Tageszusammenfassung - Dienstag 19-03-2013

End-of-Shift report

Timeframe: Montag 18-03-2013 18:00 − Dienstag 19-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl

EA Origin vuln puts players at risk

Game platform allows remote exploits, millions vulnerable A flaw in EAs Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities…

http://go.theregister.com/feed/www.theregister.co.uk/2013/03/19/ea_origin_bug_allows_remote_exploits/


Vuln: Cisco IOS and IOS XE Insecure Password Hash Weakness

Cisco IOS and IOS XE Insecure Password Hash Weakness

http://www.securityfocus.com/bid/58557


Oracle Automated Service Manager Unsafe Temporary Files Let Local Users Modify Files on the Target System.

A vulnerability was reported in Oracle Automated Service Manager. A local user can modify files on the target system.

http://www.securitytracker.com/id/1028310


Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities

Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities

https://secunia.com/advisories/52646


McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability

McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability

https://secunia.com/advisories/52688


Joomla! RSFiles! Component "cid" SQL Injection Vulnerability

Joomla! RSFiles! Component "cid" SQL Injection Vulnerability

https://secunia.com/advisories/52668


Ruby on Rails Multiple Vulnerabilities

Ruby on Rails Multiple Vulnerabilities

https://secunia.com/advisories/52656


IBM WebSphere Application Server Multiple Java Vulnerabilities

IBM WebSphere Application Server Multiple Java Vulnerabilities

https://secunia.com/advisories/52703


Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability

Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability

https://secunia.com/advisories/52690


[webapps] - ViewGit 0.0.6 - Multiple XSS Vulnerabilities

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

http://www.exploit-db.com/exploits/24862


[webapps] - WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

http://www.exploit-db.com/exploits/24859


Botnetz scannt das Internet mit Hilfe von gehackten Endgeräten

Ein Hacker hat einen eigenen "Internet Census 2012" mittels eines extra dafür eingerichteten Botnetzes erstellt. Ergebnis der Aktion: 420 Millionen aktive Geräte antworten auf Anfragen - und jede Menge Sicherheitslecks kommen ans Licht.

http://www.heise.de/newsticker/meldung/Botnetz-scannt-das-Internet-mit-Hilfe-von-gehackten-Endgeraeten-1825634.html


Bugtraq: VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)

VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787)

http://www.securityfocus.com/archive/1/526050