Penetration Testing Mode:
(Page 1 of 638)  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda

[ more ]  [ reply ]
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1.

[ more ]  [ reply ]
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

[ more ]  [ reply ]
[HITB-Announce] HITBGSEC CFP Closes in 2 Weeks! 2016-04-13
Hafez Kamal (aphesz hackinthebox org)
REMINDER: The Call for Papers for the 2nd annual Hack In The Box GSEC
conference in Singapore closes on the 1st of May.

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2016/

HITB GSEC is a new single track 2-day deep knowledge security conference
where attendees ge

[ more ]  [ reply ]
Releasing Mobile Security Framework v0.9 2016-03-14
Ajin Abraham (ajin25 gmail com)
Hey Folks,

I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.

Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework

[ more ]  [ reply ]
Ruxcon 2016 Call For Presentations 2016-03-08
cfp ruxcon org au
Ruxcon 2016 Call For Presentations
Melbourne, Australia, October 22-23
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2016.

This year the conference will take place over the weekend of the 22nd and 23rd of Oc

[ more ]  [ reply ]
Make room for faraday v1.0.17! New #maltego & #arachni plugins & more! 2016-02-26
Francisco Amato (famato infobytesec com)
The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro &
Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali
Rolling, and several fixes including installation issues.

Changes:
New Maltego Plugin

Added support for Kali Rolling Edition
Added support for Mint 17
Added us

[ more ]  [ reply ]
JSON Hijacking 2016-02-24
Ricardo Iramar dos Santos (riramar gmail com)
Hi All,

Do you guys know if JSON Hijacking is still possible?
It seems the method __defineSetter__ has been deprecated but I've
seeing some post that it's still possible to override the constructor.
I tried using the javascript below but no error on console either a alert popup.

<script>
Object.de

[ more ]  [ reply ]
Arachni Framework v1.4 & WebUI v0.5.10 have been released (Web Application Security Scanner) 2016-02-09
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Massive performance improvements (approx. 5 times faster browser operations,
much reduced less RAM and CPU usage).
* Significantly improv

[ more ]  [ reply ]
[HITB-Announce] #HITB2016AMS CFP Closes in < 3 Weeks 2016-01-21
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for HITBSecConf2016 - Amsterdam (#HITB2016AMS)
closes in approximately 3 weeks! Working on something interesting? Submit!

Call for Papers: http://cfp.hackinthebox.org/
Deadline: 14th February

An initial list of accepted talks and speakers has just been announced:

- Virtualizat

[ more ]  [ reply ]
Faraday 1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) 2015-12-21
Francisco Amato (famato infobytesec com)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more tim

[ more ]  [ reply ]
Call for Papers -YSTS X - Information Security Conference, Brazil 2015-12-21
Luiz Eduardo (le ysts org)
Hello Pen-test readers and sorry for the possible cross-postings you
might see, on behalf of the conference's organization team I would
like to let you know that YSTS X's CFP is currently opened.

==

YSTS 10th Edition

Where: Sao Paulo, Brazil

When: June 13th, 2016

Call for Papers Opens: Decembe

[ more ]  [ reply ]
[HITB-Announce] HITB2016AMS Call for Papers 2015-12-03
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the 7th annual Hack In The Box Security
Conference in The Netherlands is now open!

Call for Papers: http://cfp.hackinthebox.org/
Event Website: http://conference.hitb.org/hitbseccconf2016ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aimed

[ more ]  [ reply ]
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite - XXE injection
Advisory ID: [ERPSCAN-15-029]
Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 21.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Cl

[ more ]  [ reply ]
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-028]
Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite Cross-site Scripting
Advisory ID: [ERPSCAN-15-027]
Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite
-cross-site-scripting-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFO

[ more ]  [ reply ]
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite SQL injection
Advisory ID: [ERPSCAN-15-026]
Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite - Database user enumeration
Advisory ID: [ERPSCAN-15-025]
Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-dat
abase-user-enumeration-vulnerability/
Date published:20.10.2015
Vendors contacted: Oracle

2. VULNER

[ more ]  [ reply ]
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS
service - Unauthorized Access

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA, probably others
Vendor URL: http://SAP.com
Bugs: Unauthorized access
Sent: 20.04.2013
Reported: 21.04.2013
Vendor response: 21.04.201

[ more ]  [ reply ]
t2'15: Challenge to be released 2015-09-19 10:00 EEST 2015-09-14
Tomi Tuominen (tomi tuominen t2 fi)
Hi,

After last yearâ??s t2 we spent the cold winter months browsing through online auctions for historical data processing equipment. Just like LinkedIn profiles revealing sensitive projects and inside information, old devices and mass storage units can be a treasure trove for the lucky.

The myste

[ more ]  [ reply ]
[ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response

[ more ]  [ reply ]
[ERPSCAN-15-015] SAP NetWeaver AS ABAPâ?? Hardcoded Credentials 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAPâ??
Hardcoded Credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response:

[ more ]  [ reply ]
[ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE in Add Repository 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE
in Add Repository

Application: SAP Mobile Platform
Versions Affected: SAP Mobile Platform 3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response:

[ more ]  [ reply ]
nullcon se7en CFP is open 2015-08-26
nullcon (nullcon nullcon net)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive securi

[ more ]  [ reply ]
SpiderFoot 2.5.0 released 2015-08-04
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.5.0 is now available, with more modules, added
functionality and bug fixes since 2.3.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over 40 data sources and methods, all driven through a
snappy web UI.

[ more ]  [ reply ]
Arachni Framework v1.2 & WebUI v0.5.7.1 have been released (Web Application Security Scanner) 2015-07-16
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner.

The highlights of this release are:

* Many optimizations to reduce RAM and CPU consumption.
* SSL interception for websites with HSTS.
* Support for tracking jQuery delegated events.
* Su

[ more ]  [ reply ]
Ruxcon 2015 Final Call For Presentations 2015-07-06
cfp ruxcon org au
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th

[ more ]  [ reply ]
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow - RCE, DoS

Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent:

[ more ]  [ reply ]
(Page 1 of 638)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus