Full Disclosure: by author
60 messages
starting Dec 21 20 and
ending Dec 29 20
Date index |
Thread index |
Author index
Adan Alvarez
SUPREMO Local privilege escalation Adan Alvarez (Dec 21)
Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-2 iOS 12.5 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-5 watchOS 7.2 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-6 watchOS 6.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-7 tvOS 14.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-8 Safari 14.0.2 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-9 macOS Server 5.11 Apple Product Security via Fulldisclosure (Dec 15)
Asterisk Security Team
AST-2020-004: Remote crash in res_pjsip_diversion Asterisk Security Team (Dec 22)
AST-2020-003: Remote crash in res_pjsip_diversion Asterisk Security Team (Dec 22)
Black Arch
New BlackArch Linux ISOs + OVA Image released! Black Arch (Dec 04)
CarolinaCon
CarolinaCon Online CFP CarolinaCon (Dec 25)
Daniel Bishtawi via Fulldisclosure
Cross-Site Scripting Vulnerabilities in BigtreeCMS 4.4.11 Daniel Bishtawi via Fulldisclosure (Dec 11)
Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0 Daniel Bishtawi via Fulldisclosure (Dec 29)
Dave Horsfall
Re: Etherify 4 - jumping air gaps with real ethernet hardware Dave Horsfall (Dec 01)
def
ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885) def (Dec 04)
edwin
Re: Disable Windows Defender and most other 3rd party antiviruses edwin (Dec 11)
Erik Steltzner
SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) Erik Steltzner (Dec 25)
SYSS-2020-041 Urve - Missing Authorization (CWE-862) Erik Steltzner (Dec 25)
SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306) Erik Steltzner (Dec 25)
Exibar
Re: Disable Windows Defender and most other 3rd party antiviruses Exibar (Dec 08)
Georg Ph E Heise via Fulldisclosure
Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720 Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995] Georg Ph E Heise via Fulldisclosure (Dec 18)
houjingyi
remote code execution when open a project in android studio that google refused to fix(still 0day) houjingyi (Dec 21)
Ilia Shnaidman
[CVE-2018-7580] - Philips Hue Denial of Service Ilia Shnaidman (Dec 25)
Jack Misiura via Fulldisclosure
Reflected XSS in WordPress - DirectoriesPro 1.3.45 plugin disclosure Jack Misiura via Fulldisclosure (Dec 11)
Reflected cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Authenticated blind SQL injection (SQLi) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Missing access controls in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure. Jack Misiura via Fulldisclosure (Dec 11)
Jason Geffner
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Jason Geffner (Dec 25)
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner (Dec 29)
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner (Dec 25)
Kevin Kotas via Fulldisclosure
CA20201215-01: Security Notice for CA Service Catalog Kevin Kotas via Fulldisclosure (Dec 18)
krishna yadav
Request for full disclosure of CVE-2020-25889 & CVE-2020-25955 krishna yadav (Dec 07)
Stored XSS in Online bus booking system krishna yadav (Dec 11)
Mark E. Jeftovic
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Mark E. Jeftovic (Dec 29)
Moe Szyslak
Rocket.Chat Path Traversal Moe Szyslak (Dec 21)
Rocket.Chat quietly patches XSS vulnerability Moe Szyslak (Dec 18)
n0ipr0cs
Vulnerability Path Traversal ACS n0ipr0cs (Dec 11)
Reed Loden
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Reed Loden (Dec 25)
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Reed Loden (Dec 25)
Roberto Franceschetti
Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti (Dec 07)
Re: Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti (Dec 11)
SEC Consult Vulnerability Lab
SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) SEC Consult Vulnerability Lab (Dec 17)
Stefan Kanthak
Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability Stefan Kanthak (Dec 18)
Vulnerability Lab
Bundeswehr VDPBw 50+ reported vulnerabilities Vulnerability Lab (Dec 03)
VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability Vulnerability Lab (Dec 08)
VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability Vulnerability Lab (Dec 08)
VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 08)
Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability Vulnerability Lab (Dec 08)
Zinaida Benenson
survey on reliability of CVSS Zinaida Benenson (Dec 29)