[CERT-daily] Tageszusammenfassung - Donnerstag 27-12-2012

Thu Dec 27 18:21:21 CET 2012

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability ***
---------------------------------------------
Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55465


*** Java 7 update offers more security options ***
---------------------------------------------
"A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security...
---------------------------------------------
http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security-options/2012-12-20?utm_medium=nl&utm_source=internal


*** India Developing Its Own Secure Operating System ***
---------------------------------------------
"According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security...
---------------------------------------------
http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-System-316798.shtml?utm_source=dlvr.it&utm_medium=twitter


*** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56988


*** Hook Analyser Malware Tool 2.2 ***
---------------------------------------------
"Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...."
---------------------------------------------
http://packetstormsecurity.org/files/119087


*** PHP-CGI Argument Injection Remote Code Execution ***
---------------------------------------------
Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-2012120212


*** [remote] - IBM Lotus Notes Client URL Handler Command Injection ***
---------------------------------------------
IBM Lotus Notes Client URL Handler Command Injection
---------------------------------------------
http://www.exploit-db.com/exploits/23650


*** [remote] - Microsoft SQL Server Database Link Crawling Command Execution ***
---------------------------------------------
Microsoft SQL Server Database Link Crawling Command Execution
---------------------------------------------
http://www.exploit-db.com/exploits/23649


*** NVidia Display Driver Service (nvvsvc.exe) Exploit ***
---------------------------------------------
Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-2012120216