Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
If you ever use text VTs, dont run XMir right now
Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT...
http://mjg59.dreamwidth.org/27327.html
Jumping Out of IE's Sandbox With One Click
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...]
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054
BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8
OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:...
http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01
Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities
Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting
Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A...
http://cxsecurity.com/issue/WLB-2013080175