV-2023-0003: OX App Suite Security Advisory
  • From: Martin Heiland via Fulldisclosure
• [FD] [SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301)
  • From: Matthias Deeg via Fulldisclosure
• [FD] Kolibri GET request buffer Overflow [Stack Egghunter]
  • From: Mahmoud Noureldin
• [FD] GNOME Files silently extracts setuid files from ZIP archives
  • From: Georgi Guninski
• [FD] St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client
  • From: Weber Thomas via Fulldisclosure
• [FD] St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series
  • From: Weber Thomas via Fulldisclosure
• [FD] Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack
  • From: Paul Szabo via Fulldisclosure
• [FD] Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957
  • From: Moritz Abrell via Fulldisclosure
• [FD] Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956
  • From: Moritz Abrell via Fulldisclosure
• [FD] Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955
  • From: Moritz Abrell via Fulldisclosure
• [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result
  • From: Georgi Guninski
• [FD] KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
  • From: KoreLogic Disclosures via Fulldisclosure
• Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result
  • From: Adrean Boyadzhiev
• Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result
  • From: Matthew Fernandez
• Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result
  • From: Michael Lazin
• Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result
  • From: Jeffrey Walton
• [FD] [KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities
  • From: Egidio Romano
• [FD] Mozilla Firefox only stores up to 1024 HSTS entries
  • From: Konstantin
• [FD] [CVE-2023-4491, CVE-2023-4492, CVE-2023-4493, CVE-2023-4494, CVE-2023-4495, CVE-2023-4496, CVE-2023-4497] Multiple vulnerabilities in EFS Software products
  • From: Rafael Pedrero