[CERT-daily] Tageszusammenfassung - Dienstag 4-06-2013
Daily end-of-shift report
team at cert.at
Tue Jun 4 18:10:01 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Microsoft VC++ 2005 RTM runtime libraries installed with MSE ***
---------------------------------------------
Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060020
*** Bugtraq: Open-Xchange Security Advisory 2013-06-03 ***
---------------------------------------------
Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed.
---------------------------------------------
http://www.securityfocus.com/archive/1/526785
*** Imperva SecureSphere Operations Manager Command Execution ***
---------------------------------------------
Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060023
*** DS3 Authentication Server Command Execution ***
---------------------------------------------
Topic: DS3 Authentication Server Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060022
*** Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability ***
---------------------------------------------
MongoDB is prone to a denial-of-service vulnerability.
Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users.
---------------------------------------------
http://www.securityfocus.com/bid/60252
*** Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows ***
---------------------------------------------
Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-Day-Exploit-fuer-Windows-1875749.html
*** HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03781657
*** Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims ***
---------------------------------------------
Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance...
---------------------------------------------
http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_Attacks_Compromise_High_Profile_Victims
*** Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities ***
---------------------------------------------
A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53648
*** 3COM NBX V3000 Networked Telephony Solution Information Disclosure ***
---------------------------------------------
Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060027
More information about the Daily
mailing list