======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner
*** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability *** --------------------------------------------- HP PKI ActiveX Control Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51341
*** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass *** --------------------------------------------- Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-201...
*** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? *** --------------------------------------------- "Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claimed...
*** Heads-Up - Security Researchers Expose X-ray Machine Bug *** --------------------------------------------- "A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...." --------------------------------------------- http://www.darkreading.com/vulnerability-management/167901026/security/attac...
*** Novell schließt gefährliche Lücke in eDirectory-Server *** --------------------------------------------- Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht... --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmeld...