Mail Thread Index

• Date Index

• [FD] APPLE-SA-07-30-2025-1 Safari 18.6, Apple Product Security via Fulldisclosure
• [FD] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical), Sandro Gauci via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension, Stefan Kanthak via Fulldisclosure
• [FD] Kigen eUICC issue (custom backdoor vs. FW update bug), Security Explorations
• [FD] PlayReady Activation protocol issues (weak auth / fake client identities), Security Explorations
• [FD] iOS 18.6 - Undocumented TCC Access to Multiple Privacy Domains via preflight=yes, josephgoyd via Fulldisclosure
• [FD] [tool] CRSprober, Jozef Sudolsky
• [FD] Piciorgros TMO-100: Unauthorized log data access, Georg Lukas
• [FD] Piciorgros TMO-100: Unauthorized configuration change via TFTP (CVE-2025-29617), Georg Lukas
• [FD] liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service, Ron E
• [FD] liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS), Ron E
• [FD] CSV Injection in iDempiere WebUI 12.0.0.202508171158, Ron E
• [FD] Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158, Ron E
• [FD] Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3, Ron E
• [FD] CSV Injection in nopcommerce v4.10 and 4.80.3, Ron E
• [FD] Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality, Ron E
• [FD] SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS, SEC Consult Vulnerability Lab via Fulldisclosure
• [FD] Multi-Protocol Traceroute, Usman Saeed via Fulldisclosure