Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Monthly Archives: October 2014
CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2014-8313
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
CVE-2014-8314
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.
CVE-2014-8315
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
CVE-2014-8316
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
HP Security Bulletin HPSBMU03126
HP Security Bulletin HPSBMU03126 – Potential security vulnerabilities have been identified with HP Operations Manager (formerly OpenView Communications Broker). The vulnerabilities could be exploited resulting in remote cross-site scripting (XSS). Revision 1 of this advisory.
CESA-2014:1653 Moderate CentOS 5 openssl SecurityUpdate
CentOS Errata and Security Advisory 2014:1653 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1653.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0c3787137a7d1a0402612833b173693910eb27f79e0c4f8cedf6185b4f7141f9 openssl-0.9.8e-31.el5_11.i386.rpm 5ef64e16dd1349a254a96e91cfdfdd6215fb9daa846360d2efff515bbb6a56b8 openssl-devel-0.9.8e-31.el5_11.i386.rpm b98e5df6d59eddee85d544ca35bf0b7ca469a4c7032138465189c4c7bc27e5e6 openssl-perl-0.9.8e-31.el5_11.i386.rpm x86_64: 85ee93123052e86fd4204694e3ac52fad6797b3f7009d8bce8e1f908bfed5352 openssl-0.9.8e-31.el5_11.x86_64.rpm 5ef64e16dd1349a254a96e91cfdfdd6215fb9daa846360d2efff515bbb6a56b8 openssl-devel-0.9.8e-31.el5_11.i386.rpm 11362d4d6755f5e33609a8adf6fbd0002f1343e72cd5e06ddbf2c8e99cf0d514 openssl-devel-0.9.8e-31.el5_11.x86_64.rpm 4aa6b35c036489a83a193ceb26fea4d1b5da93e7fddc08245fe59ffde0d7f509 openssl-perl-0.9.8e-31.el5_11.x86_64.rpm Source: 1741388be54beb7176f7b5d90a3ddd1be99e1fcd5296725f4999c446a30c35c5 openssl-0.9.8e-31.el5_11.src.rpm
RHEA-2014:1649-1: kpatch enhancement update
Red Hat Enterprise Linux: An updated kpatch package that adds two enhancements is now available for Red
Hat Enterprise Linux 7.
RHBA-2014:1651-1: spacewalk-java bug fix update
RHN Satellite and Proxy: Updated spacewalk-java packages that fix one bug are now available for Red Hat
Satellite 5.6 and Red Hat Network Satellite 5.5.