Research

	In CYBSEC S.A we know that the basis for improvement in the field of Systems Security and prevention of computer fraud is permanent research and knowledge exchange.

1. Security Advisories

Vulnerabilities found by CYBSEC S.A:

• CYBSEC Advisory#2010-0301 Reflected Cross-Site Scripting (XSS) in IBM Lotus Domino Help (PDF) (March 2010)

• CYBSEC Advisory#2010-0101 Information disclosure in FreePBX 2.5.x. (PDF) (January 2010)

• CYBSEC Advisory#2010-0102 Permanent XSS in FreePBX 2.5.x-2.6 (PDF) (January 2010)

• CYBSEC Advisory#2010-0103 SQL Injection in FreePBX 2.5.1 (PDF) (January 2010)

• CYBSEC Security Advisory - Arbitrary File Upload in OSSIM (PDF) (December 2009)

• CYBSEC Security Advisory - Remote Command Execution in OSSIM (PDF) (December 2009)

• CYBSEC Security Advisory - SQL injection in OSSIM (PDF) (December 2009)

• CYBSEC Security Advisory - Arbitrary File Upload in Achievo 1.4.2 (PDF) (December 2009)

• CYBSEC Security Advisory - Permanent Cross-Site Scripting (XSS) in Achievo 1.4.2 (PDF) (December 2009)

• CYBSEC Security Advisory - SAP sapstartsrv Denial of Service (PDF) (November 2009)

• CYBSEC Security Advisory - SAP dscdb6up on AIX Local Privilege Escalation (See SAP Note #1158618) - (July 2008)

• CYBSEC Security Advisory - SAP Gateway Monitor Remote Access Bypass (See SAP Note #1072946) - (July 2008)

• CYBSEC Security Advisory - SAP RFCEXEC Security Bypass (See SAP Note #1140031) - (July 2008)

• CYBSEC Security Advisory - SAP SAPGUI Buffer Overflow - (July 2008)

• CYBSEC Security Advisory - Oracle Forms Unauthenticated Cross-Site Scripting (PDF) (February 2008)

• CYBSEC Security Advisory Documentum dmclTrace Arbitrary file overwrite(PDF) (February 2008)

• CYBSEC Security Advisory Documentum dmclTrace XSS (PDF) (February 2008)

• CYBSEC Security Pre Advisory 3Com TippingPoint IPS Detection Bypass 2 (PDF) (July 2007)

• CYBSEC Security Advisory SAP RFC SET REG SERVER PROPERTY RFC Function Denial of Service (PDF) (April 2007)

• CYBSEC-Security Advisory SAP RFC START GUI RFC Function Buffer Overflow (PDF) (April 2007)

• CYBSEC-Security Advisory SAP RFC START PROGRAM RFC Function Multiple Vulnerabilities (PDF) (April 2007)

• CYBSEC-Security Advisory SAP SYSTEM CREATE INSTANCE RFC Function Buffer Overflow (PDF) (April 2007)

• CYBSEC-Security Advisory SAP TRUSTED SYSTEM SECURITY RFC Function Information Disclosure (PDF) (April 2007)

• CYBSEC Security Pre-Advisory - SAP IGS Undocumented Features (PDF) (December 2006)

• CYBSEC Security Pre-Advisory - SAP IGS Remote Arbitrary File Removal (PDF) (December 2006)

• CYBSEC Security Pre-Advisory - SAP IGS Remote Buffer Overflow (PDF) (August 2006)

• CYBSEC Security Pre-Advisory - SAP IGS Remote Denial of Service (PDF) (August 2006)

• CYBSEC Security Pre-Advisory - 3Com TippingPoint IPS Detection Bypass (PDF) (August 2006)

• CYBSEC Security Advisory - Microsoft Windows DHCP Client Service Remote Buffer Overflow (PDF) (July 2006)

• CYBSEC Security Pre-Advisory - Local Privilege Escalation in SAP sapdba Command (PDF) (May 2006)

• CYBSEC Security Advisory - Arbitrary File Read or Delete in SAP BC (PDF) (May 2006)

• CYBSEC Security Advisory - Phishing Vector in SAP BC (PDF) (May 2006)

• CYBSEC Security Advisory - httprint Multiple Vulnerabilities (PDF) (December 2005)

• CYBSEC Security Advisory - Watchfire AppScan QA Remote Code Execution (PDF) (December 2005)

• CYBSEC Security Advisory - HTTP Response Splitting in SAP WAS (PDF) (November 2005)

• CYBSEC Security Advisory - Multiple XSS in SAP WAS (PDF) (November 2005)

• CYBSEC Security Advisory - Phishing Vector in SAP WAS (PDF) (November 2005)

• CYBSEC Security Advisory - Multiple Vendor Web Scanner Arbitrary Script Injection Vulnerability (PDF) (September 2005)

• CYBSEC Security Advisory - Default Configuration Information Disclosure in Lotus Domino (Including password hashes)(PDF) (July 2005)

• CYBSEC Security Advisory - Vulnerabilidad en el proyecto PHPMailer (PDF) (May 2005)

• CYBSEC Security Advisory - Denial of Service in WebSphere Edge Server (PDF) (July 2004)

2. Security Vulnerability Disclosure Policy

Security Vulnerability Disclosure Policy (PDF Format)

3. Tools

SAFE: This software was especially developed to test the security level in SAP/R3 implementations.

With SAFE you will be able to learn easily and automatically if a SAP installation fulfills the major security requirements demanded by audits and international regulations (Sarbanes Oxley Act, HIPAA, PCI, CobIT, etc.).

SAFE performs a thorough analysis of configuration, authorization, communications, and other parameters in the SAP installation and compares them to international best practices; results are shown in reports indicating the target value to be achieved.

SAFE is available in FREE Version and ENTERPRISE Version format.

Download SAFE FREE Version

sapyto: sapyto is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities.

Download sapyto

W3AF: w3af is a framework to perform Web Application penetration testing. It can perform all the phases of a penetration test: discovery, audit, exploit and privilege escalation. The tool can be easily extended using plugins, is distributed under the GPLv2 license and is fully developed in Python. CYBSEC collaborated in the development of w3af and is a platinum sponsor of it.

http://w3af.sourceforge.net/