Posted by Suraj Krishnaswami on Jun 23
Title:
===============
ManageEngine Asset Explorer v6.1 – XSS Vulnerability
CVE-ID:
====================================
CVE-2015-2169
CVSS:
====================================
3.5
Product & Service Introduction (Taken from their homepage):
====================================
ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM)
software that helps you monitor and manage assets in your network from
Planning phase to…
Posted by Mehdi Talbi on Jun 23
Hey list,
A new version (0.3.0) of Haka is available at haka-security.org.
The new release adds a stream-based asm instruction disassembler module
based on Capstone engine. This enables to detect obfuscated shellcode at
network level for instance.
The new version improves also logging performance and fixes various bugs.
Thanks for all users who have reported these bugs.
As a remainder, Haka is an open source security oriented language that…
Posted by Levon Kayan on Jun 23
Hi,
We released a version 0.2 of smalisca.
[ DESCRIPTION ]
A static code analysis tool for Smali files.
If you ever have looked at Android applications you know to appreciate
the ability of analyzing your target at the most advanced level. Dynamic
programm analysis will give you a pretty good overview of your
applications activities and general behaviour. However sometimes you’ll
want to just analyze your
application without running it….
Posted by Scott Arciszewski on Jun 23
The Hype
========
Before we begin, let’s look at some of the hype that the Minds.com
team has been feeding into on Twitter.
https://twitter.com/minds/status/611536729175130112 ~>
https://twitter.com/minds/status/612023517962477568 ~>
https://twitter.com/minds/status/610499794834821121 ~>
https://twitter.com/WiredUK/status/610732859373043712 ~>
Wow, if Anonymous backs this project, surely it must be legitimate and
secure,…
Posted by Liran Segal on Jun 23
Document Title:
===============
WordPress “Nextend Facebook Connect” Plugin Version: 1.5.4 is vulnerable to Reflected XSS (Cross Site Scripting)
Download URL:
=============
https://wordpress.org/plugins/nextend-facebook-connect/
Release Date:
=============
2015-06-20
Vulnerability CVE ID:
=====================
CVE-2015-4413
Vulnerability Disclosure Timeline:
==================================
2015 – 06 – 03 First notified to…
Posted by Liran Segal on Jun 23
WordPress “Nextend Twitter Connect”
===================================
Document Title:
===============
WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting)
Download URL:
=============
https://wordpress.org/plugins/nextend-twitter-connect/
Release Date:
=============
2015-06-20
Vulnerability CVE ID:
=====================
CVE-2015-4557
Vulnerability Disclosure Timeline:…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform – XXE
Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.14
Reported: 06.11.14
Vendor response: 07.11.14
Date of Public Advisory: 18.06.2015
Reference: SAP Security Note…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal
ReportXmlViewer – XXE
Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XXE
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference: SAP…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console
ReadProfile Parameters – Information disclosure
Application: SAP Management Console
Versions Affected: SAP NW 7.4 Management Console, probably others
Vendor URL: http://SAP.com
Bugs: Information disclosure
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory:…
Posted by Darya Maenkova on Jun 23
<https://www.linkedin.com/company/2217474?trk=ppro_cprof>ERPSCAN
Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener – DoS in the
module XeClient.Dll
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public…