[CERT-daily] Tageszusammenfassung - Dienstag 30-04-2013
Daily end-of-shift report
team at cert.at
Tue Apr 30 18:14:25 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00
Handler: Stephan Richter
*** Yahoo! Browser for Android Address Bar Spoofing Weakness ***
---------------------------------------------
https://secunia.com/advisories/53214
*** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update ***
---------------------------------------------
OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A
*** Admin beware: Attack hitting Apache websites is invisible to the naked eye ***
---------------------------------------------
Newly discovered Linux/Cdorked evades detection by running in shared memory.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/
*** Apache attack drives traffic to malware ***
---------------------------------------------
Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcorked_blackhole_vulnerability/
*** TinyMCE Ajax File Manager Remote Code Execution *youtube ***
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040207
*** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit ***
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040203
*** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/52953
*** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1028491
*** HP Service Manager Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/53260
*** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release ***
---------------------------------------------
http://typo3.org/download/release-notes/typo3-61-release-notes/
Next End-of-Shift report on 2013-05-02
More information about the Daily
mailing list