======================= = End-of-Shift report = ======================= Timeframe: Montag 18-03-2013 18:00 − Dienstag 19-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl
*** EA Origin vuln puts players at risk *** --------------------------------------------- Game platform allows remote exploits, millions vulnerable A flaw in EAs Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/19/ea_origin_bu...
*** Vuln: Cisco IOS and IOS XE Insecure Password Hash Weakness *** --------------------------------------------- Cisco IOS and IOS XE Insecure Password Hash Weakness --------------------------------------------- http://www.securityfocus.com/bid/58557
*** Oracle Automated Service Manager Unsafe Temporary Files Let Local Users Modify Files on the Target System. *** --------------------------------------------- A vulnerability was reported in Oracle Automated Service Manager. A local user can modify files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028310
*** Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities *** --------------------------------------------- Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52646
*** McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52688
*** Joomla! RSFiles! Component "cid" SQL Injection Vulnerability *** --------------------------------------------- Joomla! RSFiles! Component "cid" SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/52668
*** Ruby on Rails Multiple Vulnerabilities *** --------------------------------------------- Ruby on Rails Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52656
*** IBM WebSphere Application Server Multiple Java Vulnerabilities *** --------------------------------------------- IBM WebSphere Application Server Multiple Java Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52703
*** Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability *** --------------------------------------------- Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52690
*** [webapps] - ViewGit 0.0.6 - Multiple XSS Vulnerabilities *** --------------------------------------------- ViewGit 0.0.6 - Multiple XSS Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24862
*** [webapps] - WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability *** --------------------------------------------- WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/24859
*** Botnetz scannt das Internet mit Hilfe von gehackten Endgeräten *** --------------------------------------------- Ein Hacker hat einen eigenen "Internet Census 2012" mittels eines extra dafür eingerichteten Botnetzes erstellt. Ergebnis der Aktion: 420 Millionen aktive Geräte antworten auf Anfragen - und jede Menge Sicherheitslecks kommen ans Licht. --------------------------------------------- http://www.heise.de/newsticker/meldung/Botnetz-scannt-das-Internet-mit-Hilfe...
*** Bugtraq: VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) *** --------------------------------------------- VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) --------------------------------------------- http://www.securityfocus.com/archive/1/526050