Mail Index

• Thread Index

• [FD] Microsoft PlayReady deficiencies / content key sniffing on Windows
  • From: Security Explorations
• [FD] SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API
  • From: Lennert Preuth via Fulldisclosure
• [FD] SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning
  • From: Lennert Preuth via Fulldisclosure
• [FD] SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning
  • From: Lennert Preuth via Fulldisclosure
• [FD] CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter
  • From: Valentin Lobstein via Fulldisclosure
• [FD] CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php
  • From: Valentin Lobstein via Fulldisclosure
• [FD] Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE
  • From: malvuln
• [FD] [CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024
  • From: Andrew Zayine
• [FD] CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0
  • From: Clément Cruchet
• [FD] Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)
  • From: malvuln
• [FD] OXAS-ADV-2024-0001: OX App Suite Security Advisory
  • From: Martin Heiland via Fulldisclosure
• [FD] Multiple Issues in concretecmsv9.2.7
  • From: Andrey Stoykov
• [FD] [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
  • From: Egidio Romano
• [FD] [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
  • From: Egidio Romano
• [FD] SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] CVE-2024-31705
  • From: V3locidad
• [FD] MindManager 23 - full disclosure
  • From: Pawel Karwowski via Fulldisclosure
• [FD] SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
  • From: malvuln
• [FD] Response to CVE-2023-26756 - Revive Adserver
  • From: Matteo Beccati
• [FD] Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers
  • From: Stefan Kanthak