======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 04-07-2013 18:00 − Freitag 05-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a
*** Bugtraq: Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability *** --------------------------------------------- An independent vulnerability laboratory researcher discovered an auth bypass web session vulnerability in the PayPal QR Labs Service Web Application. --------------------------------------------- http://www.securityfocus.com/archive/1/527069
*** phpMyAdmin 4.0.2 Cross Site Scripting *** --------------------------------------------- Topic: phpMyAdmin 4.0.2 Cross Site Scripting Risk: Low Text:PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View p... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070047
*** phpMyAdmin 4.0.4 change the configuration vulnerability *** --------------------------------------------- Topic: phpMyAdmin 4.0.4 change the configuration vulnerability Risk: Medium Text:PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope inje... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070048
*** EU-Parlament beschließt härtere Strafen für Cyber-Angriffe *** --------------------------------------------- Mit großer Mehrheit hat das Parlament den Richtlinienentwurf der EU-Kommission über Angriffe auf Informationssysteme verabschiedet. --------------------------------------------- http://www.heise.de/security/meldung/EU-Parlament-beschliesst-haertere-Straf...
*** Advance Notification Service for July 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows. The Important-rated bulletin will address an issue in... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/07/04/advance-notification-serv...