Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption
1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could potentially abuse of technical functions to access and/or
compromise the business information.
Risk Level: Low
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-005
– Onapsis SVS…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-050
– Onapsis SVS ID: ONAPSIS-00252…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-049
– Onapsis SVS ID: ONAPSIS-00255
– CVE:…
Posted by Onapsis Research on Oct 11
Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass
1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially
executing arbitrary business processes.
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID:…
Is Vladimir Putin almighty? Some say that he’s behind everything that moves the world. We steer clear of any conspiracy theories, but what we can say for sure is that President Putin recently made it to the world of Torrent.
Revision Note: V1.0 (October 11, 2016): Click here to enter text.
Summary: This bulletin summary lists security bulletins released for October 2016.
Posted by Rob Thomas on Oct 11
The impression I get from Tim Pham’s emails is that the ‘Unify Manager’ is doing some behind-the-scenes tunnelling, and
bringing the Mongo interface from the server to the client (Eg, Mac or Windows device) and you are then able to connect
to localhost (on the client) which tunnels through to the server.
However, after much searching, I am unable to locate this application. Googling insinuates that it is this (unreleased)…
Severity Rating: Critical
Revision Note: V1.0 (October 11, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Severity Rating: Critical
Revision Note: V1.0 (October 11, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Severity Rating: Moderate
Revision Note: V1.0 (October 11, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-126, and the update in MS16-118.
