FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayFull Disclosure

Multi-Protocol Traceroute

Posted by Usman Saeed via Fulldisclosure on Aug 18

#!/usr/bin/env python3
"""
Adaptive Multi-Protocol Traceroute

Author: Usman Saeed
email: u () defzero net<mailto:u () defzero net>
Website: www.defzero.net<http://www.defzero.net>

Description:
This script is a TTL-based path mapper that reveals routes even when classic traceroute is
filtered. The idea was that it would run in passes: first a conventional trace (ICMP Echo and
rotating TCP SYN ports) to capture the...

SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18

Confidentiality class: Internal & Partner

SEC Consult Vulnerability Lab Security Advisory < publishing date 20250728-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: Optimizely Episerver Content Management System (EPiServer.CMS.Core)
vulnerable version: Version 11.X: <11.21.4
Version 12.X:...

SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18

Confidentiality class: Internal & Partner

SEC Consult Vulnerability Lab Security Advisory < publishing date 20250807-0 >
=======================================================================
title: Race Condition in Shopware Voucher Submission
product: Shopware 6
vulnerable version: v6.6.10.4
fixed version: No fixed version available yet
CVE number: CVE-2025-7954
impact: medium...

Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality

Posted by Ron E on Aug 18

nopCommerce is vulnerable to Insufficient Resource Allocation Limits when
handling large Excel file imports. Although the application provides a
warning message recommending that users avoid importing more than 500–1,000
records at once due to memory constraints, the system does not enforce hard
limits on file size, record count, or concurrent imports.

An attacker can exploit this by uploading excessively large Excel files or
automating...

CSV Injection in nopcommerce v4.10 and 4.80.3

Posted by Ron E on Aug 18

nopCommerce versions v4.10 and v4.80.3 are vulnerable to *C*SV Injection
(Formula Injection) when exporting data to CSV. The application does not
properly sanitize user-supplied input before including it in CSV export
files.

An attacker can inject malicious spreadsheet formulas into fields that will
later be exported (for example, order details, product names, or customer
information). When the exported file is opened in spreadsheet software...

Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3

Posted by Ron E on Aug 18

nopCommerce v4.10 and 4.80.3 is vulnerable to Insufficient Invalidation of
Session Cookies. The application does not properly invalidate or expire
authentication cookies after logout or session termination.

An attacker who obtains a valid session cookie (e.g., via network
interception, XSS, or system compromise) can continue to use the cookie to
access privileged endpoints (such as /Admin) even after the legitimate user
has logged out. This flaw...

Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158

Posted by Ron E on Aug 18

The application does not issue a new session identifier (JSESSIONID) after
successful authentication. An attacker who can set or predict a victim’s
session ID prior to login may hijack the victim’s authenticated session
once they log in, resulting in full account takeover.

POST /webui HTTP/2

Host: <host>

Cookie: JSESSIONID=node01***.node0;

CSV Injection in iDempiere WebUI 12.0.0.202508171158

Posted by Ron E on Aug 18

A CSV Injection vulnerability exists in iDempiere WebUI
v12.0.0.202508171158. The application fails to properly sanitize
user-supplied input before including it in exported CSV files. An
authenticated attacker can inject malicious spreadsheet formulas
(e.g., =cmd|'/C
notepad'!A1) into fields that are later exported. When the CSV is opened in
spreadsheet software such as Microsoft Excel or LibreOffice Calc, the
injected formula is...

liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS)

Posted by Ron E on Aug 18

lcf2xml (part of liblcf) aborts when parsing specially crafted RPG Maker
2000/2003 files that supply a negative element count for vectors of
structured records. The generic reader:

template <class S>

void Struct<S>::ReadLcf(std::vector<S>& vec, LcfReader& stream) {

int count = stream.ReadInt();

vec.resize(count); // <β€” negative -> huge size_t -> throws
length_error

for (int i = 0; i...

liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service

Posted by Ron E on Aug 18

A crafted RPG Maker save file (`.lsd`) can trigger an integer overflow in
liblcf’s lcfstrings compressed integer decoding logic
(`LcfReader::ReadInt()`), resulting in an unbounded shift and accumulation
loop. The overflowed value is later used in buffer size allocations and
structure parsing, causing large memory access requests and parsing errors.

*Steps to Reproduce*

1. Use the attached `.lsd` file (see PoC section).

2. Run: `./lcfstrings...

Piciorgros TMO-100: Unauthorized configuration change via TFTP (CVE-2025-29617)

Posted by Georg Lukas on Aug 18

<PDF advisory:
https://rt-solutions.de/piciorgros/Piciorgros_TMO-100_TFTP_en.pdf >

Classification
--------------

- CWE-306: Missing Authentication for Critical Function

- CWE-940: Improper Verification of Source of a Communication Channel

- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

- CVSS 4.0 Score: 8.4 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:N/SA:H

- CVSS 3.1 Score: 8.3...

Piciorgros TMO-100: Unauthorized log data access

Posted by Georg Lukas on Aug 18

PDF advisory: https://rt-solutions.de/piciorgros/Piciorgros_TMO-100_IP-Logger_en.pdf

Classification
--------------

- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

- CVSS 4.0 Score: 5.3 / Medium
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

- CVSS 3.1 Score: 4.3 / Medium
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected systems
----------------

- Piciorgros TMO-100 V3/V4 with software version...

[tool] CRSprober

Posted by Jozef Sudolsky on Aug 18

Dear community,

I’d like to share a small tool I’ve recently released - CRSprober.

This utility is designed to remotely detect the version of the OWASP
CRS as well as the configured paranoia level on a target protected by
ModSecurity + CRS.

It works by sending specific payloads and analyzing the WAF's
responses to determine this information. This can be useful for
testing, research, or verification purposes, especially when...

iOS 18.6 - Undocumented TCC Access to Multiple Privacy Domains via preflight=yes

Posted by josephgoyd via Fulldisclosure on Aug 18

TITLE: Undocumented TCC Access to Multiple Privacy Domains via 'preflight=yes' in iOS 18.6
AUTHOR: Joseph Goydish II
DISCOVERY DATE: 2025-08-13
DEVICE: iPhone 14 Pro Max
OS VERSION: iOS 18.6 (non-jailbroken, stock)
SEVERITY: High
ACCESS: USB debugging or local log access
IMPACT: Silent, undocumented system access to sensitive user data across multiple TCC domains...

Kigen eUICC issue (custom backdoor vs. FW update bug)

Posted by Security Explorations on Aug 12

Dear All,

On Jul 28, 2025 we provided Kigen with a report describing new security
issue potentially affecting company's eUICC cards. We did it regardless
of Kigen refusal to provide us with patches / patching instructions, so
that we could verify the content / quality of the fixes released by the
company for previously reported JavaCard issues [1] (more on that and
patching formula proposed by the company can be found on eSIM project...

PlayReady Activation protocol issues (weak auth / fake client identities)

Posted by Security Explorations on Aug 12

Dear All,

PlayReady Communication Protocols [1] include services for PlayReady
clients (such as Secure Clock), device owner's services (Activation /
Provisioning) and content service (License Server).

Back in 2022, we reported to Microsoft an issue pertaining to no auth at
PlayReady license server end, which was evaluated by Microsoft as no bug.

There is yet another auth issue, which builds on the above and affects
PlayReady Activation...

Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension

Posted by Stefan Kanthak via Fulldisclosure on Aug 04

Hi @ll,

this extends the previous post titled Defense in depth -- the
Microsoft way (part 90): "Digital Signature" property sheet
missing without "Read Extended Attributes" access permission
<https://seclists.org/fulldisclosure/2025/Jul/39>, to document
another facette of this 30 year old bug in the "Properties" shell
extension.

About 35 years ago Microsoft began to implement their "New Technology
File...

Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)

Posted by Sandro Gauci via Fulldisclosure on Aug 02

Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)

- CVSS v4.0
- Exploitability: High
- Complexity: Low
- Vulnerable system: Medium
- Subsequent system: Medium
- Exploitation: High
- Security requirements: High
- Vector: https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H
- Other references:...

APPLE-SA-07-30-2025-1 Safari 18.6

Posted by Apple Product Security via Fulldisclosure on Aug 02

APPLE-SA-07-30-2025-1 Safari 18.6

Safari 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124152.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

libxml2
Available for: macOS Ventura and macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: This is a...

Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission

Posted by Stefan Kanthak via Fulldisclosure on Jul 29

Hi @ll,

about 35 years ago Microsoft began to implement their "New Technology
File System" (NTFS) for their upcoming Windows NT operating system.
NTFS supports the extended attributes of the HPFS file system which
Microsoft and IBM had developed for their OS/2 operating system before.
NTFS' initial version, released with Windows NT 3.1 in 1993, had no
access control; this was added for Windows NT 3.5, released one year
later, with...

St. PΓΆlten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jul 29

St. PΓΆlten UAS 20250721-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in REX100
product| Helmholz Industrial Router REX100 / mbNET.mini
vulnerable version| < 2.3.3
fixed version| 2.3.3
CVE number| CVE-2025-41673, CVE-2025-41674, CVE-2025-41675,
| CVE-2025-41676, CVE-2025-41677, CVE-2025-41678,...

APPLE-SA-07-29-2025-8 visionOS 2.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-8 visionOS 2.6

visionOS 2.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124154.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple Vision Pro
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was...

APPLE-SA-07-29-2025-7 tvOS 18.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-7 tvOS 18.6

tvOS 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124153.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Parsing a file may lead to an unexpected app termination
Description:...

