CVE-2025-59397 - Open Web Analytics SQL Injection

— October 9^th 2025 at 04:30

Posted by Seralys Research Team via Fulldisclosure on Oct 08

Seralys Security Advisory | https://www.seralys.com/research
======================================================================
Title: SQL Injection Vulnerability
Product: Open Web Analytics (OWA)
Affected: Confirmed on 1.8.0 (older versions likely affected)
Fixed in: 1.8.1
Vendor: Open Web Analytics (open-source)
Discovered: August 2025
Severity: HIGH
CWE: CWE-89: SQL Injection
CVE: CVE-2025-59397...

Full Disclosure

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft

— October 7^th 2025 at 18:56

Posted by josephgoyd via Fulldisclosure on Oct 07

The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation.

https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Full Disclosure

Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft

— October 7^th 2025 at 18:55

Posted by full on Oct 07

Substack is down. If there is a replacement, it is appreciated.

-x9p

Full Disclosure

Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11

— October 7^th 2025 at 18:53

Posted by Stefan Kanthak via Fulldisclosure on Oct 07

On a fresh installation of the just released Windows 11 25H2 the former file
%SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe
is %SystemRoot%\System32\SecurityHealthHost.exe now, but the BUG persists:

| svchost.exe (PID = 9876) identified \\?\C:\Windows\System32\SecurityHealthHost.exe
| as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}

stay tuned, and far away from bug-riddled Windows...

Full Disclosure

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

— October 2^nd 2025 at 22:20

Posted by josephgoyd via Fulldisclosure on Oct 02

Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Working exploit:
https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0

Full Disclosure

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft

— October 2^nd 2025 at 22:20

Posted by josephgoyd via Fulldisclosure on Oct 02

Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Working exploit:
https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0

Full Disclosure

Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib

— September 30^th 2025 at 15:19

Posted by Ron E on Sep 30

A denial-of-service vulnerability exists in Samtools and the underlying
HTSlib when processing BED files containing extremely large interval
values. The bed_index_core() function in bedidx.c uses the interval end
coordinate to calculate allocation size without sufficient validation. By
supplying a BED record with a crafted end coordinate (e.g., near 2^61), an
attacker can trigger uncontrolled memory allocation requests via
hts_resize_array_()....

Full Disclosure

Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow

— September 30^th 2025 at 15:19

Posted by Ron E on Sep 30

In the samtools coverage subcommand, the -w / --n-bins option allows the
user to specify how many “bins” to produce in the coverage histogram. The
code computes: stats[tid].bin_width = (stats[tid].end - stats[tid].beg) /
n_bins; When the number of bins (n_bins) is extremely large relative to the
region length (end - beg), this integer division can yield zero, or lead to
unexpected behavior in subsequent arithmetic. Later in print_hist(),...

Full Disclosure

libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width

— September 30^th 2025 at 15:19

Posted by Ron E on Sep 30

A heap buffer overflow vulnerability exists in the geotifcp utility,
distributed as part of libgeotiff. The flaw occurs in the function
cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd
ImageWidth and using the -d option (downsampling from 8-bit to 4-bit).
During conversion, the function iterates over pixels in pairs and always
accesses buf_in[i_in+1]. When the width is odd, the last iteration
dereferences one byte past the...

Full Disclosure

APPLE-SA-09-29-2025-6 visionOS 26.0.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-6 visionOS 26.0.1

visionOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125338.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

Full Disclosure

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

macOS Sonoma 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125330.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sonoma
Impact: Processing a maliciously crafted font may lead to unexpected app...

Full Disclosure

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

macOS Sequoia 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125329.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sequoia
Impact: Processing a maliciously crafted font may lead to unexpected app...

Full Disclosure

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

macOS Tahoe 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125328.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Tahoe
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

Full Disclosure

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125327.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

Full Disclosure

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

— September 30^th 2025 at 15:19

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125326.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

Full Disclosure

SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542

— September 25^th 2025 at 22:49

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25

SEC Consult Vulnerability Lab Security Advisory < 20250925-0 >
=======================================================================
title: Multiple Vulnerabilities
product: iMonitorSoft EAM
vulnerable version: iMonitor EAM 9.6394
fixed version: -
CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542
impact: Critical
homepage:...

Full Disclosure

SEC Consult SA-20250923-0 :: Missing Certificate Validation leading to RCE in CleverControl employee monitoring software #CVE-2025-10548

— September 25^th 2025 at 22:49

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25

SEC Consult Vulnerability Lab Security Advisory < 20250923-0 >
=======================================================================
title: Missing Certificate Validation leading to RCE
product: CleverControl employee monitoring software
vulnerable version: 11.5.1041.6
fixed version: -
CVE number: CVE-2025-10548
impact: high
homepage: https://clevercontrol.com...

Full Disclosure

CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series

— September 25^th 2025 at 22:49

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25

CyberDanube Security Research 20250919-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in Novakon HMI Series
product| Novakon Touch Screen HMI P Series
vulnerable version| P - V2001.A.c518o2
fixed version| -
CVE number| CVE-2025-9962, CVE-2025-9963, CVE-2025-9964,
| CVE-2025-9965, CVE-2025-9966...

Full Disclosure

CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630

— September 25^th 2025 at 22:49

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25

Full Disclosure

xpra server information disclosure

— September 25^th 2025 at 22:48

Posted by Antoine Martin via Fulldisclosure on Sep 25

1) About Xpra
Xpra is known as "screen for X11".
https://xpra.org/
"Xpra forwards and synchronizes many extra desktop features, which
allows remote applications to integrate transparently into the client's
desktop environment: audio input and output, printers, clipboard, system
trays, notifications, webcams, etc."

2) Vulnerability
Using the server's "control" subsystem, a client can enable sensitive...

Full Disclosure

Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker

— September 23^rd 2025 at 03:35

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

since several years Microsoft installs the DLLs domain_actions.dll
and well_known_domains.dll as part of their Edge browser as well as
Windows' WebView component into each and every user profile,
UNPROTECTED against tampering.

On Windows 11 24H2 their paths are currently
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain Actions\3.0.0.16\domain_actions.dll"
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain...

Full Disclosure

Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker

— September 23^rd 2025 at 03:35

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

since several years Microsoft installs the DLLs domain_actions.dll
and well_known_domains.dll as part of their Edge browser as well as
Windows' WebView component into each and every user profile,
UNPROTECTED against tampering.

On Windows 11 24H2 their paths are currently
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain Actions\3.0.0.16\domain_actions.dll"
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain...

Full Disclosure

Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11

— September 23^rd 2025 at 03:35

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

more than 2.5 years ago I posted "Defense in depth -- the Microsoft way
(part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2"
<https://seclists.org/fulldisclosure/2023/Feb/13>

In "SRP on Windows 11" <https://seclists.org/fulldisclosure/2023/Mar/1>
Andy Ful presented a persistent correction some days later.

Since several months now (unfortunately I can't tell the exact time)...

Full Disclosure

libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument

— September 23^rd 2025 at 03:35

Posted by Ron E on Sep 22

gmo2msg in libelf contains a stack-based buffer overflow in po/gmo2msg.c
when constructing filenames from the first program argument (lang). The
program uses a fixed-size local buffer (char buf[1024]) and writes into it
using sprintf(buf, "%s.gmo", lang) and sprintf(buf, "%s.msg", lang) without
validating the length of lang. Supplying a sufficiently long lang argument
(e.g., ~1200 bytes) causes sprintf to write past the end of...

Full Disclosure

Stored HTML Injection - flatpressv1.4.1

— September 23^rd 2025 at 03:35

Posted by Andrey Stoykov on Sep 22

# Exploit Title: Stored HTML Injection - flatpressv1.4.1
# Date: 09/2025
# Exploit Author: Andrey Stoykov
# Version: 1.4.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html

Stored HTML Injection:

Steps to Reproduce:

- Login with admin user and visit "Main" > "New Entry" > "Write Entry" and
in the description enter the payload "[html]<div...

Full Disclosure

Current Password not Required When Changing Password - flatpressv1.4.1

— September 23^rd 2025 at 03:35

Posted by Andrey Stoykov on Sep 22

# Exploit Title: Current Password not Required When Changing Password -
flatpressv1.4.1
# Date: 09/2025
# Exploit Author: Andrey Stoykov
# Version: 1.4.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-42-current.html

Current Password not Required When Changing Password:

Steps to Reproduce:

- Login with admin user and visit "Main" > "Configuration" > "General...

Full Disclosure

[CFP] Burning River Cyber Con '25 - Cleveland, OH

— September 23^rd 2025 at 03:34

Posted by Burning River Cyber Con via Fulldisclosure on Sep 22

Burning River CyberCon is seeking submissions for our 2025 conference. We're looking for presentations on all things
infosec, from vulnerability research and exploit development to red teaming and security automation.

Key Details:

-

CFP Link: https://burningrivercybercon.com/call-for-papers

-

CFP Closes: October 1, 2025

-

Conference Date: November 15, 2025

Submit your talk today.

Full Disclosure

APPLE-SA-09-15-2025-12 Xcode 26