-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
- ---
VMware Security Advisory
Advisory ID: VMSA-2016-0016
Severity:Critical
Synopsis:vRealize Operations (vROps) updates address
Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site
Scripting (XSS)
1. Impact on Business
=
By exploiting this vulnerability, a remote attacker could steal sensitive
business information by targeting other users connected to the system.
Risk
Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site
Scripting (XSS)
1. Impact on Business
=
By exploiting this vulnerability, a remote attacker could steal sensitive
business information by targeting other users connected to the system.
Risk
Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site
Scripting (XSS)
1. Impact on Business
=
By exploiting this vulnerability, a remote attacker could steal sensitive
business information by targeting other users connected to the system.
Risk
Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site
Scripting (XSS)
1. Impact on Business
=
By exploiting this vulnerability, a remote attacker could steal sensitive
business information by targeting other users connected to the system.
Risk
Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site
Scripting (XSS)
1. Impact on Business
=
By exploiting this vulnerability, a remote attacker could steal sensitive
business information by targeting other users connected to the system.
Risk
Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory
Corruption
1. Impact on Business
=
By exploiting this vulnerability an attacker could hide audit information
logged by the SAP system.
Risk Level: Low
2. Advisory Information
===
-
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption
1. Impact on Business
=
By exploiting this vulnerability, an attacker could potentially abuse of
technical functions to access and/or compromise the business information.
Risk Level: Low
2. Advisory
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in
SCTC_REFRESH_CONFIG_CTC
1. Impact on Business
=
By exploiting this vulnerability an authenticated user will be able to take
full control of the system.
Risk Level: Critical
2. Advisory Information
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in
SCTC_REORG_SPOOL
1. Impact on Business
=
By exploiting this vulnerability an authenticated user will be able to take
full control of the system.
Risk Level: Critical
2. Advisory Information
Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass
1. Impact on Business
=
By exploiting this vulnerability, an attacker could bypass protections
implemented in the SAP systems, potentially executing arbitrary business
processes.
Risk Level:
The impression I get from Tim Pham's emails is that the 'Unify Manager' is
doing some behind-the-scenes tunnelling, and bringing the Mongo interface from
the server to the client (Eg, Mac or Windows device) and you are then able to
connect to localhost (on the client) which tunnels through to
# Title : Billion Router 7700NR4 Remote Root Command Execution
# Date : 06/10/2016
# Author : R-73eN
# Tested on: Billion Router 7700NR4
# Vendor : http://www.billion.com/
# Vulnerability Description:
# This router is a widely used here in Albania. It is given by a telecom
provider to the home and
___
Vendor: LG, www.lg.com
Affected Products: LG PC Suite for Windows
Affected Version: <= 5.3.25.20150529 (Build 18212)
Severity: High
OVE ID: OVE-20161010-0007
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The
Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay Attacks
Risk Level: Medium
Solution
Advisory ID: SYSS-2016-068
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection against Replay Attacks
Risk Level: Medium
Solution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-033
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on
Original at:
https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/
Summary
Android devices can be crashed remotely forcing a halt and then a soft
reboot by a MITM attacker manipulating assisted GPS/GNSS data provided
by Qualcomm. This issue affects the open source code in
Avtech devices multiple vulnerabilities
--
Platforms / Firmware confirmed affected:
- Every Avtech device (IP camera, NVR, DVR) and firmware version. [4]
contains the list of confirmed firmware versions, which are affected.
- Product page:
Vulnerability: Apache Tomcat packaging on RedHat-based distros
CVE-2016-5425
Discovered by:
Dawid Golunski (http://legalhackers.com)
Affected systems: Multiple Tomcat packages on RedHat-based systems
including: CentOS,Fedora,OracleLinux,RedHat etc.
Short Description:
Apache Tomcat packages
Document Title:
===
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1928
Release Date:
=
2016-10-10
Vulnerability Laboratory ID (VL-ID):
Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in
SCTC_TMS_MAINTAIN_ALOG
1. Impact on Business
=
By exploiting this vulnerability an authenticated user will be able to take
full control of the system.
Risk Level: Critical
2. Advisory Information
Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA
Algorithm
1. Impact on Business
=
By exploiting this vulnerability an attacker could impersonated as another
person.
Risk Level: Medium
2. Advisory Information
===
- Public
Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password
storage
1. Impact on Business
=
By exploiting this vulnerability, an attacker could obtain access to additional
SAP systems, potentially compromising these systems as well as the information
stored
Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in
SCTC_REFRESH_IMPORT_USR_CLNT
1. Impact on Business
=
By exploiting this vulnerability an authenticated user will be able to take
full control of the system.
Risk Level: Critical
2. Advisory Information
Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in
PREPARE_CHECK_CAPACITY
1. Impact on Business
=
By exploiting this vulnerability an authenticated user will be able to take
full control of the system.
Risk Level: Critical
2. Advisory Information
29 matches
Mail list logo