Category Archives: Full Disclosure

Full Disclosure

Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router

February 21, 2017 007admin

Posted by Indrajith AN on Feb 21

Title:
====

D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF)
vulnerability

Credit:
======

Name: Indrajith.A.N

Date:
====

21-02-2017

Vendor:
======

DIGISOL router is a product of Smartlink Network Systems Ltd. is one of
India’s leading networking company. It was established in the year 1993 to
prop the Indian market in the field of Network Infrastructure.

Product:
=======

DIGISOL DG-HR1400 is a wireless Router…

Full Disclosure

Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0)

February 21, 2017 007admin

Posted by Ian Ling on Feb 21

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/155127766533

Vendor:
=================
https://www.siklu.com/

Product:
======================
-Siklu EtherHaul (EH-*)

Vulnerability Details:
=====================

Siklu EtherHaul devices are vulnerable to an unauthenticated remote command
execution (RCE) vulnerability. This vulnerability allows an attacker to
execute commands and retrieve information…

Full Disclosure

Recon Montreal 2017 Call For Papers – June 16 – 18 – Montreal, Canada

February 21, 2017 007admin

Posted by cfpmontreal2017 on Feb 21

+
-6)) + +

+ + +
+

__u/__
. – ., _ ‘

‘
▀▄ ▄▀
+…

Full Disclosure

NETGEAR DGN2200v1/v2/v3/v4 – 'ping.cgi' Remote Command Execution

February 21, 2017 007admin

Posted by Kroppoloe on Feb 21

# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE
# Date: 2017-02-18
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link:
http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
# Version: 10.0.0.20 (initial) – 10.0.0.50 (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4

There’s a pretty nice command…

Full Disclosure

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

February 21, 2017 007admin

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained…

Full Disclosure

APPLE-SA-2017-02-21-1 GarageBand 10.1.6

February 21, 2017 007admin

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-1 GarageBand 10.1.6

GarageBand 10.1.6 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

GarageBand may be obtained from the Mac…

Full Disclosure