HackDig : Dig high-quality web security articles for hacker

pfsense 2.3.2: Code Execution

Security Advisory - Curesec Research Team1. IntroductionAffected Product: pfsense 2.3.2Fixed in: 2.3.3Fixed Version Link: https://pfsense.org/download/Vendor Website: https://www.pfsense.org/Vulnerability Type: Code ExecutionRemote Exploitable: YesReported to vendor: 02/06/2017Disclosed to public: 03/24/2017Release mode: Coordin
Publish At:2017-03-28 08:47 | Read:71 | Comments:0 | Tags:No Tag

pfsense 2.3.2: XSS

Security Advisory - Curesec Research Team1. IntroductionAffected Product: pfsense 2.3.2Fixed in: 2.3.3Fixed Version Link: https://pfsense.org/download/Vendor Website: https://www.pfsense.org/Vulnerability Type: XSSRemote Exploitable: YesReported to vendor: 02/06/2017Disclosed to public: 03/24/2017Release mode: Coordinated Releas
Publish At:2017-03-28 08:47 | Read:101 | Comments:0 | Tags: Xss

pfsense 2.3.2: CSRF

Security Advisory - Curesec Research Team1. IntroductionAffected Product: pfsense 2.3.2Fixed in: 2.3.3Fixed Version Link: https://pfsense.org/download/Vendor Website: https://www.pfsense.org/Vulnerability Type: CSRFRemote Exploitable: YesReported to vendor: 02/06/2017Disclosed to public: 03/24/2017Release mode: Coordinated Relea
Publish At:2017-03-28 08:47 | Read:116 | Comments:0 | Tags: Csrf

Vulnerabilities in Transcend Wi-Fi SD Card

Hello list!All your photos and videos are belong to me. If they are on Transcend flashcard :-).There are Predictable Resource Location, Brute Force and Cross-Site RequestForgery vulnerabilities in Transcend Wi-Fi SD Card.-------------------------Affected products:-------------------------Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v
Publish At:2017-03-28 08:47 | Read:34 | Comments:0 | Tags:No Tag

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are nowavailable and address the following:ExportAvailable for: macOS 10.12 Sierra or later, iOS 10 or laterImpact: The contents of password-protected PDFs exported from iWorkmay be exposedDescri
Publish At:2017-03-28 08:46 | Read:61 | Comments:0 | Tags: IOS

CVE-2017-5900

Hi,Mitre has provided the following with the CVE number: CVE-2017-5900there is a Stored XSS vulnerability in a NetComm router's model NB16WV-02running version NB16WV_R0.09, If authorized user is able to inject thefollowing stringPOC:Authenticated user is required:http://<router_IP>/hdd.htm?rc=&S801F0334=/dkmvc%3C/script%3E%3Cscript%3Ealert%28S
Publish At:2017-03-28 08:46 | Read:140 | Comments:0 | Tags:No Tag

DzSoft PHP Editor v4.2.7 File Enumeration [**UPDATED FIXED TYPO]

[+] Credits: John Page AKA hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt[+] ISR: ApparitionSecVendor:==============www.dzsoft.comProduct:=========================DzSoft PHP Editor v4.2.7DzSoft PHP Editor is a tool for writing and testing PHP and HTML pages.Vul
Publish At:2017-03-28 08:46 | Read:95 | Comments:0 | Tags:No Tag

Outlook Remote Crashing Bug

Hi,Just wanted to let you know I've released a blog post discussing an interesting Outlook bug (remote crashing, or?), feel free to reach me for discussions of the exploitability of the bug.http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-bug.htmlAn Interesting Outlook Bug<http://justhaifei1.blogspot.com/2017/03/an-interesting-outlook-b
Publish At:2017-03-28 08:46 | Read:69 | Comments:0 | Tags:No Tag

APPLE-SA-2017-03-27-2 Safari 10.1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-2 Safari 10.1Safari 10.1 is now available and addresses the following:CoreGraphicsAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,and macOS Sierra 10.12.4Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: Multiple memory corrupti
Publish At:2017-03-28 08:46 | Read:113 | Comments:0 | Tags:No Tag

APPLE-SA-2017-03-27-4 iOS 10.3

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-4 iOS 10.3iOS 10.3 is now available and addresses the following:AccountsAvailable for: iPhone 5 and later, iPad 4th generation and later,iPod touch 6th generation and laterImpact: A user may be able to view an Apple ID from the lock screenDescription: A prompt management issue was addressed b
Publish At:2017-03-28 08:45 | Read:128 | Comments:0 | Tags: IOS

APPLE-SA-2017-03-27-5 watchOS 3.2

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-5 watchOS 3.2watchOS 3.2 is now available and addresses the following:AudioAvailable for: All Apple Watch modelsImpact: Processing a maliciously crafted audio file may lead toarbitrary code executionDescription: A memory corruption issue was addressed through improvedinput validation.CVE-2017
Publish At:2017-03-28 08:45 | Read:61 | Comments:0 | Tags:No Tag

APPLE-SA-2017-03-27-7 macOS Server 5.3

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-7 macOS Server 5.3macOS Server 5.3 is now available and addresses the following:Profile ManagerAvailable for: macOS 10.12.4 and laterImpact: A remote user may be able to cause a denial-of-serviceDescription: A crafted request may cause a global cache to growindefinitely, leading to a denial-o
Publish At:2017-03-28 08:45 | Read:101 | Comments:0 | Tags:No Tag

APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update2017-001 El Capitan, and Security Update 2017-001 YosemitemacOS Sierra 10.12.4, Security Update 2017-001 El Capitan,and Security Update 2017-001 Yosemite are now available andaddress the following:apacheAvailable for: macOS Sierra 10.12.3Impact: A remote
Publish At:2017-03-28 08:45 | Read:42 | Comments:0 | Tags:No Tag

APT29 group used domain fronting to evade detection long before these techniques were widely known

Experts at FireEye discovered the APT29 group adopted domain fronting long before these techniques were widely known in the IT security community. Security firm FireEye continues to follow APT29 group (aka The Dukes, Cozy Bear and Cozy Duke), on Monday it revealed that the cyber spies have been using a technique called “domain fronting” to make hard the attr
Publish At:2017-03-28 08:30 | Read:71 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence

Are you a Docs.com user? Watch out you may have leaked passwords and other precious data

Thousands of users of the Microsoft searchable Docs.com service have inadvertently exposed passwords and other private information on the Internet. Bad news for thousands of users of the Microsoft searchable Docs.com service who have inadvertently exposed passwords and other private information on the Internet. The Docs.com service allows people to easily ex
Publish At:2017-03-28 08:30 | Read:105 | Comments:0 | Tags:Breaking News Data Breach Digital ID data leak Docs.com Micr

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud