[CERT-daily] Tageszusammenfassung - Montag 6-05-2013

Daily end-of-shift report team at cert.at
Mon May 6 19:05:17 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner




*** What’s a known source of malware doing in an iOS app? Ars investigates ***
---------------------------------------------
Trojans, false positives, and the case of accidental cross contamination.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/




*** gpsd AIS driver packet parser denial of service ***
---------------------------------------------
gpsd AIS driver packet parser denial of service
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83982




*** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System ***
---------------------------------------------
http://www.securitytracker.com/id/1028511




*** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files ***
---------------------------------------------
http://www.securitytracker.com/id/1028510




*** Microsoft Releases Security Advisory 2847140 ***
---------------------------------------------
Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx




*** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit




*** New version of DIY Google Dorks based mass website hacking tool spotted in the wild ***
---------------------------------------------
By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/




*** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/59618




*** Cisco WebEx Cache Directory Read Vulnerability ***
---------------------------------------------
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231




*** Cisco WebEx Uninitialized Memory Read Vulnerability ***
---------------------------------------------
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232




*** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/526541




*** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java ***
---------------------------------------------
http://www.securityfocus.com/archive/1/526540


More information about the Daily mailing list