Services Vulnerabilities Exploits Publications News Blog About DSecRG

Digital Security Research Group (DSecRG) is the ERPScan research center More About ERPScan About ERPScan products

New vulnerabilities RSS RSS

21.03.2012 [DSECRG-12-019] vCenter Orchestrator - password disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back saved passwords as part of web page.
22.02.2012 [DSECRG-12-018] Oracle Application Server - multiple security vulnerabilities

Oracle Application Server Containers has multiple HTTP Response Splitting vulnerabilities.
17.02.2012 [DSECRG-12-017] ASUS Net4Switch ipswcom.dll ActiveX - buffer overflow vulnerability

ASUS Net4Switch contains ActiveX component ipswcom.dll which is vulnerable to buffer overflow attack.
17.02.2012 [DSECRG-12-016] SAP MessagingSystem - information disclosure

Information disclosure in MessagingSystem servlet.
17.02.2012 [DSECRG-12-014] SAP Internet Sales - XSS

SAP NetWeaver 7.0 Internet Sales (crm.b2b) has XSS vulnerability.
17.02.2012 [DSECRG-12-015] SAP Adapter Monitor - information disclosure

Information disclosure in com.sap.aii.mdt.amt.web.AMTPageProcessor servlet.
17.02.2012 [DSECRG-12-013] SAP Application Administration - local file read

SAP NetWeaver 7.0 Application Administration (com.sap.ipc.webapp.ipc) has local file read vulnerability.
17.02.2012 [DSECRG-12-012] SAP NetWeaver Internet Sales - local file read

SAP NetWeaver 7.0 Internet Sales (crm.b2b) has local file read vulnerability.

News RSS RSS
24.04.2012
ERPScan has released a new version of Security Scanner for SAP: ERPScan v2.0
26.03.2012
Installation of vendor's patch does not always guarantee security



Upcoming Advisories
The following is a list of last 10 most important vulnerabilities discovered by DSecRG researchers that are yet to be published.
The affected vendor has been contacted on the specified date and work on a patch for vulnerability.

[DSECRG-00263] SAP 20.01.2012
[DSECRG-00262] SAP 20.01.2012
[DSECRG-00261] SAP 20.01.2012
[DSECRG-00260] SAP 20.01.2012
[DSECRG-00258] SAP 20.01.2012
[DSECRG-00257] SAP 20.01.2012
[DSECRG-00256] SAP 20.01.2012
[DSECRG-00255] SAP 20.01.2012
[DSECRG-00254] SAP 20.01.2012
[DSECRG-00253] SAP 20.01.2012


Publications RSS RSS
Whitepaper "Python arsenal for Reverse Engineering" version 1.1 26.04.2012

Whitepaper "Python arsenal for Reverse Engineering" version 1.1

Author: Dmitriy Evdokimov


© 2002—2012, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search