======================= = End-of-Shift report = =======================
Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter
*** Yahoo! Browser for Android Address Bar Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/53214
*** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update *** --------------------------------------------- OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A
*** Admin beware: Attack hitting Apache websites is invisible to the naked eye *** --------------------------------------------- Newly discovered Linux/Cdorked evades detection by running in shared memory. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/
*** Apache attack drives traffic to malware *** --------------------------------------------- Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcork...
*** TinyMCE Ajax File Manager Remote Code Execution *youtube *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040207
*** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040203
*** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52953
*** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1028491
*** HP Service Manager Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53260
*** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release *** --------------------------------------------- http://typo3.org/download/release-notes/typo3-61-release-notes/
Next End-of-Shift report on 2013-05-02