End-of-Shift report
Timeframe: Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
BlackBerry Fixes Remote Code Vulnerability in BES10
Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.
http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/102550
Unexpected IE Zero Day Used in Banking, Gaming Attacks
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks/102554
vBulletin vuln opens backdoor to rogue accounts
The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_vuln_opens_backdoor_to_rogue_accounts/
Invensys Wonderware InTouch Improper Input Validation Vulnerability
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application.
http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01
Quassel IRC SQL injection
Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being...
http://cxsecurity.com/issue/WLB-2013100064
McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029154
MyBB Session Hijacking and Security Bypass Vulnerabilities
https://secunia.com/advisories/54994
OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability
https://secunia.com/advisories/55193
Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467)
IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status...
http://www-01.ibm.com/support/docview.wss?uid=swg21651947
Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
Multiple Vulnerabilities in Cisco Firewall Services Module Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1029164
HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information
http://www.securitytracker.com/id/1029165