Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
60 messages
starting Dec 01 20 and
ending Dec 29 20
Date index |
Thread index |
Author index
Tuesday, 01 December
Re: Etherify 4 - jumping air gaps with real ethernet hardware Dave Horsfall
Thursday, 03 December
Bundeswehr VDPBw 50+ reported vulnerabilities Vulnerability Lab
Friday, 04 December
New BlackArch Linux ISOs + OVA Image released! Black Arch
ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885) def
Monday, 07 December
Request for full disclosure of CVE-2020-25889 & CVE-2020-25955 krishna yadav
Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti
Tuesday, 08 December
Re: Disable Windows Defender and most other 3rd party antiviruses Exibar
VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability Vulnerability Lab
VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability Vulnerability Lab
VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability Vulnerability Lab
Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability Vulnerability Lab
Friday, 11 December
Cross-Site Scripting Vulnerabilities in BigtreeCMS 4.4.11 Daniel Bishtawi via Fulldisclosure
Re: Disable Windows Defender and most other 3rd party antiviruses edwin
Vulnerability Path Traversal ACS n0ipr0cs
Reflected XSS in WordPress - DirectoriesPro 1.3.45 plugin disclosure Jack Misiura via Fulldisclosure
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure. Jack Misiura via Fulldisclosure
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Reflected cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Authenticated blind SQL injection (SQLi) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Missing access controls in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure Jack Misiura via Fulldisclosure
Stored XSS in Online bus booking system krishna yadav
Re: Disable Windows Defender and most other 3rd party antiviruses Roberto Franceschetti
Tuesday, 15 December
APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-2 iOS 12.5 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-5 watchOS 7.2 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-6 watchOS 6.3 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-7 tvOS 14.3 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-8 Safari 14.0.2 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-9 macOS Server 5.11 Apple Product Security via Fulldisclosure
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 Apple Product Security via Fulldisclosure
Thursday, 17 December
SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) SEC Consult Vulnerability Lab
Friday, 18 December
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720 Georg Ph E Heise via Fulldisclosure
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719] Georg Ph E Heise via Fulldisclosure
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717] Georg Ph E Heise via Fulldisclosure
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995] Georg Ph E Heise via Fulldisclosure
Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718] Georg Ph E Heise via Fulldisclosure
CA20201215-01: Security Notice for CA Service Catalog Kevin Kotas via Fulldisclosure
Rocket.Chat quietly patches XSS vulnerability Moe Szyslak
Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability Stefan Kanthak
Monday, 21 December
SUPREMO Local privilege escalation Adan Alvarez
remote code execution when open a project in android studio that google refused to fix(still 0day) houjingyi
Rocket.Chat Path Traversal Moe Szyslak
Tuesday, 22 December
AST-2020-003: Remote crash in res_pjsip_diversion Asterisk Security Team
AST-2020-004: Remote crash in res_pjsip_diversion Asterisk Security Team
Friday, 25 December
SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306) Erik Steltzner
SYSS-2020-041 Urve - Missing Authorization (CWE-862) Erik Steltzner
SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) Erik Steltzner
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Jason Geffner
[CVE-2018-7580] - Philips Hue Denial of Service Ilia Shnaidman
CarolinaCon Online CFP CarolinaCon
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze Reed Loden
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Reed Loden
Tuesday, 29 December
Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0 Daniel Bishtawi via Fulldisclosure
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Mark E. Jeftovic
survey on reliability of CVSS Zinaida Benenson