SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
-...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-027
-...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit
injection via HTTP requests

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-024
- Onapsis...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit
injection via SQL protocol

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-025
- Onapsis SVS...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-022
- Onapsis SVS ID: ONAPSIS-00180
- CVE:...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-021
- Onapsis SVS ID: ONAPSIS-00179
-...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-020
- Onapsis SVS ID:...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-019
- Onapsis SVS ID:...

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker may obtain
clear-text passwords of SAP HANA users and get critical information.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-007
- Onapsis SVS ID: ONAPSIS-00186...

Posted by Onapsis Research on Aug 18

Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could obtain technical information about the SAP HANA Platform that
can be used to perform more complex attacks

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security...

Posted by Brandon Perry on Aug 16

Right, it’s the same vuln, just in different places. It was fixed in 3.0.4.

Posted by 1n3 on Aug 16

Which version of Zabbix? 3.0.3?

-1N3

Posted by Brandon Perry on Aug 16

I actually ended up finding this vuln in a different vector (in the profileIdx2 parameter)....

Posted by Reggie Dodd on Aug 16

[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication
Bypass

[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd

[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock - Body-Worn Camera Docking Station
https://www.axon.io/products/dock

[SUMMARY]
The Axon Dock is the camera docking station component of Taser's body-worn
camera system. It charges body-worn cameras and automatically...

Posted by Sebastian Michel on Aug 16

Hey Guys,

im not sure if this is a new point. But i´m thinking about a possible security hole by design
which exists at maybe many (german) cable providers.

German cable providers like Unitymedia/Kabel Deutschland provides u a Fritzbox or any other
Cable-Router for internet access. As you know, this routers have a mac-address on every
Interface like on wifi, ethernet and so on.

By default, the Wifi-SSID is public available. The SSID gives you...

Posted by Stefan Kanthak on Aug 16

Hi @ll,

JRT.exe (see <https://en.malwarebytes.com/junkwareremovaltool/>)

1. is vulnerable to DLL hijacking:
see <https://cwe.mitre.org/data/definitions/426.html>
and <https://cwe.mitre.org/data/definitions/427.html> for
these WELL-KNOWN and WELL-DOCUMENTED beginner's errors;

2. creates an unsafe directory "%TEMP%\jrt":
see <https://cwe.mitre.org/data/definitions/377.html>
and <...

Posted by crashenator on Aug 16

CERT ID - VU#520504 (pending since 2015)
Product - php-gettext
Company - Danilo Segan
Name - php-gettext php code execution
Versions - <1.0.12
Patched - 11/11/2015
Ref: https://launchpad.net/php-gettext/trunk/1.0.12
Vulnerability - "code injection into the ngettext family of calls:
evaluating the plural form formula can execute arbitrary code if number
is passed unsanitized from the untrusted user."
Description -
In 1.0.11 and...

Posted by Andrew Klaus on Aug 16

### Device Details
Vendor: Actiontec (Telus Branded, but may work on others)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual:
http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manual.pdf

Reported: November 2015
Status: Fixed on newly pushed firmware version
CVE: Not needed since update is pushed by the provider.

The Telus Actiontec T2200H is Telus’...

Posted by Summer of Pwnage on Aug 15

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...