[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow

Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode:...

D-Link DIR636L Remote Command Injection Vulnerability

D-Link DIR636L suffers from a remote command injection vulnerability. SWISSCOM CSIRT SECURITY ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2015-1187 Product: D-Link DIR636L Vendor: D-Link Subject: Remote Command Injection - Incorrect Authentication Effect: Remotely exploitable Author:...

[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability

OS X Gatekeeper Bypass Vulnerability Amplia Security - Amplia Security Research Advisory AMPLIA-ARA100614 Advisory ID: AMPLIA-ARA100614 Advisory URL: http://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html, http://www.ampliasecurity.com/advisories/AMPLIA-ARA100614.txt...

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...

1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...

Advantech EKI-6340 - Command Injection

Advantech EKI-6340 - Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL:...

Advantech EKI-6340 2.05 Command Injection Vulnerability

Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file. Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-63...

Advantech EKI-6340 2.05 Command Injection

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date...

Advantech EKI-6340 Command Injection

1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date published: 2014-11-19 Date of last update: 2014-11-19 Vendors contacted: Advantech Release mode: User...

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

SAP NetWeaver Enqueue Server - Denial of Service

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-028: SAP HANA Web-based Development Workbench Code Injection 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to completely compromise the SAP...

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...

neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure Vulnerabilities

neuroML version 1.8.1 suffers from cross site scripting, local file inclusion, XXE injection, and path disclosure vulnerabilities. Product: neuroML Version: Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel Date: 10.10.2014 Abstract: -----------...

BlackBerry Z10 Authentication Bypass Vulnerability

BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability. BlackBerry Z10 Authentication Bypass Vulnerability --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

BlackBerry Z10 Authentication Bypass

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass MZ-13-04 ---------------------------------------------------------------------...

SAP Router - Timing Attack Password Disclosure

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

Batalla Naval 1.0 4 Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7699/info Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server. / by jsk f...

Proxy-Pro Professional GateKeeper 4.7 Web Proxy Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9716/info Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited...

TFS Gateway 4.0 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/613/info TFS Gateway 4.0, when configured in a specific non-default manner, is vulnerable to a remotely exploitable denial of service attack. If 'return entire message to sender' is enabled for failed send attempts, and a...