Messages by Thread
-
[FD] Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities
[email protected]
-
[FD] Rocket LMS v1.1 - (History) Persistent XSS Vulnerability
[email protected]
-
[FD] uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities
[email protected]
-
[FD] Easy Cart Shopping Cart - (Search) Persistent Vulnerability
[email protected]
-
[FD] cWifi Hotspot Wireless CP - Code Execution Vulnerability
[email protected]
-
[FD] PoC for CVE-2021-25079
Gaetano Perrone
-
[FD] Backdoor.Win32.SilentSpy.10 / Authentication Race Condition
malvuln
-
[FD] Backdoor.Win32.SilentSpy.10 / Authentication Bypass Command Execution
malvuln
-
[FD] Backdoor.Win32.Skrat / Cleartext Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.Fantador / Divide by Zero DoS
malvuln
-
[FD] Backdoor.Win32.Fantador / Insecure Password Storage
malvuln
-
[FD] Backdoor.Win32.Wollf.m / Authentication Bypass
malvuln
-
[FD] Backdoor.Win32.Wollf.m / Weak Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.FTP.Simpel.12 / Insecure Crypto
malvuln
-
[FD] Backdoor.Win32.FTP.Simpel.12 / Port Bounce Scan
malvuln
-
[FD] Backdoor.Win32.Visiotrol.10 / Insecure Password Storage
malvuln
-
[FD] CVE-2021-25080 vulnerability
Gaetano Perrone
-
[FD] Aver EVC300 and others
protostsu via Fulldisclosure
-
[FD] Backdoor.Win32.Mellpon.b / Remote Unauthenticated Information Disclosure
malvuln
-
[FD] RootedCON 2022 Call For Papers is open!
omarbv
-
[FD] APPLE-SA-2021-12-15-7 Safari 15.2
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-6 watchOS 8.3
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-5 tvOS 15.2
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-3 macOS Big Sur 11.6.2
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-2 macOS Monterey 12.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-12-15-1 iOS 15.2 and iPadOS 15.2
Apple Product Security via Fulldisclosure
-
[FD] Trovent Security Advisory 2109-01 / CVE-2021-41843: Authenticated SQL injection in OpenEMR calendar search
Stefan Pietsch
-
[FD] SEC Consult SA-20211214-2 :: Remote ABAP Code Injection in SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER
ħ , SEC Consult Vulnerability Lab
-
[FD] SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG
ħ , SEC Consult Vulnerability Lab
-
[FD] SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG
ħ , SEC Consult Vulnerability Lab
-
[FD] Backdoor.Win32.Phase.11 / Unauthenticated Remote Command Execution
malvuln
-
[FD] Backdoor.Win32.Ramus / Unauthenticated Remote Code Execution
malvuln
-
[FD] Backdoor.Win32.FTP.Matiteman / Weak Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.BackAttack.20 / Authentication Bypass RCE
malvuln
-
[FD] Backdoor.Win32.BackAttack.20 / Unauthenticated Remote Command Execution
malvuln
-
[FD] Backdoor.Win32.Nucleroot.mf / Stack Buffer Overflow
malvuln
-
[FD] Backdoor.Win32.Asylum.014 / Cleartext Password Storage
malvuln
-
[FD] Backdoor.IRC.Subhuman / Unauthenticated Open Proxy
malvuln
-
[FD] Backdoor.Win32.Mechbot.a / Insecure Permissions
malvuln
-
[FD] SEC Consult SA-20211213-1 :: Stored Cross Site Scripting in Sofico Miles RIA
., SEC Consult Vulnerability Lab
-
[FD] SEC Consult SA-20211213-0 :: Multiple vulnerabilities in AbanteCart e-commerce platform
., SEC Consult Vulnerability Lab
-
[FD] [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation
Moritz Bechler
-
[FD] [SYSS-2021-061] Oracle Database - NNE Connection Hijacking
Moritz Bechler
-
[FD] Microsoft Internet Explorer / ActiveX Control Security Bypass
hyp3rlinx
-
[FD] [RT-SA-2021-007] Auerswald COMpact Multiple Backdoors
