 |
 ru | en |
 |
||||||||||||
|
|
|
||||||||||||
|
|
|
||||||||||||
 |
 |
 |
||||||||||||
 |
 |
 |
||
|
О нас пишут Благодарности DSecRG1. SAPThe SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain the security and safety of its customers' and partners' SAP systems. Our acknowledgements page lists those professionals we have worked with successfully in the past. The acknowledgements are published on a monthly basis and mention all security researchers who helped to improve the security and integrity of our customers' IT systems by respecting our disclosure guidelines. We thank all security researchers for their excellent work and hope to continue the fruitful relationship between security professionals and SAP. ACKNOWLEDGMENTS TO SECURITY RESEARCHERS: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a https://service.sap.com/sap/support/notes/1092631 https://service.sap.com/sap/support/notes/1136770 https://service.sap.com/sap/support/notes/1281820 https://service.sap.com/sap/support/notes/1284360 https://service.sap.com/sap/support/notes/1286637 https://service.sap.com/sap/support/notes/1292875 https://service.sap.com/sap/support/notes/1322098 https://service.sap.com/sap/support/notes/1327004 https://service.sap.com/sap/support/notes/1372153 https://service.sap.com/sap/support/notes/1327004 https://service.sap.com/sap/support/notes/1391770 https://service.sap.com/sap/support/notes/1407285 https://service.sap.com/sap/support/notes/1416047 https://service.sap.com/sap/support/notes/1422273 https://service.sap.com/sap/support/notes/1432114 https://service.sap.com/sap/support/notes/1438191 https://service.sap.com/sap/support/notes/1440336 https://service.sap.com/sap/support/notes/1450270 https://service.sap.com/sap/support/notes/1456175 https://service.sap.com/sap/support/notes/1451843 https://service.sap.com/sap/support/notes/1469549 https://service.sap.com/sap/support/notes/1481923 https://service.sap.com/sap/support/notes/1481924 https://service.sap.com/sap/support/notes/1483888 https://service.sap.com/sap/support/notes/1484097 https://service.sap.com/sap/support/notes/1509610 https://service.sap.com/sap/support/notes/1511179 https://service.sap.com/sap/support/notes/1512776 2. Oracle "The following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: CERT/CC; Esteban Martinez Fayo of Application Security, Inc.; Pete Finnigan; Joxean Koret; Alexander Kornbrust of Red Database Security; Ali Kumcu of inTellectPro; David Litchfield of NGS Software; Mariano Nunez Di Croce of CYBSEC S.A.; and Alexandr Polyakov of Digital Security." http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 3. VMware "VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group." https://www.vmware.com/security/advisories/VMSA-2010-0008.html http://lists.vmware.com/pipermail/security-announce/2010/000092.html 4. HP The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com. http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01841397 5. SUN "I'd like to thank The Digital Security Research Group for bringing the issues listed below to our attention." https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675 https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041 http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html 6. IBM http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988 7. Adobe Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers’ security. Alexandr Polyakov of Digital Security (CVE-2009-1872, CVE-2009-1873, CVE-2009-1874) http://www.adobe.com/support/security/bulletins/apsb09-12.html 8. Apache "Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes." https://issues.apache.org/jira/browse/GERONIMO-4597 9. Alcatel "Alcatel-Lucent would like to thank Digital Security (http://dsec.ru) to inform us about this vulnerability, for the good cooperation and for acting according to our disclosure policy practices." http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.pdf 10. Ruby project "Credit to Digital Security Research Group (URL:http://dsec.ru/) for disclosing the problem to Ruby Security Team." http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ 11. Alienvault Sintsov Alexey at Digital Security Research Group has discovered a series of security vulnerabilities in the OSSIM 2.1 and 2.1.1 releases. We'd like to thank DSecRG for the manner this join disclosure has been approached; it's always nice to be c ontacted before public disclosure. http://www.alienvault.com/community.php?section=News 12. OpenBSD http://www.mail-archive.com/misc@openbsd.org/msg49057.html 13. XOOPS "This release is solely for a couple of critical fixes, including an XSS vulnerability reported by Digital Sercurity Research Group (or DSRG), potential local file inclusion vulnerability reported by DSRG. In the 2.3.2b release we have further improved security fixes with help from DSRG." http://www.xoops.org/modules/news/article.php?storyid=4563 14. RunCMS "P.S. Special thanks to Alexandr Polyakov from Digital Security Research Group for bugs & vulnerabilities report." http://runcms.org/modules/mydownloads/singlefile_lid_130.html А также: APC, Claroline, Gallery, BlogCMS. Уязвимости, эксплойты и исследованияУязвимости1. SUN GlassFish Enterprise Server - множественные уязвимости межсайтового скриптинга попали на 4 место в ТОП 5 уязвимостей в web-приложениях за май 2009 года.
2. Apache Geronimo Application Server - множественные удалённые уязвимости попали на 1 место в ТОП 5 уязвимостей в web-приложениях за апрель 2009 года.
3. SAP cFolders - множественные уязвимости межсайтового скриптинга и HTML-инъекции попали на 2 место в ТОП 5 уязвимостей в web-приложениях за апрель 2009 года.
4. IBM WebSphere Application Server - уязвимость межсайтового скриптинга попала на 2 место в ТОП 5 уязвимостей в web-приложениях за март 2009 года .
5. SAP MaxDB 'webdbm' - множественные уязвимости межсайтового скриптинга попали на 3 место в ТОП 5 уязвимостей в web-приложениях за март 2009 года .
6. APC PowerChute Network Shutdown's Web Interface - уязвимости межсайтового скриптинга и расщепления ответов попали на 3 место в ТОП 5 уязвимостей в web-приложениях за февраль 2009 года.
7. SAP Web Application Server - уязвимость межсайтового скриптинга попала на 2 место в ТОП 5 уязвимостей в web-приложениях за июль 2008 года.
8. Ruby WEBrick - уязвимости обхода каталога и раскрытия данных попали на 5 место в ТОП 5 уязвимостей в web-приложениях за март 2008 года.
Эксплойты1. Эксплоиты DSecRG для проекта Metasploit.
2. Эксплойты DSecRG в документе "Best of oracle security 2008" известного эксперта по безопасности Oracle Александра Корнбруста (Alexander Kornbrust).
3. Эксплойты DSecRG в документе "Oracle Security Masterclass" известного эксперта по безопасности Oracle Пита Финнигана (Pete Finnigan).
Исследования1. Ссылки на исследования DSecRG в блоге эксперта по безопасности Oracle Александра Корнбруста (Alexander Kornbrust).
2. Ссылки на исследования DSecRG в блоге эксперта по безопасности Oracle Пита Финнигана (Pete Finnigan).
3. Ссылки на исследования DSecRG в блоге эксперта по безопасности Oracle Пола Врайта (Paul M. Wright).
|
|
||
|
|
|
||
 |
 |
||||||
|
|||||||