Databáze Hot News 2013 September

Databáze Hot News 2013 September - 2013 January February March April May June July August September October November December

30.9.2013

Bugtraq

[SECURITY] [DSA 2766-1] linux-2.6 security update 2013-09-27
dann frazier (dannf debian org)

[SECURITY] [DSA 2765-1] davfs2 security update 2013-09-26
Luciano Bello (luciano debian org)

Malware

Downloader-FLN!BA7BC135830A!BA7BC135830A
Downloader-FLN!3EC0E5AD2A00!3EC0E5AD2A00
Downloader-FLN!6A09884E3A9C!6A09884E3A9C
Downloader-FLN!35E62DE3FE3D!35E62DE3FE3D
RDN/Generic PUP.x!AC3A45FFC0B1
Downloader-FLN!27589605DC63!27589605DC63
RDN/Generic.bfr!fc!66FD9BFE93E7
RDN/Qhost-Gen!ba!C74B68E641DE
Downloader-FLN!9CAE65A75614!9CAE65A75614
Generic PUP.x!A8CD2CC81576
Downloader-FLN!DAEE5B2BAD01!DAEE5B2BAD01
RDN/Generic PUP.x!b2i!E9CC027C3AA2
RDN/Generic PUP.x!3703888DD3F8
RDN/Generic.bfr!B5A990E2C206
Generic.bfr!FB3E3819E71E
Adware-FOO!40638FCD5A30!40638FCD5A30
Adware-FOO!78EC6369BFC5!78EC6369BFC5
Downloader-FLN!2BF23240A8C5!2BF23240A8C5
Downloader-FLN!F4D612841210!F4D612841210
Adware-FOO!19CB9AB51AF1!19CB9AB51AF1
RDN/Generic PUP.x!b2i!BE92D8D16892
Generic PUP.x!17846F31FF44
RDN/Generic PUP.x!410941E682B7
RDN/Generic PUP.x!278899E24B6E
RDN/Generic PUP.x!4135259D1C7C
RDN/Generic PUP.x!A7694143E4E4
Generic PUP.x!A5FA50FAAEDA
RDN/Generic Dropper!rq!767B96D50619
RDN/Generic PUP.x!85C7DD19E80E
Generic PUP.x!9FA58DD4F530

Phishing

Lloyds Bank Online	29th September 2013
Internet Banking : View Balances & Account Activity
Vodafone	29th September 2013
NEW MESSAGE RECEIVED
Natwest Bank	29th September 2013
NatWest: Your account security is due!
Paypal	29th September 2013
your paypal account have been limited
Virgin Money plc Online	28th September 2013
Account Limitations Notice.
auto-confirm1218@amazon.co.uk	28th September 2013
YOUR AMAZON.CO.UK ORDER #RND-7199393-8735453
auto-confirm1216@amazon.co.uk	28th September 2013
YOUR AMAZON.CO.UK ORDER #N:R-1517783-3092809
auto-confirm1318@amazon.co.uk	28th September 2013
YOUR AMAZON.CO.UK ORDER #N:A-2408737-4859504
VIRGIN CREDIT CARD	28th September 2013
RE: MBNA CREDIT CARD
Halifax Bank	28th September 2013
Halifax- Online Security Check
Lloyds Banking Group	28th September 2013
ONLINE BANKING : VIEW BALANCES charset=iso-8859-1">
Amazon	28th September 2013
Your Amazon account is locked!
Barclays Bank	28th September 2013
Re-instate Your Account
Lloyds Bank.	28th September 2013
LLOYDS BANK - EXISTING CUSTOMER NOTIFICATION
Nationwide Building Society	28th September 2013
NATIONWIDE NEW SEUCITY UPDATE
Tesco Personal Finance	28th September 2013
REDEEM YOUR FREE TESCO VOUCHER

Vulnerebility

Exploit

Nodejs js-yaml load() Code Exec

glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability

Tenda W309R Router 5.07.46 - Configuration Disclosure

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

mod_accounting Module 0.5 - Blind SQL Injection

XAMPP 1.8.1 (lang.php, WriteIntoLocalDisk method) - Local Write Access Vulnerability

SimpleRisk 20130915-01 - Multiple Vulnerabilities

27.9.2013

Bugtraq

[SECURITY] [DSA 2765-1] davfs2 security update 2013-09-26
Luciano Bello (luciano debian org)

Re:joomla com_zimbcomment Components Local File Include vulnerability 2013-09-26
Sergio Tam (tam sergio gmail com)

APPLE-SA-2013-09-26-1 iOS 7.0.2 2013-09-26
Apple Product Security (product-security-noreply lists apple com)

ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability 2013-09-26
Security Alert (Security_Alert emc com)

[ISecAuditors Security Advisories] Multiple Reflected Cross-Site Scripting vulnerabilities 2013-09-26
ISecAuditors Security Advisories (advisories isecauditors com)

XAMPP 1.8.1 Local Write Access Vulnerability 2013-09-26
ISecAuditors Security Advisories (advisories isecauditors com)

[ MDVSA-2013:242 ] kernel 2013-09-26
security mandriva com

[SECURITY] [DSA 2764-1] libvirt security update 2013-09-25
Moritz Muehlenhoff (jmm debian org)

joomla com_zimbcomment Components Local File Include vulnerability 2013-09-25
iedb team gmail com

Malware

Generic.bfr!0CFD07BA93F7
RDN/Generic PUP.x!b2c!84A57AFE08BC
Generic PUP.x!DEF5B1C43756
Generic PUP.x!ACD78F8FDFDA
Generic PUP.x!355F813BEA90
Generic PUP.x!F7F20D5DB184
Generic PUP.x!1409DAAC7370
Generic PUP.x!D5249B6C56BB
Generic Dropper!D4A63040F80A
Generic PUP.x!D7E72923F999
RDN/Generic.bfr!4239BC469190
Generic PUP.x!A07D43EAC97E
Generic PUP.x!843C8F6EBE92
RDN/Generic PWS.y!3D1227BA4C2F
Generic PUP.x!EE6CE3F5DBD9
RDN/Generic.bfr!fc!719479F358FA
Generic PUP.x!CC4B97DB1CED
Generic.bfr!1218451110FF
RDN/Generic PUP.x!b2c!446704B88578
RDN/Generic PUP.x!ED4C8070E471
Generic PUP.x!35F04F1864C8
Generic PUP.x!9036A30CD307
Generic.bfr!C373026E7D49
Generic PUP.x!B8B7480617D6
Generic PUP.x!6F9E819E1869
RDN/Generic BackDoor!tr!464EF2E6D472
Generic.bfr!65070875D1D9
Generic PUP.x!1D4DD762FB49
Generic.bfr!10FFC18F31B2
Generic.bfr!E2FC46C68609

Phishing

HSBC Bank plc	27th September 2013
Your Security is Important : Please Read !
JPMorgan Chase & Co	27th September 2013
You have one Message Alert
Apple	27th September 2013
Your account is temporarily Iimeted
PayPal	27th September 2013
Your account is limited - take action now
PayPal	27th September 2013
Your PayPal account is limited - take action now
Barclays Bank	27th September 2013
YOUR BARCLAYS DEBIT CARD HAS BEEN BLOCKED
=====DISCOVER HOW YOUR $12 BEC	27th September 2013
Assurant Mobile Job Search
USAA	27th September 2013
Important Message From Usaa
Lloyds TSB	27th September 2013
Improved Banking System
Google	27th September 2013
Important document

Vulnerebility

Exploit

26.9.2013

Bugtraq

[security bulletin] HPSBMU02872 SSRT101185 rev.2 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS) 2013-09-25
security-alert hp com

[ MDVSA-2013:241 ] perl-Crypt-DSA 2013-09-25
security mandriva com

[ MDVSA-2013:240 ] glpi 2013-09-25
security mandriva com

Multiple Vulnerabilities in X2CRM 2013-09-25
High-Tech Bridge Security Research (advisory htbridge com)

GreHack 2013 - 15 Nov. Grenoble, France - Conf. Registration OPEN 2013-09-25
Fab Duchene (f duchene grehack org)

[SECURITY] [DSA 2763-1] pyopenssl security update 2013-09-24
Salvatore Bonaccorso (carnil debian org)

CVE-2013-5118 - XSS Good for Enterprise iOS 2013-09-24
mario roblest com

Malware

RDN/Generic PUP.x!b2b!D6E5475A8B8C
Qhost-Gen!6DB53DD00EAD
RDN/PWS-Banker!cs!B118DEA678CE
RDN/Generic.dx!160844D3AAC7
RDN/Generic Dropper!677C4A01377F
RDN/Generic PUP.x!b2b!31D645572C3A
Generic.dx!64D71B59AD34
RDN/Generic BackDoor!936C3FF5F6EB
Generic PWS.y!339A52AFFE49
Generic.dx!6BB1B1F50FBA
Generic StartPage!D17363B1BCE1
FakeSecTool-FAZ!3777CC95F5D3!3777CC95F5D3
RDN/Ransom!357F8CB73B69
Generic PUP.x!D22CB2FA7206
Generic PUP.x!1103D8AFFA0B
RDN/Qhost-Gen!ba!A6B3EA447A07
RDN/Downloader.gen.a!B4093FB913E5
RDN/Qhost-Gen!B96F549400FD
Generic BackDoor!D7F58024911B
RDN/Qhost-Gen!B3596A7A896C
Generic PUP.x!A7196F7715EE
Generic PUP.x!F2D040F04EA3
Generic PUP.x!7684DCB5B636
RDN/Generic PUP.x!b2b!8FEECED06828
FakeSecTool-FAZ!9C989F30846D!9C989F30846D
RDN/Downloader.a!nl!3B2F9824D5FB
RDN/Qhost-Gen!388745EC9FFD
RDN/Qhost-Gen!ba!4818D519AA91
RDN/Generic.tfr!dp!9C8B0A5156BC
RDN/Generic BackDoor!tq!52096EB53EDD

Phishing

Barclays Uk	26th September 2013
NEW MESSAGE
Lloyds TSB PLC	26th September 2013
IMPORTANT INFORMATION REGARDING INTERNET BANKING
Nationwide Internet Bank	26th September 2013
Nationwide Building Society customer helpdesk
Nationwide Building Society	26th September 2013
Urgent Notification (Protect Your online Banking)
Paypal UK	26th September 2013
Online Access Has been Suspended
PayPal	25th September 2013
PayPal
Lloydstsb	25th September 2013
YOUR ATTENTION IS NEEDED FROM LLOYDSTSB BANK
Amazon Service	25th September 2013
AMAZON VERIFICATION ON YOUR ACCOUNT
Lloyds	25th September 2013
ACCOUNT REVIEW NOTIFICATION!

