Tageszusammenfassung - Montag 6-05-2013
End-of-Shift report
Timeframe: Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert WaldnerWhat’s a known source of malware doing in an iOS app? Ars investigates
Trojans, false positives, and the case of accidental cross contamination.http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/
gpsd AIS driver packet parser denial of service
gpsd AIS driver packet parser denial of servicehttp://xforce.iss.net/xforce/xfdb/83982
EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System
http://www.securitytracker.com/id/1028511
EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files
http://www.securitytracker.com/id/1028510
Microsoft Releases Security Advisory 2847140
Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you...http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx
Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit
New version of DIY Google Dorks based mass website hacking tool spotted in the wild
By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...]http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/
Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/59618
Cisco WebEx Cache Directory Read Vulnerability
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory.http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231
Cisco WebEx Uninitialized Memory Read Vulnerability
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory.http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232
Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
http://www.securityfocus.com/archive/1/526541