Full Disclosure: by date

PreviousPrevious period
Next periodNext

57 messages starting Jun 03 22 and ending Jun 30 22
Date index | Thread index | Author index

Friday, 03 June

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure Julien Ahrens (RCE Security)
[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure Julien Ahrens (RCE Security)
Re: Three vulnerabilities found in MikroTik's RouterOS Q C
SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3 SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker SEC Consult Vulnerability Lab, Research via Fulldisclosure

Friday, 10 June

XML External Entity (XXE) vulnerability in the WSO2 Management Console Biznet Bilişim
[SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) Matthias Deeg
[SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg
[SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg
[SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386) Matthias Deeg
[SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384) Matthias Deeg
[SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg
[SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg
[SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386) Matthias Deeg
[SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) Matthias Deeg
[SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg
[SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg
[SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) Matthias Deeg
[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387) Matthias Deeg
[SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382) Matthias Deeg
[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383) Matthias Deeg
[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385) Matthias Deeg
[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948) Matthias Deeg
Ransom.Haron / Code Execution malvuln
Trojan-Banker.Win32.Banker.agzg / Insecure Permissions malvuln
Trojan-Proxy.Win32.Symbab.o / Heap Corruption malvuln
Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution malvuln
Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions malvuln
Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855 Moritz Abrell
HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh Marco Ivaldi
SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension SEC Consult Vulnerability Lab, Research via Fulldisclosure

Tuesday, 14 June

SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect SEC Consult Vulnerability Lab, Research via Fulldisclosure

Friday, 17 June

SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series SEC Consult Vulnerability Lab, Research via Fulldisclosure

Tuesday, 21 June

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring) Onapsis Research via Fulldisclosure
# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) Onapsis Research via Fulldisclosure

Monday, 27 June

CFP No cON Name 2022 - Barcelona Jose Nicolas Castellano via Fulldisclosure
SEC-T CFP ongoing Mattias Bååth via Fulldisclosure
AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine chan chan
Yashma Ransomware Builder v1.2 / Insecure Permissions malvuln
Backdoor.Win32.Shark.btu / Insecure Permissions malvuln
Trojan-Mailfinder.Win32.VB.p / Insecure Permissions malvuln
Backdoor.Win32.InfecDoor.17.c / Insecure Permissions malvuln

Thursday, 30 June

[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022** alcaraz
🐞 CFP for Hardwear.io NL 2022 is OPEN! Andrea Simonca
typeorm CVE-2022-33171 lixts via Fulldisclosure
BigBlueButton - Stored XSS in username (CVE-2022-31064) Rick Verdoes via Fulldisclosure
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials malvuln
Backdoor.Win32.Coredoor.10.a / Authentication Bypass malvuln
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials malvuln
JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function Eldar Marcussen
PreviousPrevious period
Next periodNext