Full Disclosure: by date

PreviousPrevious period
Next periodNext

91 messages starting Jan 02 22 and ending Jan 31 22
Date index | Thread index | Author index

Sunday, 02 January

CVE-2021-25080 vulnerability Gaetano Perrone
Backdoor.Win32.Visiotrol.10 / Insecure Password Storage malvuln
Backdoor.Win32.FTP.Simpel.12 / Port Bounce Scan malvuln
Backdoor.Win32.FTP.Simpel.12 / Insecure Crypto malvuln
Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.Wollf.m / Weak Hardcoded Password malvuln
Backdoor.Win32.Wollf.m / Authentication Bypass malvuln
Backdoor.Win32.Fantador / Insecure Password Storage malvuln
Backdoor.Win32.Fantador / Divide by Zero DoS malvuln
Backdoor.Win32.Skrat / Cleartext Hardcoded Password malvuln
Backdoor.Win32.SilentSpy.10 / Authentication Bypass Command Execution malvuln
Backdoor.Win32.SilentSpy.10 / Authentication Race Condition malvuln

Friday, 07 January

PoC for CVE-2021-25079 Gaetano Perrone
cWifi Hotspot Wireless CP - Code Execution Vulnerability info () vulnerability-lab com
Easy Cart Shopping Cart - (Search) Persistent Vulnerability info () vulnerability-lab com
uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities info () vulnerability-lab com
Rocket LMS v1.1 - (History) Persistent XSS Vulnerability info () vulnerability-lab com
Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities info () vulnerability-lab com
Backdoor.Win32.Jtram.a / Insecure Credential Storage malvuln
Backdoor.Win32.Jtram.a / Port Bounce Scan malvuln
Backdoor.Win32.Dsklite.a / Remote Denial of Service malvuln
Backdoor.Win32.Dsklite.a / Insecure Transit malvuln
Backdoor.Win32.SVC / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.SVC / Directory Traversal malvuln
Backdoor.Win32.SubSeven.c / Remote Stack Buffer Overflow malvuln

Tuesday, 11 January

Microsoft Windows .Reg File Dialog Spoof / Mitigation Bypass hyp3rlinx
Microsoft Windows Defender / Detection Bypass hyp3rlinx
CVE-2021-39623 Libstagefright (Media Framework on Android) with OOB write on the heap Marcin Kozlowski
Full Disclosure DMCA.COM Exploitation WebSec B.V.
Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution malvuln

Wednesday, 12 January

[RT-SA-2021-009] Credential Disclosure in Web Interface of Crestron Device RedTeam Pentesting GmbH
Reprise License Manager 14.2 - Reflected Cross-Site Scripting Gionathan Reale via Fulldisclosure
APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 Apple Product Security via Fulldisclosure

Friday, 14 January

🐞 Call for Papers for Hardwear.io USA 2022 is OPEN! Andrea Simonca
SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones SEC Consult Vulnerability Lab, Research

Sunday, 16 January

Ab Stealer Web Panel / Unauthenticated Remote Persistent XSS malvuln
Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure malvuln
Win32.MarsStealer Web Panel / Unauthenticated Remote Persistent XSS malvuln
Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion malvuln

Monday, 24 January

Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Ismail Aydemir
Xerox vulnerability allows unauthenticated remote users to remotely brick network printers Mahmoud Al-Qudsi
[TO-2021-001] WebACMS 2.1.0 - Cross-Site Scripting Patrick Hener
AgentTesla Builder Web Panel / Cross Site Scripting (XSS) malvuln
AgentTesla Builder Web Panel / SQL Injection malvuln
Chaos Ransomeware Builder v4 / Insecure Permissions malvuln
VulturiBuilder / Insecure Permissions malvuln
CollectorStealerBuilder v2.0.0 Panel / Insecure Credential Storage malvuln
CollectorStealerBuilder v2.0.0 Panel / Man-in-the-Middle (MITM) malvuln
Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution malvuln
Ransomware Builder Babuk / Insecure Permissions malvuln
Backdoor.Win32.Wollf.16 / Authentication Bypass malvuln
Backdoor.Win32.Wollf.16 / Weak Hardcoded Credentials malvuln
SEC Consult SA-20220117-0 :: Stored Cross-Site Scripting vulnerability in TYPO3 extension "femanager" SEC Consult Vulnerability Lab, Research
Advisory:[CVE-2021-27971]Alps Alpine DLL Injection Issue Xiaojian Cao
SEC Consult SA-20220120-0 :: Local file inclusion vulnerability in Land Software - FAUST iServer SEC Consult Vulnerability Lab, Research
SEC Consult SA-20220124-0 :: Authenticated Path Traversal in Ethercreative Logs plugin for Craft CMS SEC Consult Vulnerability Lab, Research
[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022 ESORICS 2022 - publicity chair

Tuesday, 25 January

Banco Guayaquil v8.0.0 iOS - Cross Site Scripting Web Vulnerability info () vulnerability-lab com
Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability info () vulnerability-lab com
uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities info () vulnerability-lab com
Backdoor.Win32.Agent.uq / Insecure Permissions malvuln
Backdoor.Win32.FTP99 / Authentication Bypass Race Condition malvuln
Backdoor.Win32.FTP99 / Port Bounce Scan (MITM) malvuln
Backdoor.Win32.Hanuman.b / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Password malvuln
Backdoor.Win32.FTP.Lana.01.d / Port Bounce Scan (MITM) malvuln
Backdoor.Win32.DRA.c / Weak Hardcoded Password malvuln
CosaNostra Builder / Insecure Permissions malvuln
CosaNostra Builder WebPanel / Insecure Crypto malvuln
CosaNostra Builder WebPanel / Cross Site Request Forgery (CSRF) malvuln

Wednesday, 26 January

Onapsis Security Advisory 2021-0021: SAP Enterprise Portal - XSS NavigationReporter Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0022: SAP Enterprise Portal - XSS RunContentCreation Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0023: SAP Enterprise Portal - SSRF iviewCatcherEditor Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0024: SAP Enterprise Portal - Anonymous Stored Open Redirect Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0025: Null Pointer Dereference vulnerability in SAP CommonCryptoLib Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0026: SAP Enterprise Portal - XSLT injection Onapsis Research via Fulldisclosure

Friday, 28 January

KL-001-2022-001: Moxa TN-5900 Firmware Upgrade Checksum Validation Vulnerability KoreLogic Disclosures via Fulldisclosure
KL-001-2022-002: Moxa TN-5900 Post Authentication Command Injection Vulnerability KoreLogic Disclosures via Fulldisclosure
CarolinaCon Online 2 Carolina Con
APPLE-SA-2022-01-26-1 iOS 15.3 and iPadOS 15.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina Apple Product Security via Fulldisclosure
Backdoor.Win32.WinShell.50 / Weak Hardcoded Password malvuln
APPLE-SA-2022-01-26-2 macOS Monterey 12.2 Apple Product Security via Fulldisclosure
APPLE-SA-2022-01-26-3 macOS Big Sur 11.6.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-01-26-5 tvOS 15.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-01-26-7 Safari 15.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-01-26-6 watchOS 8.4 Apple Product Security via Fulldisclosure

Saturday, 29 January

foxit reader Arbitrary File Write houjingyi
HackTool.Win32.Muzzer.a / Heap Based Buffer Overflow malvuln
Backdoor.Win32.Tiny.c / Unauthenticated Remote Command Execution malvuln

Monday, 31 January

The Knights of NYNEX presents: Morgawr's feast Knights of Nynex via Fulldisclosure
PreviousPrevious period
Next periodNext