Mail Thread Index

• Date Index

• [FD] ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Stored XSS - Perch, Andrey Stoykov
• [FD] Pentest Paper - Introduction to Web Pentest, Andrey Stoykov
• [FD] Unauthorized MFA Code Delivery in EmpowerID, Patel, Nirav
• [FD] CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated), Rick Verdoes via Fulldisclosure
• [FD] Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba, Stefan Pietsch
• [FD] Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter), Mahmoud Noureldin
• [FD] RansomLord v1 / Anti-Ransomware Exploit Tool, malvuln
• [FD] OXAS-ADV-2023-0003: OX App Suite Security Advisory, Martin Heiland via Fulldisclosure
• [FD] [SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301), Matthias Deeg via Fulldisclosure
• [FD] Kolibri GET request buffer Overflow [Stack Egghunter], Mahmoud Noureldin
• [FD] GNOME Files silently extracts setuid files from ZIP archives, Georgi Guninski
• [FD] St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client, Weber Thomas via Fulldisclosure
• [FD] St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series, Weber Thomas via Fulldisclosure
• [FD] Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack, Paul Szabo via Fulldisclosure
• [FD] Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957, Moritz Abrell via Fulldisclosure
• [FD] Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956, Moritz Abrell via Fulldisclosure
• [FD] Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955, Moritz Abrell via Fulldisclosure
• [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result, Georgi Guninski
  • Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result, Adrean Boyadzhiev
  • Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result, Matthew Fernandez
  • Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result, Michael Lazin
  • Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result, Jeffrey Walton
• [FD] KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump, KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit, KoreLogic Disclosures via Fulldisclosure
• [FD] [KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability, Egidio Romano
• [FD] [KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability, Egidio Romano
• [FD] [KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability, Egidio Romano
• [FD] [KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities, Egidio Romano
• [FD] [KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities, Egidio Romano
• [FD] Mozilla Firefox only stores up to 1024 HSTS entries, Konstantin
• [FD] [CVE-2023-4491, CVE-2023-4492, CVE-2023-4493, CVE-2023-4494, CVE-2023-4495, CVE-2023-4496, CVE-2023-4497] Multiple vulnerabilities in EFS Software products, Rafael Pedrero