Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.
452d1a9996ba393f6b9c5cf4b5b001a36702b192a2e336e89d2fffbec3daa5b4By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.
0595dbe7a6cdc3d86d9fb8380d5ccd7e90d4f8a5331a6fe9508210b22452807fThis Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.
11f7539e7ef47eff9d74ba4f4c35c661e3f3e8bfd87cbe2130c13dbb4e6eb011A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.
df42acef48541c11c82cd7957ac153921812129c88dc7ce09ffb9228bde5244eDue to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.
fd289a49117a0a823798ba0eed96cdc41815b67bc8c0a02046f5482b8e5ad75bUbuntu Security Notice 2788-2 - USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
725ce02cc3cadd7b0ec3656cd6df2613956412303bd0cfad6f7b6a85a3adf0b0Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.
e4cccb6ea9d715363678d97b705a3ed4cfae92d173b1157c598542160cec7a0eTestLink version 1.9.14 suffers from a cross site request forgery vulnerability.
39f7ec2dfdf407f0782e906eebab9e38be681ca13f49a2d95361090f5468631aTestLink version 1.9.14 suffers from a persistent cross site scripting vulnerability.
b46be8c0b8fb93b229267719e4d51695ead81f8d924cf7b2a0540380b2ef4098Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.
6c9916344ebaa174cf5f48cf521868ab0c1c4407426a74e9439a33f3fc409164Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability.
718bc4c80011e0f627d4e11bfaf5b3cc7ec9ed3b9d1a3fe0996e87ba5f90a42dA heap-based out-of-bounds memory read has been encountered in FreeType. It has been reproduced with the current version of freetype2 from master git branch, with a 64-bit build of the ftbench utility compiled with AddressSanitizer. Three proof of concepts are included.
98e8c4be3dc2aa55e2297273a7742b8e6dc7aafc1c27074f4f27654b18bf445eThe first BloomCON Forensics and Security conference will be held February 5th through the 6th, 2016 in Bloomsburg, PA, USA. The Call For Papers has been announced.
b9f0e7cc9d67b0822412aedf1393d9af2acb77046f789f218715221f459ec52bDebian Linux Security Advisory 3394-1 - Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity.
b1fa7c6ede7fe8df67302edbcb2f1d146117dd634933e56012cc601efb5963f7Debian Linux Security Advisory 3395-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.
e387f1bd9094d0d360de5174cb46c7eb0100eae91f33d72e0cfefe6435c68df0Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
4cd05ec8e6b5ca40d494b9c29074246c46f2e1743918ab25dd04c63de7306307Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
9b0befe56f80c153f34a19aac88a216bf782f29de0d132c69ac59ecc057a73b1NXFilter version 3.0.3 suffers from a cross site scripting vulnerability.
25d37f8adf5afa9c7c98764fff4c727777d4b671efb6c7a9a03dd0ec08335501NXFilter version 3.0.3 suffers from a cross site request forgery vulnerability.
7bc6dd411cd4472cf1c1681c9e4ae97ab9d2970ba375615bec05bd0f544a3f2dIt is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, the attack will be possible. Apache ActiveMQ versions 5.0.0 through 5.10.1 are affected.
1a5c7436172e37ca0992c82ef6908079a93087a9cf4257c43499a47fa09a74a1Arris TG1682G modem suffers from a persistent cross site scripting vulnerability.
70e106d63a4003aa9e12d8fb61f7ec4ce74fbeb02dc11f720d525857cdaf71abSolarwinds Log and Event Manager version 6.1.0 suffers from a remote command execution vulnerability.
1d41bb7d6cfb1f5a3165b5c57dacf9edcca07fe28c504326d8fdfa69cee8fba5TheHostingTool version 1.2.6 suffers from a cross site scripting vulnerability.
0f401da323e6e37910a30851e200108c31e40c3255c3f525d6cb8912939fdb30TheHostingTool version 1.2.6 suffers from a remote SQL injection vulnerability.
461869f2eed05289c8d027b2060643dcc2cdf7d04e3af495128646ba26cb7c48TheHostingTool version 1.2.6 suffers from a code execution vulnerability.
6021bfb27e789e55e0282f5f98a9e078f25dceb84d1c522ed3a9a23fb0379ffd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed