Daily April 2013

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Dienstag 16-04-2013
by Daily end-of-shift report 16 Apr '13

16 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-04-2013 18:00 − Dienstag 16-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How mobile spammers verify the validity of harvested phone numbers *** --------------------------------------------- By Dancho Danchev Just as we anticipated earlier this year in our "How mobile spammers verify the validity of harvested phone number" post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to.. --------------------------------------------- http://blog.webroot.com/2013/04/16/how-mobile-spammers-verify-the-validity-… *** Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader *** --------------------------------------------- This blog post and the next blog post will focus on analyzing malicious PDF files and the changes we've made to jsunpack to facilitate this analysis. --------------------------------------------- http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-lear… *** Tricks neu aufgelegt: Vorsicht bei Copy&Paste *** --------------------------------------------- Mit einem nicht ganz neuen Trick, der derzeit verstärkt wieder kursiert, können Web-Seiten etwa arglosen Linux-Usern, die zu faul zum Tippen sind, Befehle unterjubeln und deren System kapern. --------------------------------------------- http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy… *** New security protection, fixes for 39 exploitable bugs coming to Java *** --------------------------------------------- Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers. --------------------------------------------- http://arstechnica.com/security/2013/04/new-security-protection-fixes-for-3… *** Linode Hacked Through ColdFusion Zero Day *** --------------------------------------------- The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the companys database, source code and customers credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.read more --------------------------------------------- https://threatpost.com/en_us/blogs/linode-hacked-through-coldfusion-zero-da… *** MediaWiki Two XML External Entities Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53054 *** Nitro Pro Insecure Library Loading Vulnerability *** --------------------------------------------- SEC Consult has reported a vulnerability in Nitro Pro, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/52907 *** EasyPHPCalendar Date Picker Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in EasyPHPCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the date picker is not properly sanitised before being returned to the user. --------------------------------------------- https://secunia.com/advisories/53025 *** NetGear WNR1000 ".jpg" Security Bypass Vulnerability *** --------------------------------------------- Roberto Paleari has reported a vulnerability in NetGear WNR1000, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to certain web pages with appended ".jpg" to the URL and can be exploited to e.g. gain knowledge the configuration file including admin credentials. --------------------------------------------- https://secunia.com/advisories/52856

1 0

Tageszusammenfassung - Montag 15-04-2013
by Daily end-of-shift report 15 Apr '13

15 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-04-2013 18:00 − Montag 15-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Brute Force Attacks Build WordPress Botnet *** --------------------------------------------- Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.Related Posts:Network Solutions Again Under SiegeAdobe, Microsoft, WordPress Issue Security FixesNew Tools Bypass Wireless Router SecurityPassword Do’s and Don’tsAttackers Hit Weak --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/EBD0wNNgwW0/ *** USA und China richten Arbeitsgruppen für Internet-Sicherheit ein *** --------------------------------------------- Bei seinem China-Besuch hat der US-Außenminister die Einsetzung von Arbeitsgruppen zu den Themen Cyber-Security und globaler Klimaschutz vereinbart. --------------------------------------------- http://www.heise.de/security/meldung/USA-und-China-richten-Arbeitsgruppen-f… *** Social Media Widget remote file inclusion *** --------------------------------------------- Topic: Social Media Widget remote file inclusion Risk: High Text:http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.ht… http://securityledger.com/hacked-wordpress-plug-in-pu... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/AgtWJoX3sg0/WLB-20… *** Under the microscope: The bug that caught PayPal with its pants down *** --------------------------------------------- Payment giant suffers textbook SQL injection flaw Security researchers have published a more complete rundown on a recently patched SQL injection flaw on PayPals website.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/15/paypal_sql_… *** 8 Steps To Secure Your WordPress Blog *** --------------------------------------------- Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations. --------------------------------------------- http://www.howtomakemyblog.com/wordpress/7-simple-steps-to-make-your-wordpr… *** Kippo 0.8 small SSH honeypot to keep track of brute force attacks *** --------------------------------------------- New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution. --------------------------------------------- http://www.sectechno.com/2013/04/14/kippo-0-8-small-ssh-honeypot-to-keep-tr… *** Linksys EA2700 Multiple Vulnerabilities *** --------------------------------------------- Linksys EA2700 Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52985 *** AndroTotal *** --------------------------------------------- AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps. --------------------------------------------- http://beta.andrototal.org/ *** Parallels Plesk Panel Privilege Escalation Vulnerabilities *** --------------------------------------------- Parallels Plesk Panel Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52998 *** Vaillant-Heizungen mit Sicherheits-Leck *** --------------------------------------------- Die Heizungsanlage ecoPower 1.0 kann man über das Internet steuern – allerdings auch dann, wenn man dazu gar nicht berechtigt ist. Ein Angreifer könnte die Anlage dadurch potenziell dauerhaft beschädigen. Kunden sollen jetzt den Netzwerkstecker ziehen. --------------------------------------------- http://www.heise.de/security/meldung/Vaillant-Heizungen-mit-Sicherheits-Lec… *** Blog: Winnti returns with PlugX *** --------------------------------------------- Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company’s servers were infected, we began to clean them up in conjunction with the company’s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn’t --------------------------------------------- http://www.securelist.com/en/blog/208194224/Winnti_returns_with_PlugX

1 0

Tageszusammenfassung - Freitag 12-04-2013
by Daily end-of-shift report 12 Apr '13

12 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-04-2013 18:00 − Freitag 12-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Data-Stealing Spyware Redpill Back, Targeting India *** --------------------------------------------- A form of spyware first seen in 2008 and known for siphoning away users bank account credentials, emails, screenshots and various other bits of information has surfaced again this time targeting computer users in India.read more --------------------------------------------- https://threatpost.com/en_us/blogs/data-stealing-spyware-redpill-back-targe… *** Bugtraq: MacOSX 10.8.3 ftpd Remote Resource Exhaustion *** --------------------------------------------- MacOSX 10.8.3 ftpd Remote Resource Exhaustion --------------------------------------------- http://www.securityfocus.com/archive/1/526343 *** Study Shows Google Better than Bing at Filtering Malicious Web Sites *** --------------------------------------------- A German security company spent 18 months analyzing malware among millions of Web sites ranked by the worlds most popular search engines and concluded Google was safer than Bing.read more --------------------------------------------- https://threatpost.com/en_us/blogs/study-shows-google-better-bing-filtering… *** Check Point bakes anti-malware tech into firewall bricks *** --------------------------------------------- Software blades whisper from scabbards. En garde Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/12/check_point… *** Spider Video Player plugin for WordPress settings.php SQL injection *** --------------------------------------------- Spider Video Player plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the settings.php script using the theme parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83374 *** American Airlines 'You can download your ticket' themed emails lead to malware *** --------------------------------------------- By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they've received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/Upf44191rw4/ *** Microsoft zieht Sicherheitsspatch für Windows und Windows Server zurück *** --------------------------------------------- Ein am vergangenen Dienstag veröffentlichtes Windows-Update kann dazu führen, das der Rechner nicht mehr hochfährt. Dann hilft nur noch die Wiederherstellungskonsole. Wer das Update bereits installiert hat, soll es wieder entfernen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-zieht-Sicherheitsspatch-fuer… *** Bitcoin Botnet Ranked as Top Threat for Q1 2013 *** --------------------------------------------- Looking at the threats that targeted the Web in the first quarter of the year, Fortinet says that ZeroAccess, a botnet that mines the popular electronic currency Bitcoins, was the top problem. It wasn't alone however, as attacks on South Korea and Adware on Android made the list. --------------------------------------------- https://www.securityweek.com/bitcoin-botnet-ranked-top-threat-q1-2013 *** jPlayer "jQuery" Cross-Site Scripting Vulnerability *** --------------------------------------------- Input passed via the "jQuery" parameter to Jplayer.swf is not properly sanitised before being passed to the "ExternalInterface.call()" method. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. --------------------------------------------- https://secunia.com/advisories/52978 *** Social Engineering Skype Support team to hack any account instantly *** --------------------------------------------- You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? --------------------------------------------- http://thehackernews.com/2013/04/social-engineering-skype-support-team.html *** Angriffswelle auf 1&1-Server *** --------------------------------------------- Cyber-Kriminelle haben anscheinend verstärkt versucht, 1&1-Server mit Schadsoftware zu infizieren. Dadurch sind einige Dienste unter Umständen nur eingeschränkt zu erreichen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffswelle-auf-1-1-Server-1841085.h… *** Mehrere DoS-Lücken in Ciscos ASA *** --------------------------------------------- Im Betriebssystem für einige Netzwerkgeräte hat Cisco Lücken gefunden, die zu Denial-of-Service-Angriffen ausgenutzt werden könnten. Auch die Firewalls mancher Switches und Router sind betroffen. --------------------------------------------- http://www.heise.de/security/meldung/Mehrere-DoS-Luecken-in-Ciscos-ASA-1841… *** Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities *** --------------------------------------------- Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53015

1 0

Tageszusammenfassung - Donnerstag 11-04-2013
by Daily end-of-shift report 11 Apr '13

11 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-04-2013 18:00 − Donnerstag 11-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Security Externalities and DDOS Attacks *** --------------------------------------------- Ed Felten has a really good blog post about the externalities that the recent Spamhaus DDOS attack exploited: The attackers goal was to flood Spamhaus or its network providers with Internet traffic, to overwhelm their capacity to handle incoming network packets. The main technical problem faced by a DoS attacker is how to amplify the attackers traffic-sending capacity, so that... --------------------------------------------- http://www.schneier.com/blog/archives/2013/04/security_extern.html *** Ransomware: The cybercrime money machine of 2013 *** --------------------------------------------- "Towards the end of last year, when the major security firms were compiling their customary run-downs of the biggest threats expected to emerge in 2013, ransomware figured prominently as an ominous one to watch. This breed of malicious software owes its name to the way in which it attacks a computer, quite literally holding it ransom by paralysing the device and demanding payment for it to be unlocked. By February this year, the experts prophecies began to be realised as a sophisticated... --------------------------------------------- http://www.itproportal.com/2013/04/10/ransomware-the-cybercrime-money-machi… *** Cisco ASA Multiple Bugs Let Remote Users Deny Service *** --------------------------------------------- Cisco ASA Multiple Bugs Let Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028415 *** Summary for April 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for April 2013. With the release of the security bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued April 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-apr *** Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration *** --------------------------------------------- Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration --------------------------------------------- http://www.securitytracker.com/id/1028419 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 Security update: Security Hotfix available for ColdFusion APSB13-11 Security updates available for Adobe Flash Player APSB13-12 Security update available for Adobe Shockwave Player Customers of the affected products should... --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Request Tracker 4.0.10 SQL Injection *** --------------------------------------------- Request Tracker 4.0.10 SQL Injection Risk: Medium RT: Request Tracker System --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_dNhCwOTOjA/WLB-20… *** Industrial IT Security - Roadshow Frankfurt am Main | 18.06.2013 *** --------------------------------------------- Eine Arbeitsgruppe im Bayerischen IT-Sicherheitscluster beschäftigt sich seit dem spektakulären Stuxnet-Angriff auf eine Urananreicherungsanlage im Iran im Jahr 2010 mit der Entwicklung von Produkten, Lösungen und Prozessen für die Produktionsebene. In Zusammenarbeit mit der Kompetenzgruppe Sicherheit des eco werden die Ergebnisse nun erstmal ausserhalb von Bayern vorgestellt. --------------------------------------------- http://www.eco.de/2013/veranstaltungen/industrial-it-security.html *** Wordpress-Widget verbreitet Spam *** --------------------------------------------- Das Social-Media-Widget von Wordpress wurde als Spam-Schleuder genutzt. Im Januar wechselte der Entwickler, seitdem ist das Widget auffällig. Wordpress reagiert mit einem Bann. Das Plug-in sollte so schnell wie möglich deaktiviert werden. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wordpress-Widget-verbreitet-Spam-183… *** Hijacking airplanes with an Android phone *** --------------------------------------------- An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today. --------------------------------------------- https://www.net-security.org/secworld.php?id=14733 *** Debian Security Advisory DSA-2659 libapache-mod-security *** --------------------------------------------- XML external entity processing vulnerability --------------------------------------------- http://www.debian.org/security/2013/dsa-2659 *** Podcast: Switch To IPV6 Demands A Security Re-Think *** --------------------------------------------- "Youre probably not aware of it, but a major transformation is taking place on the Internet. Weve exhausted the approximately 4. 3 billion available addresses for IPV4 Internet Protocol Version 4 the Internets lingua franca...." --------------------------------------------- http://securityledger.com/podcast-switch-to-ipv6-demands-a-security-re-thin… *** A dozen tools for removing almost any malware *** --------------------------------------------- Here's a typical scenario for a veteran computer user. Having established best-security practices on your PC, you've been free of malware infections for a long time. --------------------------------------------- https://windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-… *** Blog: The Winnti honeypot - luring intruders *** --------------------------------------------- During our research on the Winnti group we discovered a considerable amount of Winnti samples targeting different gaming companies. Using this sophisticated malicious program cybercriminals gained remote access to infected workstations and then carried out further activity manually. --------------------------------------------- http://www.securelist.com/en/blog/851/The_Winnti_honeypot_luring_intruders

1 0

Tageszusammenfassung - Mittwoch 10-04-2013
by Daily end-of-shift report 10 Apr '13

10 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-04-2013 18:00 − Mittwoch 10-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Spiel mir das Lied vom Exploit: VirtualDJ führt Code in MP3s aus *** --------------------------------------------- Beim Abspielen von MP3s stolpert die DJ-Software über speziell präparierte ID3-Tags. Dabei droht aber nicht nur der Absturz: Es kursiert bereits ein Exploit, der den Buffer Overflow ausnutzt. --------------------------------------------- http://www.heise.de/security/meldung/Spiel-mir-das-Lied-vom-Exploit-Virtual… *** Out with the old, in with the April 2013 security updates *** --------------------------------------------- Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives. But through it all, Windows XP keeps chugging along. With its longevity and wide user base,... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with… *** Bericht: Microsoft plant Zwei-Faktor-Authentifizierung mit App *** --------------------------------------------- Für Nutzerkonten will Microsoft offenbar bald eine Zwei-Faktor-Authentifizierung einführen. Zusätzlich zum Passwort müsste dann noch ein Code eingegeben werden, der von einer Smartphone-App generiert wird. --------------------------------------------- http://www.heise.de/security/meldung/Bericht-Microsoft-plant-Zwei-Faktor-Au… *** Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability *** --------------------------------------------- Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability --------------------------------------------- https://secunia.com/advisories/52934 *** Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates *** --------------------------------------------- In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.read more --------------------------------------------- https://threatpost.com/en_us/blogs/pwn2own-ie-vulnerabilities-missing-micro… *** 2nd Anuual Cyber Security UAE Summit 2013 *** --------------------------------------------- "Assess the nature of the latest threats being faced and the impact of these upon your organisationDiscuss the most promising cyber security technologies in the marketplaceAssess the trends to watch in global cyber securityInternational Case Studies: Discover the best practice in protecting your organisation from cyber-attackNetwork with your industry peers in the comfort of a 5 star venueThe only event of its kind to take place in the Middle East..." --------------------------------------------- http://www.cybersecurityuae.com/ *** Streaming Videos Vudu Issues Systemwide Password Reset After Theft *** --------------------------------------------- The streaming video service Vudu on Tuesday began resetting its customers passwords after theives broke into the companys Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.read more --------------------------------------------- https://threatpost.com/en_us/blogs/streaming-videos-vudu-issues-systemwide-… *** Linksys WRT54GL apply.cgi Command Execution *** --------------------------------------------- Topic: Linksys WRT54GL apply.cgi Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hE7MhGTEKrY/WLB-20… *** Top Level Domains: ICANN erfüllt Wünsche der Strafverfolger *** --------------------------------------------- Die Dienstleister für Domainregistrierungen müssen künftig striktere Auflagen bei der Registrierung von Domains für ihre Kunden beachten, etwa bei der Überprüfung von Kundendaten und der Vorratsdatenspeicherung von Domain-Inhaberdaten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Top-Level-Domains-ICANN-erfuellt-Wue… *** Vuln: phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58962 *** Trojaner-Mail-Kampagne setzt auf Trusted