Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

Security Advisories

Within the scope of our activities we often happen to find vulnerabilities which have not been known yet. We contact the manufacturers to inform them about these vulnerabilities in order to allow them to implement a patch or a fix. The cooperation with the manufacturers varies, but is usually good. We have already dealt with the following manufacturers:

  1. Microsoft
  2. SAP
  3. Nortel
  4. Finjan
  5. Linux community
  6. OpenCMS
  7. Various small software manufacturers

pdf  Vulnerability Disclosure Policy

 

Date Subject Link
CVE-2009-1479 Camtasia Flash Vulnerability download
CVE-2009-1479 Boxalino Directory Traversal Vulnerability download
CVE-2009-1048 Authentication Bypass of Snom Phone Web Interface download
2009 Response Header Name Injection Attack  
CVE-2008-3358 SAP NetWeaver XSS Vulnerability download
CVE-2008-1547 MS OWA URL Redirection Vulnerability download
CVE-2008-0385 Urulu Web 2.0 SQL Injection
 download
2008 OKI C5510MFP Printer Password Disclosure
CVE-2007-6340 LSrunasE, Supercrypt Weak Crypto
 download
2007 VoIP Phone Audio Stream Rerouting Vulnerability download
2007 Nortel_IP_phone_flooding_denial_of_service download
2007 Nortel_IP_phone_forced_re-authentication download
2007 Nortel_IP_phone_surveillance_mode download
2007 Nortel_telephony_server_denial_of_service download
2007 Nortel_UNIStim_IP_softphone_buffer-overflow download
2007 DokuWiki XSS Vulnerability download
2007 SAP Internet Communication Framework (BC-MID-ICF) download
2007 SAP NetWeaver, Web Dynpro Java (BC-WD-JAV) download
CVE-2007-4018 Citrix - Redirection Vulnerability download
CVE-2007-0011 Citrix - Session Hijacking and Information Disclosure download
2007 Linux Kernel Buffer Overflow download
2006 Internet Explorer MS06-13 Vulnerability download
2004 OpenCMS Session Fixation  
2003 Finjan Content Bypass Vulnerability download

News

Compass' Testing Modules
1/27/10 - Compass Security has created the document "Testing Module" describing the typical testing scenarios

Workshop on Mobile Security at MCTA 2010
1/11/10 - Marco Di Filippo, Regional Director Germany of the ICT security service provider Compass Security AG (www.csnc.ch) informs in a workshop about the risks of mobile communication tools. This will be held on 01 February at the 10th Conference "Mobile Communications Technologies and Applications" (MCTA) at the University of Augsburg.

Loophole detected in "Camtasia Studio"
11/30/09 - Michael Schmidt, Security Analyst at Compass, has analysed a flash application which has been created with the software "Camtasia Studio" by TechSmith.

Compass Event 2009
10/27/09 - On 15 October 2009, the "Compass Event" took place in the auditorium of the HSR University of Applied Sciences in Rapperswil/Switzerland.

Cyber terrorism: German infrastructure highly vulnerable
9/28/09 - Compass Security shows how easy it is to compromise power, internet and telecommunication networks in Germany.