public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2017-7566
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
[DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later)
Posted by DefenseCode on Apr 06
Hi,
Few years ago, we have discovered a remotely exploitable preauth Format
String vulnerability in Broadcom UPnP implementation used in popular
routers.
Vendors were notified and advisory was published –
http://defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf .
Broadcom fixed the vulnerability in their UPnP implementation and some
router vendors did it also.
Vulnerability was initially discovered on Cisco Linksys (now Belkin)…
CVE-2016-10319
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
CVE-2017-2675
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file “at.obdev.littlesnitchd.plist” which gets installed to /Library/LaunchDaemons.
CVE-2017-7237
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks dataconfigurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
CVE-2017-7565
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
Posted by dxw Security on Apr 06
Details
================
Software: WordPress Firewall 2
Version: 1.3
Homepage: https://wordpress.org/plugins/wordpress-firewall-2/
Advisory report:
https://security.dxw.com/advisories/csrfstored-xss-in-wordpress-firewall-2-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF/stored XSS in WordPress Firewall 2 allows…
APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android
Posted by Apple Product Security on Apr 06
APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android
Apple Music 2.0 for Android is now available and addresses the
following:
Apple Music
Available for: Android version 4.3 or later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A certificate validation issue existed in Apple Music
for Android. This issue was addressed through improved certificate
validation.
CVE-2017-2387: David…
Apple Music Android Application – MITM SSL Certificate Vulnerability (CVE-2017-2387)
Posted by David Coomber on Apr 06
Apple Music Android Application – MITM SSL Certificate Vulnerability
(CVE-2017-2387)