Vulnerebility

Exploit

25.9.2013

Bugtraq

[SECURITY] [DSA 2763-1] pyopenssl security update 2013-09-24
Salvatore Bonaccorso (carnil debian org)

CVE-2013-5118 - XSS Good for Enterprise iOS 2013-09-24
mario roblest com

Re: DC4420 - London DEFCON - September meet - Tuesday 24th September 2013 2013-09-23
Tony Naggs (tonynaggs gmail com)

[IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin 2013-09-23
Alexandro Silva (alexos ibliss com br)

[SECURITY] [DSA 2762-1] icedove security update 2013-09-23
Moritz Muehlenhoff (jmm debian org)

Wordpress fgallery_plus Plugin Xss vulnerabilities 2013-09-22
iedb team gmail com

Wordpress fgallery_plus Plugin Xss vulnerabilities 2013-09-21
iedb team gmail com

Malware

RDN/Generic.tfr!EC5F608D53DA
RDN/Qhost-Gen!C72E83C1222D
Generic PUP.x!24E5B097931F
Generic PUP.x!3324B295FA98
RDN/Generic PUP.x!bhz!74E244EADA19
RDN/Generic PUP.x!bhz!9B025A013937
RDN/Generic PUP.x!3BA7D2FCB0DC
RDN/Generic PUP.x!DD096D4CE8EB
RDN/Generic PUP.x!CCF288B868C7
RDN/Generic PUP.x!E2940CBC06D4
RDN/Generic PUP.x!ADAC8F65F2FA
RDN/Downloader.gen.a!89B7C606D71B
RDN/Generic PUP.x!D5ED60BEC296
RDN/Generic PUP.x!4C3E050A91E4
RDN/Generic.dx!crc!9B4066E34CBA
RDN/Generic PUP.x!C44979C64EB6
RDN/Generic PUP.x!2C2DC8D2F232
RDN/Generic PUP.x!E544D4D1587C
RDN/Generic PUP.x!bhz!B5F7892AD7B5
Generic PUP.x!BF8A46173369
Generic PUP.x!6F8AE7F4B060
Generic PUP.x!2705EF2FD7A0
RDN/Generic PUP.x!6ADE270EC864
RDN/Generic PUP.x!E91F6080EAFF
RDN/Generic PUP.x!F5EE354688A5
RDN/Generic PWS.y!FFEAD3FD509E
Generic PUP.x!AF3D1B23F6F6
RDN/Generic BackDoor.bfr!9BC39D7CBC9B
Generic PUP.x!A23B3770FA51
RDN/Generic.dx!D8BC0CA6EC8C

Phishing

Vulnerebility

Exploit

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

X2CRM 3.4.1 - Multiple Vulnerabilities

ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure Vulnerability

24.9.2013

Bugtraq

[IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin 2013-09-23
Alexandro Silva (alexos ibliss com br)

[SECURITY] [DSA 2762-1] icedove security update 2013-09-23
Moritz Muehlenhoff (jmm debian org)

Wordpress fgallery_plus Plugin Xss vulnerabilities 2013-09-22
iedb team gmail com

Wordpress fgallery_plus Plugin Xss vulnerabilities 2013-09-21
iedb team gmail com

[ANN] Struts 2.3.15.2 GA release available - security fix 2013-09-21
Lukasz Lenart (lukaszlenart apache org) (1 replies)

Re: [ANN] Struts 2.3.15.2 GA release available - security fix 2013-09-23
Emi Lu (emilu encs concordia ca)

Wordpress fgallery_plus Plugin Xss vulnerabilities 2013-09-21
iedb team gmail com

Malware

PWS-Zbot-FCZA!2612B4BB0ED5!2612B4BB0ED5
Generic PUP.x!29DC5D1A11FE
Generic PUP.x!0EF227C77D03
PWS-Zbot-FCZA!265F8EE18091!265F8EE18091
Generic.bfr!61772CDB4418
PWS-Zbot-FBFW!9F1868332CBF!9F1868332CBF
RDN/Generic.tfr!dp!B256A32071E0
PWS-Zbot-FCZA!9E3D1380F6A2!9E3D1380F6A2
Generic PUP.x!61153EF8605D
Generic.bfr!7428BA323EE6
Generic.bfr!F93E7A874BF5
Generic.bfr!0BB2AF4B1E53
RDN/Generic Dropper!ro!A6B79A6D486B
PWS-Zbot-FCZA!2E4A3AE1B9C9!2E4A3AE1B9C9
Generic PUP.x!4464A63183B6
Generic.bfr!88B73D6F99FC
Generic.bfr!8A772A9E7671
Generic PUP.x!B7D704C35DEF
PWS-Zbot-FBFW!2E5CB008E0C2!2E5CB008E0C2
PWS-Zbot-FCZA!30E27C7BE8E9!30E27C7BE8E9
Generic PWS.y!4089EBDB404E
PWS-Zbot-FCZA!6FBEA9DF85B5!6FBEA9DF85B5
PWS-Zbot-FBFW!6EE759D1E3A4!6EE759D1E3A4
Generic PUP.x!0E26B8D95185
Generic PUP.x!66A1A1F1ADAD
PWS-Zbot-FCZA!6A121AA961A7!6A121AA961A7
PWS-Zbot-FCZA!6D04E45044B5!6D04E45044B5
PWS-Zbot-FCZA!6CD21282E4F5!6CD21282E4F5
PWS-Zbot-FBFW!6B793558CA73!6B793558CA73
PWS-Zbot-FCZA!6C205E87073C!6C205E87073C

Phishing

Vulnerebility

Exploit

Raidsonic NAS Devices Unauthenticated Remote Command Execution

23.9.2013

Bugtraq

[security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS) 2013-09-20
security-alert hp com

APPLE-SA-2013-09-20-1 Apple TV 6.0 2013-09-20
Apple Product Security (product-security-noreply lists apple com)

Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability 2013-09-20
Vulnerability Lab (research vulnerability-lab com)

Malware

RDN/Generic PWS.y!01846A98D527
RDN/Generic Dropper!ro!B19335B6BA5A
RDN/Generic Downloader.x!in!A81E1F940FD1
Generic PUP.x!D4BAF1E039F5
RDN/Spybot.bfr!h!34C680E1207E
RDN/Generic.grp!FA9B8BA7E5B2
RDN/Generic.grp!1814744D798E
RDN/Generic.dx!cr3!D7ABD818EEFD
RDN/Generic PUP.x!bh3!F1C0695E35C1
RDN/Autorun.worm!cw!5FCB3234EEE3
Generic.bfr!CDA977F32F4F
Generic PUP.x!5F075706FF32
Generic PUP.x!316CFC7F5F76
RDN/Generic BackDoor!tp!7B1699BEDF42
RDN/Generic PUP.x!bh3!4C00D421C302
Generic PUP.x!C8C8D070FA66
RDN/Generic Dropper!840F6DB99AA2
RDN/Generic Dropper!ro!C4B47DE355AA
RDN/FakeAlert-HDD!1814744D798E
RDN/Generic PUP.x!bh3!F46DA3AB7B30
Generic PUP.x!A8103FCC9BAD
Generic PUP.x!022C0F327F3D
RDN/Generic.bfr!fb!DBB9D65FDAE7
RDN/Generic.grp!fy!16768E91C177
RDN/Generic PUP.x!bh3!306397254CA2
RDN/Generic PUP.x!bh3!E78CB2026ECC
Generic PUP.x!ECD7A013BB47
RDN/Generic PUP.x!bh3!CF2671DB9C0C
RDN/Generic PUP.x!bh3!4F8AAC9CE90F
Generic PUP.x!BC6E346E5FB3

Phishing

Vulnerebility

Exploit

CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow

MS13-069 Microsoft Internet Explorer CCaret Use-After-Free

MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution

GLPI install.php Remote Command Execution

Linksys WRT110 Remote Command Execution

Wordpress NOSpamPTI Plugin - Blind SQL Injection

Linux/x86 Multi-Egghunter

Wordpress Lazy SEO plugin Shell Upload Vulnerability

SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow

Share KM 1.0.19 - Remote Denial Of Service

20.9.2013

Bugtraq

Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability 2013-09-20
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2013-09-20
security-alert hp com

[SECURITY] [DSA 2761-1] puppet security update 2013-09-19
Raphael Geissert (geissert debian org)

[security bulletin] HPSBGN02923 rev.1 - HP ArcSight Enterprise Security Manager Management Web Interface, Remote Cross Site Scripting (XSS) 2013-09-19
security-alert hp com

[ MDVSA-2013:239 ] wordpress 2013-09-19
security mandriva com

[ MDVSA-2013:238 ] wireshark 2013-09-19
security mandriva com

[PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager 2013-09-19
noreply ptsecurity ru

An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism 2013-09-19
RBS Research (research riskbasedsecurity com)

[slackware-security] glibc (SSA:2013-260-01) 2013-09-18
Slackware Security Team (security slackware com)

[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities 2013-09-18
security-alert hp com

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability 2013-09-18
Vulnerability Lab (research vulnerability-lab com)

CVE-2013-5210 Adtran Netvanta Remote Code Injection via XSS 2013-09-18
J. Oquendo (joquendo e-fensive net)

Malware

RDN/Generic BackDoor!tn!AD961C618680
Generic PUP.x!00BD8DA3A86B
Generic PUP.x!D8D9909CCF83
Generic PUP.x!591FAF5A9B51
RDN/Generic BackDoor!tn!486ACA604DBD
RDN/Generic PUP.x!7BC6E2A1F756
RDN/Generic PUP.x!bh3!92D4D1C7D2D8
Generic PUP.x!F5A74D7986A6
RDN/Generic Dropper!EBD505748D5F
Generic Downloader.x!AAC5065B6D1A
Generic PUP.x!3FE0074BED98
RDN/Generic Dropper!94940E843381
RDN/Generic.bfr!fb!05796A513B47
Generic PUP.x!79E3EC606444
RDN/Generic Dropper!FEA9462F8163
RDN/Generic PUP.x!bh3!AC858FD0100D
RDN/Generic PUP.x!7A49424ADC24
Generic Downloader.x!BB09BB12165B
Generic PUP.x!10BAB0591DAE
RDN/Generic PUP.z!dh!39E08945B3DD
RDN/Generic PUP.x!C42DF0AF39B2
Generic.bfr!D5CF0102303C
Generic.bfr!6952135F6B87
RDN/Generic Dropper!1A94CDD90874
RDN/Generic PUP.x!bh3!3037326670ED
Generic PUP.x!D5BFE7D8E7D3
Generic Downloader.x!738E451C9DD5
RDN/Generic PUP.x!bh3!F88E6A028C37
Generic PUP.x!F558FDC33777
RDN/Downloader.a!nk!B37E4FE07510

Phishing

Vulnerebility

Exploit

Western Digital Arkeia Remote Code Execution

OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution

19.9.2013

Bugtraq

[ MDVSA-2013:239 ] wordpress 2013-09-19
security mandriva com

[ MDVSA-2013:238 ] wireshark 2013-09-19
security mandriva com

[PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager 2013-09-19
noreply ptsecurity ru

An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism 2013-09-19
RBS Research (research riskbasedsecurity com)

[slackware-security] glibc (SSA:2013-260-01) 2013-09-18
Slackware Security Team (security slackware com)

[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities 2013-09-18
security-alert hp com

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability 2013-09-18
Vulnerability Lab (research vulnerability-lab com)

CVE-2013-5210 Adtran Netvanta Remote Code Injection via XSS 2013-09-18
J. Oquendo (joquendo e-fensive net)

APPLE-SA-2013-09-18-3 Xcode 5.0 2013-09-18
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBUX02927 SSRT101288 rev.1 - HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS) 2013-09-18
security-alert hp com

