Full Disclosure
Posted by ERPScan inc on Nov 22
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: Denial of Service
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2313835
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman – DoS vulnerability
Advisory…
Posted by x33fcon.office on Nov 22
Howdy all!
We have just opened call for papers and trainers for new security event, called
x33fcon (pronounced /ˈziːf-kɒn/) taking place in Poland between April 24-28,
2017.
Yet another security con? Nope.
The idea behind x33fcon is to focus on a very specific need of the security
industry: collaboration between blue and red teams (sometimes referred to as
purple teaming). We know from our professional experience how hard it can be to…
Posted by Berend-Jan Wever on Nov 22
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
fifteenth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161121001.html.
Follow me…
Posted by Alexander Lashkov on Nov 22
November 15 marks the start of the call for papers for Positive Hack Days VII, an international digital security forum
that will be held at the World Trade Center in Moscow, Russia, on May 23-24, 2017. Potential presenters must apply by
sending an application form (https://cfp.phdays.com/en/phd7/cfp/open_soon) before January 30, 2017. Both established
experts and up-and-coming specialists are encouraged to apply.
At the event, we plan to…
Posted by Manuel Garcia Cardenas on Nov 22
=============================================
MGC ALERT 2016-006
– Original release date: Nov 16, 2016
– Last revised: Nov 21, 2016
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Reflected XSS in WonderCMS <= v0.9.8
II. BACKGROUND
————————-
WonderCMS is a simple, small & secure flat file CMS.
III….
Posted by Michael Heydon on Nov 20
Title: Multiple issues in OpManager
Author: Michael Heydon
Product: OpManager
Tested Versions: 12100 & 12200
Vendor: Zoho ManageEngine
Vendor Notified: 2016-08-14
Disclosure Date: 2016-11-20
Product Description:
====================
OpManager is a web-based network monitoring system. It is used primarily by
IT staff and it stores credentials in order to log in to systems which are
to be monitored. According to ManageEngine it is…
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Cross-site Scripting [CWE-79]
Date found: 2016-06-29
Date published: –
CVSSv3 Score: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by…
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Information Exposure Through an Error Message [CWE-209]
Date found: 2016-06-29
Date published: –
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was…
Posted by Julien Ahrens on Nov 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: –
CVSSv3 Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by Julien…
Posted by Summer of Pwnage on Nov 20
Hi Larry,
The entire advisories are posted to the oss-security mailing list.
Cheers,
Team Summer of Pwnage