SUCHE
-
First public WORKSHOP on Vehicle Concept Modeling - VECOM
for: Research students Academic faculty membersMembers of a relevant industry whose work is related to vehicle concept modelling. See the Vecom folder detailed information on the event and application.
-
NANOSENS 2010 - Call for Papers
at multiple levels, ranging from nano- to micro- and macroscale. The nanoscale provides enhanced performance, the microscale implements various material platforms to achieve a broad range of functionalities
-
Digital Austria / Artificial Intelligence
Juli 2018Wo: RETTER Seminar Hotel Restaurant, Pöllauberg 88, 8225 Pöllauberg DI Helmut Leopold, PhD, Head of Center for Digital Safety and Security AIT, nimmt am 10.07.2018 im Rahmen der Veranstaltung an
-
International Software Days / Celtic-Plus Event
International B2B Software Days and Celtic-Plus Event provide a platform to learn more about the latest trends in DIGITAL BUSINESS and to find international cooperation partners for research, technology and
-
Stadtplanung 2.0: Corona-Krise zeigt, wie Kooperation fun
- /blog/stadtplanung-2-0
Zukunft anders aussehen wird: Digitale Planungsmethoden, die auch online verfügbar sind, sind vom nice-to-have zum must-have geworden.“ Das könnte Sie auch interessieren Klimaschutz Technologie aus Seibersdorf
-
Industrie 4.0: Nationales Leitprojekt IoT4CPS stärkt den Standort
autonomen Fahrzeugen in die europäische Breite tragen zu können“, ist Projektleiter Mario Drobics, Head of Competence Unit Cooperative Digital Technologies vom AIT Austrian Institute of Technology überzeugt [...] Effizienz industrieller Prozesse durch vertrauenswürdige Konnektivität erhöht und ganz allgemein der Time-to-market entlang des gesamten Produktlebenszyklus durch Digitalisierung beschleunigt werden kann. Der [...] umfangreichen Projektergebnisse stehen jetzt der österreichischen Wirtschaft für ein beschleunigtes Time-to-market von realen Industrie 4.0-Anwendungen, von Entwicklungen im Bereich „Autonomes Fahren“ und für
-
ERIGrid 2.0: 1. Call zur Nutzung 21 europäischer Smart Grids Labore startet
ERIGrid https://erigrid.eu/final-public-report-summarises-erigrid-outcomes/ • „European Guide to Power System Testing” – Open Access Book zum Thema Power System Testing https://doi.org/10.1007/97
-
Science 2.0? Herausforderung für die Innovationspolitik?
dem vom AIT koordinierten EU-Projekt „RIF – Research and Innovation Futures 2030. From Explorative to Transformative Scenarios“ zu präsentieren. Hintergrund des Seminars war die Beobachtung, dass sich
-
CMG-AE conference on Industry 4.0
approaches such as gamification can be personalized to worker/employee characteristics (e.g. personality, attitudes) and be used to motivate and to engage them. [...] about Industry 4.0 in collaboration with Doka GmbH. The conference started with a tour through Doka’s, to experience how modern semi-autonomous production works. Next, speakers from research and industry presented
-
AIT-SA-20220208-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20220208-01
dir="ltr"> < head > <meta charset="utf-8" /> <title>Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near &# [...] sent, add them to query if ($min_date_sended != '' && $max_date_sended != '') $query_toal .= " AND sv.`date` >= '$min_date_sended' AND sv.`date` <= '$max_date_sended' "; Proof Of Concept To check a system [...] min_date and max_date are insufficiently checked and sanitized. An attacker can use these parameters to send payloads for sql injections. In lines 74 and 75 in the site/vote.php code, the parameters are
-
AIT-SA-20210215-01-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01
es the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. Vulnerable Versions All versions including 3.1.1 are affected [...] cated attacker could execute code remotely. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline 2020-04-19 Contacting the vendor 2020-04-19
-
AIT-SA-20190930-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20190930-01
postrotate endscript } Due to logrotate is prone to a race-condition it is possible for user "git" to replace the directory /var/log/gitlab/gitlab-workhorse/ with a symbolic link to any directory( for example [...] user “git” could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low. Solution Update to GitLab Security Release: 12.2.3, 12.1.8 [...] Hotwagner (AIT Austrian Institute of Technology ) Summary Omnibus GitLab is a way to package different services and tools required to run GitLab, so that most users can install it without laborious configuration
-
AIT-SA-20200301-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01
mailer component of the Creative Contact Form for Joomla. An attacker could exploit this vulnerability to receive any files from the server via e-mail. The vulnerable code is located in "helpers/mailer.php" [...] not be exploitable in the free version of Creative Contact Form since it does not allow "Send copy to sender". Vulnerable Versions Creative Contact Form Personal/Professional/ Business 4.6.2 (before Dec [...] Dec 3 2019) Impact An unauthenticated attacker could receive any file from the server Solution Update to the current version References https://nvd.nist.gov/vuln/detail/CVE-2020-9364 Vendor Contact Timeline
-
AIT-SA-20191112-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20191112-01
could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low. Mitigation Add “su radiusd:radiusd” to all log sections in /etc/logrotate [...] ity Description The ownership of the logdirectory “radacct” belongs to user "radiusd". User “radiusd” can elevate the privileges to “root” because of an unsafe interaction with logrotate. User “radiusd” [...] compress } Since logrotate is prone to a race-condition(see https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition ) it is possible for user "radiusd" to replace the directory /var/log/
-
AIT-SA-20191129-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20191129-01
could upload a webshell to the server and execute commands remotely. Mitigation At the moment of this publication the vendor has only patched the paid version of the CMS, so a change to other free software [...] or in “ api/Comparison.php ” via the cookie "comparison". Both cookies will pass untrusted values to a unserialize()-function. The following code shows the vulnerability in “ api/Comparison.php ”: $items [...] E['price_filter']); Proof of Concept The following code utilizes an object of the smarty-component to delete arbitrary files from the webhost: <?php if($argc != 3) { print "usage: $argv[0] <url> <file>\n";
-
AIT-SA-20210215-02-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02
executed. Unfiltered: We were able to write proof-of concept exploit for mysql and postgres. Unfortunately with mysql we were not able to use a stacked-queries-payload and we had to exploit this vulnerability [...] an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. strQuery parameter of the serialized array in profile.php could lead to a sql-injection: Inside the [...] remotely. In worst case scenarios an attacker might be able to execute code on the remote machine. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline
-
AIT-SA-20210215-03-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
allows unauthenticated attackers to steal sessions of authenticated users. Proof Of Concept The XSS occurs because the SQL-output is not sanitized properly. Since we are able to tamper the output using a S [...] could steal sessions of authenticated users. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline 2020-04-19 Contacting the vendor 2020-04-19
-
AIT-SA-20210215-04-forkcms
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04
authenticated remote user to execute malicious code. The ajax-callbacks for the backend use unserialize without restrictions or any validations. An authenticated user could abuse this to inject malicious PHP-Objects [...] output $this->output(Response::HTTP_OK, $url); } } Proof Of Concept In order to exploit this vulnerability, an attacker has to be authenticated with least privileges. We tested this exploit with “ Dashboard [...] PHP-Objects which could lead to remote code execution: <?php namespace Backend\Core\Ajax; use Backend\Core\Engine\Base\AjaxAction as BackendBaseAJAXAction; use Symfony\Component\HttpFoundation\Response;
-
1st Short-term Visual Object Tracking Challenge in Sydney successfully accomplished
tracking methods. To address this issue, AIT co-organized the Visual Object Tracking (VOT) workshop in conjunction with ICCV2013. Researchers from academia as well as industry were invited to participate in [...] recent surge in the number of publications on tracking-related problems have made it almost impossible to follow the developments in the field. One of the reasons is that there is a lack of commonly accepted
-
Last Call for Submissions: 1st Workshop on Monitoring and Testing of Cyber-Physical Systems
The submission deadline was extended to February 21, 2016! MT CPS workshop is intended to be a forum for exchanging the latest scientific trends between researchers and practitioners interested in the