APPLE-SA-07-29-2025-6 watchOS 11.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-6 watchOS 11.6

watchOS 11.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124155.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple Watch Series 6 and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The...

APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

macOS Ventura 13.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124151.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A...

APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7

macOS Sonoma 14.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124150.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A path...

APPLE-SA-07-29-2025-3 macOS Sequoia 15.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-3 macOS Sequoia 15.6

macOS Sequoia 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124149.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: A path...

APPLE-SA-07-29-2025-2 iPadOS 17.7.9

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-2 iPadOS 17.7.9

iPadOS 17.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124148.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Privacy...

APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6

iOS 18.6 and iPadOS 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124147.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability

Posted by Egidio Romano on Jul 29

----------------------------------------------------------------------------
Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Certain 4.x versions before 4.7.21.

[-] Vulnerability Description:

The vulnerability is located within the...

CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)

Posted by Sanjay Singh on Jul 29

Hello Full Disclosure community,

I’m sharing details of a recently assigned CVE affecting a widely used
open‑source School Management System (PHP/MySQL).

--------------------------------------------
CVE ID: CVE‑2025‑52187
Vulnerability Type: Stored Cross‑Site Scripting (XSS)
Attack Vector: Remote
Discoverer: Sanjay Singh
Vendor Repository:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL
Version...

Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability

Posted by Egidio Romano on Jul 29

-----------------------------------------------------------------------------------------
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting
Vulnerability
-----------------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Certain 4.x versions before 4.7.21.
All 5.x versions before 5.0.8.

[-] Vulnerability Description:...

Re: Multiple vulnerabilities in the web management interface of Intelbras routers

Posted by Palula Brasil on Jul 29

The following snippet in the text is associated to the wrong CVE number:
2.2 Possibility of injecting JavaScript code into the name of the visiting
network (XSS) - CVE-2025-26064

The correct CVE number for item 2.2 is CVE-2025-26065.

Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Edit General Info" Functionality -
seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Edit General Info" Functionality #3:

Steps to Reproduce

1. Login with admin and visit "Website ID Card" > "Website Id Card"
2. In the "Organization Name" add the following...

Stored XSS "Create Page" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Create Page" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Create Page" Functionality #1:

Steps to Reproduce

1. Login with admin and visit "Pages" > "Create a Page"
2. In the "Meta Description" add the following payload...

Open Redirect "Login Page" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Open Redirect "Login Page" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Open Redirect "Login Page" Functionality #1:

Steps to Reproduce

Login to the application and then add the Referer header to attacker domain

// HTTP POST Request

POST /seotoaster/go HTTP/1.1
Host: 192.168.58.149...

Stored XSS "Edit Header" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Edit Header" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Edit Header" Functionality #1:

Steps to Reproduce:

Login as admin user and visit "News"
Click on "Edit Header Content" and enter the payload "><img src=x
onerror=alert(1)>

//...

[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

Posted by Egidio Romano on Jul 29

------------------------------------------------------------------
SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

All commercial versions before 13.0.4 and 14.0.1.

[-] Vulnerability Description:

User input passed through GET parameters to the /css/preview REST API
endpoint is not...

AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)

Posted by Marcus Krueppel on Jul 29

================== Overview ==================
TL;DR: Using the low-privilege "admin" user account via SSH on the IoT device "USB-Server-LXL" [1], it is possible to
modify the script /etc/init.d/lighttpd which is executed by root upon restart, leading to arbitrary code execution with
root privileges.

CVE: CVE-2025-52361
Suggested CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Suggested CVSS...

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

Title: Xorux LPAR2RRD File Upload Directory Traversal
Advisory ID: KL-001-2025-016
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Xorux
Β Β Β Β  Affected Product: LPAR2RRD
Β Β Β Β  Affected Version: 8.04 and prior
Β Β Β Β  Platform: Rocky Linux 8.10
Β Β Β Β  CWE...

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Title: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
Advisory ID: KL-001-2025-015
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-015.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Xorux
Β Β Β Β  Affected Product: LPAR2RRD
Β Β Β Β  Affected Version: 8.04 and prior...

KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

Title: Xorux LPAR2RRD Read Only User Denial of Service
Advisory ID: KL-001-2025-014
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-014.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Xorux
Β Β Β Β  Affected Product: LPAR2RRD
Β Β Β Β  Affected Version: 8.04 and prior
Β Β Β Β  Platform: Rocky Linux 8.10
Β Β Β Β  CWE...

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Title: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Advisory ID: KL-001-2025-013
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Xorux
Β Β Β Β  Affected Product: XorMon-NG
Β Β Β Β  Affected Version: 1.8 and prior...

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Title: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information
Advisory ID: KL-001-2025-012
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-012.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Xorux
Β Β Β Β  Affected Product: XorMon-NG
Β Β Β Β ...

