Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

79 messages starting Oct 27 21 and ending Oct 19 21
Date index | Thread index | Author index

Apple Product Security via Fulldisclosure

APPLE-SA-2021-10-26-7 tvOS 15.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-6 watchOS 8.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-5 Security Update 2021-007 Catalina Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1 Apple Product Security via Fulldisclosure (Oct 27)
APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2 Apple Product Security via Fulldisclosure (Oct 19)

bashis

[Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045) bashis (Oct 05)

Certitude - Advisories

[CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack Certitude - Advisories (Oct 22)

Chris

Huge DOCSIS issue Chris (Oct 29)

cyberaz0r via Fulldisclosure

Yellowfin < 9.6.1 Multiple Vulnerabilities cyberaz0r via Fulldisclosure (Oct 19)

Florian Bogner via Fulldisclosure

Local Privilege Escalation in G Data’s Security Client “EndpointProtection Enterprise” prior to 17.08.2021 Florian Bogner via Fulldisclosure (Oct 05)

Functional Account, SEC Consult Vulnerability Lab

SEC Consult SA-20211004-0 :: Critical vulnerabilities in HiKam S6 Functional Account, SEC Consult Vulnerability Lab (Oct 05)
SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2 Functional Account, SEC Consult Vulnerability Lab (Oct 29)

info () esec-service de

PHP Melody v3.0 - (vid) SQL Injection Vulnerability info () esec-service de (Oct 27)

info () vulnerability-lab com

Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability info () vulnerability-lab com (Oct 26)
PHP Melody v3.0 - (vid) SQL Injection Vulnerability info () vulnerability-lab com (Oct 27)
Vanguard v2.1 - (Search) POST Inject Web Vulnerability info () vulnerability-lab com (Oct 27)
Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability info () vulnerability-lab com (Oct 27)
PHP Melody v3.0 - (submitted) Persistent XSS Vulnerability info () vulnerability-lab com (Oct 27)
Simplephpscripts Simple CMS v2.1 - Remote SQL Injection Vulnerability info () vulnerability-lab com (Oct 26)
PHP Melody v3.0 - (Editor) Persistent XSS Vulnerability info () vulnerability-lab com (Oct 27)
Ultimate POS v4.4 - (Products) Persistent XSS Vulnerability info () vulnerability-lab com (Oct 27)
Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability info () vulnerability-lab com (Oct 27)
SPA Cart CMS - Multiple SQL Injection Web Vulnerabilities info () vulnerability-lab com (Oct 26)
VDPBW Bundeswehr - 1 Year Vulnerability Disclosure Policy of the Bundeswehr info () vulnerability-lab com (Oct 26)
PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities info () vulnerability-lab com (Oct 26)
Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability info () vulnerability-lab com (Oct 26)

malvuln

Backdoor.Win32.Prorat.ntz / Weak Hardcoded Password malvuln (Oct 29)
Backdoor.Win32.Hupigon.acio / Unauthenticated Open Proxy malvuln (Oct 29)
Virus.Win32.Renamer.a / Insecure Permissions malvuln (Oct 05)
Backdoor.Win32.Hupigon.acio / Insecure Service Path malvuln (Oct 29)
Trojan-PSW.Win32.PdPinch.gen / Remote Denial of Service malvuln (Oct 05)
Backdoor.Win32.Bifrose.ahyg / Insecure Permissions malvuln (Oct 05)
Backdoor.Win32.Hupigon.afjk / Port Bounce Scan malvuln (Oct 29)
Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution malvuln (Oct 29)
HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy malvuln (Oct 29)
Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password malvuln (Oct 05)
Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot malvuln (Oct 19)
Trojan-Spy.Win32.Ardamax.ocx / Insecure Permissions malvuln (Oct 19)
Backdoor.Win32.Yoddos.an / Insecure Service Path malvuln (Oct 05)
Backdoor.Win32.Mazben.es / Unauthenticated Open Proxy malvuln (Oct 29)
Trojan-Proxy.Win32.Ranky.z / Unauthenticated Open Proxy malvuln (Oct 19)
Backdoor.Win32.LanaFTP.k / Heap Corruption malvuln (Oct 19)
Backdoor.Win32.Delf.arjo / Insecure Service Path malvuln (Oct 29)
Backdoor.Win32.LanFiltrator.11.b / Unauthenticated Remote Command Execution malvuln (Oct 19)
Backdoor.Win32.Hupigon.gy / Unauthenticated Open Proxy malvuln (Oct 05)
Worm.Win32.Runfer.bpo / Insecure Service Path malvuln (Oct 19)
Backdoor.Win32.Prorat.ntz / Port Bounce Scan malvuln (Oct 29)
Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy malvuln (Oct 19)
Worm.Win32.Fasong.c / Insecure Service Path malvuln (Oct 19)
Backdoor.Win32.Hupigon.afjk / Directory Traversal malvuln (Oct 29)
Trojan.Win32.Akl.bc / Insecure Permissions malvuln (Oct 29)
Backdoor.Win32.Prorat.lkt / Port Bounce Scan (MITM) malvuln (Oct 05)
Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot malvuln (Oct 29)
Backdoor.Win32.LolBot.gen / Insecure Permissions malvuln (Oct 05)
HackTool.Win32.Agent.gi / Local Stack Buffer Overflow (SEH) malvuln (Oct 05)
HEUR.Trojan.Win32.Generic / Insecure Service Path malvuln (Oct 05)
Backdoor.Win32.Hupigon.afjk / Authentication Bypass RCE malvuln (Oct 29)

Onapsis Research via Fulldisclosure

Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service Onapsis Research via Fulldisclosure (Oct 22)
Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body Onapsis Research via Fulldisclosure (Oct 22)
Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service Onapsis Research via Fulldisclosure (Oct 22)
Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service Onapsis Research via Fulldisclosure (Oct 22)
Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service Onapsis Research via Fulldisclosure (Oct 22)
Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections Onapsis Research via Fulldisclosure (Oct 22)

RedTeam Pentesting GmbH

[RT-SA-2021-001] Cross-Site Scripting in myfactory.FMS RedTeam Pentesting GmbH (Oct 13)

refabrik sec

Re: SQL injection vulnerability in Talariax sendQuick Alertplus server admin version version 4.3 refabrik sec (Oct 05)

Sandro Gauci

[ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing Sandro Gauci (Oct 26)
[ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets Sandro Gauci (Oct 26)
[ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding Sandro Gauci (Oct 26)
[ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default Sandro Gauci (Oct 26)
[ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways Sandro Gauci (Oct 26)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11 Stefan Kanthak (Oct 19)
Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant Stefan Kanthak (Oct 19)

Previous period

Next period