BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 56 min 30 sec ago

CSP Bypass in android browser prior to 4.4

October 13, 2014 - 5:13am

Posted by evanjjohns on Oct 13

Hello. I hope this is the correct place to report this bug.

I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this
CVE. This is a separate vulnerability, however.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041

I've tested this on an Android 4.3 tablet. I've tested this and it works on Firefox (32.0.2), InBrowser, Dolphin (App
info doesn't give...
Categories:

SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer

October 13, 2014 - 5:04am

Posted by Alexandre Herzog on Oct 13

#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product: BusinessObjects Explorer
# Vendor: SAP AG
# Subject: Cross Site Flashing
# Risk: High
# Effect: Remotely exploitable
# Author: Stefan Horlacher
#...
Categories:

CSNC-2014-004 neuroML - Multiple Vulnerabilities

October 13, 2014 - 4:54am

Posted by Alexandre Herzog on Oct 13

#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: neuroML
# Version: <=v1.8.1 (Confirmed: v1.8.1)
# Vendor: neuroML.org
# CSNC ID: CSNC-2014-004
# CVD ID: <none>
# Subject: Multiple Vulnerabilities
# Risk: High
# Effect: Remotely exploitable
# Author:...
Categories:

SAP Security Note 1908531 - XXE in BusinessObjects Explorer

October 13, 2014 - 4:45am

Posted by Alexandre Herzog on Oct 13

#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product: BusinessObjects Explorer
# Vendor: SAP AG
# Subject: Untrusted XML input parsing possible in SBOP Explorer
# Risk: High
# Effect: Remotely exploitable
#...
Categories:

SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer

October 13, 2014 - 4:35am

Posted by Alexandre Herzog on Oct 13

#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product: BusinessObjects Explorer
# Vendor: SAP AG
# Subject: Potential information disclosure relating to SBOP Explorer
# Risk: Medium
# Effect: Remotely...
Categories:

[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution

October 13, 2014 - 4:26am

Posted by security-alert on Oct 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471532

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471532
Version: 1

HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

October 13, 2014 - 4:15am

Posted by security-alert on Oct 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03822422

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03822422
Version: 4

HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of
Privilege, Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories: