Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

Latest Posts

83 vulnerabilities in Vasion Print / PrinterLogic Pierre Kim (Apr 13)
No message preview for long message of 656780 bytes.

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x) Rafael Pedrero (Apr 13)
<!--
# Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and
11.1.0 (as well as legacy 9.x)
# Date: 2024-10-20
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.crushftp.com/
# Software Link: https://www.crushftp.com/download/
# Version: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
# Tested on: all
# CVE : CVE-2025-32102
# Vulnerability: CWE-918
# Category: webapps

1. Description

CrushFTP 9.x...

Re: APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2 Nick Boyce (Apr 13)
[Complete Apple product novice here (my devices all run a non-Apple
OS), but I'm asking for a friend]

Could someone please clarify the following part of the advisory for me:

Does this mean the update will be available via the "Software Update"
feature on an iPhone - or not ?

The quoted paragraph of Apple's advisory is a bit
Schroedinger's-Cat-ish - the update is both available and not
available.

Thanks,

Nick

[...]...

[KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability Egidio Romano (Apr 13)
------------------------------------------------------------------------------------
UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection
Vulnerability
------------------------------------------------------------------------------------

[-] Software Links:

https://unacms.com

https://github.com/unacms/una

[-] Affected Versions:

All versions from 9.0.0-RC1 to 14.0.0-RC4.

[-] Vulnerability Description:

The vulnerability...

OXAS-ADV-2025-0001: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Apr 13)
Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2025/oxas-adv-2025-0001.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

APPLE-SA-04-01-2025-1 watchOS 11.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-04-01-2025-1 watchOS 11.4

watchOS 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122376.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirDrop
Available for: Apple Watch Series 6 and later
Impact: An app may be able to read arbitrary file metadata
Description: A...

APPLE-SA-03-31-2025-11 visionOS 2.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-11 visionOS 2.4

visionOS 2.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122378.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: Apple Vision Pro
Impact: Sensitive keychain data may be accessible from an iOS backup
Description: This issue...

APPLE-SA-03-31-2025-10 tvOS 18.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-10 tvOS 18.4

tvOS 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122377.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirDrop
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read arbitrary file metadata
Description: A...

APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5

macOS Ventura 13.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122375.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AccountPolicy
Available for: macOS Ventura
Impact: A malicious app may be able to gain root privileges
Description:...

APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5

macOS Sonoma 14.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122374.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AccountPolicy
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: This...

APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-7 macOS Sequoia 15.4

macOS Sequoia 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122373.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logging...

APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4

iOS 15.8.4 and iPadOS 15.8.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122345.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st...

APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11

iOS 16.7.11 and iPadOS 16.7.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122346.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...

APPLE-SA-03-31-2025-4 iPadOS 17.7.6 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-4 iPadOS 17.7.6

iPadOS 17.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122372.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Sensitive keychain...

APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4 Apple Product Security via Fulldisclosure (Apr 02)
APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4

iOS 18.4 and iPadOS 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122371.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

More Lists

Dozens of other network security lists are archived at SecLists.Org.