Mail Index

• Thread Index

• [FD] Local Privilege Escalation in G Data’s Security Client “EndpointProtection Enterprise” prior to 17.08.2021
  • From: Florian Bogner via Fulldisclosure
• Re: [FD] SQL injection vulnerability in Talariax sendQuick Alertplus server admin version version 4.3
  • From: refabrik sec
• [FD] SEC Consult SA-20211004-0 :: Critical vulnerabilities in HiKam S6
  • From: Functional Account, SEC Consult Vulnerability Lab
• [FD] Virus.Win32.Renamer.a / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.LolBot.gen / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Yoddos.an / Insecure Service Path
  • From: malvuln
• [FD] HEUR.Trojan.Win32.Generic / Insecure Service Path
  • From: malvuln
• [FD] Backdoor.Win32.Bifrose.ahyg / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.gy / Unauthenticated Open Proxy
  • From: malvuln
• [FD] Trojan-PSW.Win32.PdPinch.gen / Remote Denial of Service
  • From: malvuln
• [FD] HackTool.Win32.Agent.gi / Local Stack Buffer Overflow (SEH)
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Port Bounce Scan (MITM)
  • From: malvuln
• [FD] [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
  • From: bashis
• [FD] [RT-SA-2021-001] Cross-Site Scripting in myfactory.FMS
  • From: RedTeam Pentesting GmbH
• [FD] Yellowfin < 9.6.1 Multiple Vulnerabilities
  • From: cyberaz0r via Fulldisclosure
• [FD] APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2
  • From: Apple Product Security via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
  • From: Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant
  • From: Stefan Kanthak
• [FD] Trojan-Spy.Win32.Ardamax.ocx / Insecure Permissions
  • From: malvuln
• [FD] Worm.Win32.Fasong.c / Insecure Service Path
  • From: malvuln
• [FD] Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy
  • From: malvuln
• [FD] Worm.Win32.Runfer.bpo / Insecure Service Path
  • From: malvuln
• [FD] Trojan-Proxy.Win32.Ranky.z / Unauthenticated Open Proxy
  • From: malvuln
• [FD] Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot
  • From: malvuln
• [FD] Backdoor.Win32.LanFiltrator.11.b / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Backdoor.Win32.LanaFTP.k / Heap Corruption
  • From: malvuln
• [FD] Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service
  • From: Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections
  • From: Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service
  • From: Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service
  • From: Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service
  • From: Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body
  • From: Onapsis Research via Fulldisclosure
• [FD] [CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack
  • From: Certitude - Advisories
• [FD] Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] SPA Cart CMS - Multiple SQL Injection Web Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Simplephpscripts Simple CMS v2.1 - Remote SQL Injection Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] VDPBW Bundeswehr - 1 Year Vulnerability Disclosure Policy of the Bundeswehr
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways
  • From: Sandro Gauci
• [FD] [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
  • From: Sandro Gauci
• [FD] [ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding
  • From: Sandro Gauci
• [FD] [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets
  • From: Sandro Gauci
• [FD] [ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing
  • From: Sandro Gauci
• [FD] PHP Melody v3.0 - (vid) SQL Injection Vulnerability
  • From: info@xxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - (vid) SQL Injection Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - (Editor) Persistent XSS Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - (submitted) Persistent XSS Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Vanguard v2.1 - (Search) POST Inject Web Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Ultimate POS v4.4 - (Products) Persistent XSS Vulnerability
  • From: info@xxxxxxxxxxxxxxxxxxxxx
• [FD] APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-5 Security Update 2021-007 Catalina
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-6 watchOS 8.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-7 tvOS 15.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15
  • From: Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2
  • From: Functional Account, SEC Consult Vulnerability Lab
• [FD] Huge DOCSIS issue
  • From: Chris
• [FD] Trojan.Win32.Akl.bc / Insecure Permissions
  • From: malvuln
• [FD] Backdoor.Win32.Delf.arjo / Insecure Service Path
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.acio / Insecure Service Path
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.acio / Unauthenticated Open Proxy
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Directory Traversal
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Port Bounce Scan
  • From: malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Authentication Bypass RCE
  • From: malvuln
• [FD] Backdoor.Win32.Mazben.es / Unauthenticated Open Proxy
  • From: malvuln
• [FD] HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy
  • From: malvuln
• [FD] Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution
  • From: malvuln
• [FD] Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.ntz / Port Bounce Scan
  • From: malvuln
• [FD] Backdoor.Win32.Prorat.ntz / Weak Hardcoded Password
  • From: malvuln