Monthly Archives: January 2017

NVD

CVE-2017-5372

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.

NVD

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

NVD

CVE-2017-5371

Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.

Hackers News

This Bug Could Allow Hackers to Delete Any Video On Facebook

A security researcher has discovered a critical vulnerability in Facebook that could allow attackers to delete any video of the social networking site shared by anyone on their wall.

The flaw has been discovered by security researcher Dan Melamed in June 2016, allowing him not only to remotely delete any video on Facebook shared by anyone without having any permission or authentication but