Threat Outbreak Alert RuleID17774: Email Messages Distributing Malicious Software on September 4, 2015

Medium Alert ID: 40863 First Published: 2015 September 8 13:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17774 may contain the following files: Name |...

DEBIAN-CVE-2013-7444

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text...

CVE-2015-6751

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

CVE-2015-5225

Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...

CVE-2015-6664

XML external entity XXE vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227...

CVE-2015-6663

Cross-site scripting XSS vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669...

Cross site scripting

Cross-site scripting XSS vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669...

CVE-2015-6663

CVE-2015-6663 is a stored XSS vulnerability in SAP Afaria 7 affecting the Device Inspector page, specifically the Client form. The issue arises because the Client name field data is inserted into the page without proper escaping, enabling an attacker to inject arbitrary script via crafted data. T...

CVE-2015-6662

XML external entity XXE vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485...

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...

SAP NetWeaver AS JAVA - SQL injection vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

Microsoft Windows HTA (HTML Application) - Remote Code Execution Exploit

Microsoft Windows HTA HTML Application remote code execution exploit that leverages MS14-064. !/usr/bin/php poc'."\n\n"; $reza = socketcreateAFINET, SOCKSTREAM, 0 or die'Failed to create socket!'; socketbind$reza, 0,$port; socketlisten$...

Havij Pro - Crash POC Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title:Havij Pro Crash POC Tested:windows7 Sofrware Link:http://www.itsecteam.com/ Version:1.17 Email:email protected Author:email protected Team run python poc.py copy content to target click Analyze EDB-Note: tested...

Havij Pro - Crash (PoC)

Havij Pro - Crash PoC !/usr/bin/env python Exploit Title:Havij Pro Crash POC Tested:windows7 Sofrware Link:http://www.itsecteam.com/ Version:1.17 Email:[email protected] Author:M1x7e1@Safeye Team run python poc.py copy content to target click Analyze EDB-Note: tested and verified using version 1.6...

Havij Pro - Crash (PoC)

!/usr/bin/env python Exploit Title:Havij Pro Crash POC Tested:windows7 Sofrware Link:http://www.itsecteam.com/ Version:1.17 Email:[email protected] Author:M1x7e1@Safeye Team run python poc.py copy content to target click Analyze EDB-Note: tested and verified using version 1.6 Pro content = “\x41”...

SAP xMII - directory traversal vulnerability

Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: SAP Bugs: Directory traversal Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: CWE-36 Impact...

SAP NetWeaver 7.4 - XSS

Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2176785 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: Cross-Site Scripting, XSS...

SAP NetWeaver - SQL Injection

Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: SQL injection Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2193389 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Information...

[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE

ERPSCAN Research Advisory ERPSCAN-15-006 SAP NetWeaver Portal ReportXmlViewer - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XXE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of...

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

ERPSCAN Research Advisory ERPSCAN-15-011 SAP Mobile Platform 3.0 - XXE Application: SAP Mobile Platform 3.0 Versions Affected: SAP Mobile Platform 3.0, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 29.12.2014 Reported: 29.12.2014 Vendor response: 30.12.2014 Date of...