Public references to DSecRG:
Credits to DSecRG1. SAP
The SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain the security and safety of its customers' and partners' SAP systems.
Our acknowledgements page lists those professionals we have worked with successfully in the past. The acknowledgements are published on a monthly basis and mention all security researchers who helped to improve the security and integrity of our customers' IT systems by respecting our disclosure guidelines. We thank all security researchers for their excellent work and hope to continue the fruitful relationship between security professionals and SAP.
ACKNOWLEDGMENTS TO SECURITY RESEARCHERS:
"The following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: CERT/CC; Esteban Martinez Fayo of Application Security, Inc.; Pete Finnigan; Joxean Koret; Alexander Kornbrust of Red Database Security; Ali Kumcu of inTellectPro; David Litchfield of NGS Software; Mariano Nunez Di Croce of CYBSEC S.A.; and Alexandr Polyakov of Digital Security."
"VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group."
The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to email@example.com.
"I'd like to thank The Digital Security Research Group for bringing the issues listed below to our attention."
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers' security.
Alexandr Polyakov of Digital Security (CVE-2009-1872, CVE-2009-1873, CVE-2009-1874)
"Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes."
"Alcatel-Lucent would like to thank Digital Security (http://dsec.ru) to inform us about this vulnerability, for the good cooperation and for acting according to our disclosure policy practices."
10. Ruby project
"Credit to Digital Security Research Group (URL:http://dsec.ru/) for disclosing the problem to Ruby Security Team."
Sintsov Alexey at Digital Security Research Group has discovered a series of security vulnerabilities in the OSSIM 2.1 and 2.1.1 releases. We'd like to thank DSecRG for the manner this join disclosure has been approached; it's always nice to be c ontacted before public disclosure.
"This release is solely for a couple of critical fixes, including an XSS vulnerability reported by Digital Sercurity Research Group (or DSRG), potential local file inclusion vulnerability reported by DSRG. In the 2.3.2b release we have further improved security fixes with help from DSRG."
"P.S. Special thanks to Alexandr Polyakov from Digital Security Research Group for bugs & vulnerabilities report."
APC, Claroline, Gallery, BlogCMS.
Vulnerabilities, exploits and whitepapers
1. SUN GlassFish Enterprise Server Multiple XSS in TOP 5 Web application vulnerabilities may 2009.
2. Apache Geronimo Application Server Multiple Remote Vulnerabilities took 1st place in TOP 5 Web application vulnerabilities april 2009.
3. SAP cFolders XSS and HTML Injection Vulnerabilities in TOP 5 Web application vulnerabilities april 2009.
4. IBM WebSphere Application Server multiple XSS in TOP 5 Web application vulnerabilities march 2009.
5. SAP MaxDB 'webdbm' Multiple XSS in TOP 5 Web application vulnerabilities march 2009.
6. APC PowerChute Network Shutdown's Web Interface - XSS and Response Splitting vulnerabilities in TOP 5 Web application vulnerabilities February 2009.
7. SAP Web Application Server XSS vulnerability in TOP 5 Web application vulnerabilities july 2008.
8. Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities in TOP 5 Web application vulnerabilities march 2008.
1. DSecRG exploits for Metasploit project.
2. Our exploits in paper "Best of oracle security 2008" and "Best of oracle security 2007" by Oracle expert Alexander Kornbrust.
3. Our exploits in "Oracle Security Masterclass" by Oracle expert Pete Finnigan.
1. References to our whitepapers and exploits by Oracle security expert Alexander Kornbrust.
2. References to our whitepaper by Oracle security expert Pete Finnigan.
3. References to our whitepaper by Oracle security expert Paul Wright.