Full Disclosure
Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default
February 18^th 2025 at 04:10

Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

Posted by Gynvael Coldwind on Feb 17

Hi,

This isn't really a problem a vendor can solve in firmware (apart from
offering configuration via cloud, which has its own issues).
Even if they would enable TLS/SSL by default, it would just give one a
false sense of security, since:
- the certificates would be invalid (public CAs don't give out certs for IP
addresses),
- they would be easy to clone (due to being self-signed and/or being easy
to extract from a similar device),
-...

🏷️ My labels
- ❌
February 18^th 2025 at 04:10

Full Disclosure
Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network.
February 16^th 2025 at 08:00

Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network.

Posted by upper.underflow via Fulldisclosure on Feb 16

Hello,

About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found
at the following link: https://primal.net/e/note1vzh0mj9rcxax9cgcdapupyxeehjprd68gd9kk9wrv939m8knulrs4780x7

Save, share, use.

The paste link includes a list of nodes that the attacker has instructed to target, along with a Python code to
leverage the attack. According to their explanation, this vulnerability is...

🏷️ My labels
- ❌
February 16^th 2025 at 08:00

Full Disclosure
Netgear Router Administrative Web Interface Lacks Transport Encryption By Default
February 16^th 2025 at 08:00

Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

Posted by Ryan Delaney via Fulldisclosure on Feb 16

<!--
# Exploit Title: Netgear Router Administrative Web Interface Lacks
Transport Encryption By Default
# Date: 02-13-2025
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Vendor Homepage: https://www.netgear.com
# Version: Netgear C7800 Router, F/W 6.01.07, possibly others
# Tested on: Netgear C7800 Router, F/W 6.01.07
# CVE: CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running...

🏷️ My labels
- ❌
February 16^th 2025 at 08:00

Full Disclosure
[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript
February 16^th 2025 at 07:59

[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript

Posted by Gabriel Valachi via Fulldisclosure on Feb 15

In GZDoom 4.13.1 and below, there is a vulnerability involving array sizes in ZScript, the game engine's primary
scripting language. It is possible to dynamically allocate an array of 1073741823 dwords, permitting access to the rest
of the heap from the start of the array and causing a second array declared in the same function to overlap with this
huge array. The result is an exploit chain that allows arbitrary code execution through a...

🏷️ My labels
- ❌
February 16^th 2025 at 07:59

Full Disclosure
Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)
February 16^th 2025 at 07:58

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Feb 15

Today at about 2025-02-13 19:00 I noticed the "≠" is back, but now the
type 0x12 payload of the ?q query parameter gets formatted into the
string representation of an IP address, rather than being copied almost
verbatim into the page. If the payload length is 4 bytes, it gets
formatted as an IPv4 address; if 16 bytes, as an IPv6 address. I didn't
try a ton of experiments, but it looks like payload lengths other than 4
and 16...

🏷️ My labels
- ❌
February 16^th 2025 at 07:58

Full Disclosure
SEC Consult SA-20250211-0 :: Multiple vulnerabilities in Wattsense Bridge
February 13^th 2025 at 05:25

SEC Consult SA-20250211-0 :: Multiple vulnerabilities in Wattsense Bridge

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 12

SEC Consult Vulnerability Lab Security Advisory < 20250211-0 >
=======================================================================
title: Multiple vulnerabilities
product: Wattsense - Wattsense Bridge
vulnerable version: Wattsense Bridge
* Hardware Revision: WSG-EU-SC-14-00, 20230801
* Firmware Revision: Wattsense (Wattsense minimal)...

🏷️ My labels
- ❌
February 13^th 2025 at 05:25

APPLE-SA-02-10-2025-2 iPadOS 17.7.5

Posted by Apple Product Security via Fulldisclosure on Feb 10

APPLE-SA-02-10-2025-2 iPadOS 17.7.5

iPadOS 17.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122173.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A physical...

🏷️ My labels
- ❌
February 11^th 2025 at 03:50

Full Disclosure
APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1
February 11^th 2025 at 03:50

APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1

Posted by Apple Product Security via Fulldisclosure on Feb 10

APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1

iOS 18.3.1 and iPadOS 18.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122174.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation...

🏷️ My labels
- ❌
February 11^th 2025 at 03:50

Full Disclosure
CVE-2024-55447: Access Control in Paxton Net2 software (update)
February 11^th 2025 at 03:50

CVE-2024-55447: Access Control in Paxton Net2 software (update)

Posted by Jeroen Hermans via Fulldisclosure on Feb 10

CloudAware Security Advisory

CVE-2024-55447: Potential PII leak and incorrect access control in
Paxton Net2 software

========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software.
Possible leaking of PII incorrect access control.
Access cards can be cloned without physical access to the original...

