Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 8 hours 43 sec ago

Multiple vulnerabilities in CTFd versions <= 3.7.4

30 December, 2024 - 23:55

Posted by Blazej Adamczyk on Dec 30

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Multiple vulnerabilities in CTFd versions <= 3.7.4
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

1 General information
═════════════════════...

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

30 December, 2024 - 23:55

Posted by hyp3rlinx on Dec 30

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.ibm.com

[Product]
Navigator for i is a Web console interface where you can perform the
key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that were...

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

30 December, 2024 - 23:55

Posted by hyp3rlinx on Dec 30

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt
[+] x.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.ibm.com

[Product]
Navigator for i is a Web console interface where you can perform the
key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that...

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

21 December, 2024 - 23:31

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21

CyberDanube Security Research 20241219-0
-------------------------------------------------------------------------------
title| Authenticated Remote Code Execution
product| Ewon Flexy 205
vulnerable version| <= v14.8s0 (#2633)
fixed version| -
CVE number| CVE-2024-9154
impact| High
homepage| https://www.hms-networks.com/
found| 2024-09-03...

Stored XSS with Filter Bypass - blogenginev3.3.8

18 December, 2024 - 23:04

Posted by Andrey Stoykov on Dec 18

# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8
# Date: 12/2024
# Exploit Author: Andrey Stoykov
# Version: 3.3.8
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html

Stored XSS Filter Bypass #1:

Steps to Reproduce:

1. Login as admin and go to "Content" > "Posts"
2. On the right side of the page choose "Categories"
3. In...

[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)

18 December, 2024 - 23:04

Posted by Matthias Deeg via Fulldisclosure on Dec 18

Advisory ID: SYSS-2024-085
Product: CA Client Automation (CA DSM)
Manufacturer: Broadcom
Affected Version(s): 14.5.0.15
Tested Version(s): 14.5.0.15
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-10-18
Solution Date: 2024-12-17
Public Disclosure:...

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities

16 December, 2024 - 22:53

Posted by Egidio Romano on Dec 16

---------------------------------------------------------------------------
GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
---------------------------------------------------------------------------

[-] Software Links:

https://gfi.ai/products-and-solutions/network-security-solutions/keriocontrol
http://download.kerio.com

[-] Affected Versions:

All versions from 9.2.5 to 9.4.5.

[-] Vulnerabilities Description:...

RansomLordNG - anti-ransomware exploit tool

16 December, 2024 - 22:52

Posted by malvuln on Dec 16

This next generation version dumps process memory of the targeted
Malware prior to termination The process memory dump file MalDump.dmp
varies in size and can be 50 MB plus RansomLord now intercepts and
terminates ransomware from 54 different threat groups Adding GPCode,
DarkRace, Snocry, Hydra and Sage to the ever growing victim list.

Lang: C
SHA256: fcb259471a4a7afa938e3aa119bdff25620ae83f128c8c7d39266f410a7ec9aa

RansomLordNG leverages code...

APPLE-SA-12-11-2024-9 Safari 18.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-9 Safari 18.2

Safari 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121846.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: On a device with Private Relay enabled, adding a website to the
Safari...

APPLE-SA-12-11-2024-8 visionOS 2.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-8 visionOS 2.2

visionOS 2.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121845.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Crash Reporter
Available for: Apple Vision Pro
Impact: An app may be able to access sensitive user data
Description: A permissions...

APPLE-SA-12-11-2024-7 tvOS 18.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-7 tvOS 18.2

tvOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121844.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to access private...

APPLE-SA-12-11-2024-6 watchOS 11.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-6 watchOS 11.2

watchOS 11.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121843.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Watch Series 6 and later
Impact: A malicious app may be able to access private...

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

macOS Ventura 13.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121842.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data...

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

macOS Sonoma 14.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121840.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description:...

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

macOS Sequoia 15.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121839.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description:...

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

iPadOS 17.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121838.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Processing a...

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

iOS 18.2 and iPadOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121837.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd...

SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login

12 December, 2024 - 15:40

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20241211-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Numerix License Server Administration System Login
vulnerable version: 1.1_596
fixed version: -
CVE number: CVE-2024-50585
impact: medium
homepage: https://connect.numerix.com/nlslogin.jsp...

St. Poelten UAS | Multiple Vulnerabilities in ORing IAP

12 December, 2024 - 15:39

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 12

St. Pölten UAS 20241209-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in ORing IAP
product| ORing IAP-420
vulnerable version| 2.01e
fixed version| -
CVE number| CVE-2024-55544, CVE-2024-55545, CVE-2024-55546,
| CVE-2024-55547, CVE-2024-55548
impact| High
homepage|...

SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)

4 December, 2024 - 23:26

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04

SEC Consult Vulnerability Lab Security Advisory < 20241204-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Image Access Scan2Net
vulnerable version: Firmware <=7.40, <=7.42, <7.42B
(depending on the vulnerability)
fixed version: mostly fixed in v7.42B
CVE number: CVE-2024-28138,...