Security News

Path traversal vulnerability in WordPress Core Ajax handlers

Full Disclosure - 20 August, 2016 - 04:04

Posted by Summer of Pwnage on Aug 20

------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability

Security Focus Vulnerabilities - 19 August, 2016 - 23:00
WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT

Full Disclosure - 19 August, 2016 - 11:38

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-038
- Onapsis SVS ID: ONAPSIS-00235
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption

Full Disclosure - 19 August, 2016 - 10:24

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-040
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution

Full Disclosure - 19 August, 2016 - 10:19

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote
Code Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-037
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution

Full Disclosure - 19 August, 2016 - 10:15

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-034
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer

Full Disclosure - 19 August, 2016 - 10:13

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
-...

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

Full Disclosure - 19 August, 2016 - 10:11

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-027
-...

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack

Full Disclosure - 19 August, 2016 - 10:09

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory...

Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests

Full Disclosure - 19 August, 2016 - 10:06

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit
injection via HTTP requests

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-024
- Onapsis...

Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol

Full Disclosure - 19 August, 2016 - 09:57

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit
injection via SQL protocol

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-025
- Onapsis SVS...

Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

Full Disclosure - 19 August, 2016 - 09:53

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-022
- Onapsis SVS ID: ONAPSIS-00180
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read

Full Disclosure - 19 August, 2016 - 09:50

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-021
- Onapsis SVS ID: ONAPSIS-00179
-...

Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal

Full Disclosure - 19 August, 2016 - 09:47

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-020
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution

Full Disclosure - 19 August, 2016 - 09:36

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-019
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure

Full Disclosure - 19 August, 2016 - 09:32

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker may obtain
clear-text passwords of SAP HANA users and get critical information.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-007
- Onapsis SVS ID: ONAPSIS-00186...

Bugtraq: [SYSS-2016-055] QNAP QTS - OS Command Injection

Security Focus Vulnerabilities - 19 August, 2016 - 06:40
[SYSS-2016-055] QNAP QTS - OS Command Injection

Bugtraq: [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Security Focus Vulnerabilities - 19 August, 2016 - 06:40
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Bug Traq - 19 August, 2016 - 06:22

Posted by Florian Bogner on Aug 19

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/...

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

Bug Traq - 19 August, 2016 - 06:13

Posted by Justin Bull on Aug 19

Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...
Syndicate content