47153 matches found
[SECURITY] [DSA 3295-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3293-1] pyjwt security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3293-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 20, 2015 https://www.debian.org/security/faq -...
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability EMC Identifier: ESA-2015-112 CVE Identifier: CVE-2015-4525 Severity Rating: CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC Isilon OneFS 7.2.0.0 - 7.2.0.1 • EMC...
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects
Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary comman...
CollabNet Subversion Edge Password Hash Leak
Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities CVE Identifier: CVE-2015-0551, CVE-2015-4524 Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs Affected products: • EMC Documentum WebTop,...
[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE
ERPSCAN Research Advisory ERPSCAN-15-004 SAP NetWeaver Portal XMLValidationComponent - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.2014 Reported: 06.11.2014 Vendor respons...
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
ERPSCAN Research Advisory ERPSCAN-15-009 SAP Afaria 7 XcListener - Missing authorization check Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Missing authorization check Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014...
Cisco Virtual WSA / ESA / SMA default keys
Default ssh keys are installed...
Netgear Prosafe multiple security vulnerabilities
XSS, headers injection, SQL injection...
[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS
ERPSCAN Research Advisory ERPSCAN-15-010 SYBASE SQL Anywhere 12 and 16 - DoS Application: SYBASE SQL Anywhere 12 and 16 Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others Vendor URL: http://SAP.com Bugs: DoS Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of...
EMC Unisphere for VMAX code execution
JDWP access is possible...
[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE
ERPSCAN Research Advisory ERPSCAN-15-011 SAP Mobile Platform 3.0 - XXE Application: SAP Mobile Platform 3.0 Versions Affected: SAP Mobile Platform 3.0, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 29.12.2014 Reported: 29.12.2014 Vendor response: 30.12.2014 Date of...
wireshark multiple security vulnerabilities
Multiple memory corruptions in different dissectors...
[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure
ERPSCAN Research Advisory ERPSCAN-15-007 SAP Management Console ReadProfile Parameters - Information disclosure Application: SAP Management Console Versions Affected: SAP NW 7.4 Management Console, probably others Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 09.12.2014 Reported:...
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability EMC Identifier: ESA-2015-102 CVE Identifier: CVE-2015-0545 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC Unisphere for VMAX 8.0.0 ...
[oCERT-2015-008] FreeRADIUS insufficent CRL application
2015-008 FreeRADIUS insufficent CRL application Description: The FreeRADIUS server is an open source project that provides a RADIUS implementation. The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of...
Netgear Prosafe VPN Firewalls - Multiple vulnerabilities
About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...
[SECURITY] [DSA 3294-1] wireshark security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3294-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2015 https://www.debian.org/security/faq -...
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability EMC Identifier: ESA-2015-109 CVE Identifier: CVE-2015-0549 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: EMC Documentum D2 version 4.1 EMC...
SAP NetWeather multiple security vulnerabilities
Information disclosure, XXE injection, code execution, DoS...
[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE
ERPSCAN Research Advisory ERPSCAN-15-006 SAP NetWeaver Portal ReportXmlViewer - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XXE Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014 Date of...
SAP Afaria security vulnerabilities
DoS, authentication bypass...
FreeRADIUS
Insufficient certificate revocations checks...
Kguard Digital Video Recorders security vulnerabilities
Authentication bypass, commands injection, DoS...
SAP SYBASE SQL Anywhere DoS
DoS on request processing...
[ERPSCAN-15-005] SAP Mobile Platform - XXE
ERPSCAN Research Advisory ERPSCAN-15-005 SAP Mobile Platform - XXE Application: SAP Mobile Platform 2.3 Versions Affected: SAP Mobile Platform 2.3, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.14 Reported: 06.11.14 Vendor response: 07.11.14 Date of Public...
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders
CVEID: CVE-2015-4464 SUBJECT: Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders DESCRIPTION: A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication...
[USN-2651-1] GNU patch vulnerabilities
========================================================================== Ubuntu Security Notice USN-2651-1 June 22, 2015 patch vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
GNU patch security vulnerabilities
DoS, directory traversal...
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS
ERPSCAN Research Advisory ERPSCAN-15-003 SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Application: SAP NetWeaver Dispatcher Versions Affected: SAP NetWeaver Dispatcher, probably others Vendor URL: http://SAP.com Bugs: RCE Sent: 25.08.14 Reported: 25.08.14 Vendor response: 25.08.14 Date of...
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability EMC Identifier: ESA-2015-110 CVE Identifier: CVE-2015-0550 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:L/Au:N/C:C/I:N/A:P Affected products: • EMC Documentum Thumbnai...
[SECURITY] [DSA 3286-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3286-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...
libvirt / qemu / Xen multiple security vulnerabilities
DoS, privilege escalation, information disclosure, code execution...
Buffer Overflow in My Wifi Router Software
Hi there, I have seen a buffer overflow in My Wifi Router software version 1.0 The link of the software is available :- http://mywifirouter.software.informer.com/1.0/ Exploit :- After running the software you will see two places to enter details i.e "Hotspot Name" and "Password". To exploit this...
Productsurf Cms Sql Injection Vulnerability
Sql Injection Vulnerability in Productsurf Cms All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@...
wpa_supplicant multiple security vulnerabilities
Buffer overflows, DoS vulnerabilities...
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VCE3570: VCE VisionTM Intelligent Operations Cryptographic and Cleartext Vulnerabilities CVE Identifier: CVE-2015-4056, CVE-2015-4057 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected products: VCE Vision...
WebdesignJiNi Cms Sql Injection Vulnerability
Sql Injection Vulnerability in WebdesignJiNi Cms in All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...
[USN-2650-1] wpa_supplicant and hostapd vulnerabilities
========================================================================== Ubuntu Security Notice USN-2650-1 June 16, 2015 wpa, wpasupplicant vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
EMC Unified Infrastructure Manager/Provisioning authentication bypass
Authentication bypass if LDAP authentication is used...
[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager
Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details ======= Product: sbakronymmanager Affected Versions: =0.5...
p7zip deirectory trversal
Directory traversal on archive extraction...
[SECURITY] [DSA 3288-1] libav security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3288-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...
Linux kernel security vulnerabilities
DoS, privilege escalations...
Reflected Cross-Site Scripting (XSS) in SearchBlox
Advisory ID: HTB23256 Product: SearchBlox Vendor: SearchBlox Software, Inc. Vulnerable Versions: 8.2 and probably prior Tested Version: 8.2 Advisory Publication: April 22, 2015 without technical details Vendor Notification: April 22, 2015 Vendor Patch: May 26, 2015 Public Disclosure: June 17, 201...
[USN-2647-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-2647-1 June 15, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
OS Command Injection in Vesta Control Panel
Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...
VCE Vision Intelligent Operations weak cryptography
Weak cyphers usage, sensitive information transmitted in cleartext...
[SECURITY] [DSA 3291-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...