Full Disclosure: by date
RSS Feed
About List
All Lists
Previous period
29 messages
starting Apr 02 24 and
ending Apr 24 24
Date index |
Thread index |
Author index
Tuesday, 02 April
Microsoft PlayReady deficiencies / content key sniffing on Windows Security Explorations
Friday, 05 April
SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Lennert Preuth via Fulldisclosure
SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Lennert Preuth via Fulldisclosure
SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Lennert Preuth via Fulldisclosure
CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php Valentin Lobstein via Fulldisclosure
CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php Valentin Lobstein via Fulldisclosure
CVE-2024-30922: SQL Injection in DerbyNet v9.0 via print/render/award.inc Valentin Lobstein via Fulldisclosure
CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc Valentin Lobstein via Fulldisclosure
CVE-2024-30924: XSS Vulnerability in DerbyNet v9.0 via checkin.php Valentin Lobstein via Fulldisclosure
CVE-2024-30925: XSS Vulnerability in DerbyNet v9.0 via photo-thumbs.php Valentin Lobstein via Fulldisclosure
CVE-2024-30926: XSS Vulnerability in DerbyNet v9.0 via ./inc/kiosks.inc Valentin Lobstein via Fulldisclosure
CVE-2024-30927: XSS Vulnerability in DerbyNet v9.0 via racer-results.php Valentin Lobstein via Fulldisclosure
CVE-2024-30928: SQL Injection Vulnerability in DerbyNet v9.0 via 'classids' Parameter Valentin Lobstein via Fulldisclosure
CVE-2024-30929: XSS Vulnerability in DerbyNet v9.0 via 'back' Parameter in playlist.php Valentin Lobstein via Fulldisclosure
Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE malvuln
[CFP] IEEE CSR Workshop on Cyber Forensics& Advanced Threat Investigations in Emerging Technologies 2024 Andrew Zayine
Wednesday, 10 April
CVE-2023-27195: Broken Access Control - Registration Code in TM4Web v22.2.0 Clément Cruchet
Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC) malvuln
OXAS-ADV-2024-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure
Multiple Issues in concretecmsv9.2.7 Andrey Stoykov
[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability Egidio Romano
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability Egidio Romano
Sunday, 14 April
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue SEC Consult Vulnerability Lab via Fulldisclosure
CVE-2024-31705 V3locidad
Friday, 19 April
MindManager 23 - full disclosure Pawel Karwowski via Fulldisclosure
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app SEC Consult Vulnerability Lab via Fulldisclosure
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) malvuln
Wednesday, 24 April
Response to CVE-2023-26756 - Revive Adserver Matteo Beccati
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers Stefan Kanthak