End-of-Shift report
Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Microsoft VC++ 2005 RTM runtime libraries installed with MSE
Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo...
http://cxsecurity.com/issue/WLB-2013060020
Bugtraq: Open-Xchange Security Advisory 2013-06-03
Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed.
http://www.securityfocus.com/archive/1/526785
Imperva SecureSphere Operations Manager Command Execution
Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original:
http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ...
http://cxsecurity.com/issue/WLB-2013060023
DS3 Authentication Server Command Execution
Topic: DS3 Authentication Server Command Execution Risk: High Text:Original:
http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi...
http://cxsecurity.com/issue/WLB-2013060022
Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability
MongoDB is prone to a denial-of-service vulnerability.
Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users.
http://www.securityfocus.com/bid/60252
Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows
Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte.
http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-Day-Exploit-fuer-Windows-1875749.html
HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03781657
Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims
Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance...
http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_Attacks_Compromise_High_Profile_Victims
Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities
A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
https://secunia.com/advisories/53648
3COM NBX V3000 Networked Telephony Solution Information Disclosure
Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne...
http://cxsecurity.com/issue/WLB-2013060027