[CERT-daily] Tageszusammenfassung - Montag 22-10-2012

Mon Oct 22 18:05:25 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 19-10-2012 18:00 − Montag 22-10-2012 18:00
Handler:     Robert Waldner
Co-Handler:  Christian Wojner

*** Dutch government seeks to let law enforcement hack foreign computers ***
---------------------------------------------
"The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations. In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the governments plan to draft a bill in upcoming months that would provide law enforcement authorities with new
---------------------------------------------
http://www.cio.com.au/article/439620/dutch_government_seeks_let_law_enforcement_hack_foreign_computers/?fp=4&fpid=51238


*** Joomla Commedia 3.1 SQL Injection ***
---------------------------------------------
Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ixjlWHyPfk0/WLB-2012100160


*** F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection ***
---------------------------------------------
Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/jehSXRUk280/WLB-2012100175


*** WordPress Wordfence Security XSS and IAA vulnerabilities ***
---------------------------------------------
Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ixOVIlVAzxA/WLB-2012100168


*** Joomla Tag SQL Injection ***
---------------------------------------------
Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/t2QhRZO4mj0/WLB-2012100162


*** Joomla Freestyle Support 1.9 SQL Injection ***
---------------------------------------------
Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/BL5miMrFF0w/WLB-2012100161


*** Internet Explorer 9 XSS Filter Bypass ***
---------------------------------------------
Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/0YxVKyCrmJU/WLB-2012100176


*** US government cyber attack warnings are hypocritical, claims F-Secure chief ***
---------------------------------------------
"Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the country is on the cusp of experiencing a "cyber Pearl Harbor" in a speech last week. Panetta had claimed that the US government and critical infrastructure businesses are currently being besieged by state sponsored hackers with
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2218614/us-government-cyber-attack-warnings-are-hypocritical-claims-fsecure-chief


*** Billabong hacked, threats of mass data leaks from @GoatseSec ***
---------------------------------------------
One of the worlds largest surfing based brands has come under the eye of hackers after they gained access to its database via a exploitable wordpress installation.
---------------------------------------------
http://www.cyberwarnews.info/2012/10/21/billabong-hacked-threats-of-mass-data-leaks-from-goatsesec/


*** Adobe reader 10.1.4 memory corruption ***
---------------------------------------------
Topic: Adobe reader 10.1.4 memory corruption Risk: High Text:#!/usr/bin/perl #Title : Adobe reader 10.1.4 memory corruption #Version : 10.1.4.38 #Date : 2012-10-12 #Vendor ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qrIZMwM6M7g/WLB-2012100190


*** cpanel 11.32.5 (build 11) 11.32.5.11 CSRF ***
---------------------------------------------
Topic: cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Risk: Low Text: = Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/CNVJqOmG7OI/WLB-2012100188


*** Service Sells Access to Fortune 500 Firms ***
---------------------------------------------
An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/3T5OQmyiwT4/


*** Movable Type Pro 5.13en Cross Site Scripting ***
---------------------------------------------
Topic: Movable Type Pro 5.13en Cross Site Scripting Risk: Low Text:Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure In...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/UKDndJWwGNA/WLB-2012100193