Full Disclosure: by author

29 messages starting Apr 05 24 and ending Apr 05 24
Date index | Thread index | Author index

Andrew Zayine

[CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine (Apr 05)

Andrey Stoykov

Multiple Issues in concretecmsv9.2.7 Andrey Stoykov (Apr 10)

Clément Cruchet

CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet (Apr 10)

Egidio Romano

[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano (Apr 10)
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano (Apr 10)

Lennert Preuth via Fulldisclosure

SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure (Apr 05)
SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)
SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure (Apr 05)

malvuln

Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln (Apr 10)
Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln (Apr 05)
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln (Apr 19)

Martin Heiland via Fulldisclosure

OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Apr 10)

Matteo Beccati

Response to CVE-2023-26756 - Revive Adserver Matteo Beccati (Apr 24)

Pawel Karwowski via Fulldisclosure

MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure (Apr 19)

SEC Consult Vulnerability Lab via Fulldisclosure

SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure (Apr 19)
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure (Apr 14)

Security Explorations

Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations (Apr 02)

Stefan Kanthak

Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak (Apr 24)

V3locidad

CVE-2024-31705 V3locidad (Apr 14)

Valentin Lobstein via Fulldisclosure

CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php Valentin Lobstein via Fulldisclosure (Apr 05)
CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure (Apr 05)

Previous period

Next period