[CERT-daily] Tageszusammenfassung - Mittwoch 26-06-2013

Daily end-of-shift report team at cert.at
Wed Jun 26 18:26:50 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Cisco Linksys X3000 Router apply.cgi cross-site scripting ***
---------------------------------------------
Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85186




*** Vast majority of malware attacks spawned from legit sites ***
---------------------------------------------
Drive-by attacks not just from porn and warez sites, new Google data shows.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/




*** Google adds malware, phishing to transparency report to make the Web safer ***
---------------------------------------------
The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily
---------------------------------------------
http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-transparency-report-to-make-the-web-safer-?source=rss_application_security




*** Forticlient VPN client credential interception vulnerability ***
---------------------------------------------
Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060220




*** aSc TimeTables Add Subject buffer overflow ***
---------------------------------------------
aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85199




*** IBM OpenPages GRC Platform Multiple Java Vulnerabilities ***
---------------------------------------------
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Solution Status: Unpatched
---------------------------------------------
https://secunia.com/advisories/53962




*** Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update ***
---------------------------------------------
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,...

The iceweasel version in the oldstable distribution (squeeze) is no
longer supported with security updates.
---------------------------------------------
http://www.securityfocus.com/archive/1/526973




*** Apache Qpid Python Client SSL Certificate Verification Security Issue ***
---------------------------------------------
A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks.
---------------------------------------------
https://secunia.com/advisories/53968


More information about the Daily mailing list