BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 40 min ago

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability

June 24, 2016 - 7:06am

Posted by Egidio Romano on Jun 24

------------------------------------------------------------------------------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.23 CE and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the...
Categories:

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

June 22, 2016 - 1:46pm

Posted by Security Alert on Jun 22

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected products:
• EMC Documentum WebTop 6.8 and 6.8.1
• EMC Documentum Administrator 7.0, 7.1, 7.2
• EMC Documentum TaskSpace 6.7 SP3
• EMC Documentum Capital Projects 1.9 and 1.10...
Categories:

Open-Xchange Security Advisory 2016-06-22

June 22, 2016 - 6:19am

Posted by Martin Heiland on Jun 22

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-rev11, 7.8.0-rev23, 7.8.1-rev10
Vendor notification: 2016-04-14
Solution date: 2016-05-10
Public disclosure: 2016-06-22
CVE reference: CVE-2016-4027...
Categories:

[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability

June 22, 2016 - 4:26am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP Application server for Java – DoS vulnerability

Advisory...
Categories:

Magic values in 32-bit processes on 64-bit OS-es and how to exploit them

June 22, 2016 - 4:16am

Posted by Berend-Jan Wever on Jun 22

(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not always) been chosen to coincide with addresses that fall
outside of the user-land address space on 32-bit versions of the
Operating System. This can...
Categories:

[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability

June 22, 2016 - 4:05am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP JAVA AS icman – DoS vulnerability

Advisory ID:...
Categories: