Full Disclosure: by author
29 messages
starting Apr 05 24 and
ending Apr 05 24
Date index |
Thread index |
Author index
Andrew Zayine
[CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine (Apr 05)
Andrey Stoykov
Multiple Issues in concretecmsv9.2.7 Andrey Stoykov (Apr 10)
Clément Cruchet
CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet (Apr 10)
Egidio Romano
[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano (Apr 10)
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano (Apr 10)
Lennert Preuth via Fulldisclosure
SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure (Apr 05)
SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)
SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)
malvuln
Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln (Apr 10)
Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln (Apr 05)
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln (Apr 19)
Martin Heiland via Fulldisclosure
OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Apr 10)
Matteo Beccati
Response to CVE-2023-26756 - Revive Adserver Matteo Beccati (Apr 24)
Pawel Karwowski via Fulldisclosure
MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure (Apr 19)
SEC Consult Vulnerability Lab via Fulldisclosure
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure (Apr 19)
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure (Apr 14)
Security Explorations
Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations (Apr 02)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak (Apr 24)
V3locidad
CVE-2024-31705 V3locidad (Apr 14)
Valentin Lobstein via Fulldisclosure
CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure (Apr 05)