Monthly Archive: April 2014

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Date published : 2014-04-10 https://bugzilla.redhat.com/show_bug.cgi?id=722672 http://www.openwall.com/lists/oss-security/2012/11/10/2

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or...

SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. Date published : 2014-04-10 http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html http://scn.sap.com/docs/DOC-8218

The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. Date published : 2014-04-10 http://archives.neohapsis.com/archives/bugtraq/2013-02/0131.html http://scn.sap.com/docs/DOC-8218

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Date published : 2014-04-10 http://www.securityfocus.com/bid/58155 http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. Date published :...

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol....

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. Date published : 2014-04-10 http://archives.neohapsis.com/archives/bugtraq/2013-02/0135.html http://scn.sap.com/docs/DOC-8218

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-008 http://www.onapsis.com/research-advisories.php

Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-007 http://www.onapsis.com/research-advisories.php

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-009 http://www.onapsis.com/research-advisories.php

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-011 http://www.onapsis.com/research-advisories.php

Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-010 http://www.onapsis.com/research-advisories.php

Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. Date published : 2014-04-10 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-012 http://www.onapsis.com/research-advisories.php