[CERT-daily] Tageszusammenfassung - Freitag 21-12-2012

Daily end-of-shift report team at cert.at
Fri Dec 21 18:13:23 CET 2012


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan




*** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout ***
---------------------------------------------
Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-2012120163




*** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03577598




*** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56957




*** QNAP-NAS anfällig für cross-site-scripting (XSS) ***
---------------------------------------------
Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird.
So ist z.B. die Photostation und die TVStation anfällig für XSS.
---------------------------------------------
http://sdcybercom.wordpress.com/




*** CA20121220-01: Security Notice for CA IdentityMinder ***
---------------------------------------------
CA Technologies Support is alerting customers to two potential risks in
CA IdentityMinder (formerly known as CA Identity Manager). Two
vulnerabilities exist that can allow a remote attacker to execute
arbitrary commands, manipulate data, or gain elevated access. CA
Technologies has issued patches to address the vulnerability.
---------------------------------------------
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}





*** VMWare posts some updates, (Fri, Dec 21st) ***
---------------------------------------------
Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that)....  .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html  There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch!    -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14740&rss





Next End-of-Shift report on 2012-12-27


More information about the Daily mailing list