Onapsis Security Advisory 2011-003: SAP WebAS ITS Mobile Start Service Multiple
Vulnerabilities
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming
Onapsis Security Advisory 2011-004: SAP WebAS ITS Mobile Test Service Multiple
Vulnerabilities
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming
Onapsis Security Advisory 2011-005: SAP Enterprise Portal Path Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming advisories,
Onapsis Security Advisory 2011-006: Oracle JD Edwards JDENET Kernel Denial of
Service
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming advisories,
Onapsis Security Advisory 2011-007: Oracle JD Edwards JDENET Kernel Shutdown
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming advisories,
Onapsis Security Advisory 2011-009: Oracle JD Edwards JDENET SawKernel Remote
Password Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming
Onapsis Security Advisory 2011-010: Oracle JD Edwards JDENET Remote Logging
Deactivation
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming
Onapsis Security Advisory 2011-011: Oracle JD Edwards JDENET Buffer Overflow
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming advisories,
Onapsis Security Advisory 2011-012: Oracle JD Edwards JDENET Firewall Bypass
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming advisories,
Onapsis Security Advisory 2011-013: Oracle JD Edwards JDENET USRBROADCAST
Denial of Service
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain
access to beforehand information on upcoming
Hi,
I am also in the verg of testing firewall/IDS/IPS currently i am looking at
some DOS/DDOS/stress testing tools.. Please help me on that..
Thanks in Advance
Oscar
On Wed, Apr 27, 2011 at 11:17 AM, Sec Tools secto...@wildmail.com wrote:
I've been using a combination of Mausezahn (
Hello!
We have alarming case with Barracuda products here.
Customer bought Barracuda hardware years ago and paid for it. No leasing
etc. Product is Barracuda Spam Firewall 800 which is $40k product.
Customer also paid for not-so-cheap annual subscription fees each year.
One day their
Information
Name : XSS Persistent vulnerability in xMatters AlarmPoint Java Web
Server API
Software : xMatters AlarmPoint
Vendor Homepage : http://www.xmatters.com
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Juan Sacco jsacco [at]
Do you actually have any evidence of a backdoor? Or could this just be a
remote 'turn-off' switch as such? I'm not saying that one is better than the
other, but they are very different features.
On Thu, Apr 28, 2011 at 11:09 AM, Tõnu Samuel t...@jes.ee wrote:
Hello!
We have alarming case with
Hi,
for ddos testing:
T50
ddossim
netstress(commercial)
---
Huzeyfe ONAL
Bilgi Güvenliği AKADEMİSİ
http://www.bga.com.tr
BGA Ankara İstanbul Eğitim Takvimi
http://www.bga.com.tr/?page_id=944
---
On Wed, Apr 27, 2011 at 12:44 PM, Oscar shyamsecurity...@gmail.com wrote:
Hi,
I am also in
On Thu, 2011-04-28 at 11:45 +0100, Benji wrote:
Do you actually have any evidence of a backdoor? Or could this just be
a remote 'turn-off' switch as such? I'm not saying that one is better
than the other, but they are very different features.
I have no idea how this technically is implemented
Oh I'm sure someone on the list is going to help you.
Just give us SSH and root access and we'll do the hard work for you.
See, that's being open, not closed...!
On Thu, Apr 28, 2011 at 12:51 PM, Tõnu Samuel t...@jes.ee wrote:
On Thu, 2011-04-28 at 11:45 +0100, Benji wrote:
Do you
On 4/28/11 4:09 AM, Tõnu Samuel t...@jes.ee wrote:
admin interface of product. Even more irritating was fact that admin
wanted to see why some e-mails were lost and was denied even to see logs!
Hehyank the drive and mount it in a linux box...it's just Mandrake
linux anyways (most likely
On Thu, 2011-04-28 at 12:59 +0200, Christian Sciberras wrote:
Oh I'm sure someone on the list is going to help you.
Just give us SSH and root access and we'll do the hard work for you.
See, that's being open, not closed...!
Sure someone can do. I happen to know some people who are able to
Call for Paper for hashdays 2011 (#days)
Introduction
Hashdays is an international security technology and research conference
which is preceded by several 2-day workshops delivering IT security
training. The event features many international
On Thu, 2011-04-28 at 13:09 +0300, Tõnu Samuel wrote:
Hello!
We have alarming case with Barracuda products here.
It's your own fault for buying one and being too lazy to create your own
anti-spam solution! It's all pretty much OSS and rubbish hardware and
any half decent Linux admin can
Information
Name : Heap Buffer Overflow in xMatters AlarmPoint APClient
Version: APClient 3.2.0 (native)
Software : xMatters AlarmPoint
Vendor Homepage : http://www.xmatters.com
Vulnerability Type : Heap Buffer Overflow
Md5: 283d98063323f35deb7afbd1db93d859
Hello all,
First off, if this isn't the place to ask this question, I apologize, and
feel free to ignore this e-mail.
I've found a couple vulnerabilities in a web forum/portal/etc. product
called IP.Board. I was looking to reserve a CVE number, and I attempted to
contact the address Mitre
Why is everyone ripping on this fellow just because he chose to
purchase a 'solution'? That's not the issue here at all. Sure he
should've done something more custom and open source, but that doesn't
change the fact that Barracuda has done something likely bad here. A
vendor should make it
On Thu, Apr 28, 2011 at 09:14:57AM -0600, ctrun...@christophertruncer.com wrote:
Hello all,
First off, if this isn't the place to ask this question, I apologize, and
feel free to ignore this e-mail.
I've found a couple vulnerabilities in a web forum/portal/etc. product
called IP.Board.
ZDI-11-143(formerly ZDI-CAN-965): Cisco Unified CallManager
xmldirectorylist.jsp SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-143
April 28, 2011
-- CVE ID:
CVE-2011-1610
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Cisco
-- Affected
On Thu, 2011-04-28 at 08:29 -0700, ichib0d crane wrote:
(snipped)
but that doesn't
change the fact that Barracuda has done something likely bad here. A
vendor should make it explicitly clear when they have the capability
to disable remote products that have already been purchased. Maybe
their
On Thu, 28 Apr 2011 13:09:14 +0300, =?ISO-8859-1?Q?T=F5nu_Samuel?= said:
One day their Barracuda product stopped working.
OK... That's hardly surprising, given the high-quality software engineering
that Barracuda is known for.. ;)
Barracuda not only disabled all kind of subscription services
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2011-0007
Synopsis: VMware ESXi and ESX Denial of Service and third party
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Description of Vulnerability:
- -
Linksys WRT54G is a consumer wireless G broadband router and four port
switch (http://www.linksysbycisco.com/ANZ/en/support/WRT54G). The
device provides an administration interface for
On 04/28/2011 05:51 AM, Tõnu Samuel wrote:
On Thu, 2011-04-28 at 11:45 +0100, Benji wrote:
Do you actually have any evidence of a backdoor? Or could this just be
a remote 'turn-off' switch as such? I'm not saying that one is better
than the other, but they are very different features.
I have
Is the suid bit set on that binary? Otherwise, unless I'm missing something
it doesn't seem to be exploitable by an attacker...
On Thu, Apr 28, 2011 at 12:03 PM, Juan Sacco
jsa...@insecurityresearch.comwrote:
Information
Name : Heap Buffer Overflow in xMatters
On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:
Is the suid bit set on that binary? Otherwise, unless I'm missing something
it doesn't seem to be exploitable by an attacker...
Who cares? You got code executed on the remote box, that's the *hard* part.
Use that to inject a callback shell
This isn't a zero day. This is a vulnerability. Being able to crash
the system is nothing compared to the effort needed to actually write
the exploit. What function is the heap overflow in? Did you guys even
bother to find out? How do I know this is even a heap overflow? Heck
you couldnt even
So in 6 short months you've become a master hacker huh Gage ? All that
reporting nigerian scammers really put you to the top of the hacker
echelon ? or is it cause you finally got a piece of paper as
recognition from your little school ?
In short; Shut the fuck up and go play in traffic, kid.
Any reason for the hostility? The nigerian thing was ages ago and out
of curiosity, and I don't see how my choice of school is relevant in
the situation. Wheres this six month deal coming from and when did I
ever say I even counted myself as a hacker?
All I'm saying is InsectPro did poor
and now tom tom as well
http://crave.cnet.co.uk/cartech/tomtom-admits-to-sending-your-routes-and-speed-information-to-the-police-50003618/
On Thu, Apr 28, 2011 at 9:35 AM, Ivan . ivan...@gmail.com wrote:
stevie says it just a bug, a patented bug
On Apr 28, 2011, at 3:09 AM, Tõnu Samuel wrote:
One day their Barracuda product stopped working.
After investigating problem it came out that Barracuda reseller and
Barracuda itself have some misunderstandings and because of this
Barracuda not only disabled all kind of subscription
On Fri, Apr 29, 2011 at 3:17 AM, bk cho...@gmail.com wrote:
On Apr 28, 2011, at 3:09 AM, Tõnu Samuel wrote:
One day their Barracuda product stopped working.
After investigating problem it came out that Barracuda reseller and
Barracuda itself have some misunderstandings and because of
I have generated around 4G of attack using Hping from 6 servers, and I could
have still increased it but that was all I needed. So I think hping does good
job..
Gaurang.
From: Oscar shyamsecurity...@gmail.com
To: Sec Tools secto...@wildmail.com
Cc:
On Thu, 28 Apr 2011 19:18:59 +0300, Tõnu Samuel said:
From: Chelsi Newland [mailto:cnewl...@barracuda.com]
Sent: Wednesday, April 27, 2011 5:51 PM
Subject: FW: Current (Expires 2011-11-21)
Importance: High
Please note we have proof of payment to you from the end user. Either
reimburse
Precisely. The poc triggers the bug by passing a very long command line
argument, so it's assumed the attacker already has executed code. The only
way this is exploitable is if the binary has suid (then the attacker can
elevate privileges) or the command can be executed remotely (and the
attacker
42 matches
Mail list logo