🦜 Full Disclosure
@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Your feed and you don't want it here? Just
e-mail the birb.
Multiple vulnerabilities in the web management interface of Intelbras routers
https://seclists.org/fulldisclosure/2025/Jul/14
Published: July 20, 2025 06:19
Posted by Gabriel Augusto Vaz de Lima via Fulldisclosure on Jul 19=====[Tempest Security
Intelligence]==========================================
Multiple vulnerabilities in the web management interface of Intelbras
routers
Author: Gabriel Lima <gabriel…
Missing Critical Security Headers in OpenBlow
https://seclists.org/fulldisclosure/2025/Jul/13
Published: July 13, 2025 03:13
Posted by Tifa Lockhart via Fulldisclosure on Jul 12Advisory ID: OPENBLOW-2025-003
Title: Missing Critical Security Headers in OpenBlow
Date: 2025-07-12
Vendor: OpenBlow (openblow.it)
Severity: High
CVSS v3.1 Base Score: 8.2 (High)
Vector:…
SAP NetWeaver S/4HANA - ABAP Code Execution via Internal Function
https://seclists.org/fulldisclosure/2025/Jul/12
Published: July 11, 2025 12:18
Posted by Office nullFaktor GmbH on Jul 11nullFaktor Security Advisory < 20250719 >
===========================================================
Title: ABAP Code Execution via Internal Function
Module WRITE_AND_CALL_DBPROG
…
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities
https://seclists.org/fulldisclosure/2025/Jul/11
Published: July 10, 2025 02:57
Posted by Egidio Romano on Jul 09----------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection
Vulnerabilities…
KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery
https://seclists.org/fulldisclosure/2025/Jul/10
Published: July 9, 2025 22:19
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery
Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated…
KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
https://seclists.org/fulldisclosure/2025/Jul/9
Published: July 9, 2025 22:18
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
Advisory ID:…
KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
https://seclists.org/fulldisclosure/2025/Jul/8
Published: July 9, 2025 22:17
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
Title: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
Advisory ID:…
KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
https://seclists.org/fulldisclosure/2025/Jul/7
Published: July 9, 2025 22:17
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
Title: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
Advisory ID:…
KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution
https://seclists.org/fulldisclosure/2025/Jul/6
Published: July 9, 2025 22:16
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution
Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code…
KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
https://seclists.org/fulldisclosure/2025/Jul/5
Published: July 9, 2025 22:15
Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
Title: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection…