Tageszusammenfassung - Freitag 21-12-2012

End-of-Shift report

Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan

WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout

Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...


HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598

Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability

Squid cachemgr.cgi Remote Denial of Service Vulnerability


QNAP-NAS anfällig für cross-site-scripting (XSS)

Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS.


CA20121220-01: Security Notice for CA IdentityMinder

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability.


VMWare posts some updates, (Fri, Dec 21st)

Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative

http://isc.sans.edu/diary.html?storyid=14740&rss Next End-of-Shift report on 2012-12-27