Posted by ERPScan inc on Apr 20

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2234918
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-004]
Risk: Medium
Advisory URL:…

Posted by Stefan Kanthak on Apr 20

Hi @ll,

the executable installers of G-Data’s “security” products for
Windows, available from <https://www.gdata.de/downloads>, allow
escalation of privilege!

The downloadable executables are self-extractors containing the
real executable installer as resource: they create the subdirectory
%TEMP%{guidguid-guid-guid-guid-guidguidguid}
using another resource containing the hardcoded value of this GUID,
extract the real…

Posted by Pierre-David / NorthSec Conference on Apr 16

www.nsec.io – northsec.eventbrite.ca

NorthSec 2016, one of the biggest applied security event in Canada, coming up in Montreal May 17-22, with 2 days of
intense training sessions, followed by a 2-day technical conference and the largest 48h on-site CTF.

——– Training Sessions ——–
There are still a few seats available in our Training Sessions
https://www.nsec.io/training-sessions/

* Modern Object-Oriented Malware Reverse Engineering…

Posted by Sandro Poppi on Apr 16

Abstract
——–
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting
Vulnerability
Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on
Windows 7 SP1
Vendor Homepage: http://www.microsoft.com
Severity: high
Status: fixed
CVE-ID: CVE-2016-0160

Description
———–
Microsoft Internet Explorer 11 ships with MSHTML.DLL referencing various
DLLs which are not present on a Windows 7 SP1 installation, Windows 10
is not…

Posted by ERPScan inc on Apr 16

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-003]
Risk: Hight
Advisory URL:…

Posted by ERPScan inc on Apr 15

Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP HANA
Advisory ID: [ERPSCAN-16-002]
Risk: Hight
Advisory URL:…

Posted by ERPScan inc on Apr 15

Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-001]
Risk: Hight
Advisory URL:…

Posted by Sebastian on Apr 15

Am 2016-04-14 16:19, schrieb Reindl Harald:

I don’t. But even if you roll your own CA, you’ll have a hard time
avoiding someone with a wildcard CA (updater, every other page you open,
…). Also, to use <keygen> you need to have a secure connection
beforehand (or use http, which would make every MITM happy). Now it is
possible to work around this, too, but then you may as well use fully
encrypted channel.

The actual point…

Posted by Reindl Harald on Apr 15

Am 14.04.2016 um 00:54 schrieb Sebastian:

how do you come to the conclusion that you need any 3rd party CA for a
client certificate which you accept on your server?

Posted by Francesco Oddo on Apr 15

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….