Mail Index

• Thread Index

• [FD] SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
  • From: David Brown via Fulldisclosure
• [FD] Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1
  • From: Gionathan Armando Reale via Fulldisclosure
• [FD] CFP No cON Name 2024 - Barcelona
  • From: Jose Nicolas Castellano via Fulldisclosure
• [FD] Asterisk Security Release 18.24.3
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 20.9.3
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Asterisk Security Release 21.4.3
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-18.9-cert12
  • From: Asterisk Development Team via Fulldisclosure
• [FD] Certified Asterisk Security Release certified-20.7-cert3
  • From: Asterisk Development Team via Fulldisclosure
• [FD] [SYSS-2024-020]: C-MOR Video Surveillance - Reflected Cross-Site Scripting (CWE-79)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284)
  • From: Matthias Deeg via Fulldisclosure
• [FD] Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage
  • From: malvuln
• [FD] Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials
  • From: malvuln
• [FD] HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage
  • From: malvuln
• [FD] Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH)
  • From: malvuln
• [FD] [SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395)
  • From: Matthias Deeg via Fulldisclosure
• [FD] [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78)
  • From: Matthias Deeg via Fulldisclosure
• [FD] OXAS-ADV-2024-0005: OX App Suite Security Advisory
  • From: Martin Heiland via Fulldisclosure
• [FD] KL-001-2024-011: VICIdial Unauthenticated SQL Injection
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] KL-001-2024-012: VICIdial Authenticated Remote Code Execution
  • From: KoreLogic Disclosures via Fulldisclosure
• [FD] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication
  • From: RUBEN LOPEZ HERRERA
• [FD] CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0
  • From: RUBEN LOPEZ HERRERA
• [FD] CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0
  • From: RUBEN LOPEZ HERRERA
• [FD] CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking
  • From: RUBEN LOPEZ HERRERA
• [FD] CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0
  • From: RUBEN LOPEZ HERRERA
• [FD] APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-2 macOS Sequoia 15
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-3 tvOS 18
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-4 watchOS 11
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-5 visionOS 2
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-6 Safari 18
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-7 Xcode 16
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-9 macOS Sonoma 14.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-09-16-2024-10 macOS Ventura 13.7
  • From: Apple Product Security via Fulldisclosure
• [FD] Stored XSS to Account Takeover - htmlyv2.9.9
  • From: Andrey Stoykov
• [FD] SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Backdoor.Win32.Delf.yj / Information Disclosure
  • From: malvuln
• [FD] Backdoor.Win32.CCInvader.10 / Authentication Bypass
  • From: malvuln
• [Malicious link] [FD] Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Stored XSS in "Menu Editor" - htmlyv2.9.9
  • From: Andrey Stoykov
• [FD] Stored XSS in "Edit Profile" - htmlyv2.9.9
  • From: Andrey Stoykov
• [FD] Submit Exploit CVE-2024-42831
  • From: arfaoui haythem
• [FD] CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
  • From: Thomas Weber via Fulldisclosure
• [FD] Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)
  • From: Patrick via Fulldisclosure
• [FD] SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73
  • From: Stefan Kanthak
• [FD] Backdoor.Win32.Boiling / Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
  • From: malvuln
• [FD] Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
  • From: malvuln
• [FD] Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution
  • From: malvuln