Full Disclosure

Defense in depth -- the Microsoft way (part 91): yet another 30 year old bug of the "Properties" shell extension

Posted by Stefan Kanthak via Fulldisclosure on Aug 04

Hi @ll,

this extends the previous post titled Defense in depth -- the
Microsoft way (part 90): "Digital Signature" property sheet
missing without "Read Extended Attributes" access permission
<https://seclists.org/fulldisclosure/2025/Jul/39>, to document
another facette of this 30 year old bug in the "Properties" shell
extension.

About 35 years ago Microsoft began to implement their "New Technology
File...

Exploit-DB Updates

[remote] Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure

Exploit-DB Updates

[webapps] Gandia Integra Total 4.4.2236.1 - SQL Injection

Gandia Integra Total 4.4.2236.1 - SQL Injection

Exploit-DB Updates

[webapps] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] LPAR2RRD 8.04 - Remote Code Execution (RCE)

LPAR2RRD 8.04 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

Exploit-DB Updates

[local] Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)

Full Disclosure

Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)

Posted by Sandro Gauci via Fulldisclosure on Aug 02

Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)

- CVSS v4.0
- Exploitability: High
- Complexity: Low
- Vulnerable system: Medium
- Subsequent system: Medium
- Exploitation: High
- Security requirements: High
- Vector: https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H
- Other references:...

Full Disclosure

APPLE-SA-07-30-2025-1 Safari 18.6

Posted by Apple Product Security via Fulldisclosure on Aug 02

APPLE-SA-07-30-2025-1 Safari 18.6

Safari 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124152.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

libxml2
Available for: macOS Ventura and macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: This is a...

Full Disclosure

Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission

Posted by Stefan Kanthak via Fulldisclosure on Jul 29

Hi @ll,

about 35 years ago Microsoft began to implement their "New Technology
File System" (NTFS) for their upcoming Windows NT operating system.
NTFS supports the extended attributes of the HPFS file system which
Microsoft and IBM had developed for their OS/2 operating system before.
NTFS' initial version, released with Windows NT 3.1 in 1993, had no
access control; this was added for Windows NT 3.5, released one year
later, with...

Full Disclosure

St. Pölten UAS 20250721-0 | Multiple Vulnerabilities in Helmholz Industrial Router REX100 / mbNET.mini

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jul 29

St. Pölten UAS 20250721-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in REX100
product| Helmholz Industrial Router REX100 / mbNET.mini
vulnerable version| < 2.3.3
fixed version| 2.3.3
CVE number| CVE-2025-41673, CVE-2025-41674, CVE-2025-41675,
| CVE-2025-41676, CVE-2025-41677, CVE-2025-41678,...

Full Disclosure

APPLE-SA-07-29-2025-8 visionOS 2.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-8 visionOS 2.6

visionOS 2.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124154.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple Vision Pro
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was...

Full Disclosure

APPLE-SA-07-29-2025-7 tvOS 18.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-7 tvOS 18.6

tvOS 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124153.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Parsing a file may lead to an unexpected app termination
Description:...

Full Disclosure

APPLE-SA-07-29-2025-6 watchOS 11.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-6 watchOS 11.6

watchOS 11.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124155.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

afclip
Available for: Apple Watch Series 6 and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The...

Full Disclosure

APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

macOS Ventura 13.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124151.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A...

Full Disclosure

APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7

macOS Sonoma 14.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124150.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A path...

Full Disclosure

APPLE-SA-07-29-2025-3 macOS Sequoia 15.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-3 macOS Sequoia 15.6

macOS Sequoia 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124149.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: A path...

Full Disclosure

APPLE-SA-07-29-2025-2 iPadOS 17.7.9

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-2 iPadOS 17.7.9

iPadOS 17.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124148.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Privacy...

Full Disclosure

APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6

iOS 18.6 and iPadOS 18.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124147.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

Full Disclosure

Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability

Posted by Egidio Romano on Jul 29

----------------------------------------------------------------------------
Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Certain 4.x versions before 4.7.21.

[-] Vulnerability Description:

The vulnerability is located within the...

Full Disclosure

CVE‑2025‑52187 – Stored XSS in School Management System (PHP/MySQL)

Posted by Sanjay Singh on Jul 29

Hello Full Disclosure community,

I’m sharing details of a recently assigned CVE affecting a widely used
open‑source School Management System (PHP/MySQL).

--------------------------------------------
CVE ID: CVE‑2025‑52187
Vulnerability Type: Stored Cross‑Site Scripting (XSS)
Attack Vector: Remote
Discoverer: Sanjay Singh
Vendor Repository:
https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL
Version...

Full Disclosure

Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability

Posted by Egidio Romano on Jul 29

-----------------------------------------------------------------------------------------
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting
Vulnerability
-----------------------------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

Certain 4.x versions before 4.7.21.
All 5.x versions before 5.0.8.

[-] Vulnerability Description:...

Full Disclosure

Re: Multiple vulnerabilities in the web management interface of Intelbras routers

Posted by Palula Brasil on Jul 29

The following snippet in the text is associated to the wrong CVE number:
2.2 Possibility of injecting JavaScript code into the name of the visiting
network (XSS) - CVE-2025-26064

The correct CVE number for item 2.2 is CVE-2025-26065.

Full Disclosure

Stored XSS "Edit General Info" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Edit General Info" Functionality -
seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Edit General Info" Functionality #3:

Steps to Reproduce

1. Login with admin and visit "Website ID Card" > "Website Id Card"
2. In the "Organization Name" add the following...

Full Disclosure

Stored XSS "Create Page" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Create Page" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Create Page" Functionality #1:

Steps to Reproduce

1. Login with admin and visit "Pages" > "Create a Page"
2. In the "Meta Description" add the following payload...

Full Disclosure

Open Redirect "Login Page" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Open Redirect "Login Page" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Open Redirect "Login Page" Functionality #1:

Steps to Reproduce

Login to the application and then add the Referer header to attacker domain

// HTTP POST Request

POST /seotoaster/go HTTP/1.1
Host: 192.168.58.149...

