Affiliation/Organization: Digital Security Research Group


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (25 vulns), the following statistics apply:

Min Time To Patch:36 days
Avg Time To Patch:279 days
Max Time To Patch:589 days

Other Affiliations

Creditees Affiliated with Digital Security Research Group have also affiliated with:

ERPScan (4)
Zero Day Initiative (ZDI) (2)
via Symantec (1)
Kaspersky Lab (1)

Website: http://dsecrg.com/

Creditees currently or formerly associated with Digital Security Research Group (13):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2009-04-14Eugene "Corwin" Ermakov5
2009-04-17Digital Security Research Group5
2009-08-17Alexandr Polyakov17
2009-11-16Sintsov Alexey1
2010-11-09Alexey Sintsov8
2010-11-09Alexey Troshichev3
2011-01-14Dmitriy Chastuhin13
2011-01-18Evdokimov Dmitriy1
2011-01-24Alexander Polyakov5
2011-03-09Dmitriy Evdokimov16
2012-01-20Neyolov Evgeny2
2012-01-20Alexandr Minozhenko1
2012-02-17Dmitriy Chastukhin8

Disclosed Vulnerabilities (114):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2013-01-28 90484 Dmitriy Chastukhin
 SAP NetWeaver Exportability Check Service Unspecified Traversal Arbitrary File Access
2013-01-28 90483 Dmitriy Chastukhin
 SAP NetWeaver GRMGApp Unspecified Access Restriction Bypass
2013-01-28 90482 Dmitriy Chastukhin
 SAP NetWeaver GRMGApp XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
2012-03-15 80120 2012-1513 Alexey Sintsov
 VMware vCenter Orchestrator Web Configuration Tool vCenter Server Password Disclosure
2012-02-18 79430 2012-1289 Dmitriy Chastukhin
 SAP NetWeaver Application Administration (com.sap.ipc.webapp.ipc) ipc/admin/log_view.jsp logfilename Parameter Traversal Arbitrary File Access
2012-02-18 79433 2012-1292 Dmitriy Chastukhin
 SAP NetWeaver MessagingSystem Servlet MessagingSystem Performance Data Information Disclosure
2012-02-18 79438 2012-4924 Dmitriy Evdokimov
 Net4Switch ipswcom.dll ActiveX Control cxcmrt.dll CxDbgPrint() Function Alert() Method Debug Message String Creation Remote Overflow
2012-02-17 79429 2012-1289 Dmitriy Chastukhin
 SAP NetWeaver Application Administration (com.sap.ipc.webapp.ipc) ipc/admin/log.jsp logfilename Parameter Traversal Arbitrary File Access
2012-02-17 79431 2012-1290 Dmitriy Chastukhin
 SAP NetWeaver Internet Sales Module b2b/auction/container.jsp _loadPage Parameter XSS
2012-02-17 79432 2012-1291 Dmitriy Chastukhin
 SAP NetWeaver Adapter Monitor com.sap.aii.mdt.amt.web.AMTPageProcessor Servlet Adapter Monitor Information Disclosure
2012-01-21 78865 2012-0227
2012-5311		 Alexandr Polyakov
 ComponentOne FlexGrid VSFlex7.VSFlexGrid ActiveX (Vsflex7.ocx) Archive File Name Handling Remote Overflow
2012-01-21 78782 Alexandr Polyakov
 WAGO I/O System 750 PLC Web Interface Multiple File Information Disclosure
2012-01-20 78355 2012-1977 Alexandr Polyakov
Alexey Sintsov
 KingSCADA user.db Base-64 Encoding Local Credentials Disclosure
2012-01-20 78519 Alexandr Minozhenko
 WAGO I/O System 750 / 758 Admin Password Manipulation CSRF
2012-01-20 78540 Dmitriy Evdokimov
 SAP NetWeaver bcbadmSettings.jsp Multiple Parameter XSS
2012-01-20 78742 Alexandr Polyakov
 Tecomat PLC Multiple Default Password
2012-01-20 78780 Alexandr Polyakov
 WAGO I/O System 750 Multiple Default Password
2012-01-20 78781 Alexandr Polyakov
 WAGO I/O System 750 Arbitrary Firmware Download
2012-01-20 78536 Alexander Polyakov
 SAP NetWeaver Resource Access Control Handling Runtime Workbench Access Restriction Bypass
2012-01-20 78538 Neyolov Evgeny
 SAP NetWeaver TextContainerAdmin/administration_setup.jsp TXVDestination Parameter XSS
2012-01-20 78539 Neyolov Evgeny
 SAP NetWeaver system_context_settings.jsp Multiple Parameter XSS
2011-08-22 74780 Alexey Sintsov
 SAP NetWeaver EPS_DELETE_FILE Function Traversal Arbitrary File Deletion
2011-08-19 74690 2011-5263 Dmitriy Evdokimov
 SAP NetWeaver RetrieveMailExamples Servlet server Parameter XSS
2011-06-17 73196 Dmitriy Evdokimov
 SAP NetWeaver Trust Center Service Deployer Multiple Parameter XSS
2011-06-17 73197 Alexander Polyakov
 SAP NetWeaver J2EE Engine Authentication Bypass
2011-06-17 73194 Alexander Polyakov
 SAP NetWeaver System Landscape Directory REP / RWB Version Information Disclosure
2011-06-17 73195 Dmitriy Evdokimov
 SAP NetWeaver performanceProviderRoot testServlet test Parameter XSS
2011-04-12 71834 Alexandr Polyakov
 SAP NetWeaver MessagingSystem/monitor/monitor.jsp Multiple Parameter XSS
2011-04-12 71835 Dmitriy Evdokimov
 SAP NetWeaver cas_validate.jsp Multiple Parameter XSS
2011-04-12 71836 Dmitriy Evdokimov
 SAP NetWeaver pst_enter.jsp archivepath Parameter XSS
2011-03-10 71411 2011-5154 Alexey Sintsov
Alexander Polyakov
 SAP GUI Path Subversion Arbitrary DLL Injection Code Execution
2011-03-09 71134 Dmitriy Evdokimov
 SAP NetWeaver SOAP Adapter HelperServlet action Parameter XSS
2011-03-09 71123 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-add-analytic2.jsp backURL Parameter XSS
2011-03-09 71124 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-add-validate.jsp pagePos Parameter XSS
2011-03-09 71125 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-analytic-frameset.jsp entry Parameter XSS
2011-03-09 71126 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-cacheparams.jsp Multiple Parameter XSS
2011-03-09 71127 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-display-flash.jsp swf Parameter XSS
2011-03-09 71128 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-dmgraph.jsp Sel Parameter XSS
2011-03-09 71129 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-edit-goal.jsp defTar Parameter XSS
2011-03-09 71130 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-map-frameset.jsp analyticToken Parameter XSS
2011-03-09 71131 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-open-inlist.jsp Multiple Parameter XSS
2011-03-09 71132 Dmitriy Chastuhin
 SAP Crystal Reports Server aa-overviewctxt.jsp Multiple Parameter XSS
2011-03-09 71135 Alexey Sintsov
 SAP NetWeaver /sap/bc/public/bsp/sap/system_public/logon.htm logonUrl Parameter XSS
2011-03-09 71136 Dmitriy Evdokimov
 SAP NetWeaver CheckService servlet Multiple Parameter XSS
2011-03-09 71137 Dmitriy Evdokimov
 SAP NetWeaver ExportabilityCheck servlet Multiple Parameter XSS
2011-03-09 71138 Dmitriy Evdokimov
 SAP NetWeaver ViewCaches servlet XiDynPage_ThreadId Parameter XSS
2011-03-09 71139 Dmitriy Evdokimov
 SAP NetWeaver ShowMemLog servlet Multiple Parameter XSS
2011-03-09 71140 Dmitriy Evdokimov
 SAP NetWeaver error_msg.jsp id Parameter XSS
2011-03-09 71141 Dmitriy Evdokimov
 SAP NetWeaver ViewCaches.jsp refresh Parameter XSS
2011-03-09 71142 Dmitriy Evdokimov
 SAP NetWeaver ViewLogger.jsp logger Parameter XSS
2011-03-09 71143 Dmitriy Evdokimov
 SAP NetWeaver ShowMemLog servlet class Parameter XSS
2011-01-24 70636 Alexander Polyakov
Alexey Sintsov
Alexey Troshichev
 OpenEdge RDBMS User ID Validation Weakness Authentication Bypass
2011-01-18 70537 2010-3591 Evdokimov Dmitriy
