Application: SAP Adaptive Server Enterprise
Versions Affected: SAP Adaptive Server Enterprise 16
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 01.02.2016
Reported: 02.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note
Application: SAP NetWeaver KERNEL
Versions Affected: SAP NetWeaver KERNEL 7.0-7.5
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note 2295238
Author:
## SPIP 3.1.2 Exec Code Cross-Site Request Forgery (CVE-2016-7980)
### Product Description
SPIP is a publishing system for the Internet, which put importance on
collaborative working, multilingual environments and ease of use. It is free
software, distributed under the GNU/GPL licence.
###
## SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal (CVE-2016-7982)
### Product Description
SPIP is a publishing system for the Internet, which put importance on
collaborative working, multilingual environments and ease of use. It is free
software, distributed under the GNU/GPL licence.
###
## SPIP 3.1.2 Template Compiler/Composer PHP Code Execution (CVE-2016-7998)
### Product Description
SPIP is a publishing system for the Internet, which put importance on
collaborative working, multilingual environments and ease of use. It is free
software, distributed under the GNU/GPL
Man in the Middle Remote Code Execution Vulnerability in WineBottler and its
Bundles
Metadata
===
Release Date: 17-10-2016
Author: Florian Bogner // Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected product: WineBottler
Hi @ll,
since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!
One of the many possible causes: Windows Update Client runs out of
(virtual) memory
AFAIK, that's actually the Unifi Controller, but that's "web based" as in,
you access it via a browser (I use the same on my Unifi setup). So, I still
can't see, nor understand, how to exploit said vulnerability unless you
already have a local account on the controller.
On Tue, Oct 4, 2016 at
cgiecho a script included with cgiemail will return any file under a
websites document root if the file contains square brackets and the
text within the brackets is guessable.
e.g: http://hostname/cgi-sys/cgiecho/login.php?'pass'=['pass'] will
display http://hostname/login.php if it contains
## SPIP 3.1.2 Reflected Cross-Site Scripting (CVE-2016-7981)
### Product Description
SPIP is a publishing system for the Internet, which put importance on
collaborative working, multilingual environments and ease of use. It is free
software, distributed under the GNU/GPL licence.
###
Aloha,
Summary
Evernote contains a DLL hijacking vulnerability that could allow an
unauthenticated, remote attacker to execute arbitrary code on the targeted
system. The vulnerability exists due to some DLL file is loaded by
'Evernote_6.1.2.2292.exe' improperly. And it allows an attacker to load
[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
"Enterprise CMS" and is most commonly used for intranets and as part
of the web presence of large organizations
[Systems Affected]
Title: CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: CAPTCHA bypass by re-using last loaded valid CAPTCHA code
Vulnerable version: before 3.6.0
CVE: CVE-2016-8600
Vendor/Product: dotCMS (http://dotcms.com/)
#
Application: SAP EP-RUNTIME component
Versions Affected: SAP EP-RUNTIME 7.5
Vendor URL: http://SAP.com
Bugs: Denial of Service
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note 2315788
Author: Mathieu Geli
## SPIP 3.1.2 Server Side Request Forgery (CVE-2016-7999)
### Product Description
SPIP is a publishing system for the Internet, which put importance on
collaborative working, multilingual environments and ease of use. It is free
software, distributed under the GNU/GPL licence.
###
Tim conflates two products in his original report:
Product: UniFi AP AC Lite
Vendor: Ubiquiti Networks Inc.
Internal reference: ? (Bug ID)
Vulnerability type: Incorrect access control
Vulnerable version: Unify 5.2.7 and possible other versions affected (not
tested)
[...]
Both the UniFi
Triggering this requires that the client sets a very large ALPN list
(several thousand bytes). This would be very unusual in a real-world
application. For this reason OpenSSL does not treat this as a security
vulnerability and I am inclined to agree with this decision. However, if an
attacker can
Hi,
please let us communicate directly and not via Mailinglists, because this
results in flooding and is not important to all other people. If there is an
final result, weather the PoC has got an mistake or not, we can publish the
result.
If there are other products affected we don’t know -
18 matches
Mail list logo