Full Disclosure: by thread
29 messages
starting Apr 02 24 and
ending Apr 24 24
Date index |
Thread index |
Author index
- Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations (Apr 02)
- SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure (Apr 05)
- SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)
- SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)
- CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure (Apr 05)
- CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php Valentin Lobstein via Fulldisclosure (Apr 05)
- Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln (Apr 05)
- [CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine (Apr 05)
- CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet (Apr 10)
- Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln (Apr 10)
- OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Apr 10)
- Multiple Issues in concretecmsv9.2.7 Andrey Stoykov (Apr 10)
- [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano (Apr 10)
- [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano (Apr 10)
- SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure (Apr 14)
- CVE-2024-31705 V3locidad (Apr 14)
- MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure (Apr 19)
- SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure (Apr 19)
- BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln (Apr 19)
- Response to CVE-2023-26756 - Revive Adserver Matteo Beccati (Apr 24)
- Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak (Apr 24)