[FD] SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 > === title: Remote code execution - CVE-2021-34427 bypass product: Eclipse Business Intelligence Reporting Tool (BiRT) vulnerable version:

[FD] SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Hi, earlier this year in February 2022, we published a technical security advisory - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on different critical vulnerabilities in Zyxel devices, resulting from insecure coding

[FD] APPLE-SA-2022-12-13-9 Safari 16.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-9 Safari 16.2 Safari 16.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213537. WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing

[FD] APPLE-SA-2022-12-13-8 watchOS 9.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-8 watchOS 9.2 watchOS 9.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213536. Accounts Available for: Apple Watch Series 4 and later Impact: A user may

[FD] APPLE-SA-2022-12-13-7 tvOS 16.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-7 tvOS 16.2 tvOS 16.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213535. Accounts Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),

[FD] APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2 macOS Big Sur 11.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213534. BOM Available for: macOS Big Sur Impact: An app may

[FD] APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2 macOS Monterey 12.6.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213533. Bluetooth Available for: macOS Monterey Impact: An

[FD] APPLE-SA-2022-12-13-4 macOS Ventura 13.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 macOS Ventura 13.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213532. Accounts Available for: macOS Ventura Impact: A user may be

[FD] APPLE-SA-2022-12-13-3 iOS 16.1.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-3 iOS 16.1.2 iOS 16.1.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213516. WebKit Available for: iPhone 8 and later Impact: Processing maliciously

[FD] APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213531. AppleAVD Available for: iPhone 6s (all

[FD] APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2 iOS 16.2 and iPadOS 16.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213530. Accounts Available for: iPhone 8 and later,

[FD] Adversary3 updated / Malware vulnerability intel tool for third-party attackers

The Adversary3 project has been updated, added a new vulnerability category "Logic Flaw" and dozens of new malware vulnerabilities. https://github.com/malvuln/Adversary3 ___ Sent through the Full Disclosure mailing list

[FD] Ransom.Win64.AtomSilo / Crypto Logic Flaw

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Ransom.Win64.AtomSilo Vulnerability: Crypto

[FD] Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.InCommander.17.b Vulnerability:

[FD] [CFP] BSides San Francisco – April 2023

BSidesSF is soliciting presentations, workshops, and villages for the 2023 annual BSidesSF conference. Presentations: https://bsidessf.org/cfp Workshops: https://bsidessf.org/cfp/workshops Villages: https://bsidessf.org/cfp/villages ** Topics ** All topic areas related to reliability,

[FD] 4images RCE

# Exploit Title: 4images 1.9 - Remote Command Execution # Exploit Author: Andrey Stoykov # Software Link: https://www.4homepages.de/download-4images # Version: 1.9 # Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" -> " Edit Templates"