SAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.
Monthly Archives: July 2015
WordPress Plotly 1.0.2 Cross Site Scripting
WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
Pimcore CMS Build 3450 SQL Injection
Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.
Adobe Releases Security Update for Shockwave Player
Original release date: July 14, 2015
Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-17 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
United Airlines Hands Out Million-Mile Bug Bounty
Security researcher Jordan Wiens was awarded one million miles after submitting a remote code execution bug to United Airlines’ bug bounty program.
CVE-2015-1917 (websphere_portal)
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-1887 (websphere_portal)
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
CVE-2015-1944 (websphere_portal)
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-4269 (unified_communications_manager)
The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
CVE-2015-4272 (unified_communications_manager)
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.