|
|
Colapse all |
Post message
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) 2014-11-12 ESNC Security (secure esnc de) [security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04496538 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04496538 Version: 1 HPSBGN03164 re [ more ] [ reply ] [security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04487558 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04487558 Version: 1 HPSBST03154 re [ more ] [ reply ] [security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04496383 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04496383 Version: 1 HPSBST03181 re [ more ] [ reply ] [security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04471546 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471546 Version: 2 HPSBHF03124 re [ more ] [ reply ] [security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04497075 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04497075 Version: 1 HPSBMU03165 re [ more ] [ reply ] [security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04497114 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04497114 Version: 1 HPSBMU03184 re [ more ] [ reply ] [security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04500238 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04500238 Version: 1 HPSBMU03190 re [ more ] [ reply ] [security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04499681 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04499681 Version: 1 HPSBUX03188 SS [ more ] [ reply ] Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] 2014-11-11 Programa STIC (stic fundacionsadosky org ar) Fundación Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Missing SSL certificate validation in MercadoLibre app for Android 1. *Advisory Information* Title: Missing SSL cert validation in MercadoLibre app for Android Advisory ID: STIC-2014-0211 Advisory URL: http://www [ more ] [ reply ] [security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04501215 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04501215 Version: 1 HPSBGN03191 re [ more ] [ reply ] [security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 2 HPSBGN03117 re [ more ] [ reply ] [security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution 2014-11-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04487573 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04487573 Version: 1 HPSBST03155 re [ more ] [ reply ] [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 2014-11-09 Pedro Ribeiro (pedrib gmail com) Hi, This is the 8th part of the ManageOwnage series. For previous parts see [1]. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory [ more ] [ reply ] [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro 2014-11-08 Pedro Ribeiro (pedrib gmail com) Hi, This is part 7 of the ManageOwnage series. For previous parts, see [1]. Today we have a blind SQL injection in Password Manager Pro (PMP) that can be abused to escalate privileges for a low privileged user (like a guest) to the "super administrator". Using our new powers we can then dump the w [ more ] [ reply ] CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests 2014-11-07 Gordon Sim (gsim redhat com) PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability 2014-11-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1048 PayPal Security UID: dq115aYq Release Date: ============= 2014-10-27 Vulne [ more ] [ reply ] BookFresh - Persistent Clients Invite Vulnerability 2014-11-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] SeasonApps iTransfer 1.1 - Persistent UI Vulnerability 2014-11-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== SeasonApps iTransfer 1.1 - Persistent UI Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1347 Release Date: ============= 2014-10-27 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Open-Xchange Security Advisory 2014-11-07 2014-11-07 Martin Heiland (martin heiland open-xchange com) Product: OX App Suite Vendor: Open-Xchange GmbH Internal reference: 34765 (Bug ID) Vulnerability type: SQL Injection (CWE-89) Vulnerable version: 7.6.0 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Researcher credits: SoftScheck GmbH Fixed v [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] 2014-11-06 FreeBSD Security Advisories (security-advisories freebsd org) Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] 2014-11-06 Programa STIC (stic fundacionsadosky org ar) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundación Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. *Advisory Information* Title: Insecure management of login credentials in P [ more ] [ reply ] XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities 2014-11-06 Larry W. Cashdollar (larry0 me com) Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Author: Larry W. Cashdollar, @_larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download: http://extensions.joomla.org/extensions/access-a-security/site-secur [ more ] [ reply ] ZTE ZXDSL 831 Multiple Cross Site Scripting 2014-11-06 habte yibelo gmail com TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4 3200&tr69cAcsURL=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//&tr6 9cAcsUser=cpe&tr69cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=i [ more ] [ reply ] ZTE 831CII Multiple Vulnerablities 2014-11-06 habte yibelo gmail com Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=saveðIpAddress=192.168.1.1ðSu bnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280 %29;//&enblUpnp=1&enblLan2=0 Any user browsing to http [ more ] [ reply ] ZTE ZXDSL 831CII Direct Object Reference 2014-11-06 habte yibelo gmail com The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file (without no authentication) would give a remote attacker full access to the modem and then can easily be used to root the modem [ more ] [ reply ] |
|
Privacy Statement |
Governance, Risk and Compliance (SAP GRC)
Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.
------------------------------------------------------------------------
1. Busine
[ more ] [ reply ]