[CERT-daily] Tageszusammenfassung - Freitag 18-01-2013

Daily end-of-shift report team at cert.at
Fri Jan 18 18:20:32 CET 2013 

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Otmar Lendl




*** Linksys vuln: Cisco responds ***
---------------------------------------------
Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_responds_to_linksys_vuln/




*** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting ***
---------------------------------------------
Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-2013010148




*** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability ***
---------------------------------------------
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57445




*** Outbank 2 mit Passwort-Leck ***
---------------------------------------------
Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmeldung0COutbank0E20Emit0EPasswort0ELeck0E17868370Bhtml0Cfrom0Crss0A9/story01.htm




*** Why the Java threat rang every alarm ***
---------------------------------------------
"If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told...
---------------------------------------------
http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-211061?source=IFWNLE_nlt_firstlook_2013-01-18




*** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure ***
---------------------------------------------
CVE-2012-6452 Axway Secure Messenger Username Disclosure
---------------------------------------------
http://www.securityfocus.com/archive/1/525346

More information about the Daily mailing list