Penetration Testing Mode:
(Page 1 of 639)  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC â?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent:

[ more ]  [ reply ]
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported:

[ more ]  [ reply ]
Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform 2016-08-18
Francisco Amato (famato infobytesec com)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time witho

[ more ]  [ reply ]
SpiderFoot 2.7.0 released 2016-08-19
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI

[ more ]  [ reply ]
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory

[ more ]  [ reply ]
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (

[ more ]  [ reply ]
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ER

[ more ]  [ reply ]
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

[ more ]  [ reply ]
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author:

[ more ]  [ reply ]
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (

[ more ]  [ reply ]
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan

[ more ]  [ reply ]
Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! 2016-05-27
Francisco Amato (famato infobytesec com)
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.

If you've been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v10
19.html
we published a new

[ more ]  [ reply ]
[ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: information disclosure

Sent: 15.09.2015

Reported: 15.09.2015

Vendor response: 16.09.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2256846

Author:

[ more ]  [ reply ]
[ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: SQL injection

Send: 04.12.2015

Reported: 04.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2101079

A

[ more ]  [ reply ]
44CON CFP Now Open 2016-05-17
Steve (steve 44con com)
44CON is the UK's premier annual technical security conference and training event. From the evening of the 14th of September till the 16th of September 2016, expect a top-tier international technical conference with fast wifi, loose 0day, catering, a bar and of course, Gin O'Clock.

_____ ______ ___

[ more ]  [ reply ]
[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet 2016-05-16
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bugs: Cross Site Scripting (XSS)

Sent: 10.08.2015

Reported: 10.08.2015

Vendor response: 11.08.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2220571

Author: Vah

[ more ]  [ reply ]
[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP MII 15.0

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 29.07.2015

Reported: 29.07.2015

Vendor response: 30.07.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2230978

Author: Dmitry Chastuhin (ERPScan)

Descr

[ more ]  [ reply ]
t2'16: Call For Papers 2016 (Helsinki, Finland) 2016-05-08
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'16 - Call For Papers (Helsinki, Finland) - October 27 - 28, 2016
#

If you are tired of any of the following:
1) conferences where coffee service equals one coupon (= cup) per day,
2) conferences with crazy-ass lines making world's busiest transit hubs seem
like a pleasurable life experien

[ more ]  [ reply ]
Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing 2016-05-05
Francisco Amato (famato infobytesec com)
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take

[ more ]  [ reply ]
Mobile Security Framework (MobSF) v0.9.2 Released 2016-05-03
Ajin Abraham (ajin25 gmail com)
Hey Folks,

Happy to release MobSF v0.9.2

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analy

[ more ]  [ reply ]
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda

[ more ]  [ reply ]
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1.

[ more ]  [ reply ]
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

[ more ]  [ reply ]
[HITB-Announce] HITBGSEC CFP Closes in 2 Weeks! 2016-04-13
Hafez Kamal (aphesz hackinthebox org)
REMINDER: The Call for Papers for the 2nd annual Hack In The Box GSEC
conference in Singapore closes on the 1st of May.

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2016/

HITB GSEC is a new single track 2-day deep knowledge security conference
where attendees ge

[ more ]  [ reply ]
Releasing Mobile Security Framework v0.9 2016-03-14
Ajin Abraham (ajin25 gmail com)
Hey Folks,

I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.

Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework

[ more ]  [ reply ]
Ruxcon 2016 Call For Presentations 2016-03-08
cfp ruxcon org au
Ruxcon 2016 Call For Presentations
Melbourne, Australia, October 22-23
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2016.

This year the conference will take place over the weekend of the 22nd and 23rd of Oc

[ more ]  [ reply ]
Make room for faraday v1.0.17! New #maltego & #arachni plugins & more! 2016-02-26
Francisco Amato (famato infobytesec com)
The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro &
Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali
Rolling, and several fixes including installation issues.

Changes:
New Maltego Plugin

Added support for Kali Rolling Edition
Added support for Mint 17
Added us

[ more ]  [ reply ]
JSON Hijacking 2016-02-24
Ricardo Iramar dos Santos (riramar gmail com)
Hi All,

Do you guys know if JSON Hijacking is still possible?
It seems the method __defineSetter__ has been deprecated but I've
seeing some post that it's still possible to override the constructor.
I tried using the javascript below but no error on console either a alert popup.

<script>
Object.de

[ more ]  [ reply ]
Arachni Framework v1.4 & WebUI v0.5.10 have been released (Web Application Security Scanner) 2016-02-09
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Massive performance improvements (approx. 5 times faster browser operations,
much reduced less RAM and CPU usage).
* Significantly improv

[ more ]  [ reply ]
(Page 1 of 639)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus