SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate wgate.dll ~service Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to...

SAP Internet Transaction Server 6.10/6.20 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20244/info SAP Internet Transaction Server ITS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow an attacker to steal...

sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal file disclosure vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8516/info SAP is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of sensitive files. The problem occurs due to the application failing to parse user-supplied...

SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String Javascript Splicing XSS

No description provided by source. source: http://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to...

CiviCRM 3.1 < Beta 5 Multiple XSS Vulnerabilities

No description provided by source. Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: 3.1 Beta 5, Tested on 3.1 Beta 1 Tested on: BT4 pre-final Greetz ...

phpCoupon Remote Payment Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25116/info phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions. Successfully exploiting this issue allows remote attackers to perform...

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8517/info The 'wgate.dll' componenet of SAP Internet Transaction Server has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on data supplied to the...

Oracle Business Transaction Management FlashTunnelService Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion

No description provided by source. Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion tested against: Microsoft Windows Server 2003 r2 sp2 Oracle WebLogic Server 12c 12.1.1 Oracle Business Transaction Management Server 12.1.0.2.7 Production version...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

Cross site request forgery (csrf)

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

CVE-2014-4048

CVE-2014-4048 affects the Asterisk Open Source PJSIP Channel Driver up to version 12.3.0. An attacker (remote, potentially after bypassing authentication per AST-2014-008) can terminate a subscription before it completes, triggering a SIP transaction timeout and causing a deadlock in the thread s...

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

Asterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when...

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...

Ninth Grade Students Hack into ATM Machine during School Lunch Break

When I was in school, I used to play outdoor games like basketball and badminton. When I was in college, I started taking more interest in playing computer games rather going out. But nowadays, children have completely changed their hobbies to programming, hacking, bug bounties in such a ways tha...

CVE-2014-3042

IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service storage overlay by using a 3270 emulator to send an invalid 3270 data stream...

CVE-2014-3042

The CVE-2014-3042 entry affects IBM CICS Transaction Server running on z/OS (versions 3.1–5.1). The vulnerability arises from improper handling of CEMT transactions, where remote authenticated users can trigger a denial of service (storage overlay) by sending an invalid 3270 data stream via a 327...

CVE-2014-3042

IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service storage overlay by using a 3270 emulator to send an invalid 3270 data stream...