Hacking

Full Disclosure mailing list archives [SYSS-2016-117] ABUS Secvest (FUAA50000) – Missing Protection against Replay Attacks From: Matthias Deeg <matthias.deeg () syss de> Date: Mon, 20 Feb 2017 12:18:30 +0100 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 Advisory ID: SYSS-2016-117 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v1.01.00 Tested Version(s): v1.01.00…

Read More

Full Disclosure mailing list archives Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router From: Indrajith AN <indu.an444 () gmail com> Date: Tue, 21 Feb 2017 13:24:16 +0530 Title: ==== D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability Credit: ====== Name: Indrajith.A.N Date: ====…

Read More

Full Disclosure mailing list archives Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass From: “Timothy D. Morgan” <tim.advisories () blindspotsecurity com> Date: Mon, 20 Feb 2017 08:20:16 -0800 Overview Recently, an vulnerability in Java’s FTP URL handling code has been published which allows for protocol stream injection. It has…

Read More

Full Disclosure mailing list archives Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0) From: Ian Ling <iancling () gmail com> Date: Mon, 20 Feb 2017 12:30:36 -0800 [+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://blog.iancaling.com/post/155127766533 Vendor: ================= https://www.siklu.com/ Product: ====================== -Siklu EtherHaul (EH-*) Vulnerability Details: ===================== Siklu EtherHaul…

Read More

Full Disclosure mailing list archives NETGEAR DGN2200v1/v2/v3/v4 – ‘ping.cgi’ Remote Command Execution From: Kroppoloe <kroppoloe () protonmail ch> Date: Sun, 19 Feb 2017 13:08:08 -0500 # Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE # Date: 2017-02-18 # Exploit Author: SivertPL # Vendor Homepage: http://netgear.com/ # Software Link: http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip #…

Read More

Full Disclosure mailing list archives APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 From: Apple Product Security <product-security-noreply () lists apple com> Date: Tue, 21 Feb 2017 10:52:51 -0800 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Logic Pro X 10.3.1 is now available and addresses the following: Projects Available…

Read More

Full Disclosure mailing list archives APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 From: Apple Product Security <product-security-noreply () lists apple com> Date: Tue, 21 Feb 2017 10:52:51 -0800 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Logic Pro X 10.3.1 is now available and addresses the following: Projects Available…

Read More

Full Disclosure mailing list archives APPLE-SA-2017-02-21-1 GarageBand 10.1.6 From: Apple Product Security <product-security-noreply () lists apple com> Date: Tue, 21 Feb 2017 10:52:48 -0800 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2017-02-21-1 GarageBand 10.1.6 GarageBand 10.1.6 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or…

Read More