Full Disclosure: by date

33 messages starting Aug 01 23 and ending Aug 31 23
Date index | Thread index | Author index

Tuesday, 01 August

ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability info () vulnerability-lab com
Stored XSS - Perch Andrey Stoykov
Pentest Paper - Introduction to Web Pentest Andrey Stoykov
Unauthorized MFA Code Delivery in EmpowerID Patel, Nirav
CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated) Rick Verdoes via Fulldisclosure
Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba Stefan Pietsch

Wednesday, 02 August

Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter) Mahmoud Noureldin
RansomLord v1 / Anti-Ransomware Exploit Tool malvuln
OXAS-ADV-2023-0003: OX App Suite Security Advisory Martin Heiland via Fulldisclosure

Thursday, 03 August

[SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301) Matthias Deeg via Fulldisclosure
Kolibri GET request buffer Overflow [Stack Egghunter] Mahmoud Noureldin

Monday, 07 August

GNOME Files silently extracts setuid files from ZIP archives Georgi Guninski

Friday, 11 August

St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client Weber Thomas via Fulldisclosure
St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series Weber Thomas via Fulldisclosure
Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack Paul Szabo via Fulldisclosure

Tuesday, 15 August

Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957 Moritz Abrell via Fulldisclosure
Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956 Moritz Abrell via Fulldisclosure
Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955 Moritz Abrell via Fulldisclosure
Anomaly in Fedora `dnf update`: md5 mismatch of result Georgi Guninski

Thursday, 17 August

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig KoreLogic Disclosures via Fulldisclosure
KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump KoreLogic Disclosures via Fulldisclosure
KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit KoreLogic Disclosures via Fulldisclosure

Saturday, 19 August

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Adrean Boyadzhiev
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Matthew Fernandez
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Michael Lazin
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Jeffrey Walton

Wednesday, 23 August

[KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability Egidio Romano
[KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability Egidio Romano
[KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities Egidio Romano
[KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano

Tuesday, 29 August

Mozilla Firefox only stores up to 1024 HSTS entries Konstantin

Thursday, 31 August

[CVE-2023-4491, CVE-2023-4492, CVE-2023-4493, CVE-2023-4494, CVE-2023-4495, CVE-2023-4496, CVE-2023-4497] Multiple vulnerabilities in EFS Software products Rafael Pedrero

Previous period

Next period