APPLE-SA-2013-09-18-2 iOS 7 2013-09-18
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2013-09-18-1 iTunes 11.1 2013-09-18
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability 2013-09-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager 2013-09-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBMU02917 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Remote Command Execution and Privilege Escalation 2013-09-18
security-alert hp com

[SECURITY] [DSA 2760-1] chrony security update 2013-09-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 2759-1] iceweasel security update 2013-09-18
Moritz Muehlenhoff (jmm debian org)

SQL Injection in vtiger CRM 2013-09-18
High-Tech Bridge Security Research (advisory htbridge com)

Malware

Generic PUP.x!651375EC31D7
Generic PUP.x!736D95B8BB9D
Generic PUP.x!A1829EBC845B
Generic PUP.x!21F2915B9148
Generic PUP.x!EF70E6FA3A19
Generic PUP.x!A771266A4003
Generic PUP.x!38EC1DF44486
Generic PUP.x!CAB0D8E05703
Generic PUP.x!2CE58D6C818A
Generic PUP.x!56433D88A9CB
Generic PUP.x!39A76665D029
Generic PUP.x!39BEBE841060
Generic PUP.x!FDE34437E727
Generic PUP.x!1A201788B021
Generic PUP.x!59024E278147
Generic PUP.x!4F492214DBE0
Generic PUP.x!8538A5329153
Generic PUP.x!2D1342638378
Generic PUP.x!266A79E6CEBF
Generic PUP.x!280349E6BFA8
Generic PUP.x!98522B2BD5CD
Generic PUP.x!D9C5568D3F1A
Generic PUP.x!939587B6A9C3
Generic PUP.x!5471779683CC
Generic PUP.x!7EB9ABE7AAB9
Generic PUP.x!2BABD978624C
Generic PUP.x!1F99CF207411
Generic PUP.x!7042A6864523
Generic PUP.x!1D6E79D822A3
Generic PUP.x!FEB10603CD9F

Phishing

Vulnerebility

Exploit

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability

18.9.2013

Bugtraq

[SECURITY] [DSA 2758-1] python-django security update 2013-09-17
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2013-09-17-1 OS X Server v2.2.2 2013-09-17
Apple Product Security (product-security-noreply lists apple com)

[ MDVSA-2013:236 ] subversion 2013-09-17
security mandriva com

EarthVPN certificate configuration vulnerabilities 2013-09-17
y6whynrzab snkmail com

Malware

RDN/Generic.dx!cq3!9BF887847DC9
Generic PUP.x!477339F2DD31
RDN/Generic Dropper!rn!58159C567EF3
RDN/Generic.dx!D13EC446DF78
Generic PUP.x!5F455B94CE97
RDN/Generic Downloader.x!im!746D46DDACCE
RDN/Generic PUP.x!bhs!1D7F12A14059
Generic PUP.x!1B2B4CCB4D18
Generic PUP.x!2267D7011062
Generic Downloader.x!141EE2DBE68A
Generic.bfr!1D55207E9023
Generic PUP.x!18932F89DA8A
Generic PUP.x!0FEDBA26ED0C
Generic Downloader.x!FC7EA6A2B7A4
Generic PUP.x!E4476355580D
RDN/Generic.dx!cq3!CE79790F156F
Generic PUP.x!B7AE64EAD556
RDN/Generic Downloader.x!im!9B94B698DFC2
Generic PUP.x!9820C86CA83E
RDN/Generic PWS.y!ut!7CB5267EA3C1
RDN/Generic.dx!4563DABD66C0
RDN/Generic PWS.y!ut!7400C34ED0F4
Generic PUP.x!0C955922DBD9
Generic PUP.x!015248D62336
Generic PUP.x!C302FA697C22
Generic PUP.x!B3F8ACBFA74F
Generic PUP.x!B03CD8BBBA22
Ransom-FAC!B0A011D9E203!B0A011D9E203
RDN/Generic BackDoor!tm!A36B706C2D87
RDN/Generic.dx!172115ABCB34

Phishing

Vulnerebility

Exploit

17.9.2013

Bugtraq

[ MDVSA-2013:235 ] mediawiki 2013-09-16
security mandriva com

Botconf 2013 - Pre-programme pubished & registration open (Nantes, France, 5-6/12/2013) 2013-09-15
Eric Freyssinet (eric freyssinet gmail com)

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption 2013-09-15
Kevin W. Wall (kevin w wall gmail com)

Malware

RDN/Generic.bfr!fb!34F6ACD618A9
RDN/Generic PUP.x!12C57800867E
W32/Spybot.bfr!E9A5C8E12495
Generic.dx!C13EAD70B298
RDN/Generic.bfr!fb!5382482ABE5F
RDN/Generic.bfr!fb!D13D07854B4C
RDN/Generic.bfr!fb!4C8DF84D4E52
RDN/Generic.bfr!fb!584909CED393
RDN/Generic.bfr!54D15A2F4779
Ransom-FAC!9DE9BBC6678F!9DE9BBC6678F
RDN/Generic BackDoor!tm!7506F0A8687F
RDN/Generic.bfr!fb!10FCA9FBA83C
Generic.bfr!5921C2E2F7F4
RDN/Generic Dropper!rn!D890F6612F3B
RDN/Generic PUP.x!bhs!FF72DD6C20EC
RDN/Generic.dx!cqs!F4DAE4801E17
RDN/Generic PUP.x!bhs!4825E938AA09
RDN/Generic PUP.x!bhs!EE9065F3D07A
W32/Spybot.bfr!E272892D2966
RDN/Generic BackDoor!tm!27183A48B62A
RDN/Generic PUP.x!bhs!E84FC2EC34BD
RDN/Autorun.bfr!d!9258B87E17A2
W32/Spybot.bfr!B77843F50D32
W32/Spybot.bfr!4E451B5756DB
RDN/Generic.bfg!c!AFB6AF529304
RDN/Generic PUP.x!bhs!245005701ADE
RDN/Generic.dx!cqs!76D2BEB6C9E2
Generic PUP.x!F7CD1851A06B
RDN/Generic PUP.x!bhs!1DA387A198BD
RDN/Generic.bfr!fb!FC0BB9E53953

