Posted by malvuln on Mar 19
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by j0ck1ng@tempr.email on Mar 13
#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: "Social network for nichePosted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-7 visionOS 1.1Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-12-2024-1 GarageBand 10.4.11Posted by Marco Ivaldi on Mar 13
Hi,Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 13
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-5 watchOS 10.4Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-1 Safari 17.4Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-6 tvOS 17.4Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-2 macOS Sonoma 14.4Posted by malvuln on Mar 13
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by lixts via Fulldisclosure on Mar 13
StimulusReflex CVE-2024-28121Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible UnauthenticatedPosted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-003: Artica Proxy Unauthenticated File Manager VulnerabilityPosted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass VulnerabilityPosted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization VulnerabilityPosted by Shaikh Shahnawaz on Mar 02
[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLCPosted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02
SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >Posted by Andrey Stoykov on Mar 02
# Exploit Title: XAMPP - Error Based SQL InjectionPosted by Andrey Stoykov on Mar 02
# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by VinΓcius Moraes on Mar 02
=====[Tempest Security Intelligence - Security Advisory -Posted by VinΓcius Moraes on Mar 02
=====[Tempest Security Intelligence - Security Advisory -Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by VinΓcius Moraes on Mar 02
=====[Tempest Security Intelligence - Security Advisory -Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20
SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >Posted by Matthew Fernandez on Feb 20
The fix for this ended up landing in Graphviz 10.0.1, available atPosted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20
CloudAware Security AdvisoryPosted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)Posted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)Posted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)Posted by Florent Daigniere via Fulldisclosure on Feb 15
44CON is the UK's largest combined annual Security Conference andPosted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13
SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >Posted by Martin Heiland via Fulldisclosure on Feb 13
Dear subscribers,Posted by Andrey Stoykov on Feb 13
# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3Posted by Erik van Straten (FD) on Feb 13
*INTRODUCTION*Posted by hyp3rlinx on Feb 13
[+] Credits: John Page (aka hyp3rlinx)Posted by Austin DeFrancesco via Fulldisclosure on Feb 13
Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)Posted by Austin DeFrancesco via Fulldisclosure on Feb 13
Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749)Posted by hyp3rlinx on Feb 13
[+] Credits: John Page (aka hyp3rlinx)Posted by hyp3rlinx on Feb 13
[+] Credits: John Page (aka hyp3rlinx)Posted by hyp3rlinx on Feb 13
[+] Credits: John Page (aka hyp3rlinx)Posted by hyp3rlinx on Feb 13
[+] Credits: John Page (aka hyp3rlinx)Posted by Apple Product Security via Fulldisclosure on Feb 04
APPLE-SA-02-02-2024-1 visionOS 1.0.2Posted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security AdvisoryPosted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security AdvisoryPosted by malvuln on Feb 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Posted by Andreas Hammer on Feb 04
Hello there!Posted by Egidio Romano on Feb 04
------------------------------------------------------------Posted by Christian Brabandt on Feb 04
Meng Ruijie wrote:Posted by Matthew Fernandez on Jan 27
More specifically, this issue is an out-of-bounds read.Posted by Mark Esler on Jan 27
Hi Meng,Posted by Mark Esler on Jan 27
Dear Meng Rujie,Posted by Dan Cross on Jan 27
I find it very difficult to believe that every NULL pointer error in