BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 41 min ago

[ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability

May 19, 2016 - 6:28am

Posted by ERPScan inc on May 19

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: SQL injection

Send: 04.12.2015

Reported: 04.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2101079

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – SQL injection vulnerability

Advisory...
Categories:

[ERPSCAN-16-010] SAP NetWeaver AS JAVA – information disclosure vulnerability

May 19, 2016 - 6:16am

Posted by ERPScan inc on May 19

Application:SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: information disclosure

Sent: 15.09.2015

Reported: 15.09.2015

Vendor response: 16.09.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2256846

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – information disclosure vulnerability

Advisory...
Categories:

TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4

May 19, 2016 - 6:05am

Posted by mandy on May 19

Madison Gurkha Security Advisory

Advisory: TYPO3 circumvent RemoveXSS.php cross site scripting using BASE64 encoding

1. DETAILS
----------
Product: Typo3 CMS
Vendor URL: typo3.org
Type: Cross-site Scripting[CWE-79]
Date found: 2016-03-09
Date published: 2016-05-19

2. AFFECTED VERSIONS
--------------------
Typo3 6.2.19 and below
Typo3 7.6.4 and below
and other older versions may be affected too.
Until the removal of the RemoveXSS.php function,...
Categories: