[CERT-daily] Tageszusammenfassung - Donnerstag 31-01-2013

Daily end-of-shift report team at cert.at
Thu Jan 31 18:02:48 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability ***
---------------------------------------------
Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57641




*** Drupal 6.x email2image Access bypass ***
---------------------------------------------
Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-2013010231




*** Drupal 7.x Boxes Cross Site Scripting ***
---------------------------------------------
Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-2013010229




*** Wordpress RLSWordPressSearch plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-2013010227




*** Vuln: Wireshark PER Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark PER Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57622




*** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark MS-MMC Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57620




*** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability ***
---------------------------------------------
Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57618




*** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark DTLS Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57621




*** Schadcode in Rubys Software-Archiv ***
---------------------------------------------
Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic.
---------------------------------------------
http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html/from/atom10






More information about the Daily mailing list