Full Disclosure: by date

PreviousPrevious period
Next periodNext

93 messages starting Feb 01 21 and ending Feb 26 21
Date index | Thread index | Author index

Monday, 01 February

X41 D-Sec GmbH Security Advisory X41-2021-001: Multiple Vulnerabilities in YARA X41 D-Sec GmbH Advisories
Cross-Site Scripting Vulnerability in Chamilo LMS 1.11.14 Daniel Bishtawi via Fulldisclosure
Backdoor.Win32.DarkKomet.apbb / Insecure Permissions malvuln
Backdoor.Win32.Wollf.14 / Missing Authentication malvuln
Constructor.Win32.SpyNet.a / Remote Password Leak malvuln
Backdoor.Win32.Zetronic / Remote DoS malvuln
Backdoor.Win32.Zhangpo / Remote DoS malvuln
Backdoor.Win32.Mhtserv.b / Missing Authentication malvuln
Backdoor.Win32.MiniBlackLash / Remote DoS malvuln
Packed.Win32.Katusha.o (Ransomeware) / Insecure Permissions EoP malvuln
Backdoor.Win32.Anaptix.bd / Insecure Permissions malvuln
Backdoor.Win32.Buterat.cxq / Insecure Permissions EoP malvuln
Backdoor.Win32.Celine / Missing Authentication malvuln
Oracle DB: various issues related to malicious database gateways Harrison Neal
APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4 Apple Product Security via Fulldisclosure
APPLE-SA-2021-02-01-3 Additional information for APPLE-SA-2021-01-26-2 tvOS 14.4 Apple Product Security via Fulldisclosure
APPLE-SA-2021-02-01-4 Additional information for APPLE-SA-2021-01-26-3 watchOS 7.3 Apple Product Security via Fulldisclosure
Backdoor.Win32.Xyligan.blp / Insecure Permissions EoP malvuln

Thursday, 04 February

null pointer deference in mfmp4srcsnk.dll in latest windows 10 houjingyi
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow malvuln
Backdoor.Win32.RemoteManipulator.brr / Insecure Permissions EoP malvuln
Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward Red Timmy Security

Sunday, 07 February

KSA-Dev-008: Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspot Controller Kaustubh via Fulldisclosure
KSA_DEV-009 :- Authenticated Code Execution In Unibox 2.4 Kaustubh via Fulldisclosure
Trojan.Win32.Gentee.b / Insecure Permissions EoP malvuln
Trojan.Win32.Gentee.h / Insecure Permissions EoP malvuln
Trojan-Spy.Win32.SpyEyes.auqj / Insecure Permissions EoP malvuln
Trojan-Spy.Win32.SpyEyes.auwl / Insecure Permissions EoP malvuln
Trojan.Win32.Comei.pgo / Insecure Permissions EoP malvuln
Trojan.Win32.Cospet.abg / Insecure Permissions EoP malvuln
Email-Worm.Win32.Sircam.eb / Insecure Permissions EoP malvuln
Trojan.Win32.Delf.uq / Insecure Permissions EoP malvuln
Trojan-Spy.Win32.SpyEyes.awow / Insecure Permissions EoP malvuln
Trojan-Spy.Win32.WebCenter.a / Information Disclosure malvuln

Wednesday, 10 February

SEC Consult SA-20210210-0 :: Reflected Cross-Site Scripting in Adobe Magento Commerce SEC Consult Vulnerability Lab

Thursday, 11 February

Path traversal in SolarWinds Serv-U File Server <=15.2.1 Jack Misiura via Fulldisclosure
Stored XSS in SolarWinds Serv-U File Server <=15.2.1 Jack Misiura via Fulldisclosure
Trojan-Spy.Win32.WinSpy.vwl / Insecure Permissions EoP malvuln
Backdoor.Win32.Wollf.15 / Missing Authentication malvuln
Trojan.Win32.Cafelom.bu / Heap Corruption malvuln
Backdoor.Win32.NetTerrorist / Unauthorized Remote Command Execution malvuln
Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write Code Execution malvuln
Backdoor.Win32.BackAttack.18 / Multiple Vulnerabilities malvuln
APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 Apple Product Security via Fulldisclosure

Tuesday, 16 February

Recon-Informer v1.3 - Intel for offensive systems anti-reconnaissance (nmap) tool hyp3rlinx
Backdoor.Win32.Backlash.101 / Missing Authentication malvuln
Backdoor.Win32.Cafeini.08.b / Missing Authentication malvuln
Trojan-Spy.Win32.WinSpy.wlt / Insecure Permissions malvuln
Backdoor.Win32.Cabrotor.21 / Insecure Permissions malvuln
Backdoor.Win32.Azbreg.aant / Insecure Permissions malvuln
Backdoor.Win32.Bifrose.ahvb / Insecure Permissions malvuln
Backdoor.Win32.Indexer.a / Hardcoded Weak Credentials malvuln
Backdoor.Win32.Indexer.a / Remote Denial Of Service malvuln
Backdoor.Win32.Burbul.b / Anonymous Logon malvuln

Wednesday, 17 February

SEC Consult SA-20210217-0 :: Multiple Vulnerabilities in Multiple Vulnerabilities SEC Consult Vulnerability Lab

Thursday, 18 February

AST-2021-001: Remote crash in res_pjsip_diversion Asterisk Security Team
AST-2021-002: Remote crash possible when negotiating T.38 Asterisk Security Team
AST-2021-003: Remote attacker could prematurely tear down SRTP calls Asterisk Security Team
AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests Asterisk Security Team
AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver Asterisk Security Team
Rigged Race Against Firejail for Local Root: Using pipes/ptys to win races Roman Fiedler
Backdoor.Win32.Agent.aak / Weak Hardcoded Credentials malvuln
Backdoor.Win32.Agent.aak / Cross Site Request Forgery (CSRF) - Code Execution malvuln
Backdoor.Win32.Agent.aak / Remote Buffer Overflow malvuln

Friday, 19 February

[CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces Certitude - Advisories
Multiple remote memory corruptions in Telegram's handling of animated stickers polict of Shielder
Backdoor.Win32.DarkKomet.bhfh / Insecure Permissions malvuln
Backdoor.Win32.DarkKomet.apcc / Insecure Permissions malvuln
Backdoor.Win32.Bionet.10 / Anonymous Logon malvuln
[KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability research

Tuesday, 23 February

CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189) David Coomber
IBM(R) Db2(R) Windows client DLL Hijacking Vulnerability(0day) houjingyi
Backdoor.Win32.Inject.tyq / Insecure Permissions malvuln
Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH) malvuln
Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service malvuln
Trojan.Win32.Pincav.cmfl / Insecure Permissions malvuln
Trojan.Win32.Pluder.o / Insecure Permissions malvuln
Backdoor.Win32.DarkKomet.irv / Insecure Permissions malvuln

Friday, 26 February

Double-Free found on Squid 4.14 and 5.0.5 Andrés Roldán via Fulldisclosure
VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability Ryan Wincey
Online Tool for Discussion of Vulnerabilities Yavuz
Backdoor.Win32.Agent.xs / Insecure Permissions malvuln
Backdoor.Win32.Agent.xw / Remote Null Ptr Dereference - Denial of Service malvuln
Backdoor.Win32.Delf.adag / Weak Hardcoded Credentials malvuln
Backdoor.Win32.Wollf.h / Missing Authentication malvuln
Trojan.Win32.Gofot.htx / Local File Buffer Overflow malvuln
Trojan-Dropper.Win32.Daws.etlm / Remote Unauthenticated System Reboot malvuln
Trojan-Spy.Win32.SpyEyes.elr / Insecure Permissions malvuln
Backdoor.Win32.Azbreg.amw / Insecure Permissions malvuln
Trojan.Win32.Hotkeychick.am / Insecure Permissions malvuln
Trojan-Proxy.Win32.Delf.ai / Remote SEH Buffer Overflow malvuln
PreviousPrevious period
Next periodNext