Full Disclosure
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener –
Missing authorization check
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:…
Posted by Darya Maenkova on Jun 23
<https://www.linkedin.com/company/2217474?trk=ppro_cprof>ERPSCAN
Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener – DoS in the
module XeClient.Dll
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal
XMLValidationComponent – XXE
Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.2014
Reported: 06.11.2014
Vendor response: 07.11.2014
Date of Public Advisory: 18.06.2015…
Posted by Darya Maenkova on Jun 23
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow – RCE, DoS
Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent: 25.08.14
Reported: 25.08.14
Vendor response: 25.08.14
Date of Public Advisory: 15.02.2015…
Posted by Vulnerability Lab on Jun 22
Document Title:
===============
ManageEngine Asset Explorer v6.1 – Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1488
Release Date:
=============
2015-06-22
Vulnerability Laboratory ID (VL-ID):
====================================
1488
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Posted by Antonio Augusto Santos on Jun 21
Dear,
(Brazilian Portuguese version bellow – Versão em português abaixo)
My name is Antonio Augusto, and I am currently doing a MS in Computer
Science in Brazil. My research focus on the use of Machine Learning
techniques on IDS (Intrusion Detection Systems) alerts.
There has been a lot of work on this area in recent years, which tries to
bring some improvements on the way we deal with alerts. However, the
academia has no way to know which…
Posted by Scott Arciszewski on Jun 21
Hi Full Disclosure readers,
The symmetric-key encryption used in Tutanota is vulnerable to ciphertext
malleability (a.k.a. arbitrary bit rewriting), since they fail to
authenticate their ciphertexts. The offending code snippet (for the Android
version of their app) is here:
I am not the first to discover this…
Posted by Nitin Venkatesh on Jun 20
# Title: Cross-Site Request Forgery in Google Analyticator WordPress Plugin
v6.4.9.3 before rev @1183563
# Submitter: Nitin Venkatesh
# Product: Google Analyticator WordPress Plugin
# Product URL: https://wordpress.org/plugins/google-analyticator/
# Vulnerability Type: Cross-Site Request Forgery [CWE-352]
# Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier
# Tested versions: v6.4.9.3 rev @1168849
# Fixed Version: v6.4.9.3 rev…
Posted by MustLive on Jun 20
Hello list!
Earlier I wrote about XSS vulnerability in IBM Domino
(http://seclists.org/fulldisclosure/2015/May/128). I informed IBM in May
about it and at 17.06.2015 they fixed it and released security bulletin.
Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability
(CVE-2015-1981) http://www-01.ibm.com/support/docview.wss?uid=swg21959908.
CVE ID: CVE-2015-1981.
————————-
Affected products:…
Posted by Vulnerability Lab on Jun 19
Document Title:
===============
Ebay Magento Bug Bounty #12 – Cross Site Request Forgery Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1460
Video: http://www.vulnerability-lab.com/get_content.php?id=1526
View Video: https://www.youtube.com/watch?v=x7uaABfxxU0
EIBBP-31602
Release Date:
=============
2015-06-17
Vulnerability Laboratory ID (VL-ID):…