Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this qu

Latest articles

SEC Consult SA-20200708-0 :: Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software

Posted by SEC Consult Vulnerability Lab on Jul 10SEC Consult Vulnerability Lab Security Advisory < 20200708-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Rittal Products based on same software, e.g. CMC...

Microsoft OneDrive client for Windows Qt QML module hijack

Posted by Securify B.V. via Fulldisclosure on Jul 09------------------------------------------------------------------------ Microsoft OneDrive client for Windows Qt QML module hijack ------------------------------------------------------------------------ Yorick Koster, July 2020 ------------------------------------------------------------------------...

X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch

Posted by X41 D-Sec GmbH Advisories on Jul 09X41 D-SEC GmbH Security Advisory: X41-2020-006 Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch ================================================================= Severity Rating: High Confirmed Affected Versions: Colin Percival's bsdiff 4.3 Confirmed Patched Versions: FreeBSD's...

Multiple vulnerabilities found in CDATA OLTs

Posted by Pierre Kim on Jul 07## Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL: https://pierrekim.github.io/advisories/2020-cdata-0x00-olt.txt Blog URL: https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html Date published: 2020-07-07 Vendors contacted: None Release mode:...

Four vulnerabilities found in MikroTik's RouterOS

Posted by Q C on Jul 07Advisory: four vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Affected Versions: through stable 6.47 Fixed Versions: stable 6.47 Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team...

Microsoft Windows mshta.exe HTA File / XML External Entity Injection

Posted by hyp3rlinx on Jul 07[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.microsoft.com [Product] Windows...

Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE

Posted by Sivanesh Ashok on Jul 03########################################################################## # Bolt CMS <= 3.7.0 Multiple Vulnerabilities # ########################################################################## Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2020-03-24...

[SYSS-2020-011] Apple iOS - Exposure of Resource to Wrong Sphere (CWE-668)

Posted by Philipp Buchegger on Jul 03Advisory ID: SYSS-2020-011 Product: Apple iOS Manufacturer: Apple Inc. Affected Version(s): 13.3.1, 13.5.1 Tested Version(s): 13.3.1, 13.5.1 Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2020-03-23 Solution...

[CVE-2020-11882] o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect

Posted by Julien Ahrens (RCE Security) on Jul 03RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: o2 Business for Android Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business Type: Open Redirect [CWE-601] Date found: 2020-04-16...

CVE-2019-19935 - DOM XSS in Froala WYSIWYG HTML Editor

Posted by Advisories on Jul 03############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Froala WYSIWYG HTML Editor # Vendor: Froala # CSNC ID: CSNC-2020-004 # CVE...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!