RedTeam Pentesting GmbH
-
[FD] [RT-SA-2021-006] Auerswald COMpact Arbitrary File Disclosure
RedTeam Pentesting GmbH
-
[FD] [RT-SA-2021-005] Auerswald COMpact Privilege Escalation
RedTeam Pentesting GmbH
-
[FD] [RT-SA-2021-004] Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass
RedTeam Pentesting GmbH
-
[FD] Backdoor.Win32.WinShell.50 / Weak Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.Bionet.10 / Authentication Bypass RCE
malvuln
-
[FD] Backdoor.Win32.Vernet.axt / Insecure Permissions
malvuln
-
[FD] Trojan.Win32.Mucc.ivk / Insecure Service Path
malvuln
-
[FD] usd AG Security Advisories 11/2021
Responsible Disclosure via Fulldisclosure
-
[FD] SEC Consult SA-20211202-0 :: Multiple vulnerabilities in OrbiTeam BSCW Server
Functional Account, SEC Consult Vulnerability Lab
-
[FD] CVE-2021-37253: M-Files Web Improper Range Header Processing Denial of Services (DoS) Vulnerability
Murat Aydemir
-
[FD] CA20211201-01: Security Notice for CA Network Flow Analysis
Ken Williams via Fulldisclosure
-
[FD] Backdoor.Win32.Coredoor.10.a / Authentication Bypass RCE
malvuln
-
[FD] Backdoor.Win32.Coredoor.10.a / Port Bounce Scan
malvuln
-
[FD] Email-Worm.Win32.Deltad / Insecure Permissions
malvuln
-
[FD] Backdoor.Win32.BlueAdept.02.a / Remote Buffer Overflow
malvuln
-
[FD] Backdoor.Win32.BNLite / Remote Heap Based Buffer Overflow
malvuln
-
[FD] Backdoor.Win32.Agent.ad / Insecure Credential Storage
malvuln
-
[FD] Backdoor.Win32.Wollf.h / Hardcoded Cleartext Password
malvuln
-
[FD] Backdoor.Win32.Wollf.a / Weak Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.Antilam.11 / Unauthenticated Remote Command Execution
malvuln
-
[FD] Backdoor.Win32.Curioso.zp / Insecure Permissions
malvuln
-
[FD] Backdoor.Win32.Acropolis.10 / Insecure Permissions
malvuln
-
[FD] Open-Xchange Security Advisory 2021-11-19
Open-Xchange GmbH via Fulldisclosure
-
[FD] Open-Xchange Security Advisory 2021-11-18
Open-Xchange GmbH via Fulldisclosure
-
[FD] CVE-2021-44033: Ionic Identity Vault PIN Unlock Lockout Bypass (Android & iOS)
Emanuel DUSS
-
[FD] Responsible Full disclosure for LiquidFiles 3.5.13
Riccardo Spampinato
-
[FD] Trovent Security Advisory 2106-01 / CVE-2021-33816: Authenticated remote code execution in Dolibarr ERP & CRM
Stefan Pietsch
-
[FD] Trovent Security Advisory 2105-02 / CVE-2021-33618: Stored cross-site scripting in Dolibarr ERP & CRM
Stefan Pietsch
-
[FD] Email-Worm.Win32.Plexus.b / Unauthenticated Remote Code Execution
malvuln
-
[FD] Trojan.Win32.SkynetRef.y / Unauthenticated Open Proxy
malvuln
-
[FD] Trojan.Win32.SkynetRef.x / Unauthenticated Open Proxy
malvuln
-
[FD] Trojan.Win32.Servstar.poa / Insecure Service Path
malvuln
-
[FD] Backdoor.Win32.Hupigon.bnbb / Insecure Service Path
malvuln
-
[FD] HEUR.Backdoor.Win32.Denis.gen / Remote Denial of Service (UDP Datagram)
malvuln
-
[FD] Backdoor.Win32.Hupigon.nqr / Unauthenticated Open Proxy
malvuln
-
[FD] Backdoor.Win32.Pahador.aj / Authentication Bypass RCE
malvuln
-
[FD] Backdoor.Win32.VB.afu / Insecure Transit Password Disclosure
malvuln
-
[FD] Backdoor.Win32.VB.afu / Insecure Permissions
malvuln
-
[FD] [CFP] 4th International workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS)
Sergio González Muriel
-
[FD] The Knights of NYNEX presents: Song of the siren
Knights of Nynex via Fulldisclosure
-
[FD] Trovent Security Advisory 2104-03 / HealthForYou & Sanitas HealthCoach: Missing server-side password policy
Stefan Pietsch
-
[FD] [SYSS-2021-049] PHP Event Calendar - Persistent Cross-site Scripting (CVE-2021-42078)
Maurizio Ruchay
-
