Full Disclosure: by date
33 messages
starting Aug 01 23 and
ending Aug 31 23
Date index |
Thread index |
Author index
Tuesday, 01 August
ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability info () vulnerability-lab com
Stored XSS - Perch Andrey Stoykov
Pentest Paper - Introduction to Web Pentest Andrey Stoykov
Unauthorized MFA Code Delivery in EmpowerID Patel, Nirav
CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated) Rick Verdoes via Fulldisclosure
Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba Stefan Pietsch
Wednesday, 02 August
Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter) Mahmoud Noureldin
RansomLord v1 / Anti-Ransomware Exploit Tool malvuln
OXAS-ADV-2023-0003: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
Thursday, 03 August
[SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301) Matthias Deeg via Fulldisclosure
Kolibri GET request buffer Overflow [Stack Egghunter] Mahmoud Noureldin
Monday, 07 August
GNOME Files silently extracts setuid files from ZIP archives Georgi Guninski
Friday, 11 August
St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client Weber Thomas via Fulldisclosure
St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series Weber Thomas via Fulldisclosure
Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack Paul Szabo via Fulldisclosure
Tuesday, 15 August
Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957 Moritz Abrell via Fulldisclosure
Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956 Moritz Abrell via Fulldisclosure
Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955 Moritz Abrell via Fulldisclosure
Anomaly in Fedora `dnf update`: md5 mismatch of result Georgi Guninski
Thursday, 17 August
KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig KoreLogic Disclosures via Fulldisclosure
KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump KoreLogic Disclosures via Fulldisclosure
KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit KoreLogic Disclosures via Fulldisclosure
Saturday, 19 August
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Adrean Boyadzhiev
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Matthew Fernandez
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Michael Lazin
Re: Anomaly in Fedora `dnf update`: md5 mismatch of result Jeffrey Walton
Wednesday, 23 August
[KIS-2023-05] SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability Egidio Romano
[KIS-2023-06] SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability Egidio Romano
[KIS-2023-07] SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability Egidio Romano
[KIS-2023-08] SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities Egidio Romano
[KIS-2023-09] CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano
Tuesday, 29 August
Mozilla Firefox only stores up to 1024 HSTS entries Konstantin
Thursday, 31 August
[CVE-2023-4491, CVE-2023-4492, CVE-2023-4493, CVE-2023-4494, CVE-2023-4495, CVE-2023-4496, CVE-2023-4497] Multiple vulnerabilities in EFS Software products Rafael Pedrero