SAP Afaria version 7 suffers from a missing authorization check vulnerability. An attacker can use a missing authorization check to access the service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks.
c31ed536e135ffd5dbbb2b9995e77c71bf0e3b40facee2e84ca09d91541fb8f9
SAP Afaria version 7 suffers from a denial of service vulnerability in the XcListener module XeClient.Dll.
4503c9ec3011161fd5c3290385f680e3e08aa75980cccaccad5ba5c7f657478f
The management console of SAP NW version 7.4 suffers from an information disclosure vulnerability. It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information.
73f02099e08e2e93992dacd4aa1f75a2d6f6808869ba2d42d24272d2af5847e5
SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
b46458ceeb29478ddffbd1e176b6e2695088708178f75445d879b1a591dbce9f
SAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.
af39f3b02d6f59a59ac9adee1be7f700f929d9f74faaf58a79ef76213342f7ab
Debian Linux Security Advisory 3291-1 - Several vulnerabilities were found in drupal7, a content management platform used to power websites.
398bb888b259027615866997ab92ee63422e667b90163d54e5414e98edb42dd1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
0f3535012548c15bcf909d7f76a066881278751704c6118f74ab92879809e3fc
SAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.
e0d91a9cfd6ae4da1cf1d65a172beb169596c06658d1838fb88f8be6eda0f0f7
Debian Linux Security Advisory 3290-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.
0fbb263c4d3f8891b1c58ec40a1bf47156f434e76c2141d84c6407ec9eb0c713
SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.
397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252da
Vitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.
ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8
WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234
60 bytes small Linux/x86 netcat bindshell shellcode that attaches to port 5555.
a448460fd0c86ff40315a54f88404738d49ecd0c1b2ffbca47171f6ced35203b
Just A Forum version 2.1.1 suffers from a cross site scripting vulnerability.
f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cd