<< Previous Next >>
researched
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector
This advisory can be downloaded from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will
gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-005: SAP J2EE Telnet Administration Security Check Bypass
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
Topics:
-------
This symposium, the 12th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID)
International Symposium series furthers advances in intrusion defense
by promoting the exchange of ideas in a broad range of topics. As in
previous years, all topics related to intrusion detection, prevention
Topics:
-------
This symposium, the 12th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID)
International Symposium series furthers advances in intrusion defense
by promoting the exchange of ideas in a broad range of topics. As in
previous years, all topics related to intrusion detection, prevention
Eleytt Research
www.eleytt.com
Overview:
====================
Michal Bucko, Eleytt, www.eleytt.com/michal.bucko
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-0009 : Oracle Virtual Server Agent Remote Command Execution
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-0010: Oracle Virtual Server Agent Local Privilege Escalation
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-0008 : Oracle Virtual Server Agent Arbitrary File Access
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-007: SAP Management Console Multiple Denial of Service
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
Onapsis Security Advisory 2011-001: SAP Management Console Unauthenticated Service Restart
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=====================
Onapsis Security Advisory 2011-015: SAP WebAS webrfc Cross-Site Scripting
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=======================
Onapsis Security Advisory 2011-016: SAP WebAS Malicious SAP Shortcut Generation
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=====================
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-2221
Vendor: Not available
2010-01-08 Public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE:
Vendor: ACDSee Systems - (Bug 24610)
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application: HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug: Privilege escalation
Exploits: YES
Reported: 30.09.2008
Digital Security opens a site of its research center DSec Research Group
Digital Security opens a site of its research center DSec Research
Group [DSecRG], the main mission of which is to conduct researches of different application and system vulnerabilities.
The result of this work is then used by the experts of the Digital Security audit department for assessing the security level of information systems with the use of active audit methods and also while carrying out penetration tests.
Data about the vulnerabilities found by DSecRG experts is published in SecurityFocus mailing lists,
Milw0rm.com portal and now it is available at DSecRG website ( www.dsecrg.com ) in the form of advisories and whitepapers.
The other two vulnerabilities lead to abnormal termination (crash) of
the iCal application due to null-pointer dereference bugs triggered
while parsing a malformed '.ics' files. The ability to inject and
execute arbitrary code on vulnerable systems using these two
vulnerabilities was researched but not proven possible.
Exploitation of these vulnerabilities in a client-side attack scenario
is possible with user assistance by opening or clicking on specially
crafted '.ics' file send over email or hosted on a malicious web server;
or without direct user assistance if a would-be attacker has the ability
The other two vulnerabilities lead to abnormal termination (crash) of
the iCal application due to null-pointer dereference bugs triggered
while parsing a malformed '.ics' files. The ability to inject and
execute arbitrary code on vulnerable systems using these two
vulnerabilities was researched but not proven possible.
Exploitation of these vulnerabilities in a client-side attack scenario
is possible with user assistance by opening or clicking on specially
crafted '.ics' file send over email or hosted on a malicious web server;
or without direct user assistance if a would-be attacker has the ability
CA Advisory Date: 2007-10-10
CA Advisory Updated: 2007-12-05
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
Hack In The Box is proud to announce, a brand new lightning session
called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT
sessions are designed to provide a quick 15 minute overview for
material and research that's up and coming - stuff that isn't quite
ready for the mainstream tracks of the conference but deserve a mention
nonetheless. Final year students who want to present their projects to
industry experts are also strongly encouraged to submit their papers.
These sessions are held during the conference coffee and lunch breaks.
The papers would be reviewed by the main CFP panel and student
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together
international experts from academia, industry and government to
present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI). The
conference proceedings will appear in Springer's Lecture Notes in
Computer Science (LNCS) series.
in Paris, France.
Following last edition's success, HES2011 will be a bigger event with
even more
talks, focusing on hardcore computer & network security, insecurity,
vulnerability analysis, reverse engineering, research and hacking,
and will try
to keep the high quality content. Our dear Program Committee is there to
ensure this.
HES will this year be a fully international-oriented conference, 100% in
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together
international experts from academia, industry and government to
present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI). The
conference proceedings will appear in Springer's Lecture Notes in
Computer Science (LNCS) series.
2009-08-03 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0110
2009-10-20 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0111
2011-01-25 Vendor released patches and advisory
2011-01-26 Published TSL advisory
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: Not available
OCTOBER 17 - 21, 2011
SWISSOTEL Chicago, Chicago, IL, USA
http://sigsac.org/ccs/CCS2011
The annual ACM Computer and Communications Security Conference is
a leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas
and results, and to exchange techniques, tools, and experiences. The
conference seeks submissions from academia, government, and industry
presenting novel research on all practical and theoretical aspects
of computer and communications security. Papers should have relevance to
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together international
experts from academia, industry and government to present and discuss
novel research in these areas. DIMVA is organized by the special
interest group Security - Intrusion Detection and Response (SIDAR) of
the German Informatics Society (GI).
Hurry up! The deadline for early bird registrations is
2012-02-14 Vendor releases advisory and patch
2012-02-14 Published TSL advisory
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
<<Previous Next>>
|
