[CERT-daily] Tageszusammenfassung - Donnerstag 24-10-2013

Daily end-of-shift report team at cert.at
Thu Oct 24 18:11:40 CEST 2013 

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-10-2013 18:00 − Donnerstag 24-10-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Neutrino: Caught in the Act ***
---------------------------------------------
Last week, we got a tip from Kafeine about hacked sites serving injected iframes leading to an exploit kit. We thought it was quite interesting so we looked at one of the infected websites and found this sneaky piece of code: The deobfuscated code shows the location from where the...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002626.html




*** Neue und alte Router-Lücken bei Netgear, Tenda und DrayTek ***
---------------------------------------------
Sicherheitsexperten haben eine Hintertür in Routern der WNDR-Reihe von Netgear gefunden, die ohne Passwort-Abfrage vollen Zugrif auf das Gerät erlaubt. Bei Modellen der Firmen Tenda und DrayTek kann man Schadcode ausführen, ohne sich einloggen zu müssen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-und-alte-Router-Luecken-bei-Netgear-Tenda-und-DrayTek-1984597.html




*** Industrial software flaw could allow manipulation of energy processes ***
---------------------------------------------
The vulnerability lies in industrial automation software that uses a weak encryption algorithm for user authentication, researchers at IOActive found.
---------------------------------------------
http://www.scmagazine.com/industrial-software-flaw-could-allow-manipulation-of-energy-processes/article/317610/




*** Bugtraq: ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529394




*** Bugtraq: RPS/APS vulnerability in snom/yealink and others ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529397




*** Security Bulletin: IBM Flex System Manger expired USERID password vulnerability (CVE-2013-5424) ***
---------------------------------------------
Security Bulletin: IBM Flex System Manger expired USERID password vulnerability (CVE-2013-5424) Affected product(s) and affected version(s): IBM Flex System Manager Node, Types 7955, 8731, 8734 all models, Version 1.3.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_flex_system_manger_expired_userid_password_vulnerability_cve_2013_5424?lang=en_us




*** Cisco IOS XR Software Route Processor Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr




*** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2




*** Multiple Vulnerabilities in Cisco Identity Services Engine ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise




*** Cisco Secure ACS Distributed Deployment Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5536




*** Vuln: Multiple Cisco Appliances CVE-2013-5537 Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63280




*** Vuln: Joomla! Maian15 Component name Parameter Arbitrary Shell Upload Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63287




*** Vuln: Drupal Spaces Module Access Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63305




*** WordPress Blue Wrench Video Widget Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55456

More information about the Daily mailing list