======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan
*** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout *** --------------------------------------------- Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-201...
*** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598
*** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56957
*** QNAP-NAS anfällig für cross-site-scripting (XSS) *** --------------------------------------------- Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS. --------------------------------------------- http://sdcybercom.wordpress.com/
*** CA20121220-01: Security Notice for CA IdentityMinder *** --------------------------------------------- CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. --------------------------------------------- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BFBA53...
*** VMWare posts some updates, (Fri, Dec 21st) *** --------------------------------------------- Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14740&rss
Next End-of-Shift report on 2012-12-27