SAP NetWeaver 7.4 - cryptographic issues

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: cryptographic issues Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

SAP NetWeaver 7.4 (MDT component) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

CVE-2014-9569

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

CVE-2014-9569

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...

Samsung KNOX remote silent installation vulnerabilities in-depth analysis of the report-vulnerability warning-the black bar safety net

Vulnerability sources 1 1 In mid-May, the Samsung phone is a foreign security researchers exposed a serious security vulnerability,the vulnerability affects the Galaxy S5,S4,S4 mini,Note 4,Note3 and Ace 4 supports knox, a full line of Samsung phones, part of the GalaxyS5, and the Note 4 has been...

CVE-2014-9830

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file...

SAP Mobile Platform - XXE

Application: Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2125513 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External Entity...

CVE-2014-9387

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905...

Code injection

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905...

CVE-2014-9387

SAP BusinessObjects Edge 4.1 is affected by CVE-2014-9387 through a crafted CORBA call that allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN and escalate privileges. The underlying cause is exposure of a login token via CORBA, enabling complete confidentiality, integrit...

openSUSE Security Update : file (openSUSE-SU-2014:1516-1)

file was updated to fix one security issue. This security issue was fixed : - Out-of-bounds read in elf note headers CVE-2014-3710. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

DLA-94-1 php5 - security update

Bulletin has no description...

Samsung Galaxy KNOX Android Browser Remote Code Execution Exploit

This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has bee...

Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Oracle Linux 6 / 7 : php (ELSA-2014-1767)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1767 advisory. - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 - xmlrpc: fix out-of-bounds read flaw in mkgmtime CVE-2014-3668 - core: fix...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...