======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00 Handler: Stephan Richter Co-Handler: n/a
*** BlackBerry Fixes Remote Code Vulnerability in BES10 *** --------------------------------------------- Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability. --------------------------------------------- http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/10...
*** Unexpected IE Zero Day Used in Banking, Gaming Attacks *** --------------------------------------------- Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard. --------------------------------------------- http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks/...
*** vBulletin vuln opens backdoor to rogue accounts *** --------------------------------------------- The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_vu...
*** Invensys Wonderware InTouch Improper Input Validation Vulnerability *** --------------------------------------------- OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01
*** Quassel IRC SQL injection *** --------------------------------------------- Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013100064
*** McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1029154
*** MyBB Session Hijacking and Security Bypass Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54994
*** OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55193
*** Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) *** --------------------------------------------- IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21651947
*** Multiple Vulnerabilities in Cisco ASA Software *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
*** Multiple Vulnerabilities in Cisco Firewall Services Module Software *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
*** HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information *** --------------------------------------------- http://www.securitytracker.com/id/1029164
*** HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information *** --------------------------------------------- http://www.securitytracker.com/id/1029165