SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Advisory ID Internal CORE-2014-0007 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory...

[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP Business Objects Information Disclosure 1. Impact on Business ===================== A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This...

SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Potential information disclosure relating to SBOP Explorer Risk: Medium Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note:...

SAP BusinessObjects Explorer 14.0.5 Information Disclosure

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Potential information disclosure relating to SBOP Explorer Risk: Medium Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note:...

Apple Releases OS X bash Update 1.0

Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell bash which could allow a remote attacker to execute arbitrary shell commands. US-CERT recommends users and administrators review Apple Security Update HT6495, TA14-268A, Vulnerability Note VU252743...

Bourne-Again Shell (Bash) Remote Code Execution Vulnerability

US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review TA14-268A, Vulnerability...

Mozilla Network Security Services (NSS) Library Vulnerability

A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...

Sybase SQL Anywhere 11 and 16 - DoS

Application: Sybase SQL Anywhere 11 and 16 Vendor URL: Bugs: DoS Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2108161 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS CWE-122 Impact: DoS Remotely Exploitabl...

SAP HANA metadata.xsjs - SQL injection

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2067972 Author: Dmitry Chastukhin ERPScan Description SQL...

SAP HANA Application Lifecycle manager - CSRF token bypass (Verb tampering)

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: CSRF token bypass Verb tampering Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 21.08.2014 Reference: SAP Security Note 2011169 Author: Dmitry Chastukhin ERPScan Description It ...

SAP Kernel - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Bugs: Buffer Overflow – RCE, DoS Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2059734 Author...

SAP Kernel - RCE and DoS vulnerability

Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Vulnerability: Buffer Overflow – RCE, Denial of Service Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP...

SAPKERNEL C_SAPGPARAM - RCE, DoS

Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966, SAP KERNEL 7.40 64BIT, disp+work.exe 7400.12.21.30308 Vendor URL: http://www.sap.com Bugs: Buffer Overflow Reported: 17.08.2014 Vendor response: 18.08.2014 Date of Public Advisory:...

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...

[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-021: SAP HANA XS Missing encryption in form-based authentication This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...

[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-022: SAP HANA IU5 SDK Authentication Bypass This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

CVE-2014-4736

SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...

Sql injection

SQL injection vulnerability in E2 before 2.4 2845 allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process...

Nullsoft SHOUTcast 1.9.2 icy-name/icy-url Memory Corruption Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8954/info Nullsoft SHOUTcast Server is prone to a memory corruption vulnerability that may lead to denial of service attacks or code execution. This is due to insufficient bounds checking of server commands supplied by...