Full Disclosure
Posted by Berend-Jan Wever on Jun 18
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
============================================================================
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/
With [MS16-063] Microsoft has patched [CVE-2016-0199]: a memory
corruption bug
in the garbage collector of the JavaScript engine used in Internet
Explorer 11.
By exploiting this vulnerability, a…
Posted by Remco Sprooten on Jun 18
I. VULNERABILITY
————————-
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
Version 2.3.1-RELEASE-p1
II. BACKGROUND
————————-
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system, with a custom kernel and an array of third-party
free software packages that can be installed for additional functionality.
Through this package system pfSense software is able…
Posted by ERPScan inc on Jun 18
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5
Vendor URL: http://SAP.com
Bug: XSS
Sent: 20.10.2015
Reported: 21.10.2015
Vendor response: 21.10.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2238375
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester –
XSS vulnerability
Advisory…
Posted by ERPScan inc on Jun 18
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5
Vendor URL: http://SAP.com
Bug: Directory traversal
Sent: 29.09.2015
Reported: 29.09.2015
Vendor response: 30.09.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2234971
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability…
Posted by Stefan Kanthak on Jun 18
Hi @ll,
the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their “application directory” instead
of Windows’ “system directory” %SystemRoot%System32.
On Windows 7 and before they also (try to) load PCACli.dll and
API-MS-Win-Downlevel-Shell32-l1-1-0.dll from the…
Posted by ERPScan inc on Jun 18
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5
Vendor URL: http://SAP.com
Bug: XXE
Sent: 20.10.2015
Reported: 21.10.2015
Vendor response: 21.10.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2235994
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet –
XXE vulnerability
Advisory…
Posted by Nate Kettlewell on Jun 16
Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1
Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016
Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-5709
Risk Level: High
CVSSv3 Base Score: 6.0 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Solution Status: Solution Available…
Posted by vishnu raju on Jun 16
Hi Hackers,
Greetings from Vishnu (@dh4wk)
1. Vulnerable Product Version:
*Blat v3.2.14*
Link: blat.net
2. Vulnerability Information
Impact: Attacker may gain administrative access / can perform a DOS
Remotely Exploitable: No
Locally Exploitable: May be possible
3. Product Details
An open source Windows (32 & 64 bit) command line SMTP mailer. We can use
it to automatically email logs, the contents of a html FORM, or…
Posted by Karn Ganeshen on Jun 16
+++++
*Vulnerable Products*
1. Papouch TME Ethernet thermometer
2. Papouch TME multi: Temperature and humidity via Ethernet
*All versions affected*
*TME – Ethernet Thermometer*
http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/
*TME multi: Temperature and humidity via Ethernet*
http://www.papouch.com/en/shop/product/tme-multi-temperature-humidity-via-ethernet/
*Vulnerability Details*
*1. Weak Credentials Management*
Device…
Posted by Karn Ganeshen on Jun 16
*HP StoreEver MSL6480 Tape Library v4.10 – Multiple Vulnerabilities*
*Confirmed on firmware version 4.10*
*HPE PSRT response*: Upgrade to MSL6480 is 4.90 (current version)
*Weak Credentials Management*
The device comes with weak, default login credentials – security/security –
and the application does not enforce a mandatory, password change from
default to strong password values.
*Access Control Issues*
An unauthenticated user can download…