Shops *** --------------------------------------------- Trusted Shops genießen Vertrauen. Das will sich eine neue Trojaner-Mail-Kampagne zunutze machen und setzt auf die Angst vieler Kunden: Was, wenn die gekaufte Ware aus dem Internet nicht ankommt? Da greift doch der "Käuferschutz"? --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Mail-Kampagne-setzt-auf-Trust… *** WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52976 *** Adobe April Patches *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 – Security update: Security Hotfix available for ColdFusion APSB13-11 – Security updates available for Adobe Flash Player APSB13-12 – Security update available for Adobe Shockwave Player Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-13-055/ *** Novell Identity Manager Unspecified Vulnerability *** --------------------------------------------- Novell Identity Manager Unspecified Vulnerability --------------------------------------------- https://secunia.com/advisories/52984

1 0

Tageszusammenfassung - Dienstag 9-04-2013
by Daily end-of-shift report 09 Apr '13

09 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-04-2013 18:00 − Dienstag 09-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Google AD Sync Tool Vulnerability (GADS) *** --------------------------------------------- Topic: Google AD Sync Tool Vulnerability (GADS) Risk: High Text:Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all store... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/knSZ3WmkiLY/WLB-20… *** HP System Management Homepage Local Privilege Escalation *** --------------------------------------------- Topic: HP System Management Homepage Local Privilege Escalation Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Peuq5i06_sw/WLB-20… *** Security Bulletin: SONAS Fix Available for SONAS CIFS Attribute Vulnerability (CVE-2013-0454) *** --------------------------------------------- SONAS includes a version of Samba that is affected by a vulnerability that sets incorrect attributes to a SONAS CIFS export. CVE(s): CVE-2013-0454Affected product(s) & Affected version(s): Affected releases: SONAS 1.1 through 1.3.2.1-20. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004287X-Force Database: http://xforce.iss.net/xforce/xfdb/80970 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_son… *** Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) *** --------------------------------------------- A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.CVE(s): CVE-2013-0501Affected product(s) & Affected version(s): IBM Cognos Disclosure Management 10.2.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilit… *** ICS-CERT has released an Advisory "ICSA-13-098-01 Canary Labs Inc Trend Link Insecure ActiveX Control Method" (PDF) *** --------------------------------------------- This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf *** TinyWebGallery image.php path disclosure *** --------------------------------------------- TinyWebGallery image.php path disclosure --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83286 *** International cyber exercise confirms the importance of international collaboration *** --------------------------------------------- On 20 and 21 March, the National Cyber Security Centre (NCSC) participated in an international cyber exercise by the International Watch and Warning Network (IWWN) entitled Cyberstorm IV. Cyberstorm IV is the last in a series of cyber exercises during which malware is investigated for 36 consecutive hours. Together with its partners at IWWN, the Department of Homeland Security (of the United States) has organized the international ingredient of Cyberstorm IV. --------------------------------------------- http://www.ncsc.nl/english/current-topics/news/international-cyber-exercise…

