======================= = End-of-Shift report = =======================
Timeframe: Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a
*** Cisco Linksys X3000 Router apply.cgi cross-site scripting *** --------------------------------------------- Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85186
*** Vast majority of malware attacks spawned from legit sites *** --------------------------------------------- Drive-by attacks not just from porn and warez sites, new Google data shows. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/
*** Google adds malware, phishing to transparency report to make the Web safer *** --------------------------------------------- The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily --------------------------------------------- http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-tran...
*** Forticlient VPN client credential interception vulnerability *** --------------------------------------------- Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060220
*** aSc TimeTables Add Subject buffer overflow *** --------------------------------------------- aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85199
*** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- Where: From remote Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access Solution Status: Unpatched --------------------------------------------- https://secunia.com/advisories/53962
*** Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors,...
The iceweasel version in the oldstable distribution (squeeze) is no longer supported with security updates. --------------------------------------------- http://www.securityfocus.com/archive/1/526973
*** Apache Qpid Python Client SSL Certificate Verification Security Issue *** --------------------------------------------- A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/53968