[FD] BINOM3 Electric Power Quality Meter Vulnerabilities

*Universal multifunctional Electric Power Quality Meter BINOM3 - Multiple Vulnerabilities* *About* The meters are designed for autonomous operation in automated systems: • SCADA systems • Data aquisition and transmission systems • Automated data and measurement systems for revenue and technical

[FD] Oxwall 1.8.0: XSS & Open Redirect

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Oxwall 1.8.0 (build 9900) Fixed in:1.8.2 Fixed Version Link: https://developers.oxwall.com/download Vendor Website: http://www.oxwall.org/ Vulnerability Type: XSS & Open Redirect Remote Exploitable:

[FD] MyBB 1.8.6: Improper validation of data passed to eval

Security Advisory - Curesec Research Team 1. Introduction Affected Product:MyBB 1.8.6 Fixed in:1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: Improper validation of data passed to eval

[FD] MyBB 1.8.6: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product:MyBB 1.8.6 Fixed in:1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes

[FD] MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords

Security Advisory - Curesec Research Team 1. Introduction Affected Product:MyBB 1.8.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: http://www.mybb.com/ Vulnerability Type: CSRF, Weak Hashing, Plaintext Passwords Remote Exploitable: Yes Reported to vendor:

[FD] Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936]

Original at: https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/ Summary Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can

[FD] Kajona 4.7: XSS & Directory Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Kajona 4.7 Fixed in:5.0 Fixed Version Link: https://www.kajona.de/en/Downloads/ downloads.get_kajona.html Vendor Website: https://www.kajona.de/ Vulnerability Type: XSS &

[FD] Peel Shopping 8.0.2: Object Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Peel Shopping 8.0.2 Fixed in:8.0.3 Fixed Version Link: www.peel-shopping.com Vendor Website: www.peel-shopping.com Vulnerability Type: Object Injection Remote Exploitable: Yes Reported to vendor:

[FD] Multiple vulnerabilities in ASUS RT-N10

Hello list! There are multiple vulnerabilities in ASUS Wireless Router RT-N10. There are Code Execution, Cross-Site Scripting and URL Redirector Abuse vulnerabilities. - Affected products: - Vulnerable are the next models: ASUS RT-N10, RT-N10E,

[FD] Keypatch v2.0 is out!

Greetings, (cc: Thanh Nguyen, VNSecurity) We are excited to release Keypatch 2.0, a better assembler for IDA Pro! This new version of Keypatch brings some important features, as follows. - Fix some issues with ARM architecture (including Thumb mode) - Better support for Python 2.6 & older IDA

Re: [FD] Brute force every Samsung repair customer's info with ease

Either Samsung reads this list or they just have great timing. Just shy of three weeks later they responded asking for more information. Hope they close it soon. On Mon, Sep 12, 2016 at 8:01 PM, Justa Person wrote: > Sure..Was having one heck of a time figuring out the

[FD] Security Advisory -- Multiple Vulnerabilities - MuM Map Edit

# Security Advisory -- Multiple Vulnerabilities - MuM Map Edit ## Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several

Re: [FD] Brute force every Samsung repair customer's info with ease

Sure..Was having one heck of a time figuring out the proper number to enter into the web form for my own repair and got to thinking about how terrible it seemed to disclose all that info based on just a ticket number and telephone number..And that I had tried a LOT of combinations from the info

Re: [FD] Brute force every Samsung repair customer's info with ease

You wish to give anymore info on how u came cross this? Please. Ta On 12 Sep 2016 17:45, "Justa Person" wrote: > Samsung has zero interest in fixing this and I'm tired of trying to report > it to them. Enjoy. > > http://pastebin.com/cKu2WDGV > >

[FD] APPLE-SA-2016-09-14-1 iOS 10.0.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-09-14-1 iOS 10.0.1 iOS 10.0.1 is now available and addresses the following: Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to disclose

[FD] APPLE-SA-2016-09-13-2 Xcode 8

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-09-13-2 Xcode 8 Xcode 8 is now available and addresses the following: otool Available for: OS X El Capitan 10.11.5 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code

[FD] APPLE-SA-2016-09-13-3 watchOS 3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-09-13-3 watchOS 3 watchOS 3 is now available and addresses the following: GeoServices Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermès Impact: An application may be able to read sensitive