SAP Fixes A Dozen Vulnerabilities in HANA

SAP patched a dozen holes in its in-memory management system, HANA, that could have led to SQL injection attacks, cross-site scripting XSS errors, and memory corruption vulnerabilities. Many of the bugs were addressed by the company months ago, but it wasn’t until Tuesday that Onapsis, the securi...

SAP Afaria product exposed a series of serious vulnerabilities that affect a large number of mobile device-bug warning-the black bar safety net

Afaria is the German SAP software company developed a mobile device management MDM solutions that are currently on the market the most popular MDM solutions, there are about 6 3 0 0 a enterprise which manages 1 billion 3 0 0 million of the mobile device. ERPScan is specifically responsible for th...

QNAP Logging Error Encryption Key Vulnerability

NAP Turbo NAS Series Devices is a storage device with software support for real-time backup, data synchronization and scheduled backup. NAP Turbo NAS Series Devices has a security vulnerability where the syslog encryption key is logged to an unencrypted hard disk partition and is globally readabl...

Script Kiddies can Now Create their Own Ransomware using This Kit

Don't panic! You heard it right. A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub. The Ransomware dubbed Hidden Tear, uses AES Encryption to lock down files before displaying a ransom message warning to get users...

SAP HANA system exposed to security vulnerabilities, static key exists in the database-vulnerability warning-the black bar safety net

! SAP is well-known in-memory database management system HANA was traced to the presence of security vulnerabilities, static encryption key is actually stored in the database. SAP HANA is SAP ever the fastest-growing products. Vulnerability overview ERPScan researchers held in Amsterdam the black...

Toshiba CHEC Built-in Encryption Key Information Disclosure Vulnerability

Toshiba CHEC is a product of Toshiba Corporation. Toshiba CHEC has a security vulnerability due to the inclusion of a built-in encryption key in the CreateBossCredentials.jar file. This allows an attacker with access to bossinfo.pro to decrypt content, including BOSS database information, using t...

Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam

Since the Angler Exploit Kit began in late May spreading Cryptowall 3.0 ransomware, traffic containing the malware has continued to grow, putting more potential victims in harm’s way. Today, the SANS Internet Storm Center reported that Cryptowall 3.0 infections are emanating from not only the...

SysAid < 15.2 Multiple Vulnerabilities

SysAid Help Desktop Software is prone to multiple vulnerabilities Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2015-2998

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...

Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...

CVE-2015-2998

SysAid Help Desk (before version 15.2) is affected by CVE-2015-2998 due to a hardcoded encryption key used to encrypt sensitive data. The vulnerability allows remote attackers to obtain sensitive information by decrypting the database password stored in WEB-INF/conf/serverConf.xml, as demonstrate...

FreeBSD ZFS encryption.key Disclosure Vulnerability

FreeBSD is a UNIX operating system. The FreeBSD 10.x installer supports installations on the encryption ZFS file system by default. After installing the encryption system using ZFS in versions 10.0 and 10.1, there is an incorrect permission restriction on encryption.key that allows local users to...

Seagate Confirms NAS Zero Day, Won't Patch Until May

Seagate, over the weekend, confirmed the zero-day vulnerability in its Seagate Business Storage 2-Bay NAS boxes disclosed March 1. But in the same breath, told customers exposed to the vulnerability that a patch is still two months away. “For those customers who choose to keep their networks open...

Seagate Business NAS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...

Change to Lollipop Encryption Policy May Not Have Much Effect, Experts Say

Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, b...

Signal 2.0 Brings Encrypted Messaging to iPhone

The sanctity of Apple iMessage end-to-end encryption has been challenged by white hats who in 2013 reverse engineered the protocol behind it, revealing that Apple controls the key infrastructure and could, in turn, be compelled to turn over messages via government order. CEO Tim Cook denied those...

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

Siemens SIMATIC WinCC (TIA Portal) 13 < 13 SP1 Multiple Vulnerabilities (SSA-543623)

Binary data scadasiemenstiawinccmultiplevulnerabilitiesSSA-543623.nbin...

CVE-2014-4818

dsmtca in the client in IBM Tivoli Storage Manager TSM 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors...

Design/Logic Flaw

dsmtca in the client in IBM Tivoli Storage Manager TSM 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors...