SUCHE
-
12. Ranshofener Leichtmetalltage 2022 in Salzburg
(Cranfield University): The Contribution of Wire-based Directed Energy Deposition Additive Manufacture to Light Weight Structures and Sustainability In einer begleitenden Industrieausstellung präsentieren [...] Leichtbau-Community unterstützt.“ Die Leichtmetalltage als Green Event Dr. Christian Chimani, Head of Center for Low-Emission Transport des AIT und Geschäftsführer des LKR, gibt einen Ausblick auf
-
12th EMVA Business Conference 2014 in Vienna
corporate strategists, marketing directors, technical managers and other executives of our business to exchange market intelligence and news of innovative technologies.Taking place in Vienna from May 15th [...] a key role as the international gathering of the machine vision community in Europe.Andreas Vrabl, Head of Business Unit High Performance Image Processing at AIT Austrian Institute of Technology will give
-
11th European Conference on Radiation and its Effects on Components and Systems
2010.The conference features a Technical Program dedicated to the latest developments and experimental observations related to radiation effects on electronic and photonic components as well as [...] and systems. Location: Aqua Dome Hotel in Längenfeld, nearby Innsbruck, Tyrol Austria.Date: 20 to 24 September 2010 Please find further information at the conference webpage: www.radecs2010
-
AIT Innovation Systems Department celebrates 10 years of Science Center Network
The Austrian Science Center Network (SCN) was founded ten years ago to ensure unbiased access to science and technology for everyone. Throughout the years the SCN became an important player within the [...] innovation system. From 46 organizations and individuals in 2006, the SCN grew to a network with now more than 160 partners.To depict ten years of networking effort, Barbara Heller-Schuh, Martina Dünser and
-
SES Announces 10 Project Partners in QUARTZ Satellite Cybersecurity Consortium
y UniversityTesat-SpacecomTNO In order to achieve delivery of a reliable, globally available cybersecurity system and deliver next-generation encryption keys to networks in geographically dispersed areas [...] organisations, universities and leading industry representatives have joined the SES-led consortium to develop the Quantum Cryptography Telecommunication System (QUARTZ), SES announced today. The new members [...] will develop a system that will generate encryption keys in space, and securely transmit those keys to users on Earth via laser. Members include: AIT Austrian Institute of Technology GmbHGerman Aerospace
-
1st Short-term Visual Object Tracking Challenge in Sydney successfully accomplished
tracking methods. To address this issue, AIT co-organized the Visual Object Tracking (VOT) workshop in conjunction with ICCV2013. Researchers from academia as well as industry were invited to participate in [...] recent surge in the number of publications on tracking-related problems have made it almost impossible to follow the developments in the field. One of the reasons is that there is a lack of commonly accepted
-
Last Call for Submissions: 1st Workshop on Monitoring and Testing of Cyber-Physical Systems
The submission deadline was extended to February 21, 2016! MT CPS workshop is intended to be a forum for exchanging the latest scientific trends between researchers and practitioners interested in the
-
1st Workshop on Monitoring and Testing of Cyber-Physical Systems
unpredictable behaviors, thus making their correctness and robustness analysis a challenging task. In order to address their full complexity, there is an emergent need for formal, yet efficient and scalable methods [...] monitoring and testing, achieve both rigor and efficiency by enabling the evaluation of systems according to the properties of their individual behaviours. The MT CPS workshop aims at bringing together researchers [...] qualitative and quantitative properties from CPS behaviors. Topics of interest include (but are not limited to): Specification languages for monitoring and testingRuntime verification and monitoringBlack-box and
-
AIT-SA-20210215-04-forkcms
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04
authenticated remote user to execute malicious code. The ajax-callbacks for the backend use unserialize without restrictions or any validations. An authenticated user could abuse this to inject malicious PHP-Objects [...] output $this->output(Response::HTTP_OK, $url); } } Proof Of Concept In order to exploit this vulnerability, an attacker has to be authenticated with least privileges. We tested this exploit with “ Dashboard [...] PHP-Objects which could lead to remote code execution: <?php namespace Backend\Core\Ajax; use Backend\Core\Engine\Base\AjaxAction as BackendBaseAJAXAction; use Symfony\Component\HttpFoundation\Response;
-
AIT-SA-20210215-03-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
allows unauthenticated attackers to steal sessions of authenticated users. Proof Of Concept The XSS occurs because the SQL-output is not sanitized properly. Since we are able to tamper the output using a S [...] could steal sessions of authenticated users. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline 2020-04-19 Contacting the vendor 2020-04-19
-
AIT-SA-20210215-02-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02
executed. Unfiltered: We were able to write proof-of concept exploit for mysql and postgres. Unfortunately with mysql we were not able to use a stacked-queries-payload and we had to exploit this vulnerability [...] an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. strQuery parameter of the serialized array in profile.php could lead to a sql-injection: Inside the [...] remotely. In worst case scenarios an attacker might be able to execute code on the remote machine. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline
-
AIT-SA-20220208-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20220208-01
dir="ltr"> < head > <meta charset="utf-8" /> <title>Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near &# [...] sent, add them to query if ($min_date_sended != '' && $max_date_sended != '') $query_toal .= " AND sv.`date` >= '$min_date_sended' AND sv.`date` <= '$max_date_sended' "; Proof Of Concept To check a system [...] min_date and max_date are insufficiently checked and sanitized. An attacker can use these parameters to send payloads for sql injections. In lines 74 and 75 in the site/vote.php code, the parameters are
-
AIT-SA-20210215-01-qcubed
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01
es the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. Vulnerable Versions All versions including 3.1.1 are affected [...] cated attacker could execute code remotely. Mitigation A patch was delivered by QCubed that allows to disable the profile-functionality. Vendor Contact Timeline 2020-04-19 Contacting the vendor 2020-04-19
-
AIT-SA-20190930-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20190930-01
postrotate endscript } Due to logrotate is prone to a race-condition it is possible for user "git" to replace the directory /var/log/gitlab/gitlab-workhorse/ with a symbolic link to any directory( for example [...] user “git” could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low. Solution Update to GitLab Security Release: 12.2.3, 12.1.8 [...] Hotwagner (AIT Austrian Institute of Technology ) Summary Omnibus GitLab is a way to package different services and tools required to run GitLab, so that most users can install it without laborious configuration
-
AIT-SA-20200301-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01
mailer component of the Creative Contact Form for Joomla. An attacker could exploit this vulnerability to receive any files from the server via e-mail. The vulnerable code is located in "helpers/mailer.php" [...] not be exploitable in the free version of Creative Contact Form since it does not allow "Send copy to sender". Vulnerable Versions Creative Contact Form Personal/Professional/ Business 4.6.2 (before Dec [...] Dec 3 2019) Impact An unauthenticated attacker could receive any file from the server Solution Update to the current version References https://nvd.nist.gov/vuln/detail/CVE-2020-9364 Vendor Contact Timeline
-
AIT-SA-20191112-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20191112-01
could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low. Mitigation Add “su radiusd:radiusd” to all log sections in /etc/logrotate [...] ity Description The ownership of the logdirectory “radacct” belongs to user "radiusd". User “radiusd” can elevate the privileges to “root” because of an unsafe interaction with logrotate. User “radiusd” [...] compress } Since logrotate is prone to a race-condition(see https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition ) it is possible for user "radiusd" to replace the directory /var/log/
-
AIT-SA-20191129-01
- /themen/cyber-security/pentesting/security-advisories/ait-sa-20191129-01
could upload a webshell to the server and execute commands remotely. Mitigation At the moment of this publication the vendor has only patched the paid version of the CMS, so a change to other free software [...] or in “ api/Comparison.php ” via the cookie "comparison". Both cookies will pass untrusted values to a unserialize()-function. The following code shows the vulnerability in “ api/Comparison.php ”: $items [...] E['price_filter']); Proof of Concept The following code utilizes an object of the smarty-component to delete arbitrary files from the webhost: <?php if($argc != 3) { print "usage: $argv[0] <url> <file>\n";
-
Stadtplanung 2.0: Corona-Krise zeigt, wie Kooperation fun
- /blog/stadtplanung-2-0
Zukunft anders aussehen wird: Digitale Planungsmethoden, die auch online verfügbar sind, sind vom nice-to-have zum must-have geworden.“ Das könnte Sie auch interessieren Klimaschutz Technologie aus Seibersdorf
-
Industrie 4.0: Nationales Leitprojekt IoT4CPS stärkt den Standort
autonomen Fahrzeugen in die europäische Breite tragen zu können“, ist Projektleiter Mario Drobics, Head of Competence Unit Cooperative Digital Technologies vom AIT Austrian Institute of Technology überzeugt [...] Effizienz industrieller Prozesse durch vertrauenswürdige Konnektivität erhöht und ganz allgemein der Time-to-market entlang des gesamten Produktlebenszyklus durch Digitalisierung beschleunigt werden kann. Der [...] umfangreichen Projektergebnisse stehen jetzt der österreichischen Wirtschaft für ein beschleunigtes Time-to-market von realen Industrie 4.0-Anwendungen, von Entwicklungen im Bereich „Autonomes Fahren“ und für
-
ERIGrid 2.0: 1. Call zur Nutzung 21 europäischer Smart Grids Labore startet
ERIGrid https://erigrid.eu/final-public-report-summarises-erigrid-outcomes/ • „European Guide to Power System Testing” – Open Access Book zum Thema Power System Testing https://doi.org/10.1007/97