Full Disclosure
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-020
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution
1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-019
– Onapsis SVS ID:…
Posted by Onapsis Research on Aug 19
Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure
1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker may obtain
clear-text passwords of SAP HANA users and get critical information.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-007
– Onapsis SVS ID: ONAPSIS-00186…
Posted by Onapsis Research on Aug 18
Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could obtain technical information about the SAP HANA Platform that
can be used to perform more complex attacks
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security…
Posted by Brandon Perry on Aug 16
Right, it’s the same vuln, just in different places. It was fixed in 3.0.4.
Posted by 1n3 on Aug 16
Which version of Zabbix? 3.0.3?
-1N3
Posted by Brandon Perry on Aug 16
I actually ended up finding this vuln in a different vector (in the profileIdx2 parameter)….
Posted by Reggie Dodd on Aug 16
[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 – Authentication
Bypass
[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd
[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock – Body-Worn Camera Docking Station
https://www.axon.io/products/dock
[SUMMARY]
The Axon Dock is the camera docking station component of Taser’s body-worn
camera system. It charges body-worn cameras and automatically…
Posted by Sebastian Michel on Aug 16
Hey Guys,
im not sure if this is a new point. But i´m thinking about a possible security hole by design
which exists at maybe many (german) cable providers.
German cable providers like Unitymedia/Kabel Deutschland provides u a Fritzbox or any other
Cable-Router for internet access. As you know, this routers have a mac-address on every
Interface like on wifi, ethernet and so on.
By default, the Wifi-SSID is public available. The SSID gives you…
Posted by Stefan Kanthak on Aug 16
Hi @ll,
JRT.exe (see <https://en.malwarebytes.com/junkwareremovaltool/>)
1. is vulnerable to DLL hijacking:
see <https://cwe.mitre.org/data/definitions/426.html>
and <https://cwe.mitre.org/data/definitions/427.html> for
these WELL-KNOWN and WELL-DOCUMENTED beginner’s errors;
2. creates an unsafe directory “%TEMP%jrt”:
see <https://cwe.mitre.org/data/definitions/377.html>
and <…