Posted by Uğur Cihan KOÇ on Sep 10

Document Title:
==============
Nokia Solutions and Networks @vantage – Multiple Reflected XSS

Release Date:
============
9 Sep 2015

Abstract Advisory Information:
=============================
Ugur Cihan Koc discovered twentySeven Reflected XSS
vulnerability in Nokia NSN @vantage

Vulnerability Disclosure Timeline:
=================================
24 July 2015 Bug reported to the vendor.
28 July 2015 Asked about the case.
8 Sep 2015…

Posted by Stefan Kanthak on Sep 10

Hi @ll,

part 16 <http://seclists.org/fulldisclosure/2014/May/211> showed
the about 2000 [*] registry entries of Windows 8.1 where Microsoft’s
developers ignore their companies own security recommendations and
use unqualified pathnames.

Unfortunately they still ignore these recommendations with Windows 10:
see <http://home.arcor.de/skanthak/download/W10_PATH.INF> for the
about 2000 registry entries with unqualified pathnames…

Posted by ERPScan inc on Sep 10

ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE
in Add Repository

Application: SAP Mobile Platform
Versions Affected: SAP Mobile Platform 3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response: 14.03.2015
Date of Public Advisory: 15.06.2015
Reference: SAP Security Note 2159601
Author: Vahagn Vardanyan (ERPScan)

Description

1….

Posted by ERPScan inc on Sep 10

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP–
Hardcoded Credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response: 07.03.2014
Date of Public Advisory: 15.06.2015
Reference: SAP Security Note 2057982
Author: Rustem Gazizov, Diana Grigorieva (ERPScan)…

Posted by ERPScan inc on Sep 10

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response: 07.03.2014
Date of Public Advisory: 15.06.2015
Reference: SAP Security Note 2059659
Author: Rustem…

Posted by Fernando Camara on Sep 10

Application: CubeCart 6.0.6 > 5.2.12
Fixed: 07/09/2015 (6.0.7)
Credits: Fernando Câmara @overflowy
Title: Admin account hijacking vulnerability
Dork: inurl:”index.php?_a=”
Requirements: Default admin recovery functions enabled…
Knowledge of the admin account email

P.O.C

Its possible for an attacker to access the admin pass recovery page without
sending a recovery email previously.

admin.php?_g=recovery

The form…

Posted by Onur Yilmaz on Sep 10

Information
——————–
Advisory by Netsparker.
Name: XSS Vulnerability in DataTables
Affected Software : DataTables
Affected Versions : 1.10.8 and possibly below
Vendor Homepage : https://github.com/DataTables/DataTables
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-6584
Netsparker Advisory Reference : NS-15-014

Description
——————–
By exploiting a Cross-site scripting…

Posted by Daniel Jensen on Sep 10

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….

Posted by Denis Andzakovic on Sep 10

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….