lhhrelectronictechnologydevelopment.tradenote.net XSS vulnerability

Open Bug Bounty ID: OBB-454085 Description| Value ---|--- Affected Website:| lhhrelectronictechnologydevelopment.tradenote.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation...

openSUSE Security Update : fossil (openSUSE-2017-1365)

This update for fossil to version 2.4 fixes the following issues : - CVE-2017-17459: Client-side code execution via crafted 'ssh://' URLs bsc1071709 The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or...

Unspecified Vulnerability in SAP BASIS SAP Note Assistant

SAP BASIS is Germany SAP SAP company engaged in sap system management of a role, mainly responsible for sap system planning, installation, configuration, monitoring, maintenance, tuning, etc. SAP Note Assistant is one of the Note problem-solving aids. Mainly responsible for sap system planning,...

CVE-2017-16691

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

Design/Logic Flaw

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

CVE-2017-16691

Summary (CVE-2017-16691) : A vulnerability in SAP Note Assistant (part of SAP BASIS releases 7.00–7.02, 7.10–7.11, 7.30, 7.31, 7.40, 7.50–7.52) arises from insecure signature validation of SAP Notes archives. During SAR handling, signature verification is coupled with extraction via SAPCAR, which...

Napoleon: a new version of Blind ransomware

The ransomware previously known as Blind has been spotted recently with a .napoleon extension and some additional changes. In this post, we'll analyze the sample for its structure, behavior, and distribution method. Analyzed samples 31126f48c7e8700a5d60c5222c8fd0c7 - Blind ransomware the first...

Cross site scripting

Cross-Site Scripting XSS exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292...

CVE-2017-14516

Cross-Site Scripting XSS exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292...

CVE-2017-14516

Cross-Site Scripting XSS exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292...

CVE-2017-14516

SAP Business Objects Financial Consolidation is affected by a Cross-Site Scripting (XSS) vulnerability prior to 2017-06-13 (SAP Security Note 2422292). The issue is documented across multiple sources (NVD/CNVD/CVE records) with common description: XSS in the Financial Consolidation component befo...

SAP Note Assistant Insecure handling of SAP Notes signature vulnerability

Advisory ID Internal CORE-2017-0011 1. Advisory Information Title: SAP Note Assistant Insecure handling of SAP Notes signature vulnerability Advisory ID: CORE-2017-0011 Advisory...

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex...

Gratipay: Saying goodbye to HackerOne and Gratipay.

Thank you, HackerOne I would like to make this the final report to Gratipay and thank everyone that was involved in this amazing journey. Gratipay is shutting down at the end of the year https://gratipay.news/the-end-cbfba8f50981 and to finish on a happy note we closed all of our reports as...

Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2017-2998)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2998 advisory. 1:1.8.0.151-1.b12 - repack policies adapted to new counts and paths - note that also c-j-c is needed to make this apply in next update - Resolves:...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6355. Reason: This candidate is a duplicate of CVE-2014-6355. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6355 instead of this candidate. All references and descriptions in this...

CVE-2017-15296

The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964...

CVE-2017-15295

Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064...

CVE-2017-15297

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993...

CVE-2017-15296

The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964...