Tageszusammenfassung - Donnerstag 14-02-2013

End-of-Shift report

Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl

Drupal Manager Change For Organic Groups 7.x Cross Site Scripting

Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org...

http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-2013020096

---

OpenPLI OS Command Execution / Cross Site Scripting

Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open...

http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-2013020098

---

Drupal Banckle Chat 7.x Access Bypass

Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir...

http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-2013020097

---

Foxit Reader Plugin URL Processing Buffer Overflow

Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-2013020102

---

Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash

Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info at devilteam.pl ...

http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-2013020103

---

DirectAdmin On-Line Demo SQL Injection

Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm...

http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-2013020101

---

Datenschutzbedenken bei Google Play Store

Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt.

http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-store.php?rss=fuzo

---

[webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities

Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities

http://www.exploit-db.com/exploits/24500

---

[papers] - A Short Guide on ARM Exploitation

A Short Guide on ARM Exploitation

http://www.exploit-db.com/download_pdf/24493

---

Unscrambling an Android Telephone With FROST

Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot.

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm

---

iPhone-Lücke erlaubt Zugriff ohne Passcode

Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist

http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-Passcode-1803813.html/from/atom10