Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent:28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)
Description
1.
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)
Description
(, ) (,
. '.' ) ('.',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
On Sat, Apr 9, 2016 at 2:34 AM, Árpád Magosányi
wrote:
> Browser developers are dropping support for X509 key generation.
> Yes, have its problems. But window.crypto - which is meant to
> replace it - have no way to save keys in the browser's keystore.
Using X.509 client certificates with brow
Am 2016-04-14 16:19, schrieb Reindl Harald:
Am 14.04.2016 um 00:54 schrieb Sebastian:
[...]
That's true. But the keygen element is flawed by the known-broken CA
system(*) and you can't build a secure house on a broken foundation.
You
could check whether the certificate for your site is issued
Am 14.04.2016 um 00:54 schrieb Sebastian:
The browser developers have just decided that the trust relationship
architecture of the virtual world will be driven by the copyright
dinosaurs from now on, by pulling off platform support from under those
who were experimenting with building meaningf
