End-of-Shift report
Timeframe: Dienstag 22-10-2013 18:00 − Mittwoch 23-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
WellinTech KingView ActiveX Vulnerabilities
OVERVIEW: This advisory is a follow-up to the alert titled ICS-ALERT-13-256-01 WellinTech KingView ActiveX Vulnerabilitiesa that was published September 13, 2013, on the NCCIC/ICS-CERT Web site.
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01
Apache Fixes Information Disclosure Vulnerability in Shindig
The Apache Software Foundation released a new version of Shindig, a framework for web applications, yesterday, fixing what the collective has deemed an important information disclosure vulnerability.
http://threatpost.com/apache-fixes-information-disclosure-vulnerability-in-shindig/102650
Xerox WorkCentre and ColorQube Let Remote Users Gain Unauthorized Access
A vulnerability was reported in Xerox WorkCentre and ColorQube. A remote user can gain unauthorized access.
http://www.securitytracker.com/id/1029224
Security Bulletins: Vulnerability in XenDesktop 7.0 upgrade could result in policy bypass
A vulnerability has been identified in Citrix XenDesktop 7.0 that could prevent policy rules from being correctly applied following an upgrade from earlier versions of Citrix XenDesktop.
http://support.citrix.com/article/CTX138627
MantisBT 1.2.15 XSS vulnerability
Topic: MantisBT 1.2.15 XSS vulnerability Risk: Low Text:Greetings Roland Becker (MantisBT developer) discovered and fixed [1] an XSS vulnerability issue affecting MantisBT releases...
http://cxsecurity.com/issue/WLB-2013100159
Fixes from Apple (iOS 7.0.3, OS X Mavericks v10.9, Safari 6.1, Keynote 6.0, OS X Server 3.0, Remote Desktop, iTunes 11.1.2)
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00002.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00003.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00005.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00007.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00008.html
http://prod.lists.apple.com/archives/security-announce/2013/Oct/msg00009.html