[SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60). Our original vulnerability reports and Proof of Concept codes for these and some previously

[ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution

[ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution Please refer to www.esnc.de for the original security advisory, updates and additional information. 1. Business Impact

Sitecom WLM-3500 backdoor accounts

Sitecom WLM-3500 backdoor accounts == [ADVISORY INFORMATION] Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits:Roberto Paleari (roberto.pale...@emaze.net, @rpaleari) Advisory URL:

[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control

[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control Please refer to www.esnc.de for the original security advisory, updates and additional information. 1. Business Impact

[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services

[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the original security advisory, updates and additional information. 1. Business Impact

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Version(s): 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79],

SI6 Networks' IPv6 Toolkit v1.3.4 released!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, We have just released SI6 Networks' IPv6 Toolkit v1.3.4: a security assessment and troubleshooting toolkit for the IPv6 protocol suite. The toolkit is available at: http://www.si6networks.com/tools/ipv6toolkit, where you can find a the usual

Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 [1] with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers [2]. It looks that Oracle has finally patched RMI