[CERT-daily] Tageszusammenfassung - Dienstag 19-02-2013

Daily end-of-shift report team at cert.at
Tue Feb 19 18:10:58 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-02-2013 18:00 − Dienstag 19-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan




*** Bugtraq: Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525726




*** Bugtraq: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525724




*** Cyber Security Bulletin (SB13-049) - Vulnerability Summary for the Week of February 11, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-049.html




*** Trust but verify: when CAs fall short ***
---------------------------------------------
"Weve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem...."
---------------------------------------------
http://www.securelist.com/en/blog/208194124/Trust_but_verify_when_CAs_fall_short




*** [TYPO3-announce] [Ticket#2013021910000016] Security issues in several third party TYPO3 extensions including cooluri and static_info_tables ***
---------------------------------------------
Several vulnerabilities have been found in the following third party TYPO3 extensions:
CoolURI (cooluri)
Static Info Tables (static_info_tables)
Fluid Extbase Development Framework (fed)
My quiz and poll (myquizpoll) 
RSS feed from records (push2rss_3ds)
Slideshare (slideshare)
WEC Discussion Forum (wec_discussion)
For further information on the issue in the extension "CoolURI"...
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/




*** Netzpolitik - Hackerangriff auf sparkasse.de ***
---------------------------------------------
Unbekannte haben Website manipuliert
---------------------------------------------
http://derstandard.at/1361240471623/Hackerangriff-auf-sparkassede


More information about the Daily mailing list