CloudPets Notifies California AG of Data Breach

Spiral Toys, the parent company behind CloudPets, yesterday sent the California Attorney General a breach notification that on many fronts contradicts what experts have said about a database breach that exposed user data and private voice messages, many of which were made by children. The...

SAP Hostcontrol unprotected web method / DOS

Application: SAP Host Agent Versions Affected: SAP Host Agent 7.21 Vendor URL: SAP Bugs: Missing Authentication Reported: 27.02.2017 Vendor response: 28.02.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2442993 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

Note Press < 0.1.2 - SQL Injection

The Note Press WordPress plugin was affected by a SQL Injection security vulnerability...

Keyboard For Galaxy Note 3 - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Keyboard For Galaxy Note 3 published at the 'play' market has multiple vulnerabilities...

Design/Logic Flaw

The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service memory consumption and process crash via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972...

Threat Outbreak Alert RuleID27499: Email Messages Distributing Malicious Software on January 27, 2017

Medium Alert ID: 52447 First Published: 2017 January 27 18:10 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27499 may contain the following files: Name |...

Code injection

Odata Server in SAP Adaptive Server Enterprise ASE 16 allows remote attackers to cause a denial of service process crash via a series of crafted requests, aka SAP Security Note 2330422...

Authorization

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5371

Odata Server in SAP Adaptive Server Enterprise ASE 16 allows remote attackers to cause a denial of service process crash via a series of crafted requests, aka SAP Security Note 2330422...

CVE-2017-5371

CVE-2017-5371 affects SAP ASE OData Server (SAP ASE 16) and was disclosed as a Denial of Service vulnerability. The issue arises when processing crafted requests sent over the network to the OData service, which can crash the SAP ASE OData Server process. Public advisories (ERPScan/SAP Security N...

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

SAP NetWeaver AS Java P4 MSPRUNTIMEINTERFACE Information Disclosure Vulnerability

An anonymous attacker can send a special request and get sensitive information about an SAP system using SAP P4. Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4 Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 10.03.2016 Reported: 11.03.2016 Vendo...

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

CVE-2016-6527

The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

Code injection

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

Code injection

The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

CVE-2016-6527

CVE-2016-6527 involves the SmartCall Activity in Samsung’s Telecom app on Note devices (L: 5.0/5.1, M: 6.0). The issue arises from a malformed serializable object in the affected component, which can cause a denial of service (crash and reboot) and may allow privilege escalation. Exploitation is ...

CVE-2016-6526

Technical details about CVE-2016-6526 are not publicly provided in the connected documents; available descriptions only summarize impact on Samsung Telecommunication SpamCall component. Monitor for updates and official advisories.

SAP NetWeaver AS Java logon_app OpenRedirect

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.11-7.50 Vendor URL: SAP Bug: Open redirect Reported: 18.01.2017 Vendor response: 19.01.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2423540 Author: Vahagn Vardanyan ERPScan VULNERABILITY...