Mail Thread Index
- [FD] Microsoft PlayReady deficiencies / content key sniffing on Windows,
Security Explorations
- [FD] SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API,
Lennert Preuth via Fulldisclosure
- [FD] SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning,
Lennert Preuth via Fulldisclosure
- [FD] SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning,
Lennert Preuth via Fulldisclosure
- [FD] CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter,
Valentin Lobstein via Fulldisclosure
- [FD] CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php,
Valentin Lobstein via Fulldisclosure
- [FD] Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE,
malvuln
- [FD] [CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024,
Andrew Zayine
- [FD] CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0,
Clément Cruchet
- [FD] Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC),
malvuln
- [FD] OXAS-ADV-2024-0001: OX App Suite Security Advisory,
Martin Heiland via Fulldisclosure
- [FD] Multiple Issues in concretecmsv9.2.7,
Andrey Stoykov
- [FD] [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability,
Egidio Romano
- [FD] [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability,
Egidio Romano
- [FD] SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue,
SEC Consult Vulnerability Lab via Fulldisclosure
- [FD] CVE-2024-31705,
V3locidad
- [FD] MindManager 23 - full disclosure,
Pawel Karwowski via Fulldisclosure
- [FD] SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app,
SEC Consult Vulnerability Lab via Fulldisclosure
- [FD] BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH),
malvuln
- [FD] Response to CVE-2023-26756 - Revive Adserver,
Matteo Beccati
- [FD] Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers,
Stefan Kanthak
Mail converted by MHonArc