Re: Oracle Hyperion password disclosure...

Sorry for the earlier attachment. Here is what I wanted to communicate. Jeff Kayser Jibe Consulting | Oracle Principal Consultant 5000 Meadows Rd. Suite 300 Lake Oswego, OR 97035 O: 503-517-3266 | C: 503.901.5021 jeff.kay...@jibeconsulting.com -Original Message- From: Jeff Kayser Sent:

[SECURITY] [DSA 3354-1] spice security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3354-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2015

Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe

Hi @ll, part 31 (see ) showed how to execute arbitrary (rogue) executables planted as %SystemRoot%\System32\RegEdit.exe, %SystemRoot%\System32\Explorer.exe etc. instead of %SystemRoot%\RegEdit.exe, %SystemRoot%\Explorer.exe etc., including a possible

Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class

Microsoft released MS15-101 that addresses this issue: https://technet.microsoft.com/library/security/ms15-101 On 25-07-15 09:02, Securify B.V. wrote: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Ut

[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04789415 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04789415 Version: 1 HPSBOV03506

ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2015-140 CVE Identifier: CVE-2015-4539, CVE-2015-4540 Severity Rating: CVSS v2 Base Score: See below for individual scores Aff

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability EMC Identifier: ESA-2015-110 CVE Identifier: CVE-2015-0550 Severity Rating: CVSS Base Score8.5 (AV:N/AC:L/Au:N/C:C/I:N/A:P) Affected Products :

[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response:

[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response:

[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response:

[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04790232 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04790232 Version: 1 HPSBOV03505

[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04790231 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04790231 Version: 1 HPSBGN03504

Synology Video Station command injection and multiple SQL injection vulnerabilities

Synology Video Station command injection and multiple SQL injection vulnerabilities Han Sahin, September 2015 -

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station Han Sahin, September 2015 --