Full Disclosure
Posted by Vulnerability Lab on Sep 02
Document Title:
===============
Kaspersky Company Account – Response XSS Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1934
Release Date:
=============
2016-08-29
Vulnerability Laboratory ID (VL-ID):
====================================
1934
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Posted by Vulnerability Lab on Sep 02
Document Title:
===============
FormatFactory 3.9.0 – (.task) Stack Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1935
Release Date:
=============
2016-09-01
Vulnerability Laboratory ID (VL-ID):
====================================
1935
Common Vulnerability Scoring System:
====================================
6.1
Product & Service Introduction:…
Posted by Stefan Kanthak on Aug 31
Hi @ll,
Avira’s free antivirus full package executable installers,
avira_antivirus_en-us.exe, avira_antivirus_de-de.exe etc.,
available from
<https://www.avira.com/en/download/product/avira-free-antivirus>,
<https://www.avira.com/de/download/product/avira-free-antivirus>
etc., have multiple vulnerabilities:
1. the full package executable installers (really: self-
extracting RAR archives) extract their payload (the real…
Posted by SEC Consult Vulnerability Lab on Aug 31
SEC Consult Vulnerability Lab Security Advisory < 20160831-0 >
=======================================================================
title: Manipulation of pre-boot authentication
product: CryptWare CryptoPro Secure Disk for Bitlocker
vulnerable version: 5.1.0.6474
fixed version: 5.2.1
CVE number: –
impact: critical
homepage: http://www.cryptware.eu
found:…
Posted by Onapsis Research on Aug 30
Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…
Posted by Onapsis Research on Aug 30
Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…
Posted by Onapsis Research on Aug 30
Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436
1. Impact on Business
=====================
By exploiting this vulnerability a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…
Posted by Onapsis Research on Aug 30
Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439
1. Impact on Business
=====================
By exploiting this vulnerability a remote attacker could steal sensitive business information by targeting other users
connected to the system.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…
Posted by [CXSEC] on Aug 26
——————————————————————————–
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
——————————————————————————–
Apple tried to fix security issue in file system (FTS) libc implementation
but doesn’t patch it completely….
Posted by Matías Mevied on Aug 25
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from
the Server Manager compromising the whole JDE landscape hence all of its information and processes.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date:…