[FD] [SYSS-2021-048] PHP Event Calendar - SQL Injection (CVE-2021-42077)
Maurizio Ruchay
-
[FD] ImportExportTools NG 10.0.4 - HTML Injection Vulnerability
[email protected]
-
[FD] Payment Terminal 2.x & v3.x - Multiple XSS Web Vulnerabilities
[email protected]
-
[FD] Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow
malvuln
-
[FD] Backdoor.Win32.Ncx.b / Unauthenticated Remote Command Execution
malvuln
-
[FD] Backdoor.Win32.Ncx.b / Remote Stack Buffer Overflow
malvuln
-
[FD] Backdoor.Win32.Optix.03.b / Unauthenticated Remote Command Execution
malvuln
-
[FD] SEC Consult SA-20211104-0 :: Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator
Functional Account, SEC Consult Vulnerability Lab
-
[FD] Pentaho <= 9.1 Bypass of Filename Extension Restrictions
BlackHawk
-
[FD] Pentaho <= 9.1 Jackrabbit User Enumeration
BlackHawk
-
[FD] Pentaho <= 9.1 Authentication Bypass of Spring APIs
BlackHawk
-
[FD] Pentaho <= 9.1 Insufficient Access Control of Data Source Management Service
BlackHawk
-
[FD] Pentaho <= 9.1 Unauthenticated SQL Injection
BlackHawk
-
[FD] Pentaho <= 9.1 Remote Code Execution
BlackHawk
-
[FD] My Movie Collection Sinatra App - (Login) XSS Vulnerabilities
[email protected]
-
[FD] My Movie Collection Sinatra App - (Movie) XSS Vulnerability
[email protected]
-
[FD] Hotel Listing (WP Plugin) v3.x - MyAccount XSS Vulnerability
[email protected]
-
[FD] PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability
[email protected]
-
[FD] Backdoor.Win32.Agent.sah / Heap Corruption
malvuln
-
[FD] Trojan.Win32.Delf.bna / Information Disclosure
malvuln
-
[FD] Trojan.Win32.Phires.zm / Insecure Permissions
malvuln
-
[FD] Trojan.Win32.Pasta.mca / Insecure Permissions
malvuln
-
[FD] Viruscreds - Malware password database
malvuln
-
[FD] Backdoor.Win32.Prorat.ntz / Weak Hardcoded Password
malvuln
-
[FD] Backdoor.Win32.Prorat.ntz / Port Bounce Scan
malvuln
-
[FD] Backdoor.Win32.Mazben.es / Unauthenticated Open Proxy
malvuln
-
[FD] Backdoor.Win32.Hupigon.afjk / Port Bounce Scan
malvuln
-
[FD] Backdoor.Win32.Hupigon.acio / Unauthenticated Open Proxy
malvuln
-
[FD] Backdoor.Win32.Hupigon.acio / Insecure Service Path
malvuln
-
[FD] Backdoor.Win32.Delf.arjo / Insecure Service Path
malvuln
-
[FD] Trojan.Win32.Akl.bc / Insecure Permissions
malvuln
-
[FD] Huge DOCSIS issue
Chris
-
[FD] SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2
Functional Account, SEC Consult Vulnerability Lab
-
[FD] APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-7 tvOS 15.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-6 watchOS 8.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-5 Security Update 2021-007 Catalina
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1
Apple Product Security via Fulldisclosure
-
[FD] APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1
Apple Product Security via Fulldisclosure
-
[FD] Ultimate POS v4.4 - (Products) Persistent XSS Vulnerability
[email protected]
-
[FD] Vanguard v2.1 - (Search) POST Inject Web Vulnerability
[email protected]
-
[FD] Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability
[email protected]
-
[FD] Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability
[email protected]
-
[FD] PHP Melody v3.0 - (submitted) Persistent XSS Vulnerability
[email protected]
-
[FD] PHP Melody v3.0 - (Editor) Persistent XSS Vulnerability
[email protected]
-
[FD] PHP Melody v3.0 - (vid) SQL Injection Vulnerability
[email protected]
-
[FD] [ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing
Sandro Gauci
-
[FD] [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets
