[CERT-daily] Tageszusammenfassung - Mittwoch 15-05-2013

Wed May 15 18:08:03 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 14-05-2013 18:00 − Mittwoch 15-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Microsoft Customer Protections for May 2013 ***
---------------------------------------------
Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories. For further details, please visit Knowledge Base article 2849195. Let’s talk about the updates that we released today.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/05/14/microsoft-customer-protections-for-may-2013.aspx


*** Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands ***
---------------------------------------------
A vulnerability was reported in Apache mod_rewrite. A remote user can cause arbitrary commands to be executed on the target user's system.
---------------------------------------------
http://www.securitytracker.com/id/1028540


*** Cisco Unified Communications Manager Authentication Denial of Service ***
---------------------------------------------
A vulnerability in device authentication of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to impact application response.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188


*** Security Bulletin: IBM Security Virtual Server Protection for VMware System can be affected by vulnerabilities in OpenSSL ***
---------------------------------------------
IBM Security Virtual Server Protection for VMware System can be affected by several vulnerabilities in OpenSSL. These vulnerabilities include obtaining sensitive information and denial of service vulnerabilities that could be exploited remotely by an attacker.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21636105


*** ownCloud Multiple Vulnerabilities ***
---------------------------------------------
A weakness and multiple vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site scripting and request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/53392


*** Adobe Security Bulletins Posted ***
---------------------------------------------
Adobe published the following Security Bulletins today: APSB13-13 – Security update: Hotfix available for ColdFusion APSB13-14 – Security updates available for Adobe Flash Player APSB13-15 – Security updates available for Adobe Reader and Acrobat Customers of the affected products should...
---------------------------------------------
http://blogs.adobe.com/psirt/2013/05/adobe-security-bulletins-posted-7.html


*** New 1day Exploits: Mutiny Vulnerabilities ***
---------------------------------------------
The Mutiny Appliance provides a Web Frontend, where the users can configure the system and monitor the data collected by the appliance. The Frontend provides four access roles: “Super Admin”, “Administrator”, “Engineer” and “View only”. All the roles allow the user to access to the “Documents” section, where multiple weaknesses have been detected...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/05/15/new-1day-exploits-mutiny-vulnerabilities


*** WordPress 1player Plugin VideoJS Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53445


*** WordPress S3 Video Plugin VideoJS Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53437


*** WordPress Video Embed & Thumbnail Generator Plugin VideoJS Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53426


*** WordPress External "Video for Everybody" Plugin VideoJS Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/53396


*** Ruby DL and Fiddle Tained Object Handling Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53432