Phishing

Vulnerebility

Exploit

PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (MSF)

Oracle Java ShortComponentRaster.verify() Memory Corruption

D-Link Devices UPnP SOAP Telnetd Command Execution

Sophos Web Protection Appliance sblistpack Arbitrary Command Execution

HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload

HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload

Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation

Agnitum Outpost Internet Security Local Privilege Escalation

OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities

Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities

Vino VNC Server 3.7.3 - Persistent Denial of Service

16.9.2013

Bugtraq

[ MDVSA-2013:234 ] python-django 2013-09-13
security mandriva com

[ MDVSA-2013:232 ] libmodplug 2013-09-13
security mandriva com

Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability 2013-09-13
brianwarehime gmail com

[SECURITY] [DSA 2756-1] wireshark security update 2013-09-13
Moritz Muehlenhoff (jmm debian org)

[ MDVSA-2013:233 ] python-OpenSSL 2013-09-13
security mandriva com

[SECURITY] [DSA 2753-1] mediawiki security update 2013-09-13
Thijs Kinkhorst (thijs debian org)

OpenSSL,OpenSSH ecdsa authentication code inconsistent return values.. no vulnerability? 2013-09-13
king cope (isowarez isowarez isowarez googlemail com)

APPLE-SA-2013-09-12-2 Safari 5.1.10 2013-09-12
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 2013-09-12
Apple Product Security (product-security-noreply lists apple com)

WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release 2013-09-13
danielthomson72 gmail com

[iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin 2013-09-12
Alexandro Silva (alexos ibliss com br)

[ MDVSA-2013:231 ] openswan 2013-09-12
security mandriva com

[ MDVSA-2013:230 ] gdm 2013-09-11
security mandriva com

Malware

RDN/Generic BackDoor!tm!7A9283CE46E8
ZeroAccess-FBE!AEBA617D955D!AEBA617D955D
RDN/Generic Dropper!rn!ED77EB0E35EC
RDN/Generic BackDoor!tm!FF960366DD8F
RDN/Downloader.a!nk!52EA1F59F837
RDN/Generic.dx!67E7242C1625
RDN/Generic Dropper!rn!49FAE358E4A2
RDN/Generic BackDoor!tm!DE1325C5FD52
W32/Virut.gen!157FCCF394F5
ZeroAccess-FBE!E28B7800030D!E28B7800030D
RDN/Generic BackDoor!tm!8FD96BDB688D
RDN/Generic BackDoor!tm!A5DD6087AD59
RDN/Generic BackDoor!tm!5AB94CCD9785
RDN/Generic.bfr!fb!CD9B2EA54F89
Generic PUP.x!7AACDE9C7442
ZeroAccess-FBE!4907050028C3!4907050028C3
Generic Dropper!6C7935C162CD
RDN/Generic.dx!cqs!03508E608CF6
RDN/Generic.bfr!fb!77F0E5BE4105
RDN/Generic BackDoor!tm!DD1F4410C32F
RDN/Generic Dropper!rn!2BE5CE1AED7D
Generic PUP.x!CD3230879C58
Generic PUP.x!038DE3361C3C
Generic PUP.x!46B2CD0EE3AA
RDN/Generic BackDoor!E2BAB51A6C74
RDN/Generic Dropper!rn!A25568221FAB
RDN/Generic.bfr!789A25996AA6
RDN/Generic PUP.x!bhr!AF5AB4B3E0C5
Generic PUP.x!22C362A1C0F0
RDN/Generic PUP.x!bhr!2BBD9D0B3715

Phishing

Vulnerebility

Exploit

Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution

Router ONO Hitron CDE-30364 - CSRF Vulnerability

13.9.2013

Bugtraq

OpenSSL,OpenSSH ecdsa authentication code inconsistent return values.. no vulnerability? 2013-09-13
king cope (isowarez isowarez isowarez googlemail com)

APPLE-SA-2013-09-12-2 Safari 5.1.10 2013-09-12
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 2013-09-12
Apple Product Security (product-security-noreply lists apple com)

WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release 2013-09-13
danielthomson72 gmail com

[iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin 2013-09-12
Alexandro Silva (alexos ibliss com br)

[ MDVSA-2013:231 ] openswan 2013-09-12
security mandriva com

Malware

Generic.bfr!EE12488F6ED7
RDN/Generic PUP.x!bhp!4BDA1FE200DD
Generic.bfr!F94C01BBBB94
RDN/Generic BackDoor!tk!2C70E9A7E010
RDN/Generic BackDoor!tk!E9341AEB3143
RDN/Generic PWS.y!us!FEAC52C9CD85
Generic PUP.x!CA7A0F0CD260
Generic Downloader.x!AAD0CBB0B6F2
RDN/Generic Qhost!j!C11A92141A4E
RDN/Generic.bfr!fa!C1A9D6917FF4
Generic Downloader.x!2D3BCACB2C31
Generic.bfr!F0AFEB664817
Generic PUP.x!5D841266AAC4
Generic.bfr!111ECA46D7F4
RDN/Generic PUP.x!bhp!0AF9064BAB8E
RDN/Generic.bfr!fa!6954A59CEAFA
Generic PUP.x!DFDD2FCECBE3
Generic.bfr!5DA1FCC7A671
Generic.dx!367BABA4AD65
RDN/Vundo!0044383E5DF9
RDN/Generic PUP.x!bhp!23F0ADAE1FCB
RDN/Generic PUP.x!bhp!EBED3BB85942
RDN/Generic PUP.x!bhp!DFA31FA1A207
RDN/Generic.tfr!A213A571745B
Generic BackDoor!8CDD81436F3B
Generic.tfr!B98A22FF5B2B
Generic.bfr!DE65672636C2
RDN/Generic PUP.x!bhp!EC2262C35C7A
RDN/Generic PUP.x!82ECEDE81D07
Generic.tfr!EDCCE71EEC2C

