Full Disclosure
Posted by Apple Product Security on Aug 25
APPLE-SA-2016-08-25-1 iOS 9.3.5
iOS 9.3.5 is now available and addresses the following:
Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout
Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-00171: JD Edwards Server Manager Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could retrive the administration user and passwords from
the Server Manager compromising the whole JDE landscape hence all of its information and processes.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date:…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards
infrastructure.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory ID: ONAPSIS-2016-014
– Onapsis SVS ID: ONAPSIS-00175
-…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-012: JD Edwards JDENET function DoS
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could remotely shutdown the entire JD Edwards
infrastructure.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory ID: ONAPSIS-2016-012
– Onapsis SVS ID: ONAPSIS-00176
-…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-011: JD Edwards Server Manager Create users
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could create users in the Server Manager, ultimately
compromising the whole JDE landscape hence all of its information and processes.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised:…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-010: JD Edwards Server Manager Shutdown
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could Shutdown the Server Manager
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory ID: ONAPSIS-2016-010
– Onapsis SVS ID: ONAPSIS-00173
– CVE: CVE-2016-0421
-…
Posted by Onapsis Research on Aug 25
Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could get the administration password getting full
compromise of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory ID: ONAPSIS-2016-009
– Onapsis…
Posted by SEC Consult Vulnerability Lab on Aug 25
SEC Consult Vulnerability Lab Security Advisory < 20160825-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus GroupWise
vulnerable version: GroupWise 2014 R2 (<=SP1)
GroupWise 2014
(unsupported versions may be affected)
fixed version: GroupWise 2014 R2 Service Pack 1 Hot Patch 1…
Posted by nullcon on Aug 24
Dear Hackers and Security Pros,
Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.
What is 8-bit?
As a tradition of…
Posted by Julien Ahrens on Aug 24
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AlienVault USM/OSSIM
Vendor URL: www.alienvault.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-24
Date published: 2016-08-23
CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2016-6913
2. CREDITS
==========
This vulnerability was discovered and researched by Julien…