[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
Monthly Archives: August 2016
Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client
RHEA-2016:1598-1: Red Hat OpenStack Platform 9 images Release Candidate Advisory
Red Hat Enterprise Linux: rhosp-director-images packages are now available for Red Hat OpenStack Platform
9 Release Candidate.
RHSA-2016:1640-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
New Brazilian Banking Trojan Uses Windows PowerShell Utility
A new sophisticated banking Trojan targeting Brazilians via a malicious .PIF file that changes browser proxy settings.
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-038
– Onapsis SVS ID: ONAPSIS-00235
– CVE:…
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-040
– Onapsis SVS ID:…
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote
Code Execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-037
– Onapsis SVS ID:…
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-034
– Onapsis SVS ID:…
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
-…