Services Vulnerabilities Exploits Publications News Blog About DSecRG

Digital Security Research Group (DSecRG) is the ERPScan research center More About ERPScan About ERPScan products

New vulnerabilities RSS RSS

20.01.2012 [DSECRG-12-011] SAP NetWeaver Business Communication Broker - multiple XSS

SAP NetWeaver Business Communication Broker has multiple linked XSS vulnerabilies.
20.01.2012 [DSECRG-12-010] SAP TesContainerAdmin service - stored XSS

SAP NetWeaver contains a flaw in its Text Container Administration Application - stored XSS vulnerability.

20.01.2012 [DSECRG-12-009] SAP NetWeaver PFL_CHECK_OS_FILE_EXISTENCE - missing authorization check and SMB Relay vulnerability

Missing authorization check in FRC function PFL_CHECK_OS_FILE_EXISTENCE.
20.01.2012 [DSECRG-12-008] SAP NetWeaver RWB - unauthorized acñess

Unauthorized access is possible to some Runtime Workbench resources.
20.01.2012 [DSECRG-12-007] Tecomat PLC - Default passwords

Default passwords enabled for Tecomat PLC devices.
20.01.2012 [DSECRG-12-006] OPC Systems.NET FlexGrid 7.1 ActiveX - Buffer Overflow

Buffer overflow found in 3rd party ActiveX control.
20.01.2012 [DSECRG-12-005] wellintech KingSCADA 3.0 - Insecure password encryption

It is possible to obtain cleartext password to access KingSCADA because it is stored insecurely.
20.01.2012 [DSECRG-12-004] WAGO PLC 750 - CSRF password change [0-day]

It is possible to change password by forcing administrator to open malicious link.

News RSS RSS
20.01.2012
DSecRG supports Project BaseCamp by releasing WAGO PLC 0-day vulnerabilities
16.12.2011
ERPScan Company enters the Google and Yandex Halls of Fame for work in information security



Upcoming Advisories
The following is a list of last 10 most important vulnerabilities discovered by DSecRG researchers that are yet to be published.
The affected vendor has been contacted on the specified date and work on a patch for vulnerability.

[DSECRG-00263] SAP 20.01.2012
[DSECRG-00262] SAP 20.01.2012
[DSECRG-00261] SAP 20.01.2012
[DSECRG-00260] SAP 20.01.2012
[DSECRG-00258] SAP 20.01.2012
[DSECRG-00257] SAP 20.01.2012
[DSECRG-00256] SAP 20.01.2012
[DSECRG-00255] SAP 20.01.2012
[DSECRG-00254] SAP 20.01.2012
[DSECRG-00253] SAP 20.01.2012


Publications RSS RSS
Whitepaper "Architecture and program vulnerabilities in SAP’s J2EE engine" from BlackHat USA 2011 12.08.2011

Whitepaper "Architecture and program vulnerabilities in SAP’s J2EE engine" from BlackHat USA 2011

Author: Alexander Polyakov


© 2002—2012, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search