Services Vulnerabilities Exploits Publications News About DSecRG

New vulnerabilities RSS RSS

04.02.2010 [DSECRG-09-065] TuvNetworks TVUPlayer ActiveX component - Insecure method

TVUPlayer contains ActiveX component PlayerOcx which contains insecure method that can overwrite any unhidden file in the system.

11.01.2010 [DSECRG-09-011] HP StorageWorks 1/8 G2 Tape Autoloader - privilege escalation, DOS

A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.
Default unprivileged user can escalate privileges to the administrator and execute DOS attack.
16.11.2009 [DSECRG-09-062] Alteon OS BBI (Nortel) - Multiple Vulnerabilities

Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface (BBI)
26.10.2009 [DSECRG-09-010] Oracle Database 10G CTXSYS.DRVXTABX - PLSQL Injection

Oracle Database 10G and 9g are vulnerable to PL/SQL Injection.
PL/SQL Injection found in the following procedure ctxsys.drvxtabc.create_tables


07.10.2009 [DSECRG-09-017] SAP GUI vsflexGrid ActiveX - Buffer Overflow vulnerability

Component VSFlexGrid is vulnerable to Buffer Overflow which was published in 2007 and not patched in SAPGUI until this moment.
This component is included in default SAPGUI installation.
07.10.2009 [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS (Script injection) vulnerabilities

Multiple security vulnerabilities have been identified with certain HP LaserJet printers,
HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely using Cross Site Scripting (XSS).
28.09.2009 [DSECRG-09-044] SAP GUI 7.1 WebViewer3D ActiveX - Insecure Methods

WebViewer3D ActiveX contains insecure methods that can overwrite any file in the system.


28.09.2009 [DSECRG-09-043] SAP GUI 7.1 WebViewer2D ActiveX - Insecure Methods

ActiveX component contains insecure method that can overwrite any file in the system

News RSS RSS
24.12.2009
Digital Security Research Group Performance within 2008-2009
23.11.2009
New Metasploit with Oracle attacks support

Upcoming Advisories
The following is a list of last 10 most important vulnerabilities discovered by DSecRG researchers that are yet to be published.
The affected vendor has been contacted on the specified date and work on a patch for vulnerability.

[DSECRG-09-068] SAP 14.12.2009
[DSECRG-09-067] SAP 14.12.2009
[DSECRG-09-066] Oracle 14.12.2009
[DSECRG-] Oracle 16.11.2009
[DSECRG-09-064] SAP 16.10.2009
[DSECRG-09-063] progress 13.10.2009
[DSECRG-09-057] SAP 08.09.2009
[DSECRG-09-056] SAP 08.09.2009
[DSECRG-09-058] VMware 07.09.2009
[DSECRG-09-054] IBM 05.09.2009


Publications RSS RSS
Penetration: from application down to OS. Getting OS access using IBM Websphere Application Server vulnerabilities 03.02.2010

Penetration: from application down to OS. Getting OS access using IBM Websphere Application Server vulnerabilities

Author: Stanislav Svistunovich


© 2002—2010, Digital Security
For quoting or using materials from this site
link is obligatory

+7 (812) 703-1547, +7 (812) 430-9130    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search