Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Recent News:

Security Advisory: Easy FancyBox WordPress Plugin Stored Cross-site Scripting (CVE-2019-16524)

The Easy FancyBox WordPress Plugin Version 1.8.17 is susceptible to Stored cross-site Scripting in the Settings > Media admin page due to improper encoding of arbitrarily submitted setting parameters. The vulnerability affects every publicly accessible page of the WordPress site. Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS… Read More

ARES & CD-MAKE 2019

This year´s ARES & CD-MAKE conference took place at the University of Kent in Canterbury, UK from August 26-29, 2019. On campus accommodation provided a great possibility for 230 participants from 33 countries to discuss the various aspects of security from early morning until late evening. For the third year… Read More

Prof. Ilias S. Kotsireas visits MatRIS research group, Sep 2 – 6, 2019

Prof. Ilias S. Kotsireas (https://www.wlu.ca/academics/faculties/faculty-of-science/faculty-profiles/ilias-s-kotsireas/index.html) from Wilfrid Laurier University in Waterloo, Canada, visited MatRIS research group for exploration of new scientific ideas in the field of applied combinatorial mathematics, strengthening the collaboration which recently resulted in the joint publication of a paper to the 8th International Conference on Algebraic… Read More

ÖVP-Hack – SBA Research as one of three Experts

1,300 gigabytes of data were stolen from the ÖVP server. SBA Research as one of three Experts explain how the attack took place and how you can protect yourself. But keep in mind: “There are technical ways to minimize the scale of such attacks, but there is no one hundred… Read More
online anonymity_hacker stockpic

Security Advisory: Ping Identity Agentless Integration Kit

Ping Identity Agentless Integration Kit before 1.5 is susceptible to Reflected Cross-site Scripting at the /as/authorization.oauth2 endpoint due to improper encoding of an arbitrarily submitted HTTP GET parameter name. Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01_Ping_Identity_Agentless_Integration_Kit_Reflected_XSS… Read More

Ludwig Kampel @ CD-MAKE2019

Ludwig Kampel joined the International IFIP Cross Domain Conference for Machine Learning & Knowledge Extraction (CD-MAKE) 2019, a conference aiming to bridge and connect the domains of  data fusion, preprocessing, mapping, knowledge representation as well as data protection, safety ans security amongst others. On the third day of the… Read More