[FD] Haka v0.3.0 release

2015-06-23 Thread Mehdi Talbi
Hey list, A new version (0.3.0) of Haka is available at haka-security.org. The new release adds a stream-based asm instruction disassembler module based on Capstone engine. This enables to detect obfuscated shellcode at network level for instance. The new version improves also logging performanc

[FD] XSS vulnerability in manage engine.

2015-06-23 Thread Suraj Krishnaswami
Title: === ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: CVE-2015-2169 CVSS: 3.5 Product & Service Introduction (Taken from their homepage): ManageEngine A

[FD] Minds.com - Several Issues

2015-06-23 Thread Scott Arciszewski
The Hype Before we begin, let's look at some of the hype that the Minds.com team has been feeding into on Twitter. https://twitter.com/minds/status/611536729175130112 ~> > #Anonymous backs new #encrypted #social network to rival Facebook > http://www.infowars.com/anonymous-backs-new-en

[FD] New version: smalisca - Static Code Analysis tool for Smali files

2015-06-23 Thread Levon Kayan
Hi, We released a version 0.2 of smalisca. [ DESCRIPTION ] A static code analysis tool for Smali files. If you ever have looked at Android applications you know to appreciate the ability of analyzing your target at the most advanced level. Dynamic programm analysis will give you a pretty good o

[FD] CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting

2015-06-23 Thread Liran Segal
Wordpress “Nextend Twitter Connect” === Document Title: === WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting) Download URL: = https://wordpress.org/plugins/nextend-twitter-conn

[FD] CVE-2015-4413 - Wordpress “Nextend Facebook Connect” Cross Site Scripting

2015-06-23 Thread Liran Segal
Document Title: === WordPress “Nextend Facebook Connect” Plugin Version: 1.5.4 is vulnerable to Reflected XSS (Cross Site Scripting) Download URL: = https://wordpress.org/plugins/nextend-facebook-connect/ Release Date: = 2015-06-20 Vulnerability CVE ID

[FD] ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Application:SAP Mobile Platform 3.0 Versions Affected:SAP Mobile Platform 3.0, probably others Vendor URL:http://SAP.com Bugs:XML eXternal Entity Sent:29.12.201

[FD] ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Application:SYBASE SQL Anywhere 12 and 16 Versions Affected:SYBASE SQL Anywhere 12 and 16, probably others Vendor URL:http://SAP.com Bugs:DoS Sent:09.12.

[FD] ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check Application:SAP Afaria 7 Versions Affected:SAP Afaria 7, probably others Vendor URL:http://SAP.com Bugs:Missing authorization check Sent:

[FD] ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll Application:SAP Afaria 7 Versions Affected:SAP Afaria 7, probably others Vendor URL:http://SAP.com Bugs:

[FD] ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Application:SAP Management Console Versions Affected:SAP NW 7.4 Management Console, probably others Vendor URL:http://SAP.com Bugs:In

[FD] ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Application:SAP NetWeaver Portal 7.31 Versions Affected:SAP NetWeaver Portal 7.31, probably others Vendor URL:http://SAP.com Bugs:XXE Sent:09.12.

[FD] ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE Application:SAP Mobile Platform 2.3 Versions Affected:SAP Mobile Platform 2.3, probably others Vendor URL:http://SAP.com Bugs:XML eXternal Entity Sent:06.11.14 Rep

[FD] ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE Application:SAP NetWeaver Portal 7.31 Versions Affected:SAP NetWeaver Portal 7.31, probably others Vendor URL:http://SAP.com Bugs:XML eXternal Entity Sent

[FD] ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS

2015-06-23 Thread Darya Maenkova
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Application:SAP NetWeaver Dispatcher Versions Affected:SAP NetWeaver Dispatcher, probably others Vendor URL:http://SAP.com Bugs: RCE Sent: