Security News

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

Full Disclosure - 9 July, 2025 - 21:57

Posted by Egidio Romano on Jul 09

----------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection
Vulnerabilities
----------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 28.3 and prior 28.x versions.
Version 27.2 and prior 27.x versions.
Version 24.8 and prior 24.x versions.
Version 21.12 and...

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Full Disclosure - 9 July, 2025 - 17:19

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery
Advisory ID: KL-001-2025-011
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-011.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected...

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Full Disclosure - 9 July, 2025 - 17:18

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Title: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation
Advisory ID: KL-001-2025-010
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-010.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected Product: EcoStruxure IT Data Center Expert...

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Full Disclosure - 9 July, 2025 - 17:17

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Title: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution
Advisory ID: KL-001-2025-009
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-009.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected Product: EcoStruxure IT Data Center...

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

Full Disclosure - 9 July, 2025 - 17:17

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-008: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery

Title: Schneider Electric EcoStruxure IT Data Center Expert Root Password Discovery
Advisory ID: KL-001-2025-008
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-008.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected Product: EcoStruxure IT Data Center...

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

Full Disclosure - 9 July, 2025 - 17:16

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-007: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution

Title: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Remote Code Execution
Advisory ID: KL-001-2025-007
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-007.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected Product:...

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Full Disclosure - 9 July, 2025 - 17:15

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09

KL-001-2025-006: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Title: Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
Advisory ID: KL-001-2025-006
Publication Date: 2025-07-09
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-006.txt

1. Vulnerability Details

     Affected Vendor: Schneider Electric
     Affected Product: EcoStruxure IT...

eSIM security research (GSMA eUICC compromise and certificate theft)

Full Disclosure - 9 July, 2025 - 03:28

Posted by Security Explorations on Jul 09

Dear All,

We broke security of Kigen eUICC card with GSMA consumer certificates
installed into it.

The eUICC card makes it possible to install the so called eSIM profiles
into target chip. eSIM profiles are software representations of mobile
subscriptions. For many years such mobile subscriptions had a form of a
physical SIM card of various factors (SIM, microSIM, nonoSIM). With eSIM,
the subscription can come in a pure digital form (as a...

Directory Traversal "Site Title" - bluditv3.16.2

Full Disclosure - 7 July, 2025 - 21:50

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Directory Traversal "Site Title" #1:

Steps to Reproduce:

1. Login with admin account and "General" > "General"
2. Set the "Site Title" to the following payload "../../../malicious"
3....

XSS via SVG File Uploa - bluditv3.16.2

Full Disclosure - 7 July, 2025 - 21:50

Posted by Andrey Stoykov on Jul 07

# Exploit Title: XSS via SVG File Upload - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG File Upload #1:

Steps to Reproduce:

1. Login with admin account and click on "General" > "Logo"

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"...

Stored XSS "Add New Content" Functionality - bluditv3.16.2

Full Disclosure - 7 July, 2025 - 21:50

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Stored XSS "Add New Content" Functionality #1:

Steps to Reproduce:

1. Login with admin account and visit "New Content"
2. In the "Source Code" field enter the following parameter...

Session Fixation - bluditv3.16.2

Full Disclosure - 7 July, 2025 - 21:50

Posted by Andrey Stoykov on Jul 07

# Exploit Title: Session Fixation - bluditv3.16.2
# Date: 07/2025
# Exploit Author: Andrey Stoykov
# Version: 3.16.2
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

Session Fixation #1:

Steps to Reproduce:

Visit the login page. Login with valid user and observe that the sessionID
has not been changed

// HTTP POST request logging in

POST /bludit/admin/ HTTP/1.1
Host: 192.168.58.133
User-Agent: Mozilla/5.0 (Windows NT 10.0;...

iOS Activation Flaw Enables Pre-User Device Compromise and Identity Exposure (iOS 18.5)

Full Disclosure - 1 July, 2025 - 01:49

Posted by josephgoyd via Fulldisclosure on Jun 30

Title: iOS Activation Flaw Enables Pre-User Device Compromise

Reported to Apple: May 19, 2025
Reported to US-CERT: May 19, 2025
US-CERT Case #: VU#346053
Vendor Status: Silent
Public Disclosure: June 26, 2025

------------------------------------------------------------------------
Summary
------------------------------------------------------------------------

A critical vulnerability exists in Apple’s iOS activation pipeline that
allows...

Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed <title> Tag

Full Disclosure - 25 June, 2025 - 23:37

Posted by Brian Carpenter via Fulldisclosure on Jun 25

Hey list,

You can remotely crash httpx v1.7.0 (by ProjectDiscovery) by serving a malformed <title> tag on your website. The bug
is a classic out-of-bounds read in trimTitleTags() due to a missing bounds check when slicing the title string. It
panics with:

panic: runtime error: slice bounds out of range [9:6]

Affects anyone using httpx in their automated scanning pipeline. One malformed HTML response = scanner down. Unit
testing or...

CVE-2025-32978 - Quest KACE SMA Unauthenticated License Replacement

Full Disclosure - 23 June, 2025 - 22:13

Posted by Seralys Research Team via Fulldisclosure on Jun 23

Seralys Security Advisory | https://www.seralys.com/research

======================================================================
Title: Unauthenticated License Replacement
Product: Quest KACE Systems Management Appliance (SMA)
Affected: Confirmed on 14.1 (older versions likely affected)
Fixed in: 13.0.385, 13.1.81, 13.2.183, 14.0.341(Patch 5),
14.1.101(Patch 4)
Vendor: Quest Software
Discovered: April...

CVE-2025-32977 - Quest KACE Unauthenticated Backup Upload

Full Disclosure - 23 June, 2025 - 22:13

Posted by Seralys Research Team via Fulldisclosure on Jun 23

Seralys Security Advisory | https://www.seralys.com/research

======================================================================
Title: Unauthenticated Backup Upload
Product: Quest KACE Systems Management Appliance (SMA)
Affected: Confirmed on 14.1 (older versions likely affected)
Fixed in: 13.0.385, 13.1.81, 13.2.183, 14.0.341(Patch 5),
14.1.101(Patch 4)
Vendor: Quest Software
Discovered: April 2025...

CVE-2025-32976 - Quest KACE SMA 2FA Bypass

Full Disclosure - 23 June, 2025 - 22:13

Posted by Seralys Research Team via Fulldisclosure on Jun 23

Seralys Security Advisory | https://www.seralys.com/research

======================================================================
Title: 2FA Bypass
Product: Quest KACE Systems Management Appliance (SMA)
Affected: Confirmed on 14.1 (older versions likely affected)
Fixed in: 13.0.385, 13.1.81, 13.2.183, 14.0.341(Patch 5),
14.1.101(Patch 4)
Vendor: Quest Software
Discovered: April 2025
Severity: HIGH...

CVE-2025-32975 - Quest KACE SMA Authentication Bypass

Full Disclosure - 23 June, 2025 - 22:13

Posted by Seralys Research Team via Fulldisclosure on Jun 23

Seralys Security Advisory | https://www.seralys.com/research

======================================================================
Title: Authentication Bypass
Product: Quest KACE Systems Management Appliance (SMA)
Affected: Confirmed on 14.1 (older versions likely affected)
Fixed in: 13.0.385, 13.1.81, 13.2.183, 14.0.341(Patch 5),
14.1.101(Patch 4)
Vendor: Quest Software
Discovered: April 2025
Severity:...

RansomLord (NG v1.0) anti-ransomware exploit tool

Full Disclosure - 23 June, 2025 - 22:12

Posted by malvuln on Jun 23

First official NG versioned release with significant updates, fixes
and new features
https://github.com/malvuln/RansomLord/releases/tag/v1.0

RansomLord (NG) v1.0 Anti-Ransomware exploit tool.
Proof-of-concept tool that automates the creation of PE files, used to
exploit ransomware pre-encryption.

Lang: C
SHA256: ACB0C4EEAB421761B6C6E70B0FA1D20CE08247525641A7CD03B33A6EE3D35D8A

Deweaponize feature PoC video:...

Disclosure Yealink Cloud vulnerabilities

Full Disclosure - 23 June, 2025 - 22:11

Posted by Jeroen Hermans via Fulldisclosure on Jun 23

Dear all,

---Abstract---
Yealink RPS contains several vulnerabilities that can lead to leaking of
PII and/or MITM attacks.
Some vulnerabilities are unpatched even after disclosure to the
manufacturer.
---/Abstract---

We are Stefan Gloor and Jeroen Hermans. We are independent computer
security researchers working on a disclosure process for critical
vulnerabilities we found in Yealink telecommunication devices and
infrastructure.
In the...
Syndicate content