End-of-Shift report
Timeframe: Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Cisco Linksys X3000 Router apply.cgi cross-site scripting
Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the...
http://xforce.iss.net/xforce/xfdb/85186
Vast majority of malware attacks spawned from legit sites
Drive-by attacks not just from porn and warez sites, new Google data shows.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/
Google adds malware, phishing to transparency report to make the Web safer
The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily
http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-transparency-report-to-make-the-web-safer-?source=rss_application_security
Forticlient VPN client credential interception vulnerability
Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ...
http://cxsecurity.com/issue/WLB-2013060220
aSc TimeTables Add Subject buffer overflow
aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a...
http://xforce.iss.net/xforce/xfdb/85199
IBM OpenPages GRC Platform Multiple Java Vulnerabilities
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Solution Status: Unpatched
https://secunia.com/advisories/53962
Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,...
The iceweasel version in the oldstable distribution (squeeze) is no
longer supported with security updates.
http://www.securityfocus.com/archive/1/526973
Apache Qpid Python Client SSL Certificate Verification Security Issue
A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks.
https://secunia.com/advisories/53968