Phishing

Vulnerebility

Exploit

Zimplit CMS 3.0 - Multiple Vulnerabilities

Vestel TV 42pf9322 - Denial of Service

12.9.2013

Bugtraq

[ MDVSA-2013:230 ] gdm 2013-09-11
security mandriva com

OWASP Zed Attack Proxy 2.2.0 2013-09-11
psiinon (psiinon gmail com)

[security bulletin] HPSBUX02928 SSRT101274 rev.1 - HP-UX running perl, Remote Denial of Service (DoS) 2013-09-11
security-alert hp com

[SECURITY] [DSA 2755-1] python-django security update 2013-09-11
Salvatore Bonaccorso (carnil debian org)

ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation in kbdint authentication 2013-09-11
king cope (isowarez isowarez isowarez googlemail com)

Cross-Site Scripting (XSS) in WikkaWiki 2013-09-11
High-Tech Bridge Security Research (advisory htbridge com)

Insecure CHIASMUS encryption in GSTOOL 2013-09-11
Jan Schejbal (jan mailinglisten googlemail com)

Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability 2013-09-11
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 2754-1] exactimage security update 2013-09-10
Raphael Geissert (geissert debian org)

Malware

RDN/Generic Dropper!rm!C9D1EA617273
RDN/Generic BackDoor!tj!1F8D8A14F415
Generic.dx!0F0FE4F79B71
RDN/Generic.tfr!952CFD96878E
RDN/Generic PUP.z!df!0463FA823C97
Generic.dx!95226EF37D70
RDN/Generic.tfr!dp!1766622B0C74
W32/Virus.gen!085288DB0C40
RDN/Generic PUP.x!C350B8993451
RDN/Generic BackDoor!tj!C08EEAE73CB0
Generic.dx!0DE4091CFA04
RDN/Generic BackDoor!tj!0E98A55CBF49
RDN/Generic.dx!cqn!1DF57CFCD063
RDN/Generic Downloader.x!im!143D5C0CB829
RDN/Generic BackDoor!tj!CEB27161FA60
RDN/Generic.bfr!fa!51D0BD923E68
Generic.bfr!6BB7B6AC2AF4
W32/Autorun.bfr!A0EC55888F2E
Generic StartPage!A2798BEC102F
RDN/Generic.bfr!6DC0B95EA6EA
RDN/Generic BackDoor!tj!34635E347C35
Generic.bfr!5989EC468F70
Generic Dropper!5B7BD00E9164
Generic PUP.x!6634CF5543B8
Generic PUP.x!A039001F81B6
RDN/Generic PUP.x!E3ABE1D5A6A0
Generic.dx!73F1ABF1395D
Generic PUP.x!CF69E499B8EF
Generic BackDoor!C8A52DC46AC3
RDN/Generic PUP.x!79BE52ED89D9

Phishing

Vulnerebility

Exploit

Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities

Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067

D-Link DSL-2740B - Multiple CSRF Vulnerabilities

Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities

11.9.2013

Bugtraq

[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse 2013-09-10
security-alert hp com

[ MDVSA-2013:229 ] bzr 2013-09-10
security mandriva com

FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast [REVISED] 2013-09-10
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-13:11.sendfile 2013-09-10
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp [REVISED] 2013-09-10
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-13:13.nullfs 2013-09-10
FreeBSD Security Advisories (security-advisories freebsd org)

[ MDVSA-2013:228 ] cacti 2013-09-10
security mandriva com

FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl 2013-09-10
FreeBSD Security Advisories (security-advisories freebsd org)

Open-Xchange Security Advisory 2013-09-10 2013-09-10
Martin Braun (martin braun open-xchange com)

Multiple vulnerabilities on D-Link Dir-505 devices 2013-09-09
alessandro dipinto artificialstudios org

[ MDVSA-2013:227 ] python-setuptools 2013-09-09
security mandriva com

Malware

RDN/Generic.bfr!fa!0F965C4684FF
RDN/Generic Dropper!rl!003C6588491B
RDN/Generic PUP.x!bhn!6ADA0B770BC2
Generic PUP.x!616DE9AE3B73
Generic PUP.x!970AB25FBCD7
RDN/Generic.grp!fw!ED1165E94312
RDN/Generic.bfg!c!17DD3D00282F
RDN/Generic BackDoor!tj!68523B38437E
RDN/Generic.bfr!5A9C417B82EF
RDN/Generic.tfr!D9F7DC826636
RDN/Generic.bfr!74C63FAAB1BF
RDN/Generic.tfr!B2379838E0D7
RDN/Generic.dx!A3D8C25BA32B
RDN/Generic Dropper!rl!D3193E806BCF
Generic.bfr!1D47CBA3E8FF
RDN/Generic PUP.x!bhn!D70968990E3A
RDN/Generic PUP.x!05EDF221A2F6
RDN/Generic PUP.z!df!0B8C34DFF202
RDN/Generic.grp!fw!38155B6821FD
Generic PUP.x!100CE46646F6
Generic Dropper!AF30F8DB7D46
RDN/Generic Downloader.x!A6F892E58C77
RDN/Generic.bfr!29128AE5FDE1
RDN/Generic PUP.x!bhn!EA2DA4A682E5
Generic PUP.x!C2800831127F
RDN/Generic PUP.x!bhn!7B96AB5917B1
RDN/Generic PUP.x!bhn!1B9C72FDFB44
Generic PUP.x!C8CE55A8A74C
RDN/Generic.bfr!fa!42FBFF23FB79
RDN/Generic PUP.x!838598397530

