date:20170221

[FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks

2017-02-21 Thread Matthias Deeg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-117 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v1.01.00 Tested Version(s): v1.01.00 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open

[FD] Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass

2017-02-21 Thread Timothy D. Morgan

Overview Recently, an vulnerability in Java's FTP URL handling code has been published which allows for protocol stream injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send unauthorized email from Java applications via the SMTP

[FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

2017-02-21 Thread Kroppoloe

# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE # Date: 2017-02-18 # Exploit Author: SivertPL # Vendor Homepage: http://netgear.com/ # Software Link:

[FD] APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

2017-02-21 Thread Apple Product Security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Logic Pro X 10.3.1 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or later (64 bit) Impact: Opening a maliciously crafted GarageBand Project file may lead to

[FD] PHPShell v2.4 Cross Site Scripting

2017-02-21 Thread hyp3rlinx

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-CROSS-SITE-SCRIPTING.txt [+] ISR: ApparitionSec Vendor: == sourceforge.net/projects/phpshell/ phpshell.sourceforge.net/ Product:

[FD] APPLE-SA-2017-02-21-1 GarageBand 10.1.6

2017-02-21 Thread Apple Product Security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-02-21-1 GarageBand 10.1.6 GarageBand 10.1.6 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or later Impact: Opening a maliciously crafted GarageBand Project file may lead to arbitrary code

[FD] PHPShell v2.4 Session Fixation

2017-02-21 Thread hyp3rlinx

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt [+] ISR: ApparitionSec Vendor: == sourceforge.net/projects/phpshell/ phpshell.sourceforge.net/

[FD] Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass

2017-02-21 Thread hyp3rlinx

[+] Credits: John Page AKA Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt [+] ISR: ApparitionSec Vendor: === www.sawmill.net Product: Sawmill

[FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks

[FD] Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass

[FD] NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

[FD] APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

[FD] PHPShell v2.4 Cross Site Scripting

[FD] APPLE-SA-2017-02-21-1 GarageBand 10.1.6

[FD] PHPShell v2.4 Session Fixation

[FD] Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass

8 matches

Site Navigation

Mail list logo

Footer information