Full Disclosure: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

63 messages starting Mar 04 22 and ending Mar 31 22
Date index | Thread index | Author index

Friday, 04 March

AST-2022-004: pjproject: integer underflow on STUN message Asterisk Security Team
AST-2022-005: pjproject: undefined behavior after freeing a dialog set Asterisk Security Team
AST-2022-006: pjproject: unconstrained malformed multipart SIP message Asterisk Security Team

Wednesday, 09 March

Mr. Post - Outlook Add-in - Data Theft Risk Jonathan Gregson via Fulldisclosure
New Release: UFONet v1.8 - "DarK-PhAnT0m!"... psy
Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write - RCE malvuln
Backdoor.Win32.BNLite / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.FTP.Nuclear.10 / Hardcoded Credentials malvuln
Backdoor.Win32.BluanWeb / Unauthenticated Remote Code Execution malvuln
Backdoor.Win32.BluanWeb / Information Disclosure malvuln
Backdoor.Win32.BluanWeb / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.RemoteNC.beta4 / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool) / Weak Hardcoded Password malvuln
Loki RAT (Relapse) / Directory Traversal - Arbitrary File Delete malvuln
Loki RAT (Relapse) / SQL Injection malvuln

Monday, 14 March

CVE-2021-45040 - Laravel Media Library Pro <=2.1.6 - Arbitrary File Upload (Unauthenticated) Kelvin Yip
RedLine.MainPanel - cracked.exe / Insecure Permissions malvuln
Hades RAT - Web Panel / Insecure Credential Storage malvuln
Hades RAT - Web Panel / Information Disclosure malvuln
Hades RAT - Web Panel / Remote Persistent XSS malvuln
APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-9 GarageBand 10.4.6 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-7 Xcode 13.3 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-5 macOS Big Sur 11.6.5 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-3 tvOS 15.4 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-2 watchOS 8.5 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-14-4 macOS Monterey 12.3 Apple Product Security via Fulldisclosure

Sunday, 20 March

CVE-2021-45490: Missing Certificate Verification in 3CX Client for Windows (legacy), Android & iOS Emanuel DUSS
CVE-2021-45491: Exportable Cleartext Passwords in the 3CX Phone System Emanuel DUSS
[CVE-2021-42063] SAP Knowledge Warehouse <= 7.50 "SAPIrExtHelp" Reflected XSS Julien Ahrens (RCE Security)
BuilderOrcus (Orcus.Administration-cracked.exe) / Insecure Permissions malvuln
BuilderOrcus (Orcus.Administration-cracked.exe) / Insecure Credential Storage malvuln
BuilderPandoraRat.b - (Pandora Rat 2.2 [Beta].exe) / Insecure Credential Storage malvuln
BuilderTorCTPHPRAT.b / Insecure Credential Storage malvuln
BuilderTorCTPHPRAT.b / Arbitrary File Upload - RCE malvuln
BuilderTorCTPHPRAT.b / Remote Persistent XSS malvuln
BuilderRevengeRAT - (Revenge-RAT v0.3) / XML External Entity Injection malvuln
Adversary3 v1.0 - Malware vulnerability intel tool for third-party attackers. malvuln
[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022 CFP - ESORICS 2022

Monday, 21 March

Open-Xchange Security Advisory 2022-03-21 Martin Heiland via Fulldisclosure

Tuesday, 22 March

[KIS-2022-01] ImpressCMS <= 1.4.2 (autologin.php) Authentication Bypass Vulnerability Egidio Romano
[KIS-2022-02] ImpressCMS <= 1.4.2 (image-edit.php) Path Traversal Vulnerability Egidio Romano
[KIS-2022-03] ImpressCMS <= 1.4.2 (findusers.php) Incorrect Access Control Vulnerability Egidio Romano
[KIS-2022-04] ImpressCMS <= 1.4.3 (findusers.php) SQL Injection Vulnerability Egidio Romano

Wednesday, 23 March

ImpressCMS: from unauthenticated SQL injection to RCE Egidio Romano

Friday, 25 March

The Knights of NYNEX presents: Akhlut prowling terror Knights of Nynex via Fulldisclosure
Backdoor.Win32.Agent.bxxn / Open Proxy malvuln
Backdoor.Win32.BirdSpy.b / Weak Hardcoded Credentials malvuln
[SYSS-2021-058] Razer Synapse - Local Privilege Escalation Oliver Schwarz

Monday, 28 March

PHP filter_var vulnerability Jordy Zomer
Re: ImpressCMS: from unauthenticated SQL injection to RCE Egidio Romano
Backdoor.Win32.Cyn.20 / Insecure Permissions malvuln
Backdoor.Win32.Cafeini.b / Denial of Service malvuln
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials malvuln
Backdoor.Win32.Chubo.c / Unauthenticated Remote Command Execution malvuln
Backdoor.Win32.Chubo.c / Cross Site Scripting (XSS) malvuln
Backdoor.Win32.Avstral.e / Unauthenticated Remote Command Execution malvuln

Tuesday, 29 March

[KIS-2022-05] Joomla! <= 4.1.0 (Tar.php) Zip Slip Vulnerability Egidio Romano

Thursday, 31 March

APPLE-SA-2022-03-31-2 macOS Monterey 12.3.1 Apple Product Security via Fulldisclosure
APPLE-SA-2022-03-31-1 iOS 15.4.1 and iPadOS 15.4.1 Apple Product Security via Fulldisclosure

Previous period

Next period