🏷️ My labels
- ❌
February 11^th 2025 at 03:50

Full Disclosure
ChatGPT AI finds "security concern" (XSS) in DeepSeek's code
February 11^th 2025 at 03:50

ChatGPT AI finds "security concern" (XSS) in DeepSeek's code

Posted by Georgi Guninski on Feb 10

Summary: On 2025-02-09 ChatGPT AI found "security concern" (XSS) in
DeepSeek's AI python code.

Background:

Consider the simple coding question (Q):

Write Python CGI which takes as an argument NAME and outputs: "Hello NAME".

First page and results on google for "python CGI" return for me
tutorials, which are flawed and textbook examples of the cross site
scripting (XSS) vulnerability. This is a...

🏷️ My labels
- ❌
February 11^th 2025 at 03:50

Full Disclosure
KL-001-2025-002: Checkmk NagVis Remote Code Execution
February 4^th 2025 at 22:11

KL-001-2025-002: Checkmk NagVis Remote Code Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-002: Checkmk NagVis Remote Code Execution

Title: Checkmk NagVis Remote Code Execution
Advisory ID: KL-001-2025-002
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux
     CWE...

🏷️ My labels
- ❌
February 4^th 2025 at 22:11

Full Disclosure
KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting
February 4^th 2025 at 22:08

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

Title: Checkmk NagVis Reflected Cross-site Scripting
Advisory ID: KL-001-2025-001
Publication Date: 2025-02-04
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt

1. Vulnerability Details

     Affected Vendor: Checkmk
     Affected Product: Checkmk/NagVis
     Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40
     Platform: GNU/Linux...

🏷️ My labels
- ❌
February 4^th 2025 at 22:08

Full Disclosure
APPLE-SA-01-30-2025-1 GarageBand 10.4.12
February 2^nd 2025 at 07:33

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

Posted by Apple Product Security via Fulldisclosure on Feb 01

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

GarageBand 10.4.12 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121866.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

GarageBand
Available for: macOS Sonoma 14.4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary...

🏷️ My labels
- ❌
February 2^nd 2025 at 07:33

Full Disclosure
Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)
February 2^nd 2025 at 07:33

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Feb 01

I tested a few more times, and it appears the text injection has
disappeared.

These are timestamps when I tested, with offsets relative to the initial
discovery.

+0h 2025-01-28 03:00 initial discovery
+5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works
(https://archive.is/DD9xB)
+14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works
(no archive)
+45h...

🏷️ My labels
- ❌
February 2^nd 2025 at 07:33

Full Disclosure
Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3
February 2^nd 2025 at 07:32

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3

Posted by hyp3rlinx on Feb 01

Updated SQL Injection CVE-2019-19245 exploit for Python3.

import requests,time,re,sys,argparse

#NAPC Xinet Elegant 6 Asset Library v6.1.655
#Pre-Auth SQL Injection 0day Exploit
#By hyp3rlinx
#ApparitionSec
#UPDATED: Jan 2024 for python3
#TODO: add SSL support
#===============================
#This will dump tables, usernames and passwords in vulnerable versions
#REQUIRE PARAMS:...

🏷️ My labels
- ❌
February 2^nd 2025 at 07:32

Full Disclosure
Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449
January 30^th 2025 at 00:59

Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449

Posted by Shaikh Shahnawaz on Jan 29

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
https://quorum.com/about/

[Product]
Quorum onQ OS - 6.0.0.5.2064

Vulnerability Type]
Reflected Cross Site Scripting (XSS)

[Affected Component]
Login page get parameter 'msg' is vulnerable to Reflected Cross site
scripting

[CVE Reference]
CVE-2024-44449

[Security Issue]
Cross Site Scripting vulnerability in Quorum onQ OS...

🏷️ My labels
- ❌
January 30^th 2025 at 00:59

Full Disclosure
Deepseek writes textbook insecure code in 2025-01-28
January 30^th 2025 at 00:58

Deepseek writes textbook insecure code in 2025-01-28

Posted by Georgi Guninski on Jan 29

Asking Deepseek on Jan 28 09:33:11 AM UTC 2025:

Write a python CGI which takes as an argument string NAME and outputs
"Hello"+NAME

The Deepseek AI [3] returned:

====
name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is
not provided
# Output the HTML response
print(f"<html><body><h1>Hello, {name}!</h1></body></html>")

*For security reasons,...

🏷️ My labels
- ❌
January 30^th 2025 at 00:58

Full Disclosure
Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)
January 30^th 2025 at 00:58

Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Posted by David Fifield on Jan 29

The page https://www.google.com/sorry/index is familiar to Tor and VPN
users. It is the one that says "Our systems have detected unusual
traffic from your computer network. Please try your request again
later." You will frequently be redirected to this page when using Tor
Browser, when you do a search on a Google site such as www.youtube.com
or scholar.google.com. The text of the page reports the client IP
address, a timestamp of the...

🏷️ My labels
- ❌
January 30^th 2025 at 00:58

APPLE-SA-01-27-2025-9 Safari 18.3