Full Disclosure: by author

Previous period
Next period

45 messages starting Nov 06 20 and ending Nov 16 20
Date index | Thread index | Author index

Apple Product Security via Fulldisclosure

APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 Apple Product Security via Fulldisclosure (Nov 06)
APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Apple Product Security via Fulldisclosure (Nov 15)
APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 Apple Product Security via Fulldisclosure (Nov 15)
APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 Apple Product Security via Fulldisclosure (Nov 15)
APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 Apple Product Security via Fulldisclosure (Nov 15)
APPLE-SA-2020-11-05-2 iOS 12.4.9 Apple Product Security via Fulldisclosure (Nov 06)
APPLE-SA-2020-11-05-7 tvOS 14.2 Apple Product Security via Fulldisclosure (Nov 06)
APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave Apple Product Security via Fulldisclosure (Nov 15)
APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave Apple Product Security via Fulldisclosure (Nov 15)

Asterisk Security Team

AST-2020-001: Remote crash in res_pjsip_session Asterisk Security Team (Nov 05)
AST-2020-002: Outbound INVITE loop on challenge with different nonce. Asterisk Security Team (Nov 05)

bo0od

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002 bo0od (Nov 15)

Dawid Golunski

Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn Dawid Golunski (Nov 05)

Georgi Guninski

Scope of Debian's /home/loser is with permissions 755, default umask 002 Georgi Guninski (Nov 12)

hacker

SOWA.OPAC Reflected Cross Site Scripting hacker (Nov 18)

hyp3rlinx

NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3) hyp3rlinx (Nov 10)

Jacek Lipkowski

Etherify 4 - jumping air gaps with real ethernet hardware Jacek Lipkowski (Nov 30)
Etherify - bringing the ether back to ethernet Jacek Lipkowski (Nov 06)

Jonathan Gregson via Fulldisclosure

Fancy Product Designer for WooCommerce - Unrestricted File Upload Jonathan Gregson via Fulldisclosure (Nov 17)
Fancy Product Designer for WooCommerce - Stored XSS via SVG upload Jonathan Gregson via Fulldisclosure (Nov 17)

José Nicolás Castellano

[No cON Name] #ncn2k20 CFP online - Barcelona José Nicolás Castellano (Nov 10)

Ken Williams via Fulldisclosure

CA20201116-01: Security Notice for CA Unified Infrastructure Management Ken Williams via Fulldisclosure (Nov 23)

KoreLogic Disclosures via Fulldisclosure

KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password KoreLogic Disclosures via Fulldisclosure (Nov 20)
KL-001-2020-009 : Barco wePresent Insecure Firmware Image KoreLogic Disclosures via Fulldisclosure (Nov 20)
KL-001-2020-006 : Barco wePresent Authentication Bypass KoreLogic Disclosures via Fulldisclosure (Nov 20)
KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text KoreLogic Disclosures via Fulldisclosure (Nov 20)
KL-001-2020-004 : Barco wePresent Hardcoded API Credentials KoreLogic Disclosures via Fulldisclosure (Nov 20)
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI KoreLogic Disclosures via Fulldisclosure (Nov 20)

Marcin Kozlowski

TCMalloc viewer/dumper - TCMalloc Inspector Tool Marcin Kozlowski (Nov 18)

Micha Borrmann

[SYSS-2020-037] Persistent Cross-site Scripting (CWE-79) in REDDOXX MailDepot (CVE-2020-26554) Micha Borrmann (Nov 15)

pabloec20

scikit-learn 0.23.2 Local Denial of Service pabloec20 (Nov 30)

Pietro Oliva via Fulldisclosure

Avian JVM FileOutputStream.write() Integer Overflow Pietro Oliva via Fulldisclosure (Nov 12)

Pim van Stam

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002 Pim van Stam (Nov 15)

Sandro Gauci

Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP Sandro Gauci (Nov 06)

SEC Consult Vulnerability Lab

SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) SEC Consult Vulnerability Lab (Nov 04)
SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager SEC Consult Vulnerability Lab (Nov 17)
SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V SEC Consult Vulnerability Lab (Nov 23)

Tobias Glemser

secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Tobias Glemser (Nov 06)

Vulnerability Lab

Intel NUC - Local Privilege Escalation Vulnerability Vulnerability Lab (Nov 16)
SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability Vulnerability Lab (Nov 16)
Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability Vulnerability Lab (Nov 16)
VTiger v7.0 CRM - (To) Persistent Email Vulnerability Vulnerability Lab (Nov 20)
SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability Vulnerability Lab (Nov 16)
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities Vulnerability Lab (Nov 16)
Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability Vulnerability Lab (Nov 16)
Previous period
Next period