SYBASE SQL Anywhere versions 12 and 16 suffer from a denial of service vulnerability. An attacker can trigger a condition in which the process ceases to run. This condition can be intentionally provoked by an attacker to cause denial of service.

SAP Afaria version 7 suffers from a missing authorization check vulnerability. An attacker can use a missing authorization check to access the service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks.

SAP Afaria version 7 suffers from a denial of service vulnerability in the XcListener module XeClient.Dll.

The management console of SAP NW version 7.4 suffers from an information disclosure vulnerability. It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information.

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

SAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.

Debian Linux Security Advisory 3291-1 – Several vulnerabilities were found in drupal7, a content management platform used to power websites.

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.