1 0

Tageszusammenfassung - Montag 8-04-2013
by Daily end-of-shift report 08 Apr '13

08 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router *** --------------------------------------------- Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-U… *** German ransomware threatens with sick kiddie smut *** --------------------------------------------- IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning… *** SANS Secure Europe 2013 - Amsterdam, Netherlands *** --------------------------------------------- "Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...." --------------------------------------------- http://www.sans.org/event/secure-europe-2013 *** Joomla GPL Template Cross Site Scripting *** --------------------------------------------- Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-20… *** Zimbra XSS in aspell.php *** --------------------------------------------- Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-20… *** Online-Bücherei Scribd wurde gehackt *** --------------------------------------------- Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen. --------------------------------------------- http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehack… *** Virenschutz für Windows 8 getestet *** --------------------------------------------- Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender. --------------------------------------------- http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-… *** Shylock Trojan Going Global with New Features, Resilient Infrastructure *** --------------------------------------------- The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more --------------------------------------------- https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-r… *** Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58316 *** IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability *** --------------------------------------------- IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability --------------------------------------------- https://secunia.com/advisories/52957 *** Botnetz verteilt Android-Trojaner *** --------------------------------------------- Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet. --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836… *** IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities *** --------------------------------------------- IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52964 *** OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities *** --------------------------------------------- OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52973 *** OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability *** --------------------------------------------- OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability --------------------------------------------- https://secunia.com/advisories/52969 *** Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52966 *** Cyber-security experts demonstrate Java attack *** --------------------------------------------- ....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team... --------------------------------------------- http://eandt.theiet.org/news/2013/apr/context-cyber.cfm *** Update on leaked UEFI signing keys - probably no significant risk *** --------------------------------------------- According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries. --------------------------------------------- http://mjg59.dreamwidth.org/24463.html *** ICS-CERT Advisories *** --------------------------------------------- *** ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf --------------------------------------------- *** Vulnerabilities in various WordPress Plugins *** --------------------------------------------- *** WordPress Trafficanalyzer Plugin XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-20… *** WP-Print plugin for WordPress unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83267 *** Wordpress plugins kioskprox XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-20… *** WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52876 *** WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52863 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 5-04-2013
by Daily end-of-shift report 05 Apr '13

05 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-04-2013 18:00 − Freitag 05-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Advance Notification Service for the April 2013 Security Bulletin Release *** --------------------------------------------- In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. As always, we’ll publish the bulletins on the second Tuesday of the month, April 9, 2013 at... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/04/advance-notification-ser… *** Blog: Skypemageddon by bitcoining *** --------------------------------------------- Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype --------------------------------------------- http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining *** Avaya Aura Application Enablement Services Multiple Vulnerabilities *** --------------------------------------------- Avaya Aura Application Enablement Services Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52893 *** Xerox FreeFlow Print Server Multiple Vulnerabilities *** --------------------------------------------- Xerox FreeFlow Print Server Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52848 *** Cisco Tivoli Business Service Manager Denial of Service Vulnerability *** --------------------------------------------- Cisco Tivoli Business Service Manager (TBSM), which is part of Cisco Hosted Collaboration Mediation (HCM), contains a vulnerability that could allow an unauthenticated remote attacker to cause a partial Denial of Service (DoS). --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** McAfee Email Gateway Denial of Service Vulnerability *** --------------------------------------------- McAfee Email Gateway Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52838 *** BSI warnt vor erneuten Angriffen über Anzeigen *** --------------------------------------------- In den letzten Tagen wurden vermehrt OpenX-Anzeigen-Server mit Schadcode präpariert. Mittlerweile geraten über Anzeigennetze auch große Sites ins Visier und attackieren dann innerhalb kurzer Zeit tausende Besucher. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-vor-erneuten-Angriffen-ueber… *** Vuln: Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability *** --------------------------------------------- Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58323

1 0

Tageszusammenfassung - Donnerstag 4-04-2013
by Daily end-of-shift report 04 Apr '13

04 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58810 *** The HTTP "Range" Header, (Wed, Apr 3rd) *** --------------------------------------------- One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps: - Move the file out of the document root - create a script that will perform the necessary authorization and then stream the file back to the user Typically, the process of streaming the file --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15541&rss *** ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF) *** --------------------------------------------- The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf *** Madi/Mahdi/Flashback OS X connected malware spreading through Skype *** --------------------------------------------- By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/ *** HP-UX update for Java *** --------------------------------------------- HP-UX update for Java --------------------------------------------- https://secunia.com/advisories/52866 *** HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities *** --------------------------------------------- HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption). --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410… *** Cutwail Spam Botnet Targeting Android Users *** --------------------------------------------- Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002537.html *** Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) *** --------------------------------------------- IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation *** --------------------------------------------- VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Kritisches Sicherheitsupdate für PostgreSQL *** --------------------------------------------- Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation. --------------------------------------------- http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-Post…

1 0

Tageszusammenfassung - Mittwoch 3-04-2013
by Daily end-of-shift report 03 Apr '13

03 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-04-2013 18:00 − Mittwoch 03-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Fool Me Once… *** --------------------------------------------- When youre lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to maximum. But when youve gained access to an elite black market section of a closely guarded crime forum to which very few have access, its easy to let your guard down. Thats what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/KQ4_dgabCRA/ *** Vuln: Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities *** --------------------------------------------- Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57760 *** MongoDB nativeHelper.apply Remote Code Execution *** --------------------------------------------- Topic: MongoDB nativeHelper.apply Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/9qv99GNyBx0/WLB-20… *** Virtual Access Monitor SQL Injection *** --------------------------------------------- Topic: Virtual Access Monitor SQL Injection Risk: Medium Text:High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk v... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/fgTY56cKvK8/WLB-20… *** Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028382 *** Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028379 *** WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52855 *** Darkleech infiziert reihenweise Apache-Server *** --------------------------------------------- Darkleech ist "intelligent" und greift nicht jeden an. Opfer leitet es auf Seiten mit dem Blackhole Exploit Kit um. Für die Angriffe werden Apache-Webserver als Virenschleudern missbraucht. Eine Vielzahl von deutschen Webseiten soll infiziert sein. --------------------------------------------- http://www.heise.de/security/meldung/Darkleech-infiziert-reihenweise-Apache… *** Cisco Connected Grid Network Management System SQL Injection Vulnerabilities *** --------------------------------------------- A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System (CG-NMS) is susceptible to cross-site scripting (XSS) vulnerabilities in the element list component. XSS attacks use obfuscation by encoding tags or malicious portions of the script using the Unicode method so that the link or HTML content is disguised to the end user browsing to the site. The origins of XSS attacks are difficult to identify using traceback methods... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** ownCloud-Sicherheitsupdate zerschießt Installation *** --------------------------------------------- Nach einem Update auf die Versionen 5.0.1 und 5.0.2 stellt ownCloud die Funktion ein. Inzwischen haben die Entwickler nachgebessert. --------------------------------------------- http://www.heise.de/security/meldung/ownCloud-Sicherheitsupdate-zerschiesst… *** SEC Consult - Sophos Web Protection Appliance Multiple vulnerabilities *** --------------------------------------------- SEC Consult has identified several vulnerabilities within the components of the Sophos Web Protection Appliance in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** IBM Maximo Asset Management Products - Potential security vulnerabilities with JavaTM SDKs *** --------------------------------------------- Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21633170

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily April 2013