Full Disclosure: by author

Previous period
Next period

60 messages starting Dec 21 20 and ending Dec 29 20
Date index | Thread index | Author index

Adan Alvarez

SUPREMO Local privilege escalation Adan Alvarez (Dec 21)

Apple Product Security via Fulldisclosure

APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-2 iOS 12.5 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-5 watchOS 7.2 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-6 watchOS 6.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-7 tvOS 14.3 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-8 Safari 14.0.2 Apple Product Security via Fulldisclosure (Dec 15)
APPLE-SA-2020-12-14-9 macOS Server 5.11 Apple Product Security via Fulldisclosure (Dec 15)

Asterisk Security Team

AST-2020-004: Remote crash in res_pjsip_diversion Asterisk Security Team (Dec 22)
AST-2020-003: Remote crash in res_pjsip_diversion Asterisk Security Team (Dec 22)

Black Arch

New BlackArch Linux ISOs + OVA Image released! Black Arch (Dec 04)

CarolinaCon

CarolinaCon Online CFP CarolinaCon (Dec 25)

Daniel Bishtawi via Fulldisclosure

Cross-Site Scripting Vulnerabilities in BigtreeCMS 4.4.11 Daniel Bishtawi via Fulldisclosure (Dec 11)
Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0 Daniel Bishtawi via Fulldisclosure (Dec 29)

Dave Horsfall

Re: Etherify 4 - jumping air gaps with real ethernet hardware Dave Horsfall (Dec 01)

def

ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885) def (Dec 04)

edwin

Re: Disable Windows Defender and most other 3rd party antiviruses edwin (Dec 11)

Erik Steltzner

SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) Erik Steltzner (Dec 25)
SYSS-2020-041 Urve - Missing Authorization (CWE-862) Erik Steltzner (Dec 25)
SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306) Erik Steltzner (Dec 25)

Exibar

Re: Disable Windows Defender and most other 3rd party antiviruses Exibar (Dec 08)

Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720 Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719] Georg Ph E Heise via Fulldisclosure (Dec 18)
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995] Georg Ph E Heise via Fulldisclosure (Dec 18)

houjingyi

remote code execution when open a project in android studio that google refused to fix(still 0day) houjingyi (Dec 21)

Ilia Shnaidman

[CVE-2018-7580] - Philips Hue Denial of Service Ilia Shnaidman (Dec 25)

Jack Misiura via Fulldisclosure

Reflected XSS in WordPress - DirectoriesPro 1.3.45 plugin disclosure Jack Misiura via Fulldisclosure (Dec 11)
Reflected cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Authenticated blind SQL injection (SQLi) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Missing access controls in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure (Dec 11)
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure. Jack Misiura via Fulldisclosure (Dec 11)

Jason Geffner

Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Jason Geffner (Dec 25)
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner (Dec 29)
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner (Dec 25)

Kevin Kotas via Fulldisclosure

CA20201215-01: Security Notice for CA Service Catalog Kevin Kotas via Fulldisclosure (Dec 18)

krishna yadav

Request for full disclosure of CVE-2020-25889 & CVE-2020-25955 krishna yadav (Dec 07)
Stored XSS in Online bus booking system krishna yadav (Dec 11)

Mark E. Jeftovic

Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Mark E. Jeftovic (Dec 29)

Moe Szyslak

Rocket.Chat Path Traversal Moe Szyslak (Dec 21)
Rocket.Chat quietly patches XSS vulnerability Moe Szyslak (Dec 18)

n0ipr0cs

Vulnerability Path Traversal ACS n0ipr0cs (Dec 11)

Reed Loden

Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Reed Loden (Dec 25)
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Reed Loden (Dec 25)

Roberto Franceschetti

Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti (Dec 07)
Re: Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti (Dec 11)

SEC Consult Vulnerability Lab

SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) SEC Consult Vulnerability Lab (Dec 17)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability Stefan Kanthak (Dec 18)

Vulnerability Lab

Bundeswehr VDPBw 50+ reported vulnerabilities Vulnerability Lab (Dec 03)
VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability Vulnerability Lab (Dec 08)
VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability Vulnerability Lab (Dec 08)
VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability Vulnerability Lab (Dec 08)
Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability Vulnerability Lab (Dec 08)

Zinaida Benenson

survey on reliability of CVSS Zinaida Benenson (Dec 29)
Previous period
Next period