Hi,
Mitre has provided the following with the CVE number: CVE-2017-5900
there is a Stored XSS vulnerability in a NetComm router’s model NB16WV-02
running version NB16WV_R0.09, If authorized user is able to inject the
following string
POC:
Authenticated user is required:
http://<router_IP>/hdd.htm?rc=&S801F0334=/dkmvc%3C/script
%3E%3Cscript%3Ealert%28String.fromCharCode%28101,90,101,90%29
%29%3C/script%3Ed29f
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:
Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The contents of password-protected PDFs exported from iWork
may be exposed
Description: iWork used weak 40-bit RC4 encryption for password-
protected PDF exports. This issue was addressed by changing iWork…
Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don’t allow unprivileged
callers to circumvent AppLocker and SAFER rules via
| Checking for Proper Use of CreateProcess
|
| Calls to the CreateProcess API function are subject to attack if
| parameters are not specified correctly. AppVerifier generates an
| error if…