Full Disclosure

Stored XSS "Edit Header" Functionality - seotoasterv2.5.0

Posted by Andrey Stoykov on Jul 29

# Exploit Title: Stored XSS "Edit Header" Functionality - seotoasterv2.5.0
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 2.5.0
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Edit Header" Functionality #1:

Steps to Reproduce:

Login as admin user and visit "News"
Click on "Edit Header Content" and enter the payload "><img src=x
onerror=alert(1)>

//...

Full Disclosure

[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

Posted by Egidio Romano on Jul 29

------------------------------------------------------------------
SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability
------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

All commercial versions before 13.0.4 and 14.0.1.

[-] Vulnerability Description:

User input passed through GET parameters to the /css/preview REST API
endpoint is not...

Full Disclosure

AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361)

Posted by Marcus Krueppel on Jul 29

================== Overview ==================
TL;DR: Using the low-privilege "admin" user account via SSH on the IoT device "USB-Server-LXL" [1], it is possible to
modify the script /etc/init.d/lighttpd which is executed by root upon restart, leading to arbitrary code execution with
root privileges.

CVE: CVE-2025-52361
Suggested CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Suggested CVSS...

Full Disclosure

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal

Title: Xorux LPAR2RRD File Upload Directory Traversal
Advisory ID: KL-001-2025-016
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-016.txt

1. Vulnerability Details

     Affected Vendor: Xorux
     Affected Product: LPAR2RRD
     Affected Version: 8.04 and prior
     Platform: Rocky Linux 8.10
     CWE...

Full Disclosure

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Title: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
Advisory ID: KL-001-2025-015
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-015.txt

1. Vulnerability Details

     Affected Vendor: Xorux
     Affected Product: LPAR2RRD
     Affected Version: 8.04 and prior...

Full Disclosure

KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

Title: Xorux LPAR2RRD Read Only User Denial of Service
Advisory ID: KL-001-2025-014
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-014.txt

1. Vulnerability Details

     Affected Vendor: Xorux
     Affected Product: LPAR2RRD
     Affected Version: 8.04 and prior
     Platform: Rocky Linux 8.10
     CWE...

Full Disclosure

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator

Title: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Advisory ID: KL-001-2025-013
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-013.txt

1. Vulnerability Details

     Affected Vendor: Xorux
     Affected Product: XorMon-NG
     Affected Version: 1.8 and prior...

Full Disclosure

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 28

KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

Title: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information
Advisory ID: KL-001-2025-012
Publication Date: 2025-07-28
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-012.txt

1. Vulnerability Details

     Affected Vendor: Xorux
     Affected Product: XorMon-NG
    ...

Exploit-DB Updates

[local] Linux PAM Environment - Variable Injection Local Privilege Escalation

Linux PAM Environment - Variable Injection Local Privilege Escalation

Exploit-DB Updates

[webapps] Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Adobe ColdFusion 2023.6 - Remote File Read

Adobe ColdFusion 2023.6 - Remote File Read

Exploit-DB Updates

[webapps] Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Exploit-DB Updates

[webapps] XWiki 14 - SQL Injection via getdeleteddocuments.vm

XWiki 14 - SQL Injection via getdeleteddocuments.vm

Exploit-DB Updates

[dos] Xlight FTP 1.1 - Denial Of Service (DOS)

Xlight FTP 1.1 - Denial Of Service (DOS)

Exploit-DB Updates

[remote] Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)

Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)

Exploit-DB Updates

[remote] Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow

Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow

Exploit-DB Updates

[webapps] Joomla JS Jobs plugin 1.4.2 - SQL injection

Joomla JS Jobs plugin 1.4.2 - SQL injection

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

Exploit-DB Updates

[webapps] Discourse 3.1.1 - Unauthenticated Chat Message Access

Discourse 3.1.1 - Unauthenticated Chat Message Access

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages

Exploit-DB Updates

[webapps] Simple File List WordPress Plugin 4.2.2 - File Upload to RCE

Simple File List WordPress Plugin 4.2.2 - File Upload to RCE

Exploit-DB Updates

[webapps] Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE

Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

Full Disclosure

Multiple vulnerabilities in the web management interface of Intelbras routers

Posted by Gabriel Augusto Vaz de Lima via Fulldisclosure on Jul 19

=====[Tempest Security
Intelligence]==========================================

Multiple vulnerabilities in the web management interface of Intelbras
routers

Author: Gabriel Lima <gabriel lima () tempest com br >

=====[Table of
Contents]======================================================

1. Overview

2. Detailed description

3. Other contexts & solutions

4. Acknowledgements

5. Timeline

6. References

=====[1....

Exploit-DB Updates

[local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Exploit-DB Updates

[webapps] Langflow 1.2.x - Remote Code Execution (RCE)

Langflow 1.2.x - Remote Code Execution (RCE)

Exploit-DB Updates

[hardware] TOTOLINK N300RB 8.54 - Command Execution

TOTOLINK N300RB 8.54 - Command Execution

Exploit-DB Updates

[webapps] SugarCRM 14.0.0 - SSRF/Code Injection

SugarCRM 14.0.0 - SSRF/Code Injection

Exploit-DB Updates

[remote] MikroTik RouterOS 7.19.1 - Reflected XSS

MikroTik RouterOS 7.19.1 - Reflected XSS

Exploit-DB Updates

[webapps] White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)