Vendor has been notified and the vulnerability has been fixed.
* Details
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network. The server can be managed using a web
interface. It was found that the application does not properly sanitize
user input which results into multiple SQL injections.
version 1.02.1.
* Details
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network. The server can be managed using a web
interface. It is possible for unauthenticated users to extract arbitrary
files from the hosting system due to inadequate file handling in cvs.php.
and open for all conference attendees event will be held at the Vintage Wine
Bar at 6:30pm (near the conference location). We would appreciate it if you
let us know if you are coming so we can be ready, please mail
ofers@breach.com to confirm.
The Open Web Application Security Project (OWASP) is a worldwide free and
open community focused on improving the security of application software.
Our mission is to make application security "visible," so that people and
organizations can make informed decisions about application security risks.
More details and registration on http://www.owasp.org/index.php/AppSecEU08
Google will begin accepting student applications on Monday, March 24,
2008! Please help spread the word and encourage all eligible students to
apply for one of the security related projects!
OSVDB: The Open Source Vulnerability Database:
http://osvdb.org/blog/?p=231
OSSIM: Open Source Security Information Management:
http://www.ossim.net/dokuwiki/doku.php?id=ideas
OCS Inventory NG Server 1.2.1
Details:
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.
Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
Found by : Guilherme Marinheiro
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
*Vulnerability Description*
Android is project promoted primarily by Google through the Open Handset
Alliance aimed at providing a complete set of software for mobile
devices: an operating system, middleware and key mobile applications
[1]. Although the project is currently in a development phase and has
not made an official release yet, several vendors of mobile chips have
unveiled prototype phones built using development releases of the
