Posted by Thomas Deutschmann on Mar 20

I requested a CVE via MITRE web form and received the following ID:

Posted by Carlos Silva on Mar 20

Hi.

It’s supposed to be fixed in SW 1.3.4:
https://dl.ubnt.com/firmwares/TOUGHSwitch/v1.3.4/changelog.txt

and XW 6.0.1:
https://dl.ubnt.com/firmwares/XW-fw/v6.0.1/changelog.txt

(don’t know about the rest of them)

Posted by bashis on Mar 20

Greetings,

With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua /
OEM units,
where knowledge comes from a report made by NSFOCUS and my own research on shodan.io.

With this knowledge, I will not release the Python PoC to the public as before said of April 5, as it is not necessary
when the PoC has already been verified by IPVM and other independent security researchers.
However,…

Posted by Kevin Beaumont on Mar 20

So this is a pretty big issue, which it looks like the Mimikatz guys
flagged in an all French blog post in 2011 but it flew under the radar.

I’ve written about it here:
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6#.o2af8u9op

Now, you might well say ‘If you have SYSTEM you already own the box’ – and
you’re right. But with one command…

Posted by Indrajith AN on Mar 20

Title:
======

Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.

CVE Details:
============
CVE-2017-6896

Reference:
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896
https://vuldb.com/sv/?id.97954
https://www.indrajithan.com/DIGISOL_router_previlage_escaltion

Credit:
======

Name: Indrajith.A.N
Website: https://www.indrajithan.com

Date:
====

13-03-2017

Vendor:
======

DIGISOL router is a…

Posted by hyp3rlinx on Mar 20

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY – v029_RC2
hash: d7212fb5bc4144ef895618187f532773

Also Vulnerable: v0.30 r15
hash: eac63550f837a98d5d52d0a19d938b91

ExtraPuTTY is a fork from 0.67 version of PuTTY….

Posted by Alexander Korznikov on Mar 18

Terminal Services / Console Session Hijacking can lead to Privilege
Escalation.

Vulnerability Details.

A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user’s session,
without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.

This is high risk vulnerability which allows any local admin to hijack a
session…

Posted by 陈彦羽 on Mar 18

Hello:
The following is my application vulnerabilities.
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Application: MetInfo
Versions Affected: 5.3.15
Vendor URL: http://www.metinfo.cn/
Software Link:…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: HumHub 0.20.1 / 1.0.0-beta.3
Fixed in: 1.0.0
Fixed Version https://www.humhub.org/en/download/default/form?version=1.0.0
Link: &type=zip
Vendor Website: https://www.humhub.org/
Vulnerability Code Execution
Type:
Remote Yes
Exploitable:
Reported to 01/10/2016
vendor:
Disclosed to 03/17/2017
public:
Release mode:…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: HumHub 1.0.1 and earlier
Fixed in: 1.1.1
Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1
Link: &type=zip
Vendor Website: https://www.humhub.org/
Vulnerability XSS
Type:
Remote Yes
Exploitable:
Reported to 01/10/2016
vendor:
Disclosed to 03/17/2017
public:
Release mode: Coordinated…