Deutsch | English

[CERT-daily] Tageszusammenfassung - Donnerstag 10-10-2013

Daily end-of-shift report team at cert.at
Thu Oct 10 18:17:17 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** BlackBerry Fixes Remote Code Vulnerability in BES10 ***
---------------------------------------------
Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.
---------------------------------------------
http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/102550




*** Unexpected IE Zero Day Used in Banking, Gaming Attacks ***
---------------------------------------------
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
---------------------------------------------
http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks/102554




*** vBulletin vuln opens backdoor to rogue accounts ***
---------------------------------------------
The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_vuln_opens_backdoor_to_rogue_accounts/




*** Invensys Wonderware InTouch Improper Input Validation Vulnerability ***
---------------------------------------------
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01




*** Quassel IRC SQL injection ***
---------------------------------------------
Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100064




*** McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029154




*** MyBB Session Hijacking and Security Bypass Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54994




*** OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55193




*** Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) ***
---------------------------------------------
IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21651947




*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa




*** Multiple Vulnerabilities in Cisco Firewall Services Module Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm




*** HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029164




*** HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029165


More information about the Daily mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung