[CERT-daily] Tageszusammenfassung - Dienstag 4-02-2014

Tue Feb 4 18:08:34 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 03-02-2014 18:00 − Dienstag 04-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** New iFrame Injections Leverage PNG Image Metadata ***
---------------------------------------------
We're always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it's new. We'll just say it's new.. We're all familiar with the idea of iFrame Injections, right? Understanding an iFrame Injection The iFrame HTML tag is very standard today, it's...
---------------------------------------------
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html


*** These Guys Battled BlackPOS at a Retailer ***
---------------------------------------------
Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Targets cash registers.
---------------------------------------------
http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer/


*** Search Engines for OSINT and Recon ***
---------------------------------------------
Based on the title to this post, you're thinking, "Awesome, Dave! Welcome to 2006!" Well hang on there. There's an amazing number of awesome search facilities that can be useful when doing OSINT and recon work for pen testing. I'll list a lot of different sites that I have discovered and use regularly for both.
---------------------------------------------
http://daveshackleford.com/?p=999


*** Defending Against Tor-Using Malware, Part 2 ***
---------------------------------------------
Last week, we talked about what Tor is, how it works, and why system administrators need to be aware of it. Now the question is: should I block Tor, and if I do decide to do that, what can be done to block Tor? Tor, by itself, is not inherently malicious. If a user wants...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/njzW9v7v14w/


*** VU#228886: ZTE ZXV10 W300 router contains hardcoded credentials ***
---------------------------------------------
Vulnerability Note VU#228886 ZTE ZXV10 W300 router contains hardcoded credentials Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014   Overview ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798)  Description ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is "admin" and the password is "XXXXairocon" where "XXXX" is the last...
---------------------------------------------
http://www.kb.cert.org/vuls/id/228886


*** VU#593118: Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability ***
---------------------------------------------
Vulnerability Note VU#593118 Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014   Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. (CWE-79)  Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting...
---------------------------------------------
http://www.kb.cert.org/vuls/id/593118


*** VU#728638: Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ***
---------------------------------------------
Vulnerability Note VU#728638 Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014   Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. (CWE-79)  Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting...
---------------------------------------------
http://www.kb.cert.org/vuls/id/728638


*** VU#813382: Dell KACE K1000 management appliance contains a cross-site scripting vulnerability ***
---------------------------------------------
Vulnerability Note VU#813382 Dell KACE K1000 management appliance contains a cross-site scripting vulnerability Original Release date: 04 Feb 2014 | Last revised: 04 Feb 2014   Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79)  Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. The
---------------------------------------------
http://www.kb.cert.org/vuls/id/813382


*** Security Bulletins: Vulnerability in Citrix XenMobile Device Manager server, formerly known as Zenprise Device Manager server, could result in unauthenticated information disclosure ***
---------------------------------------------
A vulnerability in Citrix XenMobile Device Manager server, formerly known as Zenprise Device Manager server, that could allow a remote, unauthenticated attacker to gain access to stored data.
---------------------------------------------
http://support.citrix.com/article/CTX140044


*** MyBB 1.6.12 POST Cross Site Scripting ***
---------------------------------------------
Topic: MyBB 1.6.12 POST Cross Site Scripting Risk: Low Text: <!-- Exploit-Title: MyBB 1.6.12 POST XSS 0day Google-Dork: inurl:index.php intext:Powered By MyBB Date: Februrary 2n...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020018


*** Chrony chronyc Protocol Response Amplification Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56727


*** mpg123 MP3 Decoding Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56729