Full Disclosure: by date

57 messages starting Feb 01 22 and ending Feb 28 22
Date index | Thread index | Author index

Tuesday, 01 February

Backdoor.Win32.Wollf.m / Weak Hardcoded Password malvuln
Backdoor.Win32.Zxman / Unauthenticated Remote Code Execution malvuln
Backdoor.Win32.Small.bu (KGB- RAT server v0.1) / Unauthenticated Remote Command Execution malvuln

Thursday, 03 February

SEC Consult SA-20220126-0 :: Denial of service & User Enumeration in WAGO 750-8xxx PLC SEC Consult Vulnerability Lab, Research
SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products SEC Consult Vulnerability Lab, Research
SEC Consult SA-20220202-0 :: Broken access control & Cross-Site Scripting in Shopmetrics Mystery Shopping Software SEC Consult Vulnerability Lab, Research
Trovent Security Advisory 2108-01 / Vivellio: User account enumeration in password reset function Stefan Pietsch
North Korean APT Attacks Security Researchers in Social Media 2022 info () vulnerability-lab com
CVE-2021-38130: Business Logic Bypass - Mail Relay (Post-authenticated) for Voltage SecureMail Server <v7.3.0.1 Ting Meng Yean via Fulldisclosure

Friday, 04 February

CA20220203-01: Security Notice for CA Harvest Software Change Manager Ken Williams via Fulldisclosure
Code Scanning using many Tools/Scanners - Scanmycode CE (Community Edition) released Marcin Kozlowski
getenv("=A") works (no particular vulnerability) Askar Safin via Fulldisclosure

Sunday, 06 February

Re: getenv("=A") works (no particular vulnerability) Andy Bach
Re: getenv("=A") works (no particular vulnerability) bo0od via Fulldisclosure
Backdoor.Win32.Small.er / Unauthenticated Remote Command Execution malvuln
[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022 ESORICS 2022 - publicity chair

Thursday, 10 February

Nokia BTS Authentication Bypass Cristiano Maruti
APPLE-SA-2022-02-10-1 iOS 15.3.1 and iPadOS 15.3.1 Apple Product Security via Fulldisclosure
APPLE-SA-2022-02-10-2 macOS Monterey 12.2.1 Apple Product Security via Fulldisclosure
APPLE-SA-2022-02-10-3 Safari 15.3 Apple Product Security via Fulldisclosure
SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect SEC Consult Vulnerability Lab, Research via Fulldisclosure
Facebook DNS misconfiguration Carlo Di Dato via Fulldisclosure
CFP: The 24th International Conference on Information and Communications Security (ICICS 2022) CFP - ICICS 2022
Backdoor.Win32.Frauder.jt / Insecure Permissions malvuln
Backdoor.Win32.XRat.k / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.Wdoor.11 / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.Prexot.a / Authentication Bypass malvuln
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) malvuln
Backdoor.Win32.Freddy.2001 / Authentication Bypass Command Execution malvuln

Sunday, 13 February

Finding secrets in mirrored Git repositories Nightwatch Cybersecurity Research
Re: Facebook DNS misconfiguration Joey Kelly

Wednesday, 16 February

Zepl Notebook - Remote Code Execution ghost
Zepl Notebook - Sandbox Escape ghost
Algorithmia MSOL - Remote Code Execution ghost
Backdoor.Win32.Zombam.b / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.Zombam.b / Unauthenticated Information Disclosure malvuln
Backdoor.Win32.Zombam.b / Cross Site Scripting (XSS) malvuln
Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password malvuln
Email-Worm.Win32.Lama / Insecure Permissions malvuln
Backdoor.Win32.Prosti.b / Insecure Permissions malvuln
Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder / Insecure Permissions malvuln
SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices SEC Consult Vulnerability Lab, Research via Fulldisclosure

Friday, 18 February

Car Portal Template - (Search) Persistent Web Vulnerability info () vulnerability-lab com
Wordpress v5.9 - Reflected Cross Site Scripting Web Vulnerability info () vulnerability-lab com
Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability info () vulnerability-lab com
MartFury Marketplace - Cross Site Scripting Vulnerability info () vulnerability-lab com
Datarobot -- Remote Code Execution Michael Coers

Tuesday, 22 February

Trojan.Win32.Cosmu.abix / Insecure Permissions malvuln
Backdoor.Win32.Agent.baol / Insecure Permissions malvuln
Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password malvuln

Thursday, 24 February

CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies YEUNG, Tsz Ko
Backdoor.Win32.Acropolis.10 / Insecure Permissions malvuln
Backdoor.Win32.FTP.Ics / Authentication Bypass malvuln
Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.FTP.Ics / Port Bounce Scan (MITM) malvuln
Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4 YEUNG, Tsz Ko

Monday, 28 February

Dll Hijacking Vulnerability found in Rufus-3.17.1846 from Akeo Consulting YEUNG, Tsz Ko

Previous period

Next period