SAP Afaria version 7 suffers from a missing authorization check vulnerability. An attacker can use a missing authorization check to access the service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks.
c31ed536e135ffd5dbbb2b9995e77c71bf0e3b40facee2e84ca09d91541fb8f9SAP Afaria version 7 suffers from a denial of service vulnerability in the XcListener module XeClient.Dll.
4503c9ec3011161fd5c3290385f680e3e08aa75980cccaccad5ba5c7f657478fThe management console of SAP NW version 7.4 suffers from an information disclosure vulnerability. It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information.
73f02099e08e2e93992dacd4aa1f75a2d6f6808869ba2d42d24272d2af5847e5SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
b46458ceeb29478ddffbd1e176b6e2695088708178f75445d879b1a591dbce9fSAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.
af39f3b02d6f59a59ac9adee1be7f700f929d9f74faaf58a79ef76213342f7abDebian Linux Security Advisory 3291-1 - Several vulnerabilities were found in drupal7, a content management platform used to power websites.
398bb888b259027615866997ab92ee63422e667b90163d54e5414e98edb42dd1PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
0f3535012548c15bcf909d7f76a066881278751704c6118f74ab92879809e3fcSAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.
e0d91a9cfd6ae4da1cf1d65a172beb169596c06658d1838fb88f8be6eda0f0f7Debian Linux Security Advisory 3290-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.
0fbb263c4d3f8891b1c58ec40a1bf47156f434e76c2141d84c6407ec9eb0c713SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.
397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252daVitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.
ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a23460 bytes small Linux/x86 netcat bindshell shellcode that attaches to port 5555.
a448460fd0c86ff40315a54f88404738d49ecd0c1b2ffbca47171f6ced35203bJust A Forum version 2.1.1 suffers from a cross site scripting vulnerability.
f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed