Oracle Releases Sun Java SE 1.6.0_20

Oracle has released Sun Java SE 1.6.020 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker...

LDAP Group Enumeration

By using the search base gathered by plugin ID 25701, Nessus was able to enumerate the list of groups in the remote LDAP directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45477; scriptversion"$Revision: 1.4 $"; scriptcvsdate"$Date: 2017/01/26 18:40:45 $";...

SAP Crystal Reports 2008 — actionNavjsp_xss

Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...

SAP Crystal Reports 2008 — Directory Traversal

Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Directory Traversal File Read Exploits: YES Reported: 29.03.2010 Vendor response: 30.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...

ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability

ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-032 March 16, 2010 -- Affected Vendors: SAP -- Affected Products: SAP MaxDB -- TippingPointTM IPS Customer Protection: TippingPoint IPS customers have been...

eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities

Advisory Name: Remote Command Execution in EGroupware Vulnerability Class: Remote Command Execution Release Date: 2010-03-09 Affected Applications: Confirmed in EGroupware 1.4.001+.002 and 1.6.001+.002. EGroupware Premium Line 9.1 and 9.2 is also affected. Other versions may also be affected...

Katalog Stron Hurricane Remote File Inclusion / SQL Injection

Katalog Stron Hurricane Multiple Vulnerability RFI / SQL Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : 14 February, 2010 Software Information + Vendor : http://www.katalog.hurricane.pl/ + Download : http://www.katalog.hurricane.pl/download.html + version :...

[Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-001: SAP WebAS Integrated ITS Remote Command Execution This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation (MS10-015)

Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation MS10-015 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11199.zip KiTrap0D.zip E-DB Note: Make sure to run "vdmallowed.exe" pre-compiled inside the subfolder...

Facebook For iPhone Cross Site Scripting

Facebook for iPhone persistent XSS Facebook application for iPhone is not encoding special characters in Notes detail Adding this code in a note will freeze application: var x = 'x'; while 1 document.write''; x = x + 'x'; App page: http://www.facebook.com/apps/application.php?id=6628568379...

SAP NetWeaver Component Build Service — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver JDI 6.4 SP23-26 Vendor URL: Bugs: XSS Exploits: YES Reported: 01.04.2010 Vendor response: 02.04.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...

Joomla Abbrev Local File Inclusion

++ Joomla Component comabbrev Local File Inclusion Vulnerability ++ author : FL0RiX ++ Name : comabbrev ++ Bug Type : Local File Inclusion ++ Demo Vuln. : ++ http://observal.net/index.php?option=comabbrev&controller=../../../../../../../../../../etc/passwd%00 ++ Bug Fix Advice : Zararlý karakterl...

CVE-2009-4481

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candidate is a duplicate of CVE-2009-3111. Notes: All CVE users should reference CVE-2009-3111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

SAP Kernel 'sapstartsrv'拒绝服务漏洞

Bugraq ID: 37286 在SAP实例中，sapstartsrv服务提供WEB SAP管理控制接口用于远程管理。由于不正确处理特殊构建的请求，远程攻击者可以利用漏洞使进程关闭。 成功利用漏洞允许远程攻击者对SAP管理控制台进行拒绝服务攻击，导致SAP管理控制台拒绝访问，进行任何管理操作。 SAP Kernel 7.20 SAP Kernel 7.11 SAP Kernel 7.01 SAP Kernel 7.00 SAP Kernel 6.40 SAP Note 1302231已经提供安全补丁，建议用户参考下载： http://www.sap.com/...

SAP NetWeaver DTR — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Design Time Repository 6.4-7.2 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 14.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexander Polyakov and Alexey...

SAP GUI for Windows sapirrfc.dll Overflow

SAP GUI for Windows sapirrfc.dll Accecpt Activex Overflow www.Abysssec.com Public Exploit / Application: SAP GUI for Windows, EnjoySAP Versions Affected: Version 6.4 Vendor URL: http://SAP.com Bugs: Buffer Overflow Exploits: YES Reported: 13.11.2008 Vendor response: 17.11.2008 Date of Public...

SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit

Exploit for unknown platform in category remote exploits ========================================================= SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit ========================================================= Title: SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit...

SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit

No description provided by source. html title SAP GUI for Windows sapirrfc.dll Accecpt Activex Overflow /title center h1 www.Abysssec.com Public Exploit h1 /center object classid='clsid:77F12F8A-F117-11D0-8CF1-00A0C91D9D87' id='target' / script / Application: SAP GUI for Windows, EnjoySAP Version...

SAP GUI for Windows - sapirrfc.dll ActiveX Overflow

SAP GUI for Windows - sapirrfc.dll ActiveX Overflow SAP GUI for Windows sapirrfc.dll Accecpt Activex Overflow www.Abysssec.com Public Exploit / Application: SAP GUI for Windows, EnjoySAP Versions Affected: Version 6.4 Vendor URL: http://SAP.com Bugs: Buffer Overflow Exploits: YES Reported:...

SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow

SAP GUI for Windows sapirrfc.dll Accecpt Activex Overflow www.Abysssec.com Public Exploit / Application: SAP GUI for Windows, EnjoySAP Versions Affected: Version 6.4 Vendor URL: http://SAP.com Bugs: Buffer Overflow Exploits: YES Reported: 13.11.2008 Vendor response: 17.11.2008 Date of Public...