Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this qu

Latest articles

APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave are now available and address...

Google's osconfig agent - local privilege escalation

Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution: "You can use the OS configuration management service to deploy, query, and maintain consistent configurations (desired state and software) for your VM instance (VM)." VMs on the Compute Engine have a privileged agent process...

Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS

Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS # Exploit Author: Rahul Ramkumar # Date: 2020-09-16 # Vendor Homepage: https://projectworlds.in # Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip # Version: 1.0 # Tested On:...

[CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading

Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL: https://play.google.com/store/apps/details?id=com.framerjs.android Type: Improper Export of Android Application Components [CWE-926]...

Visitor Management System in PHP 1.0 - Authenticated SQL Injection

Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection # Exploit Author: Rahul Ramkumar # Date: 2020-09-16 # Vendor Homepage: https://projectworlds.in # Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip # Version: 1.0 # Tested On:...

Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)

Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author: Rahul Ramkumar # Date: 2020-09-16 # Vendor Homepage: www.sourcecodester.com # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip # Version: 1.0...

Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763)

Posted by Ava Tester One on Sep 22Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip...

APPLE-SA-2020-09-16-5 Xcode 12.0

Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-5 Xcode 12.0 Xcode 12.0 is now available and addresses the following: IDE Device Support Available for: macOS Mojave 10.15.4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a...

APPLE-SA-2020-09-16-4 watchOS 7.0

Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 is now available and addresses the following: Keyboard Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with...

APPLE-SA-2020-09-16-3 Safari 14.0

Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 is now available and addresses the following: WebKit Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description:...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!