Design/Logic Flaw

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...

Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240

The administrative linker functionality in Atlassian Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...

Microsoft Dynamics 365 (online and on-premises) Update 8.2.3

Microsoft Dynamics 365 online and on-premises Update 8.2.3 INTRODUCTION Microsoft Dynamics 365 online and on-premises Update 8.2.3 is now available. This article describes the hotfixes and updates that are included in Service Update 8.2.3. MORE INFORMATION Update package| Version number ---|---...

Debian DLA-1666-1 : freerdp security update

For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of the Microsoft RDP protocol server and client side with freerdp-x11 being the most common RDP client these days. Functional improvements : With help...

[SECURITY] [DLA 1666-1] freerdp security update

Package : freerdp Version : 1.1.0git20140921.1.440916e+dfsg1-13deb8u3 CVE ID : CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Debian Bug : For the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of t...

MS05-001: Vulnerability in HTML Help could allow code execution

MS05-001: Vulnerability in HTML Help could allow code execution Microsoft has released security bulletin MS05-001. The security bulletin contains all the relevant information about the security update. This includes file manifest information and deployment options. To view the complete security...

Prototype Pollution in defaults-deep

All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation As no patch is currently available for this vulnerability it is our...

Improper access control

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques. All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io thanks @ConsciousHacker for this bit of eyecandy and the team ov...

Cannot connect to company network" when accessing O365 accounts

Citrix documentation indicates Secure Mail is supposed to support an MS hosted O365 back end account but user is unable to get a known good O365 account to function with Secure Mail. That same account works fine either via the web or via the Mobile Outlook App but I cannot get it to connect when...

[SECURITY] Fedora 28 Update: gnupg2-2.2.12-1.fc28

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Authentication flaw

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device...

CVE-2019-3910

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device...

Linux: Package updates available

Package updates may include vulnerability fixes or new functionality to a package. Keeping the packages to the newest available version reduces the risk of a successful attack. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions

Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...

CVE-2019-2499

CVE-2019-2499 affects Oracle PeopleSoft Enterprise PeopleTools, subcomponent PIA Search Functionality, with affected versions 8.55–8.57. The vulnerability allows an unauthenticated attacker with network access via HTTP to impact data via PeopleTools, with potential unauthorized update/insert/dele...

[SECURITY] Fedora 29 Update: php-horde-Horde-Form-2.0.19-1.fc29

The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...

[SECURITY] Fedora 28 Update: php-horde-Horde-Form-2.0.19-1.fc28

The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...

Information Disclosure

Linxu kernel is vulnerable to information disclosure. It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this...

Information Disclosure

cumin is vulnerable to information disclosure attacks. The vulnerability exists as Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via...