Multiple vulnerabilities in the web management interface of Intelbras routers

Posted by Gabriel Augusto Vaz de Lima via Fulldisclosure on Jul 19

=====[Tempest Security
Intelligence]==========================================

Multiple vulnerabilities in the web management interface of Intelbras
routers

Author: Gabriel Lima <gabriel lima () tempest com br >

=====[Table of
Contents]======================================================

1. Overview

2. Detailed description

3. Other contexts & solutions

4. Acknowledgements

5. Timeline

6. References

=====[1....

Missing Critical Security Headers in OpenBlow

Posted by Tifa Lockhart via Fulldisclosure on Jul 12

Advisory ID: OPENBLOW-2025-003
Title: Missing Critical Security Headers in OpenBlow
Date: 2025-07-12
Vendor: OpenBlow (openblow.it)
Severity: High
CVSS v3.1 Base Score: 8.2 (High)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Summary:

Multiple public deployments of the OpenBlow whistleblowing software lack
critical HTTP security headers. These configurations expose users to client-side
vulnerabilities including XSS, clickjacking, API misuse, and...

SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function

Posted by Office nullFaktor GmbH on Jul 11

nullFaktor Security Advisory < 20250719 >
===========================================================
Title: ABAP Code Execution via Internal Function
Module WRITE_AND_CALL_DBPROG

Vulnerability: Exposed Dangerous Functionality

Product: SAP NetWeaver S/4HANA
Homepage: http://www.sap.com

Affected Version: S/4HANA, SAP_BASIS 757 SP 3
SAP Note: 3546011

Impact: High...

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

Posted by Egidio Romano on Jul 09

----------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection
Vulnerabilities
----------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 28.3 and prior 28.x versions.
Version 27.2 and prior 27.x versions.
Version 24.8 and prior 24.x versions.
Version 21.12 and...

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery
Advisory ID: KL-001-2025-011
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-011.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected...

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
Advisory ID: KL-001-2025-010
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-010.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected Product: EcoStruxure IT Data Center Expert...

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Title: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
Advisory ID: KL-001-2025-009
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-009.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected Product: EcoStruxure IT Data Center...

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

Title: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
Advisory ID: KL-001-2025-008
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-008.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected Product: EcoStruxure IT Data Center...

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution
Advisory ID: KL-001-2025-007
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-007.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected Product:...

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Title: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
Advisory ID: KL-001-2025-006
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-006.txt

1. Vulnerability Details

Β Β Β Β  Affected Vendor: Schneider Electric
Β Β Β Β  Affected Product: EcoStruxure IT...

eSIM security research (GSMA eUICC compromise and certificate theft)

Posted by Security Explorations on Jul 09

Dear All,

We broke security of Kigen eUICC card with GSMA consumer certificates
installed into it.

The eUICC card makes it possible to install the so called eSIM profiles
into target chip. eSIM profiles are software representations of mobile
subscriptions. For many years such mobile subscriptions had a form of a
physical SIM card of various factors (SIM, microSIM, nonoSIM). With eSIM,
the subscription can come in a pure digital form (as a...

Directory Traversal "Site Title" - bluditv3.16.2

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Directory Traversal "Site Title" #1:

Steps to Reproduce:

1. Login with admin account and "General" > "General"
2. Set the "Site Title" to the following payload "../../../malicious"
3....

XSS via SVG File Uploa - bluditv3.16.2

Posted by Andrey Stoykov on Jul 07

# Exploit Title: XSS via SVG File Upload - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG File Upload #1:

Steps to Reproduce:

1. Login with admin account and click on "General" > "Logo"

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"...

Stored XSS "Add New Content" Functionality - bluditv3.16.2

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Add New Content" Functionality #1:

Steps to Reproduce:

1. Login with admin account and visit "New Content"
2. In the "Source Code" field enter the following parameter...

Session Fixation - bluditv3.16.2

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Session Fixation - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Session Fixation #1:

Steps to Reproduce:

Visit the login page. Login with valid user and observe that the sessionID
has not been changed

// HTTP POST request logging in

POST /bludit/admin/ HTTP/1.1
Host: 192.168.58.133
User-Agent: Mozilla/5.0 (Windows NT 10.0;...

iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5)

Posted by josephgoyd via Fulldisclosure on Jun 30

Title: iOS Activation Flaw Enables Pre-User Device Compromise

Reported to Apple: May 19, 2025
Reported to US-CERT: May 19, 2025
US-CERT Case #: VU#346053
Vendor Status: Silent
Public Disclosure: June 26, 2025

------------------------------------------------------------------------
Summary
------------------------------------------------------------------------

A critical vulnerability exists in Apple’s iOS activation pipeline that
allows...
❌