Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener –
Missing authorization check
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16
– DoS
Application: SYBASE SQL Anywhere 12 and 16
Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 – XXE
Application: SAP Mobile Platform 3.0
Versions Affected: SAP Mobile Platform 3.0, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 29.12.2014
Reported: 29.12.2014
Vendor response: 30.12.2014
Date of Public Advisory: 18.06.2015
Reference:…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow – RCE, DoS
Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent: 25.08.14
Reported: 25.08.14
Vendor response: 25.08.14
Date of Public Advisory: 15.02.2015…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal
XMLValidationComponent – XXE
Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.2014
Reported: 06.11.2014
Vendor response: 07.11.2014
Date of Public Advisory: 18.06.2015…
Adobe released an emergency patch for a Flash zero day used in targeted attacks by APT3, the same group behind 2014’s Clandestine Fox attacks.
Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.
Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers’ installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password.
Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL.
In a little more than a year, consumers affected by the Cryptowall ransomware have reported to the FBI more than $18 million in losses related to infections from the malware. Cryptowall is among the group of ransomware families that encrypt the files on victims’ computers and then demands a ransom in order to obtain the […]