Full Disclosure: by date

81 messages starting May 04 21 and ending May 28 21
Date index | Thread index | Author index

Tuesday, 04 May

Re: Two vulnerabilities found in MikroTik's RouterOS Q C
Re: Two vulnerabilities found in MikroTik's RouterOS Q C
Re: Two vulnerabilities found in MikroTik's RouterOS Q C
KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device Kaustubh Padwad via Fulldisclosure
KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender Kaustubh Padwad via Fulldisclosure
KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender Kaustubh Padwad via Fulldisclosure
APPLE-SA-2021-05-03-2 iOS 12.5.3 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-03-3 watchOS 7.4.1 Apple Product Security via Fulldisclosure

Friday, 07 May

Re: Three vulnerabilities found in MikroTik's RouterOS Q C
Re: Three vulnerabilities found in MikroTik's RouterOS Q C
Re: Two vulnerabilities found in MikroTik's RouterOS Q C
Re: Four vulnerabilities found in MikroTik's RouterOS Q C
Four vulnerabilities found in MikroTik's RouterOS Q C
Trojan.Win32.Agent.xdtv / Insecure Permissions malvuln
Trojan.Win32.Siscos.bqe / Insecure Permissions malvuln
Backdoor.Win32.Floder.gqe / Insecure Permissions malvuln
Packed.Win32.Black.d / Unauthenticated Open Proxy malvuln
Backdoor.Win32.NinjaSpy.c / Remote Command Execution malvuln

Monday, 10 May

SEC Consult SA-20210511-0 :: Cross-site Scripting Vulnerabilities in REWE GO SEC Consult Vulnerability Lab

Tuesday, 11 May

Re: Three vulnerabilities found in MikroTik's RouterOS Gynvael Coldwind
Re: Three vulnerabilities found in MikroTik's RouterOS Q C
Four vulnerabilities found in MikroTik's RouterOS Q C
Re: Three vulnerabilities found in MikroTik's RouterOS Gynvael Coldwind
Backdoor.Win32.MotivFTP.12 / Authentication Bypass RCE malvuln
Backdoor.Win32.Antilam.13.a / Unauthenticated Remote Command Execution malvuln
CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. Marcel Keiffenheim
Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Stefan Pietsch
Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Stefan Pietsch

Thursday, 13 May

[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21
Backdoor.Win32.Delf.zho / Authentication Bypass RCE malvuln

Tuesday, 18 May

[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21
(u)rxvt terminal (+bash) remoteish code execution 0day def
NiceHash Miner Excavator API Cross-Site Request Forgery Harry Sintonen via Fulldisclosure
Backdoor.Win32.Delf.abb / Insecure Transit malvuln
Backdoor.Win32.Agent.cy / Weak Hardcoded Credentials malvuln
Backdoor.Win32.Agent.cy / Insecure Transit malvuln
Backdoor.Win32.Agent.cy / Denial of Service malvuln
Backdoor.Win32.Agent.lyw / Remote Stack Buffer Overflow (UDP) malvuln
Backdoor.Win32.Danton.43 / Weak Hardcoded Credentials RCE malvuln
Backdoor.Win32.Danton.43 / MITM Port Bounce Scan malvuln
Backdoor.Win32.Agent.oda / Remote Stack Buffer Overflow (UDP) malvuln
Backdoor.Win32.Antilam.14.d / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.DarkMoon.a / Weak Hardcoded Password malvuln
Backdoor.Win32.DarkMoon.a / Insecure Transit malvuln
Backdoor.Win32.Delf.aez / Unauthenticated Remote Command Execution malvuln
Defense in depth -- the Microsoft way (part 77): access without access permission Stefan Kanthak
Backdoor.Win32.Psychward.c / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.Psychward.ds / Weak Hardcoded Password malvuln
Backdoor.Win32.RMFdoor.c / Authentication Bypass RCE malvuln

Thursday, 20 May

Re: (u)rxvt terminal (+bash) remoteish code execution 0day def
CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology Roman Fiedler

Tuesday, 25 May

[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21
Cross-Site Scripting Vulnerability in Zen Cart 1.5.7 Daniel Bishtawi via Fulldisclosure
Vol. 2 (2021) No. 1 of Journal of Cyber Forensics and Advanced Threat Investigations - Now Published Andrew Zayine
Backdoor.Win32.Singu.a / Remote Stack Buffer Overflow (UDP Datagram) malvuln
Backdoor.Win32.SkyDance.216 / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.Spirit.12.b / Insecure Permissions malvuln
Backdoor.Win32.Upload.a / Remote Denial of Service malvuln
Backdoor.Win32.Spion4 / Insecure Transit malvuln
Backdoor.Win32.Tonerok.d / Unauthenticated Remote Command Execution malvuln

Wednesday, 26 May

X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability X41 D-Sec GmbH Advisories
Unicorn Emulator 1.0.3 is out! Nguyen Anh Quynh
APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-8 Boot Camp 6.1.14 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-5 Safari 14.1.1 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-7 tvOS 14.6 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 Apple Product Security via Fulldisclosure
APPLE-SA-2021-05-25-6 watchOS 7.5 Apple Product Security via Fulldisclosure
KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints KoreLogic Disclosures via Fulldisclosure
KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed KoreLogic Disclosures via Fulldisclosure
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords KoreLogic Disclosures via Fulldisclosure
KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password KoreLogic Disclosures via Fulldisclosure
KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal KoreLogic Disclosures via Fulldisclosure
KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write KoreLogic Disclosures via Fulldisclosure
KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account KoreLogic Disclosures via Fulldisclosure

Thursday, 27 May

QNAP MusicStation/MalwareRemover Pre-Auth Root Remote Code Execution polict of Shielder via Fulldisclosure

Friday, 28 May

[KIS-2021-04] IPS Community Suite <= 4.5.4.2 (previewBlock) PHP Code Injection Vulnerability research

Previous period

Next period