======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl
*** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-201...
*** OpenPLI OS Command Execution / Cross Site Scripting *** --------------------------------------------- Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-201...
*** Drupal Banckle Chat 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-201...
*** Foxit Reader Plugin URL Processing Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-201...
*** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash *** --------------------------------------------- Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info@devilteam.pl ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-201...
*** DirectAdmin On-Line Demo SQL Injection *** --------------------------------------------- Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-201...
*** Datenschutzbedenken bei Google Play Store *** --------------------------------------------- Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt. --------------------------------------------- http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-s...
*** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities *** --------------------------------------------- Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24500
*** [papers] - A Short Guide on ARM Exploitation *** --------------------------------------------- A Short Guide on ARM Exploitation --------------------------------------------- http://www.exploit-db.com/download_pdf/24493
*** Unscrambling an Android Telephone With FROST *** --------------------------------------------- Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm
*** iPhone-Lücke erlaubt Zugriff ohne Passcode *** --------------------------------------------- Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist --------------------------------------------- http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-Pa...