|
|
Colapse all |
Post message
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15 ERPScan inc (erpscan online gmail com) [ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15 ERPScan inc (erpscan online gmail com) [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15 ERPScan inc (erpscan online gmail com) Application:SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan (ERPScan) Description [ more ] [ reply ] [SECURITY] [DSA 3549-1] chromium-browser security update 2016-04-15 Michael Gilbert (mgilbert debian org) AST-2016-005: TCP denial of service in PJProject 2016-04-14 Asterisk Security Team (security asterisk org) AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk 2016-04-14 Asterisk Security Team (security asterisk org) NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin 2016-04-14 VMware Security Response Center (security vmware com) ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability 2016-04-14 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability EMC Identifier: ESA-2016-036 CVE Identifier: CVE-2016-0889 Severity Rating: CVSS v3 Base Score: 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H) Affected pr [ more ] [ reply ] Securing Android Applications from Screen Capture 2016-04-14 research nightwatchcybersecurity com Original here: https://blog.nightwatchcybersecurity.com/research-securing-android-appli cations-from-screen-capture-8dce2c8e21d#.bw2qwe213 Research: Securing Android Applications from Screen Capture Summary ? TL, DR Apps on Android and some platform services are able to capture other ap [ more ] [ reply ] Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-14 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1821 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability Advisory ID: cisco-sa-20160413-ucs Revision 1.0 Published: 2016 April 13 16:00 GMT +------------------------------------------------ [ more ] [ reply ] Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Webline CMS (2016Q2) - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1823 Release Date: ============= 2016-04-13 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] [SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12 Security Explorations (contact security-explorations com) Hello All, We discovered that yet another fix for a security vulnerability in IBM Java (Issue 70 [1] assigned CVE-2013-5456) we reported to the company in 2013 hasn't been fixed properly. Again, the actual root cause of the issue hasn't been addressed at all. There were no security checks introdu [ more ] [ reply ] CAM UnZip v5.1 Archive Directory Traversal 2016-04-12 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CAMUNZIP-ARCHIVE-PATH-TRAVERS AL.txt Vendor: ================= www.camunzip.com Product: ============== CAM UnZip v5.1 Vulnerability Type: ====================== Archive Pa [ more ] [ reply ] .NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ .NET Framework 4.6 allows side loading of Windows API Set DLL ------------------------------------------------------------------------ Yorick Koster, February 2016 -------------------------------------------------------------- [ more ] [ reply ] Open redirect on Google.com 2016-04-12 research nightwatchcybersecurity com Overview An open redirect is operating at www.google.com Details Google?s main website provides a subsite for displaying mobile-optimized pages published using a special subset of HTML called AMP. While this works for mobile devices, for non-mobile devices, this redirects to the original site, thus [ more ] [ reply ] Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1822 Release Date: ============= 2016-04-12 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability EMC Identifier: ESA-2016-013 CVE Identifier: CVE-2016-0887 Severity Rating: CVSS v3 Base Score: 5.9 (AV:N/AC:H/P [ more ] [ reply ] Blind SQL injections in CivicRM 2016-04-11 Simon Waters \(Surevine\) (simon waters surevine com) CivicRM extends common CMS platforms (WordPress, Drupal) with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity. I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download arb [ more ] [ reply ] [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10 Pedro Ribeiro (pedrib gmail com) Hi, Novell Service Desk (now rebranded as Micro Focus Service Desk) 7.1.0 and below has a number of critical vulnerabilities that allow remote code execution, information disclosure, etc, by authenticated users. Check the full advisory below for details. Novell / Micro Focus have documented these v [ more ] [ reply ] OpenCart json_decode function Remote PHP Code Execution 2016-04-09 r3s34rch3r yahoo com ## # OpenCart json_decode function Remote PHP Code Execution # # Author: Naser Farhadi # Twitter: @naserfarhadi # # Date: 9 April 2016 # Version: 2.1.0.2 to 2.2.0.0 (Latest version) # Vendor Homepage: http://www.opencart.com/ # # Vulnerability: # ------------ # /upload/system/helper/json.php # $matc [ more ] [ reply ] |
|
Privacy Statement |
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda
[ more ] [ reply ]