[FD] Aerohive HiveManager Classic privilege escalation and auth code execution vulnerability

I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and centralized monitoring of thousands of Aerohive access points, swi

[FD] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt [+] ISR: apparitionSec Vendor: === www.cesanta.com Product: == Mongoose Web Server

[FD] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security of "Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol" is posted here: https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulne

[FD] EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP)

EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory - Hardware Version/Model: 4GEE WiFi MBB (EE60VB-2AE8G83). Vulnerable Software Version: EE60_00_05.00_25. Patched Software Version: EE60_00_05.00_31. Product URL: https://shop.ee.co.u

[FD] ESA-2017-099: EMC AppSync SQL Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-099: EMC AppSync SQL Injection Vulnerability EMC Identifier: ESA-2017-099 CVE Identifier: CVE-2017-8015 Severity Rating: CVSS v3 Base Score: 8.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) Affected products: EMC AppSync all versions prior to 3