Full Disclosure: by author

Previous period
Next period

57 messages starting Feb 06 22 and ending Feb 28 22
Date index | Thread index | Author index

Andy Bach

Re: getenv("=A") works (no particular vulnerability) Andy Bach (Feb 06)

Apple Product Security via Fulldisclosure

APPLE-SA-2022-02-10-1 iOS 15.3.1 and iPadOS 15.3.1 Apple Product Security via Fulldisclosure (Feb 10)
APPLE-SA-2022-02-10-2 macOS Monterey 12.2.1 Apple Product Security via Fulldisclosure (Feb 10)
APPLE-SA-2022-02-10-3 Safari 15.3 Apple Product Security via Fulldisclosure (Feb 10)

Askar Safin via Fulldisclosure

getenv("=A") works (no particular vulnerability) Askar Safin via Fulldisclosure (Feb 04)

bo0od via Fulldisclosure

Re: getenv("=A") works (no particular vulnerability) bo0od via Fulldisclosure (Feb 06)

Carlo Di Dato via Fulldisclosure

Facebook DNS misconfiguration Carlo Di Dato via Fulldisclosure (Feb 10)

CFP - ICICS 2022

CFP: The 24th International Conference on Information and Communications Security (ICICS 2022) CFP - ICICS 2022 (Feb 10)

Cristiano Maruti

Nokia BTS Authentication Bypass Cristiano Maruti (Feb 10)

ESORICS 2022 - publicity chair

[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022 ESORICS 2022 - publicity chair (Feb 06)

ghost

Zepl Notebook - Remote Code Execution ghost (Feb 16)
Algorithmia MSOL - Remote Code Execution ghost (Feb 16)
Zepl Notebook - Sandbox Escape ghost (Feb 16)

info () vulnerability-lab com

Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability info () vulnerability-lab com (Feb 18)
Car Portal Template - (Search) Persistent Web Vulnerability info () vulnerability-lab com (Feb 18)
MartFury Marketplace - Cross Site Scripting Vulnerability info () vulnerability-lab com (Feb 18)
Wordpress v5.9 - Reflected Cross Site Scripting Web Vulnerability info () vulnerability-lab com (Feb 18)
North Korean APT Attacks Security Researchers in Social Media 2022 info () vulnerability-lab com (Feb 03)

Joey Kelly

Re: Facebook DNS misconfiguration Joey Kelly (Feb 13)

Ken Williams via Fulldisclosure

CA20220203-01: Security Notice for CA Harvest Software Change Manager Ken Williams via Fulldisclosure (Feb 04)

malvuln

Backdoor.Win32.Zxman / Unauthenticated Remote Code Execution malvuln (Feb 01)
Backdoor.Win32.Prexot.a / Authentication Bypass malvuln (Feb 10)
Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password malvuln (Feb 16)
Backdoor.Win32.Small.er / Unauthenticated Remote Command Execution malvuln (Feb 06)
Backdoor.Win32.Prosti.b / Insecure Permissions malvuln (Feb 16)
Backdoor.Win32.Zombam.b / Cross Site Scripting (XSS) malvuln (Feb 16)
Trojan.Win32.Cosmu.abix / Insecure Permissions malvuln (Feb 22)
Email-Worm.Win32.Lama / Insecure Permissions malvuln (Feb 16)
Backdoor.Win32.Acropolis.10 / Insecure Permissions malvuln (Feb 24)
Backdoor.Win32.XRat.k / Unauthenticated Remote Command Execution malvuln (Feb 10)
Backdoor.Win32.Wollf.m / Weak Hardcoded Password malvuln (Feb 01)
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) malvuln (Feb 10)
Backdoor.Win32.Zombam.b / Unauthenticated Information Disclosure malvuln (Feb 16)
Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder / Insecure Permissions malvuln (Feb 16)
Backdoor.Win32.Freddy.2001 / Authentication Bypass Command Execution malvuln (Feb 10)
Backdoor.Win32.Agent.baol / Insecure Permissions malvuln (Feb 22)
Backdoor.Win32.FTP.Ics / Authentication Bypass malvuln (Feb 24)
Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password malvuln (Feb 22)
Backdoor.Win32.FTP.Ics / Port Bounce Scan (MITM) malvuln (Feb 24)
Backdoor.Win32.Frauder.jt / Insecure Permissions malvuln (Feb 10)
Backdoor.Win32.Wdoor.11 / Unauthenticated Remote Command Execution malvuln (Feb 10)
Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution malvuln (Feb 24)
Backdoor.Win32.Small.bu (KGB- RAT server v0.1) / Unauthenticated Remote Command Execution malvuln (Feb 01)
Backdoor.Win32.Zombam.b / Remote Stack Buffer Overflow malvuln (Feb 16)

Marcin Kozlowski

Code Scanning using many Tools/Scanners - Scanmycode CE (Community Edition) released Marcin Kozlowski (Feb 04)

Michael Coers

Datarobot -- Remote Code Execution Michael Coers (Feb 18)

Nightwatch Cybersecurity Research

Finding secrets in mirrored Git repositories Nightwatch Cybersecurity Research (Feb 13)

SEC Consult Vulnerability Lab, Research

SEC Consult SA-20220202-0 :: Broken access control & Cross-Site Scripting in Shopmetrics Mystery Shopping Software SEC Consult Vulnerability Lab, Research (Feb 03)
SEC Consult SA-20220126-0 :: Denial of service & User Enumeration in WAGO 750-8xxx PLC SEC Consult Vulnerability Lab, Research (Feb 03)
SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products SEC Consult Vulnerability Lab, Research (Feb 03)

SEC Consult Vulnerability Lab, Research via Fulldisclosure

SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices SEC Consult Vulnerability Lab, Research via Fulldisclosure (Feb 16)
SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect SEC Consult Vulnerability Lab, Research via Fulldisclosure (Feb 10)

Stefan Pietsch

Trovent Security Advisory 2108-01 / Vivellio: User account enumeration in password reset function Stefan Pietsch (Feb 03)

Ting Meng Yean via Fulldisclosure

CVE-2021-38130: Business Logic Bypass - Mail Relay (Post-authenticated) for Voltage SecureMail Server <v7.3.0.1 Ting Meng Yean via Fulldisclosure (Feb 03)

YEUNG, Tsz Ko

Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4 YEUNG, Tsz Ko (Feb 24)
CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies YEUNG, Tsz Ko (Feb 24)
Dll Hijacking Vulnerability found in Rufus-3.17.1846 from Akeo Consulting YEUNG, Tsz Ko (Feb 28)
Previous period
Next period