Monthly Archive: July 2017

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before...

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component....

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "CoreAudio" component. It allows remote attackers to...

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash)....

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. Date published : 2017-07-20 https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_en.txt https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_es.txt

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. Date published : 2017-07-20 https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_en.txt https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_es.txt

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Date published : 2017-07-20 https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_en.txt https://www.tarlogic.com/advisories/Televes_CoaxData_Gateway_es.txt

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP...

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Date...

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. Date published : 2017-07-20 http://www.securityfocus.com/bid/99293/ https://cxsecurity.com/issue/WLB-2017060181

Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. Date published : 2017-07-20 https://blogs.securiteam.com/index.php/archives/2911#more-2911

NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if...

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use .. to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. Date published : 2017-07-20 http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/