<< Previous Next >>
researching
Onapsis Security Advisory 2011-001: SAP Management Console Unauthenticated Service Restart
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=====================
Onapsis Security Advisory 2011-015: SAP WebAS webrfc Cross-Site Scripting
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=======================
Onapsis Security Advisory 2011-016: SAP WebAS Malicious SAP Shortcut Generation
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well asexclusive access to special promotions for upcoming trainings and conferences.
1. Impact on Business
=====================
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-2221
Vendor: Not available
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application: HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug: Privilege escalation
Exploits: YES
Reported: 30.09.2008
2010-01-08 Public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE:
Vendor: ACDSee Systems - (Bug 24610)
Microsoft has issued a patch to fix the vulnerability and a detailed
description of how to implement the workarounds on IE. It is available
as Security Bulletin http://go.microsoft.com/fwlink/?LinkID=150860.
Microsoft's Research and Defense blog has further discussion about the
vulnerability, workarounds and mitigations [3].
7. *Credits*
CA Advisory Date: 2007-10-10
CA Advisory Updated: 2007-12-05
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Balding of Secunia Research (CVE-2007-5326)
Cocoruder of Fortinet Security Research Team (CVE-2007-5327)
Tenable Network Security (CVE-2007-5328)
Pedram Amini of DV Labs (dvlabs.tippingpoint.com) (CVE-2007-5329)
Dyon Balding of Secunia Research (CVE-2007-5330)
Hack In The Box is proud to announce, a brand new lightning session
called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT
sessions are designed to provide a quick 15 minute overview for
material and research that's up and coming - stuff that isn't quite
ready for the mainstream tracks of the conference but deserve a mention
nonetheless. Final year students who want to present their projects to
industry experts are also strongly encouraged to submit their papers.
These sessions are held during the conference coffee and lunch breaks.
The papers would be reviewed by the main CFP panel and student
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together
international experts from academia, industry and government to
present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI). The
conference proceedings will appear in Springer's Lecture Notes in
Computer Science (LNCS) series.
in Paris, France.
Following last edition's success, HES2011 will be a bigger event with
even more
talks, focusing on hardcore computer & network security, insecurity,
vulnerability analysis, reverse engineering, research and hacking,
and will try
to keep the high quality content. Our dear Program Committee is there to
ensure this.
HES will this year be a fully international-oriented conference, 100% in
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together
international experts from academia, industry and government to
present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI). The
conference proceedings will appear in Springer's Lecture Notes in
Computer Science (LNCS) series.
2009-08-03 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0110
2009-10-20 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0111
2011-01-25 Vendor released patches and advisory
2011-01-26 Published TSL advisory
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: Not available
OCTOBER 17 - 21, 2011
SWISSOTEL Chicago, Chicago, IL, USA
http://sigsac.org/ccs/CCS2011
The annual ACM Computer and Communications Security Conference is
a leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas
and results, and to exchange techniques, tools, and experiences. The
conference seeks submissions from academia, government, and industry
presenting novel research on all practical and theoretical aspects
of computer and communications security. Papers should have relevance to
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together international
experts from academia, industry and government to present and discuss
novel research in these areas. DIMVA is organized by the special
interest group Security - Intrusion Detection and Response (SIDAR) of
the German Informatics Society (GI).
Hurry up! The deadline for early bird registrations is
ActiveX component contains insecure method that can overwrite any file in system
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-065
Application: TVUPlayer
Versions Affected: Tested on v2.4.9beta1[build1797]
Vendor URL: www.tvunetworks.com
Bugs: insecure method, File overwriting
Exploits: YES
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application: Symantec Antivirus Client Proxy
Versions Affected: Version 10
Vendor URL: http://symantec.com
Bugs: Buffer Overflow
Exploits: POC
Reported: 04.05.2009
Vendor response: 07.05.2009
Date of Public Advisory: 17.02.2010
======================================================================
Secunia Research 12/01/2010
- Microsoft Windows Flash Player Movie Unloading Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 16/04/2009
- Danske Bank e-Sec Control Module Error Logging Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Digital Security Research Group [DSecRG] Advisory DSECRG-09-053
Application: VMware Remoute Console
Version: e.x.p build-158248
Vendor URL: http://vmware.com
Bugs: Format String Vulnerabilitys
Exploits: YES (PoC)
Reported: 07.08.2009
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-064
Application: SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits: YES
Reported: 16.10.2009
Vendor response: 27.10.2009
Date of Public Advisory: 23.03.2010
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048
http://dsecrg.ru/pages/vul/show.php?id=148
Application: HP LaserJet printer web interface
Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others
Vendor URL: http://www.hp.com/
Bug: Multiple Stored XSS Vulnerabilities
Exploits: YES
Reported: 07.04.2009
http://www.dsecrg.com/pages/vul/show.php?id=122
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-022
Application: Adobe Coldfusion 8
Versions Affected: Adobe Coldfusion 8
Vendor URL: http://adobe.com
Bugs: Multiple Linked XSS,XSRF
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-015
Original Advisory: http://dsecrg.com/pages/vul/show.php?id=115
Application: SAP GUI for Windows, EnjoySAP
Versions Affected: Version 6.4
Vendor URL: http://SAP.com
Bugs: Buffer Overflow
Exploits: YES
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-035
original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html
Application: Chance-i DiViS-Web DVR System ActiveX control
Versions Affected: 3,0,0,7
Vendor URL: http://www.chance-i.com/
Bug: Heap Overflow
Exploits: YES
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-036
original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html
Application: Chance-i DiViS DVR System web-server
Versions Affected: 2.0
Vendor URL: http://www.chance-i.com/
Bug: Directory Traversal File Download
Exploits: YES
Reported: 13.03.2009
original advisory: http://dsecrg.com/pages/vul/show.php?id=137
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-037
Application: AbleSpace
Versions Affected: 1.0
Vendor URL: http://abk-soft.com/
Bugs: Multiple Blind SQL Injections, Multiple XSS
<<Previous Next>>
|
