Mail Thread Index

Date Index

[FD] SCHUTZWERK-SA-2024-001: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456), David Brown via Fulldisclosure
[FD] Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1, Gionathan Armando Reale via Fulldisclosure
[FD] CFP No cON Name 2024 - Barcelona, Jose Nicolas Castellano via Fulldisclosure
[FD] Asterisk Security Release 18.24.3, Asterisk Development Team via Fulldisclosure
[FD] Asterisk Security Release 20.9.3, Asterisk Development Team via Fulldisclosure
[FD] Asterisk Security Release 21.4.3, Asterisk Development Team via Fulldisclosure
[FD] Certified Asterisk Security Release certified-18.9-cert12, Asterisk Development Team via Fulldisclosure
[FD] Certified Asterisk Security Release certified-20.7-cert3, Asterisk Development Team via Fulldisclosure
[FD] [SYSS-2024-020]: C-MOR Video Surveillance - Reflected Cross-Site Scripting (CWE-79), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284), Matthias Deeg via Fulldisclosure
[FD] Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage, malvuln
[FD] Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution, malvuln
[FD] Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials, malvuln
[FD] HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage, malvuln
[FD] Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH), malvuln
[FD] [SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395), Matthias Deeg via Fulldisclosure
[FD] [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78), Matthias Deeg via Fulldisclosure
[FD] OXAS-ADV-2024-0005: OX App Suite Security Advisory, Martin Heiland via Fulldisclosure
[FD] KL-001-2024-011: VICIdial Unauthenticated SQL Injection, KoreLogic Disclosures via Fulldisclosure
[FD] KL-001-2024-012: VICIdial Authenticated Remote Code Execution, KoreLogic Disclosures via Fulldisclosure
[FD] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication, RUBEN LOPEZ HERRERA
[FD] CVE-2024-25283 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0, RUBEN LOPEZ HERRERA
[FD] CVE-2024-25284 - RedSys - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0, RUBEN LOPEZ HERRERA
[FD] CVE-2024-25285 - RedSys - 3DSecure 2.0 is vulnerable to form action hijacking, RUBEN LOPEZ HERRERA
[FD] CVE-2024-25286 - RedSys - A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0, RUBEN LOPEZ HERRERA
[FD] APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-2 macOS Sequoia 15, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-3 tvOS 18, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-4 watchOS 11, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-5 visionOS 2, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-6 Safari 18, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-7 Xcode 16, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-9 macOS Sonoma 14.7, Apple Product Security via Fulldisclosure
[FD] APPLE-SA-09-16-2024-10 macOS Ventura 13.7, Apple Product Security via Fulldisclosure
[FD] Stored XSS to Account Takeover - htmlyv2.9.9, Andrey Stoykov
[FD] SEC Consult blog :: Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey (CVE-2024-38014) + msiscan tool release, SEC Consult Vulnerability Lab via Fulldisclosure
[FD] Backdoor.Win32.Delf.yj / Information Disclosure, malvuln
[FD] Backdoor.Win32.CCInvader.10 / Authentication Bypass, malvuln
[Malicious link] [FD] Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution, malvuln
[FD] Stored XSS in "Menu Editor" - htmlyv2.9.9, Andrey Stoykov
[FD] Stored XSS in "Edit Profile" - htmlyv2.9.9, Andrey Stoykov
[FD] Submit Exploit CVE-2024-42831, arfaoui haythem
[FD] CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204, Thomas Weber via Fulldisclosure
[FD] Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass), Patrick via Fulldisclosure
[FD] SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214), SEC Consult Vulnerability Lab via Fulldisclosure
[FD] Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73, Stefan Kanthak
[FD] Backdoor.Win32.Boiling / Remote Command Execution, malvuln
[FD] Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH), malvuln
[FD] Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE), malvuln
[FD] Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH), malvuln
[FD] Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution, malvuln

Mail converted by MHonArc