Full Disclosure: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

81 messages starting May 25 21 and ending May 26 21
Date index | Thread index | Author index

Andrew Zayine

Vol. 2 (2021) No. 1 of Journal of Cyber Forensics and Advanced Threat Investigations - Now Published Andrew Zayine (May 25)

Apple Product Security via Fulldisclosure

APPLE-SA-2021-05-25-5 Safari 14.1.1 Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-7 tvOS 14.6 Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-6 watchOS 7.5 Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-8 Boot Camp 6.1.14 Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 Apple Product Security via Fulldisclosure (May 04)
APPLE-SA-2021-05-03-3 watchOS 7.4.1 Apple Product Security via Fulldisclosure (May 04)
APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 Apple Product Security via Fulldisclosure (May 04)
APPLE-SA-2021-05-03-2 iOS 12.5.3 Apple Product Security via Fulldisclosure (May 04)
APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave Apple Product Security via Fulldisclosure (May 26)
APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 Apple Product Security via Fulldisclosure (May 26)

Call For Papers CPSIOTSEC21

[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21 (May 25)
[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21 (May 18)
[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021) Call For Papers CPSIOTSEC21 (May 13)

Daniel Bishtawi via Fulldisclosure

Cross-Site Scripting Vulnerability in Zen Cart 1.5.7 Daniel Bishtawi via Fulldisclosure (May 25)

def

(u)rxvt terminal (+bash) remoteish code execution 0day def (May 18)
Re: (u)rxvt terminal (+bash) remoteish code execution 0day def (May 20)

Gynvael Coldwind

Re: Three vulnerabilities found in MikroTik's RouterOS Gynvael Coldwind (May 11)
Re: Three vulnerabilities found in MikroTik's RouterOS Gynvael Coldwind (May 11)

Harry Sintonen via Fulldisclosure

NiceHash Miner Excavator API Cross-Site Request Forgery Harry Sintonen via Fulldisclosure (May 18)

Kaustubh Padwad via Fulldisclosure

KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender Kaustubh Padwad via Fulldisclosure (May 04)
KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device Kaustubh Padwad via Fulldisclosure (May 04)
KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender Kaustubh Padwad via Fulldisclosure (May 04)

KoreLogic Disclosures via Fulldisclosure

KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints KoreLogic Disclosures via Fulldisclosure (May 26)
KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write KoreLogic Disclosures via Fulldisclosure (May 26)

malvuln

Backdoor.Win32.Delf.abb / Insecure Transit malvuln (May 18)
Backdoor.Win32.SkyDance.216 / Remote Stack Buffer Overflow malvuln (May 25)
Backdoor.Win32.Floder.gqe / Insecure Permissions malvuln (May 07)
Backdoor.Win32.Upload.a / Remote Denial of Service malvuln (May 25)
Backdoor.Win32.Delf.aez / Unauthenticated Remote Command Execution malvuln (May 18)
Backdoor.Win32.NinjaSpy.c / Remote Command Execution malvuln (May 07)
Backdoor.Win32.Antilam.14.d / Unauthenticated Remote Command Execution malvuln (May 18)
Backdoor.Win32.Psychward.c / Unauthenticated Remote Command Execution malvuln (May 18)
Backdoor.Win32.Danton.43 / MITM Port Bounce Scan malvuln (May 18)
Backdoor.Win32.Agent.lyw / Remote Stack Buffer Overflow (UDP) malvuln (May 18)
Backdoor.Win32.Agent.cy / Insecure Transit malvuln (May 18)
Backdoor.Win32.Psychward.ds / Weak Hardcoded Password malvuln (May 18)
Backdoor.Win32.Tonerok.d / Unauthenticated Remote Command Execution malvuln (May 25)
Backdoor.Win32.DarkMoon.a / Weak Hardcoded Password malvuln (May 18)
Packed.Win32.Black.d / Unauthenticated Open Proxy malvuln (May 07)
Backdoor.Win32.Singu.a / Remote Stack Buffer Overflow (UDP Datagram) malvuln (May 25)
Backdoor.Win32.Spirit.12.b / Insecure Permissions malvuln (May 25)
Backdoor.Win32.Spion4 / Insecure Transit malvuln (May 25)
Backdoor.Win32.DarkMoon.a / Insecure Transit malvuln (May 18)
Backdoor.Win32.RMFdoor.c / Authentication Bypass RCE malvuln (May 18)
Backdoor.Win32.Danton.43 / Weak Hardcoded Credentials RCE malvuln (May 18)
Backdoor.Win32.Agent.cy / Weak Hardcoded Credentials malvuln (May 18)
Backdoor.Win32.Delf.zho / Authentication Bypass RCE malvuln (May 13)
Backdoor.Win32.Antilam.13.a / Unauthenticated Remote Command Execution malvuln (May 11)
Backdoor.Win32.Agent.oda / Remote Stack Buffer Overflow (UDP) malvuln (May 18)
Trojan.Win32.Siscos.bqe / Insecure Permissions malvuln (May 07)
Trojan.Win32.Agent.xdtv / Insecure Permissions malvuln (May 07)
Backdoor.Win32.Agent.cy / Denial of Service malvuln (May 18)
Backdoor.Win32.MotivFTP.12 / Authentication Bypass RCE malvuln (May 11)

Marcel Keiffenheim

CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. Marcel Keiffenheim (May 11)

Nguyen Anh Quynh

Unicorn Emulator 1.0.3 is out! Nguyen Anh Quynh (May 26)

polict of Shielder via Fulldisclosure

QNAP MusicStation/MalwareRemover Pre-Auth Root Remote Code Execution polict of Shielder via Fulldisclosure (May 27)

Q C

Re: Three vulnerabilities found in MikroTik's RouterOS Q C (May 11)
Re: Three vulnerabilities found in MikroTik's RouterOS Q C (May 07)
Re: Two vulnerabilities found in MikroTik's RouterOS Q C (May 04)
Four vulnerabilities found in MikroTik's RouterOS Q C (May 11)
Re: Two vulnerabilities found in MikroTik's RouterOS Q C (May 07)
Re: Four vulnerabilities found in MikroTik's RouterOS Q C (May 07)
Re: Two vulnerabilities found in MikroTik's RouterOS Q C (May 04)
Re: Two vulnerabilities found in MikroTik's RouterOS Q C (May 04)
Four vulnerabilities found in MikroTik's RouterOS Q C (May 07)
Re: Three vulnerabilities found in MikroTik's RouterOS Q C (May 07)

research

[KIS-2021-04] IPS Community Suite <= 4.5.4.2 (previewBlock) PHP Code Injection Vulnerability research (May 28)

Roman Fiedler

CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology Roman Fiedler (May 20)

SEC Consult Vulnerability Lab

SEC Consult SA-20210511-0 :: Cross-site Scripting Vulnerabilities in REWE GO SEC Consult Vulnerability Lab (May 10)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 77): access without access permission Stefan Kanthak (May 18)

Stefan Pietsch

Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)
Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)

X41 D-Sec GmbH Advisories

X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability X41 D-Sec GmbH Advisories (May 26)

Previous period

Next period