End-of-Shift report
Timeframe: Montag 22-07-2013 18:00 − Dienstag 23-07-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
QEMU Guest Agent Unquoted Search Path Lets Local Users Gain Elevated Privileges
A vulnerability was reported in QEMU. A local user on the guest operating system can obtain elevated privileges on the target system.
http://www.securitytracker.com/id/1028814
libvirt qemuAgentGetVCPUs() function privilege escalation
libvirt could allow a local attacker to gain elevated privileges on the system, caused by a double-free error within the qemuAgentGetVCPUs() function in qemu/qemu_agent.c file . An attacker could exploit this vulnerability to gain elevated privileges on the system.
http://xforce.iss.net/xforce/xfdb/85890
Cisco Aironet Memory Corruption Error Lets Remote Users Deny Service
A vulnerability was reported in Cisco Aironet. A remote user can cause denial of service conditions.
http://www.securitytracker.com/id/1028818
Cisco Unified Operations Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
A vulnerability was reported in Cisco Unified Operations Manager. A remote user can conduct cross-site scripting attacks.
http://www.securitytracker.com/id/1028819
Hoster OVH gehackt: "Wir waren nicht paranoid genug"
Die französische Hosting-Firma OVH hat einen Angriff auf ihre internen Systeme registriert. Kunden werden dazu aufgerufen ihre Passwörter zu ändern. Es könnten über 400.000 Personen betroffen sein.
http://www.heise.de/security/meldung/Hoster-OVH-gehackt-Wir-waren-nicht-paranoid-genug-1921721.html
Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability
A vulnerability has been reported in Symantec Encryption Management Server, which can be exploited by malicious users to conduct script insertion attacks.
https://secunia.com/advisories/54214
[remote] - Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection
This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
http://www.exploit-db.com/exploits/27045