Penetration Testing Mode:
(Page 2 of 639)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP MII 15.0

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 29.07.2015

Reported: 29.07.2015

Vendor response: 30.07.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2230978

Author: Dmitry Chastuhin (ERPScan)

Descr

[ more ]  [ reply ]
t2'16: Call For Papers 2016 (Helsinki, Finland) 2016-05-08
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'16 - Call For Papers (Helsinki, Finland) - October 27 - 28, 2016
#

If you are tired of any of the following:
1) conferences where coffee service equals one coupon (= cup) per day,
2) conferences with crazy-ass lines making world's busiest transit hubs seem
like a pleasurable life experien

[ more ]  [ reply ]
Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing 2016-05-05
Francisco Amato (famato infobytesec com)
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take

[ more ]  [ reply ]
Mobile Security Framework (MobSF) v0.9.2 Released 2016-05-03
Ajin Abraham (ajin25 gmail com)
Hey Folks,

Happy to release MobSF v0.9.2

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analy

[ more ]  [ reply ]
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda

[ more ]  [ reply ]
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1.

[ more ]  [ reply ]
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

[ more ]  [ reply ]
[HITB-Announce] HITBGSEC CFP Closes in 2 Weeks! 2016-04-13
Hafez Kamal (aphesz hackinthebox org)
REMINDER: The Call for Papers for the 2nd annual Hack In The Box GSEC
conference in Singapore closes on the 1st of May.

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2016/

HITB GSEC is a new single track 2-day deep knowledge security conference
where attendees ge

[ more ]  [ reply ]
Releasing Mobile Security Framework v0.9 2016-03-14
Ajin Abraham (ajin25 gmail com)
Hey Folks,

I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.

Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework

[ more ]  [ reply ]
Ruxcon 2016 Call For Presentations 2016-03-08
cfp ruxcon org au
Ruxcon 2016 Call For Presentations
Melbourne, Australia, October 22-23
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2016.

This year the conference will take place over the weekend of the 22nd and 23rd of Oc

[ more ]  [ reply ]
Make room for faraday v1.0.17! New #maltego & #arachni plugins & more! 2016-02-26
Francisco Amato (famato infobytesec com)
The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro &
Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali
Rolling, and several fixes including installation issues.

Changes:
New Maltego Plugin

Added support for Kali Rolling Edition
Added support for Mint 17
Added us

[ more ]  [ reply ]
JSON Hijacking 2016-02-24
Ricardo Iramar dos Santos (riramar gmail com)
Hi All,

Do you guys know if JSON Hijacking is still possible?
It seems the method __defineSetter__ has been deprecated but I've
seeing some post that it's still possible to override the constructor.
I tried using the javascript below but no error on console either a alert popup.

<script>
Object.de

[ more ]  [ reply ]
Arachni Framework v1.4 & WebUI v0.5.10 have been released (Web Application Security Scanner) 2016-02-09
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Massive performance improvements (approx. 5 times faster browser operations,
much reduced less RAM and CPU usage).
* Significantly improv

[ more ]  [ reply ]
[HITB-Announce] #HITB2016AMS CFP Closes in < 3 Weeks 2016-01-21
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for HITBSecConf2016 - Amsterdam (#HITB2016AMS)
closes in approximately 3 weeks! Working on something interesting? Submit!

Call for Papers: http://cfp.hackinthebox.org/
Deadline: 14th February

An initial list of accepted talks and speakers has just been announced:

- Virtualizat

[ more ]  [ reply ]
Faraday 1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) 2015-12-21
Francisco Amato (famato infobytesec com)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more tim

[ more ]  [ reply ]
Call for Papers -YSTS X - Information Security Conference, Brazil 2015-12-21
Luiz Eduardo (le ysts org)
Hello Pen-test readers and sorry for the possible cross-postings you
might see, on behalf of the conference's organization team I would
like to let you know that YSTS X's CFP is currently opened.

==

YSTS 10th Edition

Where: Sao Paulo, Brazil

When: June 13th, 2016

Call for Papers Opens: Decembe

[ more ]  [ reply ]
[HITB-Announce] HITB2016AMS Call for Papers 2015-12-03
Hafez Kamal (aphesz hackinthebox org)
The Call for Papers for the 7th annual Hack In The Box Security
Conference in The Netherlands is now open!

Call for Papers: http://cfp.hackinthebox.org/
Event Website: http://conference.hitb.org/hitbseccconf2016ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aimed

[ more ]  [ reply ]
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite - XXE injection
Advisory ID: [ERPSCAN-15-029]
Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 21.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Cl

[ more ]  [ reply ]
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-028]
Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite Cross-site Scripting
Advisory ID: [ERPSCAN-15-027]
Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite
-cross-site-scripting-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFO

[ more ]  [ reply ]
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite SQL injection
Advisory ID: [ERPSCAN-15-026]
Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql
-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Clas

[ more ]  [ reply ]
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION

Title: Oracle E-Business Suite - Database user enumeration
Advisory ID: [ERPSCAN-15-025]
Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-dat
abase-user-enumeration-vulnerability/
Date published:20.10.2015
Vendors contacted: Oracle

2. VULNER

[ more ]  [ reply ]
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS
service - Unauthorized Access

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA, probably others
Vendor URL: http://SAP.com
Bugs: Unauthorized access
Sent: 20.04.2013
Reported: 21.04.2013
Vendor response: 21.04.201

[ more ]  [ reply ]
t2'15: Challenge to be released 2015-09-19 10:00 EEST 2015-09-14
Tomi Tuominen (tomi tuominen t2 fi)
Hi,

After last yearâ??s t2 we spent the cold winter months browsing through online auctions for historical data processing equipment. Just like LinkedIn profiles revealing sensitive projects and inside information, old devices and mass storage units can be a treasure trove for the lucky.

The myste

[ more ]  [ reply ]
[ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response

[ more ]  [ reply ]
[ERPSCAN-15-015] SAP NetWeaver AS ABAPâ?? Hardcoded Credentials 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAPâ??
Hardcoded Credentials

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS ABAP, probably others
Vendor URL: http://SAP.com
Bugs: Hardcoded credentials
Sent: 06.03.2014
Reported: 07.03.2014
Vendor response:

[ more ]  [ reply ]
[ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE in Add Repository 2015-09-09
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE
in Add Repository

Application: SAP Mobile Platform
Versions Affected: SAP Mobile Platform 3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response:

[ more ]  [ reply ]
nullcon se7en CFP is open 2015-08-26
nullcon (nullcon nullcon net)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive securi

[ more ]  [ reply ]
(Page 2 of 639)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus