[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
Application: SAP HANA
Versions Affected: SAP HANA 1.00.095
Vendor URL: http://SAP.com
Bugs: Memory corruption, RCE
Reported: 17.07.2015
Ven
\ +
-6)) ++
\
+
* CVE: CVE-2015-8773
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly GUID
Greetings
Upon communication with the SAP team, i was told to send over the advisory
to you. Please read and revert
--
Kind Regards
Shahmeer Amir
Web Application Security Researcher
Network Security Analyst
SAP Hana Cloud Platform Cockpit Cross site Scripting Vulnerabilities
PHP File Manager 0.9.8 (http://phpfm.sourceforge.net/) is vulnerable to
authentication bypass due to insecure implementation of register globals
emulation. An attacker is able to override the blockKeys array and thus
build a valid session and access all the protected functionality (including
execut
The LiteSpeed SAPI module in PHP did not sanitize several fields of the
LSAPI request correctly. In the source file sapi/litespeed/lsapilib.c,
the parseRequest function calculated addresses of thesevariables in the
following way:
pReq->m_pScriptFile = pReq->m_pReqBuf +
pReq->m_pHeader->m_s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
#Vendor: ZyXel WAP3205 - version 1 (Product is EOL and no patch
forthcoming)
#Firmware version: V1.00(BFR.6) - V1.00(BFR.8)C0
#Exploit Author: Nicholas Lehman @GraphX
#Vulnerability: Multiple persistent and reflected XSS vulnerabilities
Descripti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
#Title: Eclipse Birt Report Viewer v4.5.0 and below Persistent XSS
#Vendor homepage: http://www.eclipse.org
#Exploit Author: Multiple parties reported to vendor. (first in 2008!)
#Vulnerability: Presistent XSS when viewing report with malicious code
Advisory ID: HCA0005 - http://hackingcorp.ch/advisories/HCA0005.pdf
Product: Horizon HD / WiFi
Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, ...)
Affected Version(s): unknown
Tested Version(s): curre
CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the
cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and
parties. Regarding the price increase to $40, it was forced due to ever-rising
venue costs. But we promise to provide more value via; great
TO Commit a SIN is Human.
TO Learn from SINs is a Better Human.
TO Learn from others SINs... its like a Hacker
TO Exploit others SINs with SYN/FIN/ACK/RST
We are proud to present the seventh edition of HackIM 2016 Powered by EMC2.
Starting from : 29th Jan, 2016 10:00 PM (GMT +530)
Battle on Till
During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.
* CVE-2015-7675: Unauthorized access to arbitrary files and documents
https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7
* CVE: CVE-2015-8772
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly IOC
* CVE: CVE-2015-8772
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
*
Advisory ID: HCA0005 - http://hackingcorp.ch/advisories/HCA0005.pdf
Product: Horizon HD / WiFi
Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, ...)
Affected Version(s): unknown
Tested Version(s): curre
In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master
process during startup. It is running as root and accepts LSAPI
requests, which in turn specify what user under the script should run.
The LSAPI request is authenticated with a MAC, which is based on
preshared random key betwee
The FastCGI Process Manager (FPM) SAPI of PHP was vulnerable to memory
leak and buffer overflow in the access logging feature.
PHP-FPM offers customization of the access log lines based on format
string variables which can be specified with the access.format option of
the FPM configuration file.
T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
#Title: Eclipse Birt Report Viewer <= v4.5.0 Persistent XSS
#Vendor homepage: http://www.eclipse.org
#Discovered by: Multiple parties reported to vendor. (first in 2008!)
#Vulnerability: Presistent XSS when viewing report containing javascript
Desc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
#Title: Eclipse Birt Report Viewer v4.5.0 and below Persistent XSS
#Vendor homepage: http://www.eclipse.org
#Exploit Author: Multiple parties reported to vendor. (first in 2008!)
#Vulnerability: Presistent XSS when viewing report with malicious code
# Multiple Vulnerabilities - Netgear GS105Ev2
## Product
Vendor: Netgear
Model: GS105Ev2
Firmware version: 1.3.0.3,1.4.0.2
Reference: http://downloadcenter.netgear.com/de/product/GS105Ev2#searchResults
Netgear GS105Ev2 is a Gigabit switch with 5 ports targeting SMBs. The switch
can be confi
Document Title:
===
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1680
Release Date:
=
2016-01-27
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1681
Release Date:
=
2016-01-26
Vulnerability Laboratory ID (VL-ID):
===
Document Title:
===
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1677
Release Date:
=
2016-01-23
Vulnerability Laboratory ID (VL-ID):
1
Document Title:
===
Classic Infomedia (Login) - Auth Bypass Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1679
Release Date:
=
2016-01-25
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1203
eBay Inc. Bug Bounty Program ID: EIBBP-26644
Release Date:
=
2016-01-18
Vulnerability Labor
Document Title:
===
Telegram (API) - Cross Site Request Forgery Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1648
Release Date:
=
2016-01-17
Vulnerability Laboratory ID (VL-ID):
==
Document Title:
===
Apple WatchOS v2.1 - Denial of Service Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1659
Followup ID: 634926833
Release Date:
=
2016-01-11
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1108
Barracuda Networks Security ID (BNSEC): BNSEC-1530
Release Date:
=
2016-0
Document Title:
===
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1682
Release Date:
=
2016-01-27
Vulnerability Laboratory ID (VL-ID):
==
29 matches
Mail list logo
