Tageszusammenfassung - Freitag 21-12-2012

End-of-Shift report

Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan

WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout

Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...

http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-2012120163


HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598

Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability

Squid cachemgr.cgi Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/56957


QNAP-NAS anfällig für cross-site-scripting (XSS)

Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS.

http://sdcybercom.wordpress.com/


CA20121220-01: Security Notice for CA IdentityMinder

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability.

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}

VMWare posts some updates, (Fri, Dec 21st)

Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative

http://isc.sans.edu/diary.html?storyid=14740&rss Next End-of-Shift report on 2012-12-27