Posted by ERPScan inc on Oct 30
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-028]
Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: information disclosure, DoS, SSRF, NTLM relay
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name:…
Posted by ERPScan inc on Oct 30
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite – XXE injection
Advisory ID: [ERPSCAN-15-029]
Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 21.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: information disclosure, DoS, SSRF, NTLM relay
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name:…
Posted by ERPScan inc on Oct 30
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: information disclosure, DoS, SSRF, NTLM relay
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name:…
Posted by CRT on Oct 30
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Pligg CMS 2.0.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: Code Execution & CSRF
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH
2….
Posted by Dawid Golunski on Oct 30
eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
eBay Magento EE <= 1.14.2.1
Details at:
http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt
Regards,
Dawid Golunski
Posted by Denis Andzakovic on Oct 30
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Law enforcement agencies across Europe have searched homes this week, as part of an international crackdown against users of a notorious piece of Android malware known as DroidJack.
The post Using DroidJack to spy on an Android? Expect a visit from the police appeared first on We Live Security.
Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.
Libstagefright integer overflow checks can be bypassed with extended chunk lengths.
This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.