Sandro Gauci
-
[FD] [ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding
Sandro Gauci
-
[FD] [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
Sandro Gauci
-
[FD] [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways
Sandro Gauci
-
[FD] VDPBW Bundeswehr - 1 Year Vulnerability Disclosure Policy of the Bundeswehr
[email protected]
-
[FD] PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities
[email protected]
-
[FD] Simplephpscripts Simple CMS v2.1 - Remote SQL Injection Vulnerability
[email protected]
-
[FD] Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability
[email protected]
-
[FD] SPA Cart CMS - Multiple SQL Injection Web Vulnerabilities
[email protected]
-
[FD] Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability
[email protected]
-
[FD] [CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack
Certitude - Advisories
-
[FD] Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body
Onapsis Research via Fulldisclosure
-
[FD] Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service
Onapsis Research via Fulldisclosure
-
[FD] Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service
Onapsis Research via Fulldisclosure
-
[FD] Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service
Onapsis Research via Fulldisclosure
-
[FD] Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections
Onapsis Research via Fulldisclosure
-
[FD] Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service
Onapsis Research via Fulldisclosure
-
[FD] Backdoor.Win32.LanaFTP.k / Heap Corruption
malvuln
-
[FD] Backdoor.Win32.LanFiltrator.11.b / Unauthenticated Remote Command Execution
malvuln
-
[FD] Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot
malvuln
-
[FD] Trojan-Proxy.Win32.Ranky.z / Unauthenticated Open Proxy
malvuln
-
[FD] Worm.Win32.Runfer.bpo / Insecure Service Path
malvuln
-
[FD] Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy
malvuln
-
[FD] Worm.Win32.Fasong.c / Insecure Service Path
malvuln
-
[FD] Trojan-Spy.Win32.Ardamax.ocx / Insecure Permissions
malvuln
-
[FD] Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant
Stefan Kanthak
-
[FD] Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
Stefan Kanthak
-
[FD] APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2
Apple Product Security via Fulldisclosure
-
[FD] Yellowfin < 9.6.1 Multiple Vulnerabilities
cyberaz0r via Fulldisclosure
-
[FD] [RT-SA-2021-001] Cross-Site Scripting in myfactory.FMS
RedTeam Pentesting GmbH
-
[FD] [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
bashis
-
[FD] Backdoor.Win32.Prorat.lkt / Port Bounce Scan (MITM)
malvuln
-
[FD] Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password
malvuln
-
[FD] HackTool.Win32.Agent.gi / Local Stack Buffer Overflow (SEH)
malvuln
-
[FD] Trojan-PSW.Win32.PdPinch.gen / Remote Denial of Service
malvuln
-
[FD] Backdoor.Win32.Hupigon.gy / Unauthenticated Open Proxy
malvuln
-
[FD] Backdoor.Win32.Bifrose.ahyg / Insecure Permissions
malvuln
-
[FD] HEUR.Trojan.Win32.Generic / Insecure Service Path
malvuln
-
[FD] Backdoor.Win32.Yoddos.an / Insecure Service Path
malvuln
-
[FD] Backdoor.Win32.LolBot.gen / Insecure Permissions
malvuln
-
[FD] Virus.Win32.Renamer.a / Insecure Permissions
malvuln
-
[FD] SEC Consult SA-20211004-0 :: Critical vulnerabilities in HiKam S6
Functional Account, SEC Consult Vulnerability Lab
-
[FD] Local Privilege Escalation in G Data’s Security Client “EndpointProtection Enterprise” prior to 17.08.2021
Florian Bogner via Fulldisclosure
-
[FD] Backdoor.Win32.Hupigon.afjk / Directory Traversal
malvuln