-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-117
Product: ABUS Secvest (FUAA5)
Manufacturer: ABUS
Affected Version(s): v1.01.00
Tested Version(s): v1.01.00
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Overview
Recently, an vulnerability in Java's FTP URL handling code has been published
which allows for protocol stream injection. It has been shown[1] that this flaw
could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP
# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE
# Date: 2017-02-18
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
Logic Pro X 10.3.1 is now available and addresses the following:
Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-CROSS-SITE-SCRIPTING.txt
[+] ISR: ApparitionSec
Vendor:
==
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/
Product:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2017-02-21-1 GarageBand 10.1.6
GarageBand 10.1.6 is now available and addresses the following:
Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt
[+] ISR: ApparitionSec
Vendor:
==
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/
[+] Credits: John Page AKA Hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
===
www.sawmill.net
Product:
Sawmill