|
|
Colapse all |
Post message
[FD] Celoxis <= 9.5 - Cross Site Scripting (XSS) 2015-11-23 Manuel Mancera (mmancera a2secure com) ================================================================ Celoxis <= 9.5 - Cross Site Scripting (XSS) ================================================================ Information -------------------- Name: Celoxis <= 9.5 - Cross Site Scripting (XSS) Affected Software : Celoxis Affected Versi [ more ] [ reply ] [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import 2015-11-23 ERPScan inc (erpscan online gmail com) Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation 2015-11-22 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation 2015-11-22 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-23 Nicholas Lemonias. (lem nikolas googlemail com) Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-23 Nicholas Lemonias. (lem nikolas googlemail com) Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android 2015-11-20 Shazron (shazron apache org) ---------- Forwarded message ---------- From: Joe Bowser <bowserj (at) gmail (dot) com [email concealed]> Date: Fri, Nov 20, 2015 at 11:39 AM Subject: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android To: DAVIDKA (at) il.ibm (dot) com [email concealed], Roee Hay <ROEEH (at) il.ibm (dot) com [email concealed]>, "private (at) cordova.apache (dot) org [email concealed]" <private (at) cordova (dot) a [email concealed] [ more ] [ reply ] Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions 2015-11-20 Shazron (shazron apache org) ---------- Forwarded message ---------- From: Joe Bowser <bowserj (at) gmail (dot) com [email concealed]> Date: Fri, Nov 20, 2015 at 11:39 AM Subject: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions To: vuls (at) jpcert.or (dot) jp [email concealed], "security (at) apache (dot) org [email concealed]" <security (at) apache (dot) org [email concealed]>, dev <dev (at) cordova (dot) ap [email concealed] [ more ] [ reply ] [security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) 2015-11-19 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04891218 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04891218 Version: 1 HPSBUX03522 S [ more ] [ reply ] NEW VMSA-2015-0008 - VMware product updates address information disclosure issue 2015-11-19 VMware Security Response Center (security vmware com) CVE-2015-8131: Kibana CSRF vulnerability 2015-11-18 Kevin Kluge (kevin elastic co) Description: Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack. We have been assigned CVE 2015-8131for this issue. CVSS Score: 4.0 Remediation: We recommend that all Kibana users upgrade to either 4.1.3, 4.2.1, or a later version. Confirmation: We have published [ more ] [ reply ] IBM i Access Buffer Overflow Code DOS CVE-2015-7422 2015-11-18 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/IBMI-ACCESS-BUFFER-OVERFLOW-D OS.txt Vendor: ============== www.ibm.com Product: ==================================================== IBM i Access for Windows Rel [ more ] [ reply ] IBM i Access Buffer Overflow Code Exec CVE-2015-2023 2015-11-18 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/IBMI-CLIENT-ACCESS-BUFFER-OVE RFLOW.txt Vendor: ============== www.ibm.com Product: ==================================================== IBM i Access for Windows [ more ] [ reply ] [security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) 2015-11-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04894110 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04894110 Version: 2 HPSBGN03521 r [ more ] [ reply ] RCE and SQL injection via CSRF in Horde Groupware 2015-11-18 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23272 Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Version(s): 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 [without technical details] Vendor Notification: September 30, 2015 Vendor Patch: October 22, 2015 Publi [ more ] [ reply ] Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability 2015-11-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1478 PSIRT ID: 3721 Video: http://www.vulnerability-lab.com/get_content.php?id= [ more ] [ reply ] [security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) 2015-11-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04894110 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04894110 Version: 1 HPSBGN03521 r [ more ] [ reply ] WordPress Users Ultra Plugin [Unrestricted File Upload] 2015-11-17 pan vagenas gmail com * Exploit Title: WordPress Users Ultra Plugin [Unrestricted File Upload] * Discovery Date: 2015/10/27 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://usersultra.com * Software Link: https://wordpress.org/pl [ more ] [ reply ] ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability 2015-11-17 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability EMC Identifier: ESA-2015-163 CVE Identifier: CVE-2015-6847 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected products: EMC VPLEX GeoSynchron [ more ] [ reply ] Open-Xchange Security Advisory 2015-11-17 2015-11-17 Martin Heiland (martin heiland lists open-xchange com) Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 (Bug ID) Vulnerability type: Cross-Site-Scripting (CWE-80) Vulnerable version: 2.0 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by vendor Fixed version: 2.0.0-rev11 Researcher Credits: [ more ] [ reply ] Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) 2015-11-17 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1620 Release Date: ============= 2015-10-19 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Murgent CMS - SQL Injection Vulnerability 2015-11-17 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Murgent CMS - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1646 Release Date: ============= 2015-11-16 Vulnerability Laboratory ID (VL-ID): ==================================== 1646 C [ more ] [ reply ] Magento Bug Bounty #22 - (Profile) Persistent Vulnerability 2015-11-17 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Magento Bug Bounty #22 - (Profile) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID (V [ more ] [ reply ] Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities 2015-11-17 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1643 APPSEC-1122 Video: http://www.vulnerability-lab.com/get_content.php?id=1642 Release Date: ============= [ more ] [ reply ] |
|
Privacy Statement |
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Stored XSS
Send: 18.02.2015
Reported: 18.02.2015
Vendor response: 18.02.2015
Date of Public Advisory: 11.08.2015
Reference: SAP Security Note 2152669
Aut
[ more ] [ reply ]