[CERT-daily] Tageszusammenfassung - Dienstag 19-03-2013

Daily end-of-shift report team at cert.at
Tue Mar 19 18:02:45 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 18-03-2013 18:00 − Dienstag 19-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** EA Origin vuln puts players at risk ***
---------------------------------------------
Game platform allows remote exploits, millions vulnerable A flaw in EAs Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/19/ea_origin_bug_allows_remote_exploits/




*** Vuln: Cisco IOS and IOS XE Insecure Password Hash Weakness ***
---------------------------------------------
Cisco IOS and IOS XE Insecure Password Hash Weakness
---------------------------------------------
http://www.securityfocus.com/bid/58557




*** Oracle Automated Service Manager Unsafe Temporary Files Let Local Users Modify Files on the Target System. ***
---------------------------------------------
A vulnerability was reported in Oracle Automated Service Manager. A local user can modify files on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1028310




*** Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities ***
---------------------------------------------
Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52646




*** McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability ***
---------------------------------------------
McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/52688




*** Joomla! RSFiles! Component "cid" SQL Injection Vulnerability ***
---------------------------------------------
Joomla! RSFiles! Component "cid" SQL Injection Vulnerability
---------------------------------------------
https://secunia.com/advisories/52668




*** Ruby on Rails Multiple Vulnerabilities ***
---------------------------------------------
Ruby on Rails Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52656




*** IBM WebSphere Application Server Multiple Java Vulnerabilities ***
---------------------------------------------
IBM WebSphere Application Server Multiple Java Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52703




*** Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability ***
---------------------------------------------
Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability
---------------------------------------------
https://secunia.com/advisories/52690




*** [webapps] - ViewGit 0.0.6 - Multiple XSS Vulnerabilities ***
---------------------------------------------
ViewGit 0.0.6 - Multiple XSS Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24862




*** [webapps] - WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability ***
---------------------------------------------
WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/24859





*** Botnetz scannt das Internet mit Hilfe von gehackten Endgeräten ***
---------------------------------------------
Ein Hacker hat einen eigenen "Internet Census 2012" mittels eines extra dafür eingerichteten Botnetzes erstellt. Ergebnis der Aktion: 420 Millionen aktive Geräte antworten auf Anfragen - und jede Menge Sicherheitslecks kommen ans Licht.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Botnetz-scannt-das-Internet-mit-Hilfe-von-gehackten-Endgeraeten-1825634.html




*** Bugtraq: VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) ***
---------------------------------------------
VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)
---------------------------------------------
http://www.securityfocus.com/archive/1/526050


More information about the Daily mailing list