Computer Security
[EN] securityvulns.ru no-pyccku


SAP Hana security vulnerabilities
Published:01.06.2015
Source:
SecurityVulns ID:14503
Type:remote
Threat Level:
6/10
Description:Information spoofing, information disclosure.
Affected:SAP : HANA DB 1.00
CVE:CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565.)
 CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818.)
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement (01.06.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability (01.06.2015)

nbd securityvulnerabilities
Published:01.06.2015
Source:
SecurityVulns ID:14504
Type:local
Threat Level:
5/10
Description:Different DoS conditions.
Affected:NBD : nbd 3.11
CVE:CVE-2015-0847 (nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.)
 CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3271-1] nbd security update (01.06.2015)

ipsec-tools DoS
Published:01.06.2015
Source:
SecurityVulns ID:14505
Type:remote
Threat Level:
6/10
Description:NULL pointer dereference on UDP packet parsing.
Affected:IPSECTOOLS : IPsec-Tools 0.8
CVE:CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3272-1] ipsec-tools security update (01.06.2015)

HP Easy Setup Wizard privilege escalation
Published:01.06.2015
Source:
SecurityVulns ID:14506
Type:local
Threat Level:
5/10
Affected:HP : ThinPro Linux 5.1
 HP : Smart Zero Core 4.4
CVE:CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege (01.06.2015)

D-Link NAS / NVR multiple security vulnerabilities
Published:01.06.2015
Source:
SecurityVulns ID:14507
Type:remote
Threat Level:
6/10
Description:More than 50 different vulnerabilities.
Affected:DLINK : D-Link DNS-326
 DLINK : D-Link DNS-325
 DLINK : D-Link DNS-320
 DLINK : D-Link DNS-327
 DLINK : D-Link DNS-322
 DLINK : D-Link DNS-345
Original documentdocumentGergely Eberhardt, [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices (01.06.2015)

Synology DiskStation / Synology PhotoStation security vulnerabilities
Published:01.06.2015
Source:
SecurityVulns ID:14508
Type:remote
Threat Level:
5/10
Description:Crossite scripting, commands injection.
Affected:SYNOLOGY : Synology DiskStation Manager 5.2
 SYNOLOGY : Synology Photo Station 6.2
Original documentdocumentSecurify B.V., Command injection vulnerability in Synology Photo Station (01.06.2015)
 documentSecurify B.V., Reflected Cross-Site Scripting in Synology DiskStation Manager (01.06.2015)
 documentSecurify B.V., Synology Photo Station multiple Cross-Site Scripting vulnerabilities (01.06.2015)

HP SiteScope privilege escalation
Published:01.06.2015
Source:
SecurityVulns ID:14509
Type:remote
Threat Level:
5/10
Affected:HP : SiteScope 11.30
CVE:CVE-2015-2120 (Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567.)
Original documentdocumentHP, [security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege (01.06.2015)

HP LoadRunner buffer overflow
Published:01.06.2015
Source:
SecurityVulns ID:14510
Type:remote
Threat Level:
5/10
Affected:HP : LoadRunner 11.52
CVE:CVE-2015-2110 (Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow (01.06.2015)

HP Access Control Software unauthorized access
Published:01.06.2015
Source:
SecurityVulns ID:14511
Type:local
Threat Level:
5/10
Affected:HP : HP Access Control Software 14.1
CVE:CVE-2015-2118 (Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sensitive information via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access (01.06.2015)

EMC Document Sciences xPression SQL injection
Published:01.06.2015
Source:
SecurityVulns ID:14512
Type:remote
Threat Level:
5/10
Affected:EMC : Document Sciences xPression 4.5
CVE:CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
Original documentdocumentEMC, ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability (01.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod