Full Disclosure
Posted by Vulnerability Lab on Feb 26
Document Title:
===============
DSS TFTP 1.0 Server – Path Traversal Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1440
Release Date:
=============
2015-02-26
Vulnerability Laboratory ID (VL-ID):
====================================
1440
Common Vulnerability Scoring System:
====================================
6.2
Product & Service Introduction:
===============================…
Posted by Onapsis Research Labs on Feb 25
Onapsis Security Advisory ONAPSIS-2015-004: SAP Business Objects
Unauthorized Audit Information Delete via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would be
able to delete auditing information of the remote system.
This way, the attacker could perform malicious activities without being
detected.
Risk Level: High
2. Advisory Information
=======================
-…
Posted by Onapsis Research Labs on Feb 25
Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects
Unauthorized Audit Information Access via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would be
able to read auditing information thus accessing sensitive business data.
Access to this functionality should be restricted.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release…
Posted by Onapsis Research Labs on Feb 25
Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects
Unauthorized File Repository Server Write via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would be
able to overwrite sensitive business data stored on the remote system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 2015-02-25
– Subscriber Notification Date:…
Posted by Onapsis Research Labs on Feb 25
Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects
Unauthorized File Repository Server Read via CORBA
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would be
able to retrieve sensitive business data stored on the remote system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 2015-02-25
– Subscriber Notification Date:…
Posted by Onapsis Research Labs on Feb 25
Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site
Scripting Vulnerabilities in SAP HANA Web-based Development Workbench
1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker would be
able to attack other users of the system.
Risk Level: Medium
2. Advisory Information
=========================
– Public Release Date: 2015-02-25
– Subscriber Notification Date:…
Posted by Praveen D on Feb 24
Webgate technology is focused on digital image processing, embedded system
design and networking to produce embedded O/S and web server cameras
providing real time images. We are also making superior network stand-alone
DVRs by applying our accumulated network and video solution knowledge.
WEBGATE Embedded Standard Protocol (WESP) SDK supports same tools in both
network DVR and network camera.
Webgate Inc. Business Partners: Honeywell, Samsung…
Posted by Steffen Rösemann on Feb 23
Advisory: Multiple reflecting XSS-, SQLi and
InformationDisclosure-vulnerabilities in Zeuscart v.4
Advisory ID: SROEADV-2015-12
Author: Steffen Rösemann
Affected Software: Zeuscart v.4
Vendor URL: http://zeuscart.com/
Vendor Status: pending
CVE-ID: will asked to be assigned after release on FullDisclosure via
OSS-list
Software used for research: Mac OS X 10.10, Firefox 35.0.1
==========================
Vulnerability Description:…
Posted by Douglas Held on Feb 22
Summary:
It is essential to provide a configuration option in the operating system
to:
1. never trust invalid certificates, and
2. to not prompt to trust them.
Steps to reproduce:
1. Install OS X on an Apple laptop.
2. Configure Mail.app (for example) to connect over SSL to your mail
server. Prepare a draft email with sensitive information about the
iPhone 8 or whatever.
3. Go treat yourself to a hotel visit.
4. Connect to the hotel Wifi SSID…
Posted by Stefan Kanthak on Feb 21
Hi @ll,
the MSDN documents the BRAINDEAD behaviour of the functions
CreateProcess() <https://msdn.microsoft.com/en-us/library/ms682425.aspx>,
CreateProcessAsUser() <https://msdn.microsoft.com/en-us/library/ms682429.aspx>
CreateProcessWithLogonW() <https://msdn.microsoft.com/en-us/library/ms682431.aspx>
CreateProcessWithTokenW() <https://msdn.microsoft.com/en-us/library/ms682434.aspx>
for an unquoted “long”…