[CERT-daily] Tageszusammenfassung - Mittwoch 3-04-2013

Wed Apr 3 18:04:30 CEST 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 02-04-2013 18:00 − Mittwoch 03-04-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Fool Me Once… ***
---------------------------------------------
When youre lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to maximum. But when youve gained access to an elite black market section of a closely guarded crime forum to which very few have access, its easy to let your guard down. Thats what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/KQ4_dgabCRA/


*** Vuln: Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities ***
---------------------------------------------
Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/57760


*** MongoDB nativeHelper.apply Remote Code Execution ***
---------------------------------------------
Topic: MongoDB nativeHelper.apply Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/9qv99GNyBx0/WLB-2013040007


*** Virtual Access Monitor SQL Injection ***
---------------------------------------------
Topic: Virtual Access Monitor SQL Injection Risk: Medium Text:High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk v...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/fgTY56cKvK8/WLB-2013040011


*** Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1028382


*** Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1028379


*** WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability ***
---------------------------------------------
WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/52855


*** Darkleech infiziert reihenweise Apache-Server ***
---------------------------------------------
Darkleech ist "intelligent" und greift nicht jeden an. Opfer leitet es auf Seiten mit dem Blackhole Exploit Kit um. Für die Angriffe werden Apache-Webserver als Virenschleudern missbraucht. Eine Vielzahl von deutschen Webseiten soll infiziert sein.
---------------------------------------------
http://www.heise.de/security/meldung/Darkleech-infiziert-reihenweise-Apache-Server-1833910.html


*** Cisco Connected Grid Network Management System SQL Injection Vulnerabilities ***
---------------------------------------------
A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163


*** Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Cisco Connected Grid Network Management System (CG-NMS) is susceptible to cross-site scripting (XSS) vulnerabilities in the element list component. XSS attacks use obfuscation by encoding tags or malicious portions of the script using the Unicode method so that the link or HTML content is disguised to the end user browsing to the site. The origins of XSS attacks are difficult to identify using traceback methods...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171


*** ownCloud-Sicherheitsupdate zerschießt Installation ***
---------------------------------------------
Nach einem Update auf die Versionen 5.0.1 und 5.0.2 stellt ownCloud die Funktion ein. Inzwischen haben die Entwickler nachgebessert.
---------------------------------------------
http://www.heise.de/security/meldung/ownCloud-Sicherheitsupdate-zerschiesst-Installation-1834339.html


*** SEC Consult - Sophos Web Protection Appliance Multiple vulnerabilities ***
---------------------------------------------
SEC Consult has identified several vulnerabilities within the components of the Sophos Web Protection Appliance in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt


*** IBM Maximo Asset Management Products - Potential security vulnerabilities with JavaTM SDKs ***
---------------------------------------------
Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21633170