Category: Alert Feeds

  Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Advisory ID: KL-001-2025-010 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-010.txt 1. Vulnerability Details      Affected Vendor: Schneider Electric      Affected Product: EcoStruxure IT Data Center Expert… – … Read More “KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation  – Full Disclosure” »

  Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery Advisory ID: KL-001-2025-011 Publication Date: 2025-07-09 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-011.txt 1. Vulnerability Details      Affected Vendor: Schneider Electric      Affected… – Read More  … Read More “KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery  – Full Disclosure” »

  Posted by Security Explorations on Jul 09 Dear All, We broke security of Kigen eUICC card with GSMA consumer certificates installed into it. The eUICC card makes it possible to install the so called eSIM profiles into target chip. eSIM profiles are software representations of mobile subscriptions. For many years such mobile subscriptions had … Read More “eSIM security research (GSMA eUICC compromise and certificate theft)  – Full Disclosure” »

  Posted by Andrey Stoykov on Jul 07 # Exploit Title: Session Fixation – bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Session Fixation #1: Steps to Reproduce: Visit the login page. Login with valid user and observe that the sessionID has not … Read More “Session Fixation – bluditv3.16.2  – Full Disclosure” »

  Posted by Andrey Stoykov on Jul 07 # Exploit Title: Stored XSS “Add New Content” Functionality – bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS “Add New Content” Functionality #1: Steps to Reproduce: 1. Login with admin account and visit … Read More “Stored XSS “Add New Content” Functionality – bluditv3.16.2  – Full Disclosure” »

  Posted by Andrey Stoykov on Jul 07 # Exploit Title: XSS via SVG File Upload – bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ XSS via SVG File Upload #1: Steps to Reproduce: 1. Login with admin account and click on “General” … Read More “XSS via SVG File Uploa – bluditv3.16.2  – Full Disclosure” »

  Posted by Andrey Stoykov on Jul 07 # Exploit Title: Directory Traversal “Site Title” – bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Directory Traversal “Site Title” #1: Steps to Reproduce: 1. Login with admin account and “General” > “General” 2. Set … Read More “Directory Traversal “Site Title” – bluditv3.16.2  – Full Disclosure” »