End-of-Shift report
Timeframe: Donnerstag 18-07-2013 18:00 − Freitag 19-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
NanoSSH Denial Of Service
Topic: NanoSSH Denial Of Service Risk: Medium Text:Hi, Various openssh 6.2p1 users including our administrators stumbled over this nice bug in the "nanossh server" during pre...
http://cxsecurity.com/issue/WLB-2013070142
Drupal MRBS 6.x / 7.x CSRF / SQL Injection
Topic: Drupal MRBS 6.x / 7.x CSRF / SQL Injection Risk: Medium Text:View online:
https://drupal.org/node/2044173 * Advisory ID: DRUPAL-SA-CONTRIB-2013-058 * Project: MRBS [1] (third-party...
http://cxsecurity.com/issue/WLB-2013070143
Nginx 1.3.9 / 1.4.0 Buffer Overflow
Topic: Nginx 1.3.9 / 1.4.0 Buffer Overflow Risk: High Text:# encoding: ASCII abort("#{$0} host port") if ARGV.length < 2 require ronin $count = 0 # rop address taken from nginx...
http://cxsecurity.com/issue/WLB-2013070151
Erpressung: GVU-Trojaner sperrt wieder Windows-Rechner
Neue Varianten des Trojaners im Umlauf - Will Betroffene zur Überweisung von 100 Euro bringen
http://derstandard.at/1373513113284
IBM WebSphere Real Time Java Multiple Vulnerabilities
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Real Time, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
https://secunia.com/advisories/54257
JBoss RichFaces Resource Deserialisation Security Bypass Vulnerability
A vulnerability has been reported in JBoss RichFaces, which can be exploited by malicious people to bypass certain security restrictions.
https://secunia.com/advisories/54162
[2013-07-19] Multiple vulnerabilities in Sybase EAServer
Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130719-0_Sybase_Application_Server_Multiple_Vulnerabilities_v10.txt
HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Cisco IOS GET VPN Encryption Policy Bypass Vulnerability
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS could allow traffic to bypass the configured encryption policy.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436
More Details on EXPIRO File Infectors
We recently reported on an unusual attack involving exploit kits and file infectors. What makes the attack even more notable is that the file infectors used also have information theft routines, a behavior uncommon among file infectors. These file infectors are part of the PE_EXPIRO family, which was first spotted in 2010. It’s possible that [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMore Details on EXPIRO File Infectors
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_wieFR4INGs/
[SE-2012-01] New Reflection API affected by a known 10+ years old attack
A new vulnerability (Issue 69) that was submitted to Oracle today makes it possible to implement a very classic attack against Java VM. Whats in particular interesting is that the attack itself has been in the public knowledge for at least 10+ years...
http://seclists.org/fulldisclosure/2013/Jul/172
Tiki Wiki CMS/Groupware Multiple Vulnerabilities
A weakness and two vulnerabilities have been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks.
https://secunia.com/advisories/54149
Bugtraq: Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials
Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C
routers, administrative credentials are stored in plain text and are
easily accessible from a remote location on the WAN side of the
router.
http://www.securityfocus.com/archive/1/527370
DDoS attacks are getting bigger, stronger and longer
Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012.
https://www.net-security.org/secworld.php?id=15243