[CERT-daily] Tageszusammenfassung - Donnerstag 25-04-2013

[Daily end-of-shift report]

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 24-04-2013 18:00 − Donnerstag 25-04-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan




*** Multiple Vulnerabilities in Cisco NX-OS-Based Products ***
---------------------------------------------
Multiple Vulnerabilities in Cisco NX-OS-Based Products
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti




*** Cisco Device Manager Command Execution Vulnerability ***
---------------------------------------------
Cisco Device Manager Command Execution Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm




*** Multiple Vulnerabilities in Cisco Unified Computing System ***
---------------------------------------------
Multiple Vulnerabilities in Cisco Unified Computing System
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti




*** Apache CloudStack Multiple vulnerabilities ***
---------------------------------------------
Topic: Apache CloudStack Multiple vulnerabilities Risk: High Text:Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040178




*** phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution ***
---------------------------------------------
Topic: phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution Risk: High Text:[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin = Author: Janek Vind "waraxe" Date...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040179




*** Travnet Botnet Steals Huge Amount of Sensitive Data ***
---------------------------------------------
In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware's ability to wait for further commands from the malicious control server.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data




*** Joomla! Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/53202




*** ALFContact component for Joomla! unspecified cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83765




*** Citrix CloudPlatform Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/53204