[FD] XSS and CSRF vulnerabilities in ASUS RT-N10

2018-01-30 Thread MustLive
Hello list! There are multiple vulnerabilities in ASUS Wireless Router RT-N10. There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. - Affected products: - Vulnerable are the next models: ASUS RT-N10, RT-N10E, RT-N10LX

[FD] [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

2018-01-30 Thread Matthias Deeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2017-026 Product: Microsoft Surface Hub Keyboard Manufacturer: Microsoft Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Cryptographic Issues (CWE-310) Insufficient Protection against Replay

Re: [FD] Banknotes Misproduction security & biometric weakness

2018-01-30 Thread Jeffrey Walton
On Tue, Jan 30, 2018 at 4:08 AM, Vulnerability Lab wrote: > Document Title: > === > Banknotes Misproduction security & biometric weakness > ... > > Technical Details & Description: > > In the last months we reviewed the

[FD] Defense in depth -- the Microsoft way (part 49): fun with application manifests

2018-01-30 Thread Stefan Kanthak
Hi @ll, Microsoft built several bugs^W^Wfollowing features into the processing of (external) application manifests, i.e. XML files named .exe.manifest which can accompany any portable executable .exe JFTR: the file extension ".exe" is only used per convention; CreateProcess() and Windows

[FD] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

2018-01-30 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 > === title: Multiple Vulnerabilities product: Sprecher Automation SPRECON-E-C, PU-2433 vulnerable version: <8.49 (most vulnerabilities, see