======================= = End-of-Shift report = =======================
Timeframe: Freitag 05-07-2013 18:00 − Montag 08-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter
*** Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host *** --------------------------------------------- A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. Systems running only HVM guests are not affected. --------------------------------------------- http://www.securitytracker.com/id/1028740
*** WordPress post.php cross-site scripting *** --------------------------------------------- WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the post.php script. A remote attacker could exploit this vulnerability using the excerpt and content fields to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85439
*** Debian Security Advisory DSA-2720 icedove *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2720
*** Multiple D-Link Devices - OS-Command Injection via UPnP Interface *** --------------------------------------------- The vulnerability is caused by missing input validation in different XML parameters. This vulnerability could be exploited to inject and execute arbitrary shell commands. WARNING: You do not need to be authenticated to the device to insert and execute malicious commands. --------------------------------------------- http://www.exploit-db.com/exploits/26664
*** OpenNetAdmin Remote Code Execution *** --------------------------------------------- This exploit works because adding modules can be done without any sort of authentication. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070055
*** Styx Exploit Pack: Domo Arigato, PC Roboto *** --------------------------------------------- Not long ago, miscreants who wanted to buy an exploit kit -- automated software that helps booby-trap hacked sites to deploy malicious code -- had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms." --------------------------------------------- https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto...
*** Debian Security Advisory DSA-2721 nginx *** --------------------------------------------- buffer overflow --------------------------------------------- http://www.debian.org/security/2013/dsa-2721
*** What Does Facebook Know About You - An Analysis *** --------------------------------------------- If you've read a news website, turned on the TV or not been under a rock over the past few weeks, then there is a good chance you've heard of a guy named Edward Snowden. He's the US analyst who is currently stuck in a Russian airport looking for asylum because he exposed that - surprise, surprise - the US government/NSA had been spying on pretty much everyone. --------------------------------------------- http://daylandoes.com/facebook-and-your-data/
*** 15 MILLION dodgy login attempts spaffed all over Nintendo loyalists *** --------------------------------------------- Thousands of players plundered for their hard-earned booty Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/nintendo_bru...
*** Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability *** --------------------------------------------- Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/50218
*** DropBox account hacking bypassing two-factor authentication *** --------------------------------------------- Zouheir Abdallah revealed that a hacker already knows the victim's credentials for Dropbox account that has 2FA authentication enabled, is able to hack it. --------------------------------------------- http://securityaffairs.co/wordpress/15944/hacking/dropbox-account-hacking.ht...
*** Spam blizzards sometimes seed malware, AppRiver study warns *** --------------------------------------------- Digital desperadoes have begun hiding their larcenous activities behind blizzards of spam aimed at their victims inboxes, according to a report released last week by a cloud security provider. The technique, called Distributed Spam Distraction (DSD), began appearing early this year, AppRiver revealed in its Global Threat & Spamscape Report for the first half of 2013. --------------------------------------------- http://www.techhive.com/article/2043764/spam-blizzards-sometimes-seed-malwar...
*** cPanel cpanellogd Two Privilege Escalation Vulnerabilities *** --------------------------------------------- cPanel cpanellogd Two Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53921
*** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- FFmpeg Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54044
*** Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessible_is_browse_results, maag_formcaptcha, meta_feedit, rzautocomplete, sb_folderdownload, sg_zfelib, sg_zlib, tq_seo --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extensi...