Mail Index

• Thread Index

• [FD] Blind SQL Injection - dolphinv7.4.2.
  • From: Andrey Stoykov
• [FD] CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber
  • From: masquerad3r
• [FD] CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series
  • From: Thomas Weber via Fulldisclosure
• [FD] KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-008: Journyx Authenticated Remote Code Execution
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-009: Journyx Reflected Cross Site Scripting
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-18.9-cert11
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 18.24.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.9.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.4.2
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)
  • From: Security Explorations
• Re: [FD] Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)
  • From: Security Explorations
• [FD] CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
  • From: Aki Tuomi via Fulldisclosure
• [FD] Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message
  • From: Aki Tuomi via Fulldisclosure
• [FD] Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893
  • From: Moritz Abrell via Fulldisclosure
• [FD] Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892
  • From: Moritz Abrell via Fulldisclosure
• [FD] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896
  • From: Moritz Abrell via Fulldisclosure
• [FD] Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895
  • From: Moritz Abrell via Fulldisclosure
• [FD] Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894
  • From: Moritz Abrell via Fulldisclosure
• [FD] Improper Authentication (CWE-287) CVE-2024-33897
  • From: Moritz Abrell via Fulldisclosure
• [FD] Authenticated Code Injection - smfv2.1.4
  • From: Andrey Stoykov
• [FD] ` Piano `
  • From: Teri Olson
• Re: [FD] Improper Authentication (CWE-287) CVE-2024-33897
  • From: Jeffrey Walton
• [FD] [SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-039] DiCal-RED - Path Traversal
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-040] DiCal-RED - Improper Authentication
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components
  • From: Sebastian Hamann via Fulldisclosure
• [FD] [SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor
  • From: Sebastian Hamann via Fulldisclosure
• [FD] OXAS-ADV-2024-0004: OX App Suite Security Advisory
  • From: Martin Heiland via Fulldisclosure
• [FD] OXAS-ADV-2024-0003: OX App Suite Security Advisory
  • From: Martin Heiland via Fulldisclosure
• [FD] SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
  • From: David Brown via Fulldisclosure
• Re: [FD] [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
  • From: Jeffrey Walton
• Re: [FD] [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
  • From: J. Hellenthal via Fulldisclosure