SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
SAP NetWeaver AS ABAP contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed.
View ArticleSAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the NetWeaver AS ABAP. In addition, it is likely that the code will be implemented into the system as...
View ArticleHP Security Bulletin HPSBGN03504 1
HP Security Bulletin HPSBGN03504 1 - Potential security vulnerabilities have been identified in HP UCMDB which would allow local disclosure of sensitive information. Revision 1 of this advisory.
View ArticleSynology Video Station 1.5-0757 Command Injection / SQL Injection
Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
View ArticleSynology Download Station 3.5-2956 / 3.5-2962 Cross Site Scripting
Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
View ArticleHP Security Bulletin HPSBOV03505 1
HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow...
View ArticleSAP Mobile Platform 3 XXE Injection
SAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the...
View ArticleAndroid Stagefright Remote Code Execution
Android Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling.
View ArticleRaritan PowerIQ Default Accounts
Raritan PowerIQ ships with three default backdoor credentials left in.
View ArticleBugzilla Unauthorized Account Creation
Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
View ArticleDataTables 1.10.8 Cross Site Scripting
DataTables version 1.10.8 suffers from a cross site scripting vulnerability.
View ArticleFaraday 1.0.14
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the...
View Article
