Mail Thread Index
- [FD] Blind SQL Injection - dolphinv7.4.2.,
Andrey Stoykov
- [FD] CVE-2024-40101 exploit: Reflected Cross-Site Scripting (XSS) on Microweber,
masquerad3r
- [FD] CyberDanube Security Research 20240805-0 | Multiple Vulnerabilities in JetPort Series,
Thomas Weber via Fulldisclosure
- [FD] KL-001-2024-005: Open WebUI Stored Cross-Site Scripting,
KoreLogic Disclosures via Fulldisclosure
- [FD] KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal,
KoreLogic Disclosures via Fulldisclosure
- [FD] KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce,
KoreLogic Disclosures via Fulldisclosure
- [FD] KL-001-2024-008: Journyx Authenticated Remote Code Execution,
KoreLogic Disclosures via Fulldisclosure
- [FD] KL-001-2024-009: Journyx Reflected Cross Site Scripting,
KoreLogic Disclosures via Fulldisclosure
- [FD] KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection,
KoreLogic Disclosures via Fulldisclosure
- [FD] Certified Asterisk Security Release certified-18.9-cert11,
Asterisk Development Team via Fulldisclosure
- [FD] Certified Asterisk Security Release certified-20.7-cert2,
Asterisk Development Team via Fulldisclosure
- [FD] Asterisk Security Release 18.24.2,
Asterisk Development Team via Fulldisclosure
- [FD] Asterisk Security Release 20.9.2,
Asterisk Development Team via Fulldisclosure
- [FD] Asterisk Security Release 21.4.2,
Asterisk Development Team via Fulldisclosure
- [FD] Backdoor.Win32.Nightmare.25 / Unauthenticated Remote Command Execution,
malvuln
- [FD] Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5),
Security Explorations
- [FD] CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive,
Aki Tuomi via Fulldisclosure
- [FD] Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message,
Aki Tuomi via Fulldisclosure
- [FD] Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893,
Moritz Abrell via Fulldisclosure
- [FD] Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892,
Moritz Abrell via Fulldisclosure
- [FD] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2024-33896,
Moritz Abrell via Fulldisclosure
- [FD] Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895,
Moritz Abrell via Fulldisclosure
- [FD] Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894,
Moritz Abrell via Fulldisclosure
- [FD] Improper Authentication (CWE-287) CVE-2024-33897,
Moritz Abrell via Fulldisclosure
- [FD] Authenticated Code Injection - smfv2.1.4,
Andrey Stoykov
- [FD] ` Piano `,
Teri Olson
- [FD] [SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-039] DiCal-RED - Path Traversal,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-040] DiCal-RED - Improper Authentication,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components,
Sebastian Hamann via Fulldisclosure
- [FD] [SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor,
Sebastian Hamann via Fulldisclosure
- [FD] OXAS-ADV-2024-0004: OX App Suite Security Advisory,
Martin Heiland via Fulldisclosure
- [FD] OXAS-ADV-2024-0003: OX App Suite Security Advisory,
Martin Heiland via Fulldisclosure
- [FD] SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP,
David Brown via Fulldisclosure
Mail converted by MHonArc