fulldisclosure-logo-17
left-icon-16x16-17
right-icon-16x16-17

[SE-2011-01] The origin and impact of vulnerabilities in ST chipsets

Full Disclosure mailing list archives [SE-2011-01] The origin and impact of vulnerabilities in ST chipsets From: Security Explorations Date: Sat, 21 Apr 2018 09:47:20 +0200 Hello All, We have published an initial document describing the origin and impact of the vulnerabilities discovered in ST chipsets along some rationale indicating why it’s worth to dig further into this case: http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf This …

fulldisclosure-logo-16
left-icon-16x16-16
right-icon-16x16-16

wifi and z-wave smart home from zibreo

Full Disclosure mailing list archives   By Date           By Thread         wifi and z-wave smart home from zibreo From: Larry Date: Fri, 20 Apr 2018 21:24:23 +0800 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/   By Date           By Thread   Current thread: wifi and z-wave smart home from zibreo Larry (Apr 20) Read Original …

fulldisclosure-logo-15
left-icon-16x16-15
right-icon-16x16-15

Full Disclosure: Microsoft (Win 10) InternetExplorer v11.371.16299.0

Full Disclosure mailing list archives Microsoft (Win 10) InternetExplorer v11.371.16299.0 – Denial Of Service From: hyp3rlinx Date: Fri, 20 Apr 2018 13:17:02 -0400 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-(Win-10)-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: =======www.microsoft.com Product: ======== Internet Explorer (Windows 10) v11.371.16299.0 Internet Explorer is a series of graphical web browsers developed by Microsoft and …

fulldisclosure-logo-14
left-icon-16x16-14
right-icon-16x16-14

Foxit Reader 8.3.1.21155 ( Unsafe DLL Loading Vulnerability )

Full Disclosure mailing list archives   By Date           By Thread         Foxit Reader 8.3.1.21155 ( Unsafe DLL Loading Vulnerability ) From: Whatis Yourbug Date: Fri, 20 Apr 2018 11:35:29 +0800 Author: Ye Yint Min Thu Htut 1. OVERVIEW The Foxit Reader is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote …

fulldisclosure-logo-13
left-icon-16x16-13
right-icon-16x16-13

Full Disclosure: [CVE-2017-5641] – DrayTek Vigor ACS 2 Java Deserialisation RCE

Full Disclosure mailing list archives [CVE-2017-5641] – DrayTek Vigor ACS 2 Java Deserialisation RCE From: Pedro Ribeiro Date: Thu, 19 Apr 2018 16:12:09 +0700 Hi all, tl;dr DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited …

fulldisclosure-logo-12
left-icon-16x16-12
right-icon-16x16-12

Seagate Media Server path traversal vulnerability

Full Disclosure mailing list archives   By Date           By Thread         Seagate Media Server path traversal vulnerability From: Summer of Pwnage via Fulldisclosure Date: Thu, 19 Apr 2018 19:28:21 +0200 ———————————————————————— Seagate Media Server path traversal vulnerability ———————————————————————— Yorick Koster, September 2017 ———————————————————————— Abstract ———————————————————————— Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that Seagate …

fulldisclosure-logo-11
left-icon-16x16-11
right-icon-16x16-11

Seagate Media Server stored Cross-Site Scripting vulnerability

Full Disclosure mailing list archives   By Date           By Thread         Seagate Media Server stored Cross-Site Scripting vulnerability From: Summer of Pwnage via Fulldisclosure Date: Thu, 19 Apr 2018 19:27:43 +0200 ———————————————————————— Seagate Media Server stored Cross-Site Scripting vulnerability ———————————————————————— Yorick Koster, September 2017 ———————————————————————— Abstract ———————————————————————— Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). By default Seagate …

fulldisclosure-logo-10
left-icon-16x16-10
right-icon-16x16-10

Seagate Personal Cloud allows moving of arbitrary files

Full Disclosure mailing list archives   By Date           By Thread         Seagate Personal Cloud allows moving of arbitrary files From: Summer of Pwnage via Fulldisclosure Date: Thu, 19 Apr 2018 19:26:51 +0200 ———————————————————————— Seagate Personal Cloud allows moving of arbitrary files ———————————————————————— Yorick Koster, September 2017 ———————————————————————— Abstract ———————————————————————— Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It …

fulldisclosure-logo-9
left-icon-16x16-9
right-icon-16x16-9

Full Disclosure: Kodi

Full Disclosure mailing list archives Kodi From: Manuel Garcia Cardenas Date: Mon, 16 Apr 2018 20:40:29 +0200 ============================================= MGC ALERT 2018-003 – Original release date: March 19, 2018 – Last revised: April 16, 2018 – Discovered by: Manuel Garcia Cardenas – Severity: 4,8/10 (CVSS Base Score) – CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY ————————- Kodi   By Date           By Thread   Current …

fulldisclosure-logo-8
left-icon-16x16-8
right-icon-16x16-8

SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application

Full Disclosure mailing list archives   By Date           By Thread         secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application From: Simon Bieber Date: Mon, 9 Apr 2018 14:36:22 +0000 Affected Products OCS Inventory NG ocsreports 2.4 OCS Inventory NG ocsreports 2.3.1 (older/other releases have not been tested) References https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt (used for updates) https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/ (Release announcement of OCS Inventory …