Mail Index

• Thread Index

• [FD] Youpot honeypot
  • From: Jacek Lipkowski via Fulldisclosure
• [FD] Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)
  • From: Housma mardini
• [FD] CVE-2024-47081: Netrc credential leak in PSF requests library
  • From: Juho Forsén via Fulldisclosure
• [FD] Multiple Vulnerabilities in SAP GuiXT Scripting
  • From: Michał Majchrowicz via Fulldisclosure
• [FD] Stored XSS in "Description" Functionality - cubecartv6.5.9
  • From: Andrey Stoykov
• [FD] Authenticated File Upload to RCE - adaptcmsv3.0.3
  • From: Andrey Stoykov
• [FD] Stored XSS "Send Message" Functionality - adaptcmsv3.0.3
  • From: Andrey Stoykov
• [FD] IDOR "Change Password" Functionality - adaptcmsv3.0.3
  • From: Andrey Stoykov
• [FD] Stored XSS via File Upload - adaptcmsv3.0.3
  • From: Andrey Stoykov
• [FD] Local information disclosure in apport and systemd-coredump
  • From: Qualys Security Advisory via Fulldisclosure
• [FD] ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path
  • From: Ron E
• [FD] ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page
  • From: Ron E
• [FD] CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0
  • From: Sanjay Singh
• [FD] Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection
  • From: Stefan Kanthak
• [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
  • From: josephgoyd via Fulldisclosure
• [FD] Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025)
  • From: 0610648533
• [FD] SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
  • From: SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
  • From: josephgoyd via Fulldisclosure
• [FD] Disclosure Yealink Cloud vulnerabilities
  • From: Jeroen Hermans via Fulldisclosure
• [FD] RansomLord (NG v1.0) anti-ransomware exploit tool
  • From: malvuln
• [FD] CVE-2025-32975 - Quest KACE SMA Authentication Bypass
  • From: Seralys Research Team via Fulldisclosure
• [FD] CVE-2025-32976 - Quest KACE SMA 2FA Bypass
  • From: Seralys Research Team via Fulldisclosure
• [FD] CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload
  • From: Seralys Research Team via Fulldisclosure
• [FD] CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement
  • From: Seralys Research Team via Fulldisclosure
• [FD] Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag
  • From: Brian Carpenter via Fulldisclosure