Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 10 hours 5 min ago

SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations

27 May, 2025 - 22:20

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27

SEC Consult Vulnerability Lab Security Advisory < 20250521-0 >
=======================================================================
title: Multiple Vulnerabilities
product: eCharge Hardy Barth cPH2 and cPP2 charging stations
vulnerable version: 2.2.0
fixed version: Not available
CVE number: CVE-2025-27803, CVE-2025-27804, CVE-2025-48413,
CVE-2025-48414, CVE-2025-48415,...

Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework

27 May, 2025 - 22:19

Posted by Ron E on May 27


An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API of the Frappe Framework,
affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields[] parameter, which allows
low-privileged users to inject arbitrary SQL expressions directly into the SELECT clause.

Sample Structured Query Language Injection:

Request:

GET...

Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086

16 May, 2025 - 21:39

Posted by Shaikh Shahnawaz on May 16

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor of Product]
RSI Queue (https://www.rsiqueue.com/)

[Vulnerability Type]
Blind SQL Injection

[Affected Component]
The vulnerable component is the TaskID parameter in the get request.

[CVE Reference]
CVE-2025-26086

[Security Issue]
An unauthenticated blind SQL injection vulnerability exists in RSI Queue
Management System v3.0 within the...

CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay

16 May, 2025 - 21:39

Posted by Sebastian Auwärter via Fulldisclosure on May 16

Advisory ID: SYSS-2025-006
Product: Tiiwee X1 Alarm System
Manufacturer: Tiiwee B.V.
Affected Version(s): TWX1HAKV2
Tested Version(s): TWX1HAKV2
Vulnerability Type: Authentication Bypass by Capture-replay
(CWE-294)
Risk Level: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Solution Status: Open
Manufacturer Notification: 2025-01-27...

SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection

16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < 20250507-0 >
=======================================================================
title: Authenticated Command Injection
product: Honeywell MB-Secure
vulnerable version: MB-Secure versions from V11.04 and prior to V12.53,
MB-Secure PRO versions from V01.06 and prior to V03.09
fixed version: MB-Secure v12.53, MB-Secure PRO v03.09
CVE number:...

SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more

16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < publishing date 20250429-0 >
Combined Security Advisory for Sure Access Enterprise and Sure Click Enterprise
=======================================================================
title: Multiple Vulnerabilities
product: HP Wolf Security Controller / HP Sure Access Enterprise /
HP Sure Click Enterprise
vulnerable version: HP Wolf Security...

SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking

16 May, 2025 - 21:39

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16

SEC Consult Vulnerability Lab Security Advisory < 20250422-0 >
=======================================================================
title: Local Privilege Escalation via DLL Search Order Hijacking
product: Ivanti Endpoint Manager Security Scan (Vulscan) Self
Update
vulnerable version: EPM 2022 SU6 and previous, EPM 2024
fixed version: EPM 2022 SU7 and EPM 2024 SU1
CVE number: CVE-2025-22458...

Session Invalidation in Economizzer Allows Unauthorized Access After Logout

16 May, 2025 - 21:38

Posted by Ron E on May 16

A session management vulnerability exists in gugoan's Economizzer
v.0.9-beta1. The application fails to properly invalidate user sessions
upon logout or other session termination events. As a result, a valid
session remains active and usable even after the user has attempted to log
out.

POST /web/category/create HTTP/2

Host: <host>

Cookie: _economizzerSessionId=<<REDACTED>>;

Persistent Cross-Site Scripting in Economizzer Category Entry

16 May, 2025 - 21:38

Posted by Ron E on May 16

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's
Economizzer v.0.9-beta1. The application fails to properly sanitize
user-supplied input when creating a new category via the
*category/create *endpoint.
An attacker can inject malicious JavaScript payloads that are permanently
stored and later executed in the context of any user who views the affected
entry.

https://<host>/web/category/create

POST...

Persistent Cross-Site Scripting in Economizzer Cashbook Entry

16 May, 2025 - 21:38

Posted by Ron E on May 16

A persistent cross-site scripting (XSS) vulnerability exists in gugoan's
Economizzer v.0.9-beta1 The application fails to properly sanitize
user-supplied input when creating a new cash book entry via the
*cashbook/create* endpoint. An attacker can inject malicious JavaScript
payloads that are permanently stored and later executed in the context of
any user who views the affected entry.

https://<host>/web/cashbook/create

POST...

APPLE-SA-05-12-2025-9 Safari 18.5

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-9 Safari 18.5

Safari 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122719.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A type confusion issue could lead to memory corruption
Description: This...

APPLE-SA-05-12-2025-8 visionOS 2.5

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-8 visionOS 2.5

visionOS 2.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122721.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination...

APPLE-SA-05-12-2025-7 tvOS 18.5

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-7 tvOS 18.5

tvOS 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122720.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted media file may lead to
unexpected...

APPLE-SA-05-12-2025-6 watchOS 11.5

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-6 watchOS 11.5

watchOS 11.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122722.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleJPEG
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted media file may lead to
unexpected app...

APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6

macOS Ventura 13.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122718.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Ventura
Impact: Mounting a maliciously crafted AFP network share may lead to
system...

APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6

macOS Sonoma 14.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122717.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Sonoma
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description:...

APPLE-SA-05-12-2025-3 macOS Sequoia 15.5

16 May, 2025 - 21:38

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-05-12-2025-3 macOS Sequoia 15.5

macOS Sequoia 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122716.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afpfs
Available for: macOS Sequoia
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description: The...

BeyondTrust PRA connection takeover - CVE-2025-0217

6 May, 2025 - 17:31

Posted by Paul Szabo via Fulldisclosure on May 06

=== Details ========================================================

Vendor: BeyondTrust
Product: Privileged Remote Access (PRA)
Subject: PRA connection takeover
CVE ID: CVE-2025-0217
CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Author: Paul Szabo <psz () maths usyd edu au>
Date: 2025-05-05

=== Introduction ===================================================

I noticed an issue in
BeyondTrust Privileged...

Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing

1 May, 2025 - 02:24

Posted by hyp3rlinx on May 01

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
.xrm-ms File Type

[Vulnerability Type]
NTLM Hash Disclosure (Spoofing)

[Video URL PoC]
https://www.youtube.com/watch?v=d5U_krLQbNY

[CVE Reference]
N/A

[Security Issue]
The...

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime - Ghent, Belgium, Aug 11-14, 2025

26 April, 2025 - 23:43

Posted by Artur Janicki via Fulldisclosure on Apr 26

[APOLOGIES FOR CROSS-POSTING]

CALL FOR PAPERS
14th International Workshop on Cyber Crime (IWCC 2025 -
https://2025.ares-conference.eu/program/iwcc/)
to be held in conjunction with the 20th International Conference on
Availability, Reliability and Security (ARES 2025 -
http://2025.ares-conference.eu)

August 11-14, 2025, Ghent, Belgium

IMPORTANT DATES
Submission Deadline May 12, 2025
Author Notification May 30, 2025
Proceedings Version...