SAP CRM gwsync - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1917054 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 Authors: Alexey Tyurin, Nikolay...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...

Oracle E-Business Suite password disclosure vulnerability

Overview Oracle E-Business Suite 12.0-12.1, when used with the native login pages or single sign-on SSO / Oracle Access Management OAM with the native login pages, contains a credential exposure vulnerability. Description Oracle E-Business Suite administrators who have applied CPU patches for Jul...

CVE-2013-4298

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted comment in a GIF image...

Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation

Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation Exploit Title: Agnitum Outpost security suite privilege escalation - 0Day Date: 2013-08-02 Exploit Author: Ahmad Moghimi http://mallocat.com , https://twitter.com/mall0cat Vendor Homepage: http://www.agnitum.com/ Software Link:...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SNMP Version 3 Authentication Bypass Vulnerabilities (cisco-sa-20080610-snmpv3)

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...

New Reveton Ransomware Variant Steals Passwords

The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to new research. Ransomware, sometimes called scareware, is a type of malware that locks down infected machines, offering to unlock them only after a fee has been paid. Oftentime...

Linux Kernel 2.6.32 3.x (CentOS 56) - PERF_EVENTS Local Privilege Escalation (1)

Linux Kernel 2.6.32 3.x CentOS 56 - PERFEVENTS Local Privilege Escalation 1 / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if yo...

CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...

SAP Portal - Unvalidated redirect

Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...

SAP Portal WebDynPro - Path disclosure

Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1852146 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:...

SAP NetWeaver J2EE DAS service - Unauthorized Access

Application: SAP NetWeaver JAVA Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.07.2015 Reference: SAP Security Note 1945215 Authors: Alexander Polyakov ERPScan VULNERABILITY INFORMATION Class: Unauthorized Acce...

CVE-2013-1834

CVE-2013-1834 affects Moodle: notes/edit.php in Moodle 1.9.x–1.9.19, 2.x–2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes by modifying (userid) or (courseid) fields. The vulnerability arises from improper input handling in ...

Samsung Galaxy Note II lock screen bypass vulnerability

iOS was in the news lately for a series of security mishaps, but this time android back in scene. A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 that allows hackers to briefly bypass the phone's lock screen without needing a password. By hitting "emergency cal...

[Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting

Onapsis Security Advisory 2013-003: SAP Enterprise Portal Cross-Site-Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...

CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...