Opentaps ERP + CRM Detection

The remote host is running Opentaps ERP + CRM. Opentaps is a full-featured ERP + CRM suite which incorporates several open source projects, including: - Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework - Pentaho and JasperReports for business intelligence - Funambol...

Mini-Metricon Highlighted Risk, Measurements

I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather eac...

Malicious web sites jump 200 percent

By Vivian Yeo, ZDNet Asia The threat from Web-based malware is growing at a rapid pace, with nearly 200 percent more malicious sites zdnet.com identified this month, according to a new report from MessageLabs. Released Tuesday, the MessageLabs Intelligence Report revealed that 2, 797 new Web site...

Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows

====================================================================== Secunia Research 25/02/2009 - ksquirrel-libs Radiance RGBE Buffer Overflows - ====================================================================== Table of Contents Affected...

Security Best Practice: Get Yourself Familiar with the Header Rejection Tool

Web servers and applications parse not only the URL, but also the rest of the HTTP header data. Wrong parsing can lead to buffer overrun attacks and other vulnerabilities. Some exploits use the HTTP headers to cause damage. The exploit can be carried in standard headers the Host header for exampl...

rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)

rdesktop 1.5.0 - processredirectpdu BSS Overflow PoC !/usr/bin/perl http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=697 use strict; use IO::Socket; my $sock = IO::Socket::INET-newLocalAddr = '0.0.0.0', LocalPort = '3389', Listen = 1, Reuse = 1 || die$!; my $evil =...

securityreporter-traverse.txt

SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...

[Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability

SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...

CVE-2007-3867

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to 1 APPS04, 2 APPS05, and 3 APPS06 in a Oracle Application Object Library, 4 APPS07 in Oracle Customer Intelligence, 5 APPS08 in Oracle Payments, 7 APPS10 in Oracle Human...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to 1 APPS04, 2 APPS05, and 3 APPS06 in a Oracle Application Object Library, 4 APPS07 in Oracle Customer Intelligence, 5 APPS08 in Oracle Payments, 7 APPS10 in Oracle Human...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01...

CVE-2007-3867

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to 1 APPS04, 2 APPS05, and 3 APPS06 in a Oracle Application Object Library, 4 APPS07 in Oracle Customer Intelligence, 5 APPS08 in Oracle Payments, 7 APPS10 in Oracle Human...

CVE-2007-2689

Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...

CVE-2007-2689

Check Point Web Intelligence is affected by CVE-2007-2689 due to improper handling of certain full-width and half-width Unicode character encodings in HTTP traffic processing. The underlying issue allows remote attackers to evade detection of HTTP traffic. Affected product: Check Point Web Intell...

CVE-2007-2689

Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...

[Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability

Computer Terrorism UK :: Incident Response Centre www.computerterrorism.com Security Advisory: CT09-01-2007 ======================================================= Microsoft Outlook Advanced Find - Remote Code Execution ======================================================= Advisory Date: 11th...

CVE-2006-5675

Multiple unspecified vulnerabilities in Pentaho Business Intelligence BI Suite before 1.2 RC3 1.2.0.470-RC3 have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts...

CVE-2006-5675

Affected software: Pentaho BI Suite before 1.2 RC3 (1.2.0.470-RC3). Vulnerability span: possible SQL injection in MySQL scripts related to security changes. Root cause/triage: scripts requiring security changes cited as the issue; exact impact and exploit vectors are not detailed in the provided ...

Learning More about SmartView Tracker Logs: InterSpect NGX Packets Capture

Packet streams that have triggered a SmartDefense or Web Intelligence protection can be stored in the form of raw data. The captured packet can be examined using an internal packet viewer or any protocol analyzer, such as Ethereal, Snoop or tcpdump.Packet capture is available for all protections ...

Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability

Computer Terrorism UK :: Incident Response Centre www.computerterrorism.com Security Advisory: CT12-09-2006 ============================================================ Adobe/Macromedia Flash Player - Remote Code Execution ============================================================ Advisory Date...