Mail Thread Index

• Date Index

• [FD] Local Privilege Escalation in G Data’s Security Client “EndpointProtection Enterprise” prior to 17.08.2021, Florian Bogner via Fulldisclosure
• Re: [FD] SQL injection vulnerability in Talariax sendQuick Alertplus server admin version version 4.3, refabrik sec
• [FD] SEC Consult SA-20211004-0 :: Critical vulnerabilities in HiKam S6, Functional Account, SEC Consult Vulnerability Lab
• [FD] Virus.Win32.Renamer.a / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.LolBot.gen / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Yoddos.an / Insecure Service Path, malvuln
• [FD] HEUR.Trojan.Win32.Generic / Insecure Service Path, malvuln
• [FD] Backdoor.Win32.Bifrose.ahyg / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Hupigon.gy / Unauthenticated Open Proxy, malvuln
• [FD] Trojan-PSW.Win32.PdPinch.gen / Remote Denial of Service, malvuln
• [FD] HackTool.Win32.Agent.gi / Local Stack Buffer Overflow (SEH), malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password, malvuln
• [FD] Backdoor.Win32.Prorat.lkt / Port Bounce Scan (MITM), malvuln
• [FD] [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045), bashis
• [FD] [RT-SA-2021-001] Cross-Site Scripting in myfactory.FMS, RedTeam Pentesting GmbH
• [FD] Yellowfin < 9.6.1 Multiple Vulnerabilities, cyberaz0r via Fulldisclosure
• [FD] APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2, Apple Product Security via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11, Stefan Kanthak
• [FD] Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant, Stefan Kanthak
• [FD] Trojan-Spy.Win32.Ardamax.ocx / Insecure Permissions, malvuln
• [FD] Worm.Win32.Fasong.c / Insecure Service Path, malvuln
• [FD] Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy, malvuln
• [FD] Worm.Win32.Runfer.bpo / Insecure Service Path, malvuln
• [FD] Trojan-Proxy.Win32.Ranky.z / Unauthenticated Open Proxy, malvuln
• [FD] Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot, malvuln
  • <Possible follow-ups>
  • [FD] Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot, malvuln
• [FD] Backdoor.Win32.LanFiltrator.11.b / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.LanaFTP.k / Heap Corruption, malvuln
• [FD] Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body, Onapsis Research via Fulldisclosure
• [FD] [CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack, Certitude - Advisories
• [FD] Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] SPA Cart CMS - Multiple SQL Injection Web Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Simplephpscripts Simple CMS v2.1 - Remote SQL Injection Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] VDPBW Bundeswehr - 1 Year Vulnerability Disclosure Policy of the Bundeswehr, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways, Sandro Gauci
• [FD] [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default, Sandro Gauci
• [FD] [ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding, Sandro Gauci
• [FD] [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets, Sandro Gauci
• [FD] [ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing, Sandro Gauci
• [FD] PHP Melody v3.0 - (vid) SQL Injection Vulnerability, info@xxxxxxxxxxxxxxx
  • <Possible follow-ups>
  • [FD] PHP Melody v3.0 - (vid) SQL Injection Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - (Editor) Persistent XSS Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] PHP Melody v3.0 - (submitted) Persistent XSS Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Vanguard v2.1 - (Search) POST Inject Web Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] Ultimate POS v4.4 - (Products) Persistent XSS Vulnerability, info@xxxxxxxxxxxxxxxxxxxxx
• [FD] APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-5 Security Update 2021-007 Catalina, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-6 watchOS 8.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-7 tvOS 15.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15, Apple Product Security via Fulldisclosure
• [FD] SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2, Functional Account, SEC Consult Vulnerability Lab
• [FD] Huge DOCSIS issue, Chris
• [FD] Trojan.Win32.Akl.bc / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Delf.arjo / Insecure Service Path, malvuln
• [FD] Backdoor.Win32.Hupigon.acio / Insecure Service Path, malvuln
• [FD] Backdoor.Win32.Hupigon.acio / Unauthenticated Open Proxy, malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Directory Traversal, malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Port Bounce Scan, malvuln
• [FD] Backdoor.Win32.Hupigon.afjk / Authentication Bypass RCE, malvuln
• [FD] Backdoor.Win32.Mazben.es / Unauthenticated Open Proxy, malvuln
• [FD] HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy, malvuln
• [FD] Backdoor.Win32.Antilam.14.o / Unauthenticated Remote Command Execution, malvuln
• [FD] Backdoor.Win32.Prorat.ntz / Port Bounce Scan, malvuln
• [FD] Backdoor.Win32.Prorat.ntz / Weak Hardcoded Password, malvuln