Posted by Matthias Deeg on Feb 21

Advisory ID: SYSS-2016-117
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v1.01.00
Tested Version(s): v1.01.00
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-11-28
Solution Date: –
Public Disclosure: 2017-02-20
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)…

Posted by cfpmontreal2017 on Feb 21

+
-6)) + +

+

+ + +
+

__u/__
. – ., _ ‘

‘
▀▄ ▄▀
+…

Posted by Ian Ling on Feb 21

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/155127766533

Vendor:
=================
https://www.siklu.com/

Product:
======================
-Siklu EtherHaul (EH-*)

Vulnerability Details:
=====================

Siklu EtherHaul devices are vulnerable to an unauthenticated remote command
execution (RCE) vulnerability. This vulnerability allows an attacker to
execute commands and retrieve information…

Posted by Kroppoloe on Feb 21

# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE
# Date: 2017-02-18
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link:
http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
# Version: 10.0.0.20 (initial) – 10.0.0.50 (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4

There’s a pretty nice command…

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-1 GarageBand 10.1.6

GarageBand 10.1.6 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

GarageBand may be obtained from the Mac…

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained…

Posted by hyp3rlinx on Feb 21

[+] Credits: John Page AKA Hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.sawmill.net

Product:
========================
Sawmill Enterprise v8.7.9

sawmill8.7.9.4_x86_windows.exe
hash: b7ec7bc98c42c4908dfc50450b4521d0

Sawmill is a powerful heirarchical log analysis tool that runs on every…

Posted by hyp3rlinx on Feb 21

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt
[+] ISR: ApparitionSec

Vendor:
==================================
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/

Product:
==============
PHPShell v2.4

Vulnerability Type:
===================
Session Fixation

CVE Reference:
==============
N/A

Security Issue:…

Posted by hyp3rlinx on Feb 21

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-CROSS-SITE-SCRIPTING.txt
[+] ISR: ApparitionSec

Vendor:
==========
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/

Product:
=============
PHPShell v2.4

Vulnerability Type:
====================
Cross Site Scripting

CVE Reference:
==============
N/A

Security Issue:
================…