RSS Parrot

BETA

🦜 Full Disclosure

@seclists.org.fulldisclosure@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Your feed and you don't want it here? Just e-mail the birb.

Site URL: seclists.org/#fulldisclosure

Feed URL: seclists.org/rss/fulldisclosure.rss

Posts: 13

Followers: 1

SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function

Published: July 11, 2025 12:18

Posted by Office nullFaktor GmbH on Jul 11nullFaktor Security Advisory < 20250719 > =========================================================== Title: ABAP Code Execution via Internal Function Module WRITE_AND_CALL_DBPROG …

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

Published: July 10, 2025 02:57

Posted by Egidio Romano on Jul 09---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities…

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Published: July 9, 2025 22:19

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated…

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Published: July 9, 2025 22:18

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Advisory ID:…

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Published: July 9, 2025 22:17

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution Title: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution Advisory ID:…

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

Published: July 9, 2025 22:17

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery Title: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery Advisory ID:…

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

Published: July 9, 2025 22:16

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code…

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Published: July 9, 2025 22:15

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection Title: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection…

eSIM security research (GSMA eUICC compromise and certificate theft)

Published: July 9, 2025 08:28

Posted by Security Explorations on Jul 09Dear All, We broke security of Kigen eUICC card with GSMA consumer certificates installed into it. The eUICC card makes it possible to install the so called eSIM profiles into target chip. eSIM profiles are…

Directory Traversal "Site Title" - bluditv3.16.2

Published: July 8, 2025 02:50

Posted by Andrey Stoykov on Jul 07# Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Directory Traversal…

XSS via SVG File Uploa - bluditv3.16.2

Published: July 8, 2025 02:50

Posted by Andrey Stoykov on Jul 07# Exploit Title: XSS via SVG File Upload - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ XSS via SVG File Upload #1: …

Stored XSS "Add New Content" Functionality - bluditv3.16.2

Published: July 8, 2025 02:50

Posted by Andrey Stoykov on Jul 07# Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS…

Session Fixation - bluditv3.16.2

Published: July 8, 2025 02:50

Posted by Andrey Stoykov on Jul 07# Exploit Title: Session Fixation - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Session Fixation #1: Steps to…