Tageszusammenfassung - Donnerstag 22-08-2013

End-of-Shift report

Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

If you ever use text VTs, dont run XMir right now

Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT...

http://mjg59.dreamwidth.org/27327.html


Jumping Out of IE's Sandbox With One Click

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...]

http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054


BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8

In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems.

http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-Warnung-vor-Windows-8-1940081.html


Siemens COMOS Privilege Escalation Vulnerability

OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:...

http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01


Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm


MySQL Debian/Ubuntu Installation Script Lets Local Users Obtain Potentially Sensitive Information

http://www.securitytracker.com/id/1028927


Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting

Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A...

http://cxsecurity.com/issue/WLB-2013080175


Drupal Zen 7.x Cross Site Scripting

Topic: Drupal Zen 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party ...

http://cxsecurity.com/issue/WLB-2013080180


Debian update for cacti

https://secunia.com/advisories/54181


Multiple NetGear ProSafe Switches CVE-2013-4776 Remote Denial of Service Vulnerability

A range of ProSafe switches are affected by two different vulnerabilities. CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulne...

http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf


[webapps] - Netgear ProSafe - Denial of Service Vulnerability

http://www.exploit-db.com/exploits/27775


[webapps] - Netgear ProSafe - Information Disclosure Vulnerability

http://www.exploit-db.com/exploits/27774