PHPBack v1.3.0 SQL Injection

2016-04-19 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: www.phpback.org Product: PHPBack v1.3.0 Vulnerability Type: === SQL Injection

[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information

2016-04-19 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05086877 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05086877 Version: 1 HPSBMU03575

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

2016-04-19 Thread Security Alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities CVE Identifier: CVE-2016-0891 EMC Identifier: ESA-2016-039 Severity Rating: CVSS Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected products: EMC ViPR

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1

2016-04-19 Thread resea...@rv3lab.org
### 01. ### Advisory Information ### Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver (formerly Webshare) v1.3.1 Discovered

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability

2016-04-19 Thread ERPScan inc
Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan