[CERT-daily] Tageszusammenfassung - Donnerstag 14-02-2013

Daily end-of-shift report team at cert.at
Thu Feb 14 18:05:50 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-2013020096




*** OpenPLI OS Command Execution / Cross Site Scripting ***
---------------------------------------------
Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-2013020098




*** Drupal Banckle Chat 7.x Access Bypass ***
---------------------------------------------
Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-2013020097




*** Foxit Reader Plugin URL Processing Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-2013020102




*** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash ***
---------------------------------------------
Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info at devilteam.pl ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-2013020103




*** DirectAdmin On-Line Demo SQL Injection ***
---------------------------------------------
Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-2013020101




*** Datenschutzbedenken bei Google Play Store ***
---------------------------------------------
Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt.
---------------------------------------------
http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-store.php?rss=fuzo





*** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities ***
---------------------------------------------
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24500




*** [papers] - A Short Guide on ARM Exploitation ***
---------------------------------------------
A Short Guide on ARM Exploitation
---------------------------------------------
http://www.exploit-db.com/download_pdf/24493




*** Unscrambling an Android Telephone With FROST ***
---------------------------------------------
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm





*** iPhone-Lücke erlaubt Zugriff ohne Passcode ***
---------------------------------------------
Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist 
---------------------------------------------
http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-Passcode-1803813.html/from/atom10






More information about the Daily mailing list