Tageszusammenfassung - Donnerstag 22-08-2013
End-of-Shift report
Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan RichterIf you ever use text VTs, dont run XMir right now
Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT...http://mjg59.dreamwidth.org/27327.html
Jumping Out of IE's Sandbox With One Click
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...]http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054
BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8
In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems.Siemens COMOS Privilege Escalation Vulnerability
OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:...http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01
Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm
MySQL Debian/Ubuntu Installation Script Lets Local Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1028927
Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting
Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A...http://cxsecurity.com/issue/WLB-2013080175
Drupal Zen 7.x Cross Site Scripting
Topic: Drupal Zen 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party ...http://cxsecurity.com/issue/WLB-2013080180
Debian update for cacti
https://secunia.com/advisories/54181
Multiple NetGear ProSafe Switches CVE-2013-4776 Remote Denial of Service Vulnerability
A range of ProSafe switches are affected by two different vulnerabilities. CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulne...http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf
[webapps] - Netgear ProSafe - Denial of Service Vulnerability
http://www.exploit-db.com/exploits/27775