SecurityFocus

Synology Video Station command injection and multiple SQL injection vulnerabilities 2015-09-09
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Synology Video Station command injection and multiple SQL injection
vulnerabilities
------------------------------------------------------------------------

Han Sahin, September 2015

-------------------------------------------

[ more ] [ reply ]

[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information 2015-09-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04790231

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04790231
Version: 1

HPSBGN03504 r

[ more ] [ reply ]

[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) 2015-09-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04790232

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04790232
Version: 1

HPSBOV03505 r

[ more ] [ reply ]

[ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response

[ more ] [ reply ]

[ERPSCAN-15-015] SAP NetWeaver AS ABAPâ?? Hardcoded Credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAPâ??
Hardcoded Credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response:

[ more ] [ reply ]

[ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE in Add Repository 2015-09-09
ERPScan inc (erpscan online gmail com)

ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE
in Add Repository

Application: SAP Mobile Platform
Versions Affected: SAP Mobile Platform 3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response:

[ more ] [ reply ]

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-09-09
Security Alert (Security_Alert emc com)

ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities 2015-09-09
Security Alert (Security_Alert emc com)

[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) 2015-09-08
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04789415

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04789415
Version: 1

HPSBOV03506 r

[ more ] [ reply ]

Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe 2015-09-08
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

part 31 (see <http://seclists.org/fulldisclosure/2015/Mar/92>)
showed how to execute arbitrary (rogue) executables planted as
%SystemRoot%\System32\RegEdit.exe, %SystemRoot%\System32\Explorer.exe
etc. instead of %SystemRoot%\RegEdit.exe, %SystemRoot%\Explorer.exe
etc., including a possible

[ more ] [ reply ]

[SECURITY] [DSA 3354-1] spice security update 2015-09-08
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3354-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 08, 2015

[ more ] [ reply ]

Re: Oracle Hyperion password disclosure... 2015-09-08
jeff kayser jibeconsulting com

Sorry for the earlier attachment. Here is what I wanted to communicate.

Jeff Kayser
Jibe Consulting | Oracle Principal Consultant
5000 Meadows Rd. Suite 300
Lake Oswego, OR 97035
O: 503-517-3266 | C: 503.901.5021
Jeff.kayser (at) jibeconsulting (dot) com [email concealed]

-----Original Message-----
From: Jeff Kayser
Sent:

[ more ] [ reply ]

[CVE-2015-3623] Qlikview blind XXE Security Vulnerability 2015-09-08
alex_haynes outlook com

Exploit Title: Qlikview blind XXE security vulnerability
Product: Qlikview
Vulnerable Versions: v11.20 SR11 and previous versions
Tested Version: v11.20 SR4
Advisory Publication: 08/09/2015
Latest Update: 08/09/2015
Vulnerability Type: Improper Restriction of XML External Entity Reference [CWE-611]

[ more ] [ reply ]

NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. 2015-09-07
Elliott Lewis (elliott lewis uk gmail com)

NETGEAR Wireless Management System - Authentication Bypass and
Privilege Escalation.
WMS5316 ProSafe 16AP Wireless Management System - Firmware 2.1.4.15
(Build 1236).

[-] Vulnerability Information:
==============================
Title: NETGEAR Wireless Management System - Authentication Bypass and

[ more ] [ reply ]

[SECURITY] [DSA 3353-1] openslp-dfsg security update 2015-09-05
Alessandro Ghedini (ghedo debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3353-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
September 05, 2015

[ more ] [ reply ]

JSPMySQL Administrador CSRF & XSS Vulnerabilities 2015-09-05
apparitionsec gmail com

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904
.txt

Vendor:
================================
JSPMySQL Administrador
https://sites.google.com/site/mfpledon/producao-de-software

Product:
========

[ more ] [ reply ]

Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability
--
http://www.info-sec.ca/advisories/Webroot-SecureAnywhere.html

Overview

"Webroot SecureAnywhere Business â?? Mobile Protection provides
essential security for iPhones and iPads and includes lost device
protection that

[ more ] [ reply ]

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability
--
http://www.info-sec.ca/advisories/Avira-Mobile-Security.html

Overview

"Avira Mobile Security is the ideal tool to recover a lost phone and
ensure that your email has not been compromised."

"Avira Mobile Security helps

[ more ] [ reply ]

Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation 2015-09-04
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

in <http://seclists.org/fulldisclosure/2013/Sep/132> I showed an
elaborated way for privilege elevation using IExpress (and other
self-extracting) installers containing *.MSI or *.MSP which works
"in certain situations".

Microsoft addressed this vulnerability with
<https://technet.microsof

[ more ] [ reply ]

Oracle Hyperion password disclosure... 2015-09-04
Jeff Kayser (jeff kayser jibeconsulting com)

Hi, all.

Oracle Hyperion Rapid Deployment installer leaves plaintext passwords in config files and logfiles. Oracle has known about this for 2 years, and has decided not to patch any of the product versions prior to the latest version. I have additional details if anyone is interested.

Jeff Kays

[ more ] [ reply ]

[SECURITY] [DSA 3352-1] screen security update 2015-09-04
Laszlo Boszormenyi (gcs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3352-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Laszlo Boszormenyi (GCS)
September 04, 2015

[ more ] [ reply ]

[slackware-security] seamonkey (SSA:2015-246-01) 2015-09-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2015-246-01)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ] [ reply ]

[SECURITY] [DSA 3351-1] chromium-browser security update 2015-09-03
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3351-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
September 03, 2015

[ more ] [ reply ]

[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow 2015-09-03
Julien Ahrens (info rcesecurity com)

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
-----------------------
Product: Yahoo! Messenger
Vendor URL: www.yahoo.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2014-05-02
Date published: 2015-09-03
CVSSv3 Score: 4,8 (AV:L/A

[ more ] [ reply ]

ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability 2015-09-03
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability

EMC Identifier: ESA-2015-144

CVE Identifier: CVE-2015-4544

Severity Rating: CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)

Affected products:

? EMC Doc

[ more ] [ reply ]

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities 2015-09-03
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1591

Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_Annex
A.zip

Releas

[ more ] [ reply ]

Checkmarx CxQL Sandbox bypass (CVE-2014-8778) 2015-09-03
hdau deloitte fr

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Vendor: Checkmarx - www.checkmarx.com
Product: CxSuite
Version affected: 7.1.5 and prior

Credit: Huy-Ngoc DAU (@ngocdh) of Deloitte Conseil, France

================================
Introduction
================================
Checkmarx is a static so

[ more ] [ reply ]

[SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key 2015-09-03
sven freund syss de

Advisory ID: SYSS-2015-016
Product: Avaya one-X® Agent Release 2.5 SP2 Client Software
Vendor: Avaya Inc.
Affected Version(s): 2.5.50022.0
Tested Version(s): 2.5.50022.0
Vulnerability Type: Cryptographic Issues (CWE-310)
Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level:

[ more ] [ reply ]

[slackware-security] bind (SSA:2015-245-01) 2015-09-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2015-245-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ] [ reply ]