End-of-Shift report
Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55465
Java 7 update offers more security options
"A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security...
http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security-options/2012-12-20?utm_medium=nl&utm_source=internal
India Developing Its Own Secure Operating System
"According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security...
http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-System-316798.shtml?utm_source=dlvr.it&utm_medium=twitter
Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56988
Hook Analyser Malware Tool 2.2
"Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...."
http://packetstormsecurity.org/files/119087
PHP-CGI Argument Injection Remote Code Execution
Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T...
http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-2012120212
[remote] - IBM Lotus Notes Client URL Handler Command Injection
IBM Lotus Notes Client URL Handler Command Injection
http://www.exploit-db.com/exploits/23650
[remote] - Microsoft SQL Server Database Link Crawling Command Execution
Microsoft SQL Server Database Link Crawling Command Execution
http://www.exploit-db.com/exploits/23649
NVidia Display Driver Service (nvvsvc.exe) Exploit
Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@...
http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-2012120216