Services Vulnerabilities Exploits Publications News Blog About DSecRG

New vulnerabilities RSS RSS

23.07.2010 [DSECRG-09-068] SAP NetWaver SLD - Multiple XSS

SAP Netweaver System has multiple linked XSS security vulnerabilities in its System Landscape Directory component.
23.07.2010 [DSECRG-09-040] SAP Netweaver wsnavigator - XSS Security Vulnerability

SAP Netweaver system has linked XSS security vulnerability in wsnavigator component.
05.07.2010 [DSECRG-09-054] IBM Bladecenter Management - Multiple vulnerabilities

The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS
14.05.2010 [DSECRG-09-058] Vmware View - XSS vulnerability

Linked XSS in VMware Portal
15.04.2010 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability

This device can be rebooted remotely by sending a malformed TCP packets
12.04.2010 [DSECRG-09-053] VMware Remote Console - format string vulnerability

VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.
23.03.2010 [DSECRG-09-064] SAP GUI 7.1 - Insecure method, code execution

Security vulnerability found in SAP GUI 7.10 and BI 7.0 that allows operating system functions to be called remotely.
19.02.2010 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.

Symantec Antivirus Client Proxy, CLIproxy.dll contains ActiveX component which is vulnerable to Buffer overflow attack.


News RSS RSS
11.08.2010
Source Barcelona 2010 Announcement
23.07.2010
CPU Updates from Oracle (CPU July 2010)

Upcoming Advisories
The following is a list of last 10 most important vulnerabilities discovered by DSecRG researchers that are yet to be published.
The affected vendor has been contacted on the specified date and work on a patch for vulnerability.

[DSECRG-09-067] SAP 14.12.2009
[DSECRG-09-066] Oracle 14.12.2009
[DSECRG-] Oracle 16.11.2009
[DSECRG-09-063] progress 13.10.2009
[DSECRG-09-057] SAP 08.09.2009
[DSECRG-09-056] SAP 08.09.2009
[DSECRG-09-050] SAP 11.08.2009
[DSECRG-09-042] Oracle 26.06.2009
[DSECRG-09-041] Oracle 26.06.2009
[DSECRG-09-047] HP 07.04.2009


Publications RSS RSS
"Attacking SAP Users with Sapsploit" from HITB Amsterdam 2010 05.07.2010

"Attacking SAP Users with Sapsploit" from HITB Amsterdam 2010

Author: Alexander Polyakov


© 2002—2010, Digital Security
For quoting or using materials from this site
link is obligatory

+7 (812) 703-1547, +7 (812) 430-9130    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search