Full Disclosure Mailing List
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
List Archives
- Jan
- Feb
- Mar
- Apr
- May
- Jun
- Jul
- Aug
- Sep
- Oct
- Nov
- Dec
- 2024
- 75
- 25
- 44
- 29
- 5
- –
- –
- –
- –
- –
- –
- –
- 2023
- 29
- 17
- 27
- 14
- 28
- 10
- 52
- 33
- 21
- 32
- 15
- 30
- 2022
- 91
- 57
- 63
- 54
- 48
- 57
- 27
- 17
- 30
- 52
- 26
- 32
- 2021
- 84
- 93
- 81
- 77
- 81
- 60
- 72
- 39
- 59
- 79
- 56
- 50
- 2020
- 52
- 36
- 57
- 63
- 60
- 35
- 37
- 24
- 55
- 34
- 45
- 60
- 2019
- 71
- 54
- 64
- 41
- 52
- 49
- 40
- 37
- 45
- 59
- 34
- 37
- 2018
- 102
- 84
- 79
- 61
- 73
- 46
- 95
- 53
- 57
- 54
- 69
- 56
- 2017
- 99
- 103
- 91
- 113
- 108
- 52
- 95
- 58
- 98
- 71
- 51
- 89
- 2016
- 100
- 128
- 97
- 93
- 75
- 79
- 89
- 139
- 85
- 103
- 162
- 88
- 2015
- 134
- 101
- 165
- 115
- 133
- 112
- 126
- 86
- 121
- 115
- 111
- 129
- 2014
- 194
- 273
- 434
- 325
- 213
- 173
- 167
- 89
- 115
- 135
- 103
- 138
- 2013
- 282
- 162
- 290
- 263
- 227
- 259
- 277
- 303
- 187
- 294
- 222
- 224
- 2012
- 611
- 477
- 390
- 382
- 323
- 428
- 394
- 393
- 210
- 277
- 236
- 280
- 2011
- 580
- 687
- 439
- 561
- 572
- 565
- 367
- 393
- 370
- 995
- 466
- 511
- 2010
- 637
- 502
- 564
- 452
- 408
- 631
- 417
- 445
- 414
- 523
- 342
- 696
- 2009
- 979
- 380
- 465
- 318
- 282
- 291
- 550
- 455
- 421
- 339
- 386
- 502
- 2008
- 615
- 496
- 600
- 821
- 681
- 403
- 591
- 557
- 639
- 531
- 739
- 634
- 2007
- 593
- 629
- 573
- 744
- 555
- 661
- 662
- 530
- 709
- 935
- 582
- 641
- 2006
- 992
- 740
- 1865
- 865
- 789
- 1058
- 770
- 771
- 578
- 678
- 545
- 493
- 2005
- 927
- 676
- 950
- 654
- 678
- 437
- 766
- 1078
- 890
- 677
- 1065
- 1531
- 2004
- 1358
- 1534
- 1499
- 1153
- 1451
- 1031
- 1370
- 1314
- 1091
- 1174
- 1424
- 731
- 2003
- 505
- 405
- 296
- 500
- 421
- 890
- 1251
- 1942
- 1763
- 1806
- 1123
- 782
- 2002
- –
- –
- –
- –
- –
- –
- 314
- 835
- 684
- 381
- 454
- 313
Latest Posts
secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki
Simon Bieber via Fulldisclosure (May 06)
secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki
Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)
References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS-B: 6.4 (...
OXAS-ADV-2024-0002: OX App Suite Security Advisory
Martin Heiland via Fulldisclosure (May 06)
Dear subscribers,
We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html.
Yours sincerely,
Martin Heiland, Open-Xchange...
Microsoft PlayReady toolkit - codes release
Security Explorations (May 06)
Hello All,
We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:
https://security-explorations.com/microsoft-playready.html#details
The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...
Live2D Cubism refusing to fix validation issue leading to heap corruption.
PT via Fulldisclosure (May 03)
Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...
Microsoft PlayReady white-box cryptography weakness
Security Explorations (May 01)
Hello All,
There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.
The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers
Stefan Kanthak (Apr 24)
Hi @ll,
this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>
With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>
| Starting with .NET Framework 4.5, the clrcompression.dll assembly...
Response to CVE-2023-26756 - Revive Adserver
Matteo Beccati (Apr 24)
CVE-2023-26756 has been recently filed against the Revive Adserver project.
The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.
Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
malvuln (Apr 19)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Dumador.c
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware runs an FTP server on TCP port 10000. Third-party
adversaries who can reach the server can send a specially crafted payload
triggering...
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
SEC Consult Vulnerability Lab via Fulldisclosure (Apr 19)
SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >
=======================================================================
title: Broken authorization
product: Dreamehome app
vulnerable version: <=2.1.5 (iOS)
fixed version: none, see solution
CVE number: -
impact: medium
homepage: https://www.dreametech.com
found: 2024-01-17...
MindManager 23 - full disclosure
Pawel Karwowski via Fulldisclosure (Apr 19)
Resending! Thank you for your efforts.
GitHub - pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc>
Affected application: MindManager23_setup.exe
Platform: Windows
Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition)
Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team)
Proposed mitigation:...
CVE-2024-31705
V3locidad (Apr 14)
CVE ID: CVE-2024-31705
Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface
Affected Product : GLPI - 10.X.X and last version
Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.
Affected Component : A remote code execution (RCE) vulnerability has been identified in the 'Shell...
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
SEC Consult Vulnerability Lab via Fulldisclosure (Apr 14)
SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: -
impact: medium
homepage: https://aws.amazon.com/glue/
found:...
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
Egidio Romano (Apr 10)
------------------------------------------------------------------------------
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
------------------------------------------------------------------------------
[-] Software Link:
https://invisioncommunity.com
[-] Affected Versions:
Version 4.7.16 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the...
[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
Egidio Romano (Apr 10)
--------------------------------------------------------------------
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
--------------------------------------------------------------------
[-] Software Link:
https://invisioncommunity.com
[-] Affected Versions:
All versions from 4.4.0 to 4.7.15.
[-] Vulnerability Description:
The vulnerability is located in the
/applications/nexus/modules/front/store/store.php script....
Multiple Issues in concretecmsv9.2.7
Andrey Stoykov (Apr 10)
# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
Verbose Error Message - Stack Trace:
1. Directly browse to edit profile page
2. Error should come up with verbose stack trace
Verbose Error Message - SQL Error:
1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single...
More Lists
Dozens of other network security lists are archived at SecLists.Org.