 Oracle Fusion Middleware Document Capture ActiveBar2Library ActiveX (Actbar2.ocx) SaveLayoutChanges Method Arbitrary File Overwrite
2011-01-18 70541 2010-3595 Alexey Sintsov
 Oracle Fusion Middleware Document Capture Import Server EasyMail ActiveX (emsmtp.dll) ImportBodyText Method Arbitrary File Access
2011-01-18 70545 2010-3599 Alexandr Polyakov
 Oracle Fusion Middleware Document Capture Import Server NCSECWLib ActiveX WriteJPG Function Arbitrary File Overwrite
2011-01-14 72425 Dmitriy Chastuhin
 SAP Crystal Reports Server InfoView Module actionNav.jsp actId Parameter XSS
2011-01-14 72426 Dmitriy Chastuhin
 SAP Crystal Reports Server InfoView Module error.jsp backUrl Parameter XSS
2011-01-14 72427 Dmitriy Chastuhin
 SAP Crystal Reports Server InfoView Module logon.jsp logonAction Parameter XSS
2010-11-09 69375 Alexandr Polyakov
 SAP NetWeaver SAP Metamodel Repository Performance Test Request Saturation Remote DoS
2010-11-09 69376 Alexandr Polyakov
Alexey Troshichev
 SAP NetWeaver Open SQL Monitors OpenSQLMonitors/servlet/ConnectionMonitorServlet connid Parameter XSS
2010-11-09 69378 Alexey Sintsov
 SAP NetWeaver SOAP Request Nested Tags Remote Overflow DoS
2010-11-09 69377 Alexandr Polyakov
Alexey Troshichev
 SAP NetWeaver Open SQL Monitors OpenSQLMonitors/servlet/CatalogBufferMonitorServlet reqTableColumns Parameter XSS
2010-10-13 70058 2010-2413 Alexandr Polyakov
 Oracle Fusion Middleware BI Publisher Unspecified Response Splitting
2010-10-13 70056 2010-3581 Alexandr Polyakov
 Oracle Fusion Middleware BPEL Console BPELCONSOLE/DEFAULT/processLog.jsp processName Parameter XSS
2009-11-16 60315 Sintsov Alexey
 Alteon OS Browser-Based Interface (BBI) Settings Manipulation CSRF
2009-08-17 57184 2009-1872 Alexandr Polyakov
 Adobe ColdFusion Server wizards/common/_authenticatewizarduser.cfm Query String XSS
2009-08-17 57182 2009-1872 Alexandr Polyakov
 Adobe ColdFusion Server administrator/logviewer/searchlog.cfm startRow Parameter XSS
2009-08-17 57183 2009-1872 Alexandr Polyakov
 Adobe ColdFusion Server wizards/common/_logintowizard.cfm Query String XSS
2009-08-17 57185 2009-1872 Alexandr Polyakov
 Adobe ColdFusion Server administrator/enter.cfm Query String XSS
2009-08-17 57186 2009-1873 Digital Security Research Group
 Adobe JRun Application Server Management Console logging/logviewer.jsp logfile Parameter Traversal Arbitrary File Access
2009-04-17 53927 2008-5518 Digital Security Research Group
 Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
2009-04-17 53928 2008-5518 Digital Security Research Group
 Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
2009-04-17 53929 2008-5518 Digital Security Research Group
 Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
2009-04-17 53932 2009-0039 Digital Security Research Group
 Apache Geronimo Multiple Admin Function CSRF
2009-04-14 53720 2009-1316 Eugene "Corwin" Ermakov
 AbleSpace events_view.php eid Parameter SQL Injection
2009-04-14 53721 2009-1316 Eugene "Corwin" Ermakov
 AbleSpace events_clndr_view.php id Parameter SQL Injection
2009-04-14 53722 2009-1315 Eugene "Corwin" Ermakov
 AbleSpace blogs_full.php Comments Parameter XSS
2009-04-14 53723 2009-1315 Eugene "Corwin" Ermakov
 AbleSpace groups_profile.php gid Parameter XSS
2009-04-14 53724 2009-1315 Eugene "Corwin" Ermakov
 AbleSpace adv_cat.php Multiple Parameter XSS
2008-08-13 47427 2008-3769
2008-3677
2008-3678
2008-3841
2008-3770		 Freeway create_order_new.php include_page Parameter Remote File Inclusion
