Tageszusammenfassung - Donnerstag 17-01-2013

End-of-Shift report

Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner

Vuln: HP PKI ActiveX Control Denial of Service Vulnerability

HP PKI ActiveX Control Denial of Service Vulnerability


Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass

Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ...


Yet ANOTHER Java zero-day claimed - but this time youre laughing, right?

"Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...."


Heads-Up - Security Researchers Expose X-ray Machine Bug

"A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...."


Novell schließt gefährliche Lücke in eDirectory-Server

Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht...