Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

57 messages starting Jun 30 22 and ending Jun 14 22
Date index | Thread index | Author index

alcaraz

[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022** alcaraz (Jun 30)

Andrea Simonca

🐞 CFP for Hardwear.io NL 2022 is OPEN! Andrea Simonca (Jun 30)

Biznet Bilişim

XML External Entity (XXE) vulnerability in the WSO2 Management Console Biznet Bilişim (Jun 10)

chan chan

AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine chan chan (Jun 27)

Eldar Marcussen

JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function Eldar Marcussen (Jun 30)

Jose Nicolas Castellano via Fulldisclosure

CFP No cON Name 2022 - Barcelona Jose Nicolas Castellano via Fulldisclosure (Jun 27)

Julien Ahrens (RCE Security)

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure Julien Ahrens (RCE Security) (Jun 03)
[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure Julien Ahrens (RCE Security) (Jun 03)

lixts via Fulldisclosure

typeorm CVE-2022-33171 lixts via Fulldisclosure (Jun 30)

malvuln

Trojan-Banker.Win32.Banker.agzg / Insecure Permissions malvuln (Jun 10)
Backdoor.Win32.Shark.btu / Insecure Permissions malvuln (Jun 27)
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials malvuln (Jun 30)
Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions malvuln (Jun 10)
Trojan-Proxy.Win32.Symbab.o / Heap Corruption malvuln (Jun 10)
Backdoor.Win32.Coredoor.10.a / Authentication Bypass malvuln (Jun 30)
Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution malvuln (Jun 10)
Trojan-Mailfinder.Win32.VB.p / Insecure Permissions malvuln (Jun 27)
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials malvuln (Jun 30)
Backdoor.Win32.InfecDoor.17.c / Insecure Permissions malvuln (Jun 27)
Yashma Ransomware Builder v1.2 / Insecure Permissions malvuln (Jun 27)
Ransom.Haron / Code Execution malvuln (Jun 10)

Marco Ivaldi

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh Marco Ivaldi (Jun 10)

Matthias Deeg

[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) Matthias Deeg (Jun 10)
[SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) Matthias Deeg (Jun 10)
[SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) Matthias Deeg (Jun 10)
[SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg (Jun 10)
[SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg (Jun 10)
[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg (Jun 10)
[SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg (Jun 10)
[SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) Matthias Deeg (Jun 10)
[SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg (Jun 10)
[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) Matthias Deeg (Jun 10)
[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948) Matthias Deeg (Jun 10)
[SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386) Matthias Deeg (Jun 10)
[SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg (Jun 10)
[SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg (Jun 10)
[SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386) Matthias Deeg (Jun 10)
[SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) Matthias Deeg (Jun 10)
[SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg (Jun 10)

Mattias Bååth via Fulldisclosure

SEC-T CFP ongoing Mattias Bååth via Fulldisclosure (Jun 27)

Moritz Abrell

Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855 Moritz Abrell (Jun 10)

Onapsis Research via Fulldisclosure

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure (Jun 21)
Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad Onapsis Research via Fulldisclosure (Jun 21)
Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure (Jun 21)
# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure (Jun 21)
Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring) Onapsis Research via Fulldisclosure (Jun 21)

Q C

Re: Three vulnerabilities found in MikroTik's RouterOS Q C (Jun 03)

Rick Verdoes via Fulldisclosure

BigBlueButton - Stored XSS in username (CVE-2022-31064) Rick Verdoes via Fulldisclosure (Jun 30)

SEC Consult Vulnerability Lab, Research via Fulldisclosure

SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 10)
SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 10)
SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 03)
SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 03)
SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 03)
SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 10)
SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3 SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 03)
SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 17)
SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect SEC Consult Vulnerability Lab, Research via Fulldisclosure (Jun 14)

Previous period

Next period