2008-07-04 48361 1024 CMS /admin/lang/fr/reports/default.php lang Parameter Traversal Local File Inclusion
2008-07-04 48362 1024 CMS /admin/ops/reports/ops/download.php admin_theme_dir Parameter File Inclusion
2008-07-04 48363 1024 CMS /admin/ops/reports/ops/forum.php admin_theme_dir Parameter File Inclusion
2008-07-04 48364 1024 CMS /admin/ops/reports/ops/news.php admin_theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48365 1024 CMS /admin/ops/admins/default.php admin_theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48366 1024 CMS /lang/en/moderator/default.php lang Parameter Traversal Local File Inclusion
2008-07-04 48367 1024 CMS /lang/fr/moderator/default.php lang Parameter Traversal Local File Inclusion
2008-07-04 48368 1024 CMS /lang/de/moderator/default.php lang Parameter Traversal Local File Inclusion
2008-07-04 48369 1024 CMS /pages/download/default/ops/edit.php theme_dir Parameter File Inclusion
2008-07-04 48370 1024 CMS /pages/download/default/ops/add.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48371 1024 CMS /pages/download/default/ops/search.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48372 1024 CMS /pages/download/default/ops/top.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48373 1024 CMS /pages/download/default/ops/newest.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48374 1024 CMS /pages/forum/default/content.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48375 1024 CMS /themes/portfolio/layouts/standard.php Multiple Parameter Traversal Local File Inclusion
2008-07-04 48376 1024 CMS /themes/portfolio/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48377 1024 CMS /themes/portfolio/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48378 1024 CMS /themes/portfolio/layouts/print.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48379 1024 CMS /themes/portfolio/layouts/total.php Multiple Parameter Traversal Local File Inclusion
2008-07-04 48380 1024 CMS /themes/blog/layouts/standard.php page_include Parameter Remote File Inclusion
2008-07-04 48381 1024 CMS /themes/blog/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48382 1024 CMS /themes/blog/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48383 1024 CMS /themes/blog/layouts/print.php page Parameter Traversal Local File Inclusion
2008-07-04 48384 1024 CMS /themes/blog/layouts/total.php Multiple Parameter Traversal Local File Inclusion
2008-07-04 48385 1024 CMS /themes/default/layouts/standard.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48386 1024 CMS /themes/default/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48387 1024 CMS /themes/default/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48388 1024 CMS /themes/default/layouts/print.php page_include Parameter Traversal Local File Inclusion
2008-07-04 48389 1024 CMS /themes/default/layouts/total.php Multiple Parameter Traversal Local File Inclusion
2008-07-04 48390 1024 CMS /themes/snazzy/layouts/standard.php page Parameter Traversal Local File Inclusion
2008-07-04 48391 1024 CMS /themes/snazzy/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48392 1024 CMS /themes/snazzy/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
2008-07-04 48393 1024 CMS /themes/snazzy/layouts/print.php Multiple Parameter Traversal Local File Inclusion
2008-07-04 48394 1024 CMS /themes/snazzy/layouts/total.php Multiple Parameter Traversal Local File Inclusion

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use