Phishing

Vulnerebility

Exploit

10.9.2013

Bugtraq

[slackware-security] subversion (SSA:2013-251-01) 2013-09-09
Slackware Security Team (security slackware com)

[SECURITY] [DSA 2752-1] phpbb3 security update 2013-09-07
Thijs Kinkhorst (thijs debian org)

Event Easy Calendar 1.0.0 WP plugin 2013-09-07
roguecoder hush com

Malware

RDN/Generic BackDoor!ti!A2CB8DBCBFE0
RDN/Generic Qhost!j!2F99A460ACA5
Generic.bfr!303D33C5BE79
RDN/Generic Dropper!85C987283BA6
RDN/Generic.bfr!fa!2F4F14E4A009
RDN/Generic BackDoor!ti!3074EFB60E76
RDN/Generic.bfr!fa!2E52CDE3A45E
Generic PUP.x!2C348A6DC122
Generic.bfr!2F02D7802CD4
RDN/Generic PUP.x!bhn!9C9DD4ABFFB8
Generic.bfr!3031968A744F
RDN/Generic.bfr!2FB6D8AF5825
Generic PUP.x!2DBE76A081C2
Generic.bfr!2DF0AC17F6A4
Generic.bfr!2CD222C8DE20
Generic PUP.x!2D34BCD721C9
Generic.bfr!2F08A3ED853D
Generic.bfr!2CFE594C0DEC
RDN/Generic.bfr!fa!4C2FE553E2BA
RDN/Generic PUP.x!2DABA5C9E4E0
RDN/Generic PUP.x!2C94DF4BC5B1
Generic Downloader.x!2D96479A1FCD
Generic.bfr!2EDF901200FB
Generic BackDoor!8389D577AE5D
RDN/Generic.grp!2C84B701DBF8
Generic PUP.x!2B6BD8AF4612
Generic.bfr!2B24F2472685
Generic PUP.x!2C0663628429
RDN/Generic PUP.x!bhn!2CE1DD8EE432
Generic.bfr!2940A488EF2D

Phishing

Vulnerebility

Exploit

HP SiteScope Remote Code Execution

MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free

eM Client e-mail client v5.0.18025.0 Stored XSS vulnerability

AjaXplorer 1.0 - Multiple Vulnerabilities

glFusion 1.3.0 (search.php, cat_id param) - SQL Injection

D-Link DIR-505 1.06 - Multiple Vulnerabilities

9.9.2013

Bugtraq

[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities 2013-09-06
CORE Advisories Team (advisories coresecurity com)

APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4 2013-09-06
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4 2013-09-06
Mihaela Popescu-Stanesti (maru apple com)

CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals 2013-09-06
Maria Lemos (marialemos72 gmail com)

[ MDVSA-2013:226 ] roundcubemail 2013-09-05
security mandriva com

Malware

Generic PUP.x!3B932F15D278
Generic PUP.x!61293D15A0DA
Generic Dropper!4DFC1F09BB76
Generic PUP.x!7AB1D19791FE
Generic PUP.x!C62B8102FD48
RDN/Generic Dropper!28821439A17A
Generic PUP.x!16847CFA68C4
Generic PUP.x!451D1AD020C8
Generic PUP.x!62875A9D5077
RDN/Generic PUP.x!bhk!27D43BD3D34E
RDN/Generic PUP.x!3084F1D36B1F
Generic StartPage!4F3EDF4487BC
Generic PUP.x!EACE1ED831AA
Generic PUP.x!9359A31018D3
Generic PUP.x!574384B3CD23
RDN/Generic.dx!cqk!098CB5B63690
Generic PUP.x!DF36118278FC
RDN/Generic.bfr!fa!F6BBD632BF5A
RDN/Generic Dropper!38A7F7787CA4
ZeroAccess-FBR!73AFFA1B161B!73AFFA1B161B
Generic Downloader.x!104D2BD63456
Generic PUP.x!7BADA0BABA7E
RDN/Autorun.worm!cw!F3FA81F8245F
RDN/Generic BackDoor!ti!DE10CF07F9AD
Generic PUP.x!6ED63884182F
RDN/Downloader.a!nj!FD88E8DDDD66
RDN/Generic Downloader.x!im!E5FBD5DFB587
RDN/Generic Downloader.x!im!E3014F290C36
RDN/Generic Dropper!rl!D4D86D546A08
RDN/Generic StartPage!bo!C4E93B9A0205

Phishing

Vulnerebility

Exploit

freeFTPd 1.0.10 PASS Command SEH Overflow (msf)

Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities

Sophos Web Protection Appliance - Multiple Vulnerabilities

6.9.2013

Bugtraq

[ MDVSA-2013:226 ] roundcubemail 2013-09-05
security mandriva com

[SECURITY] [DSA 2751-1] libmodplug security update 2013-09-04
Raphael Geissert (geissert debian org)

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players 2013-09-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Call for Paper/Event - nullcon Goa 2014 2013-09-04
nullcon (nullcon nullcon net)

SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities 2013-09-04
SEC Consult Vulnerability Lab (research sec-consult com)

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow 2013-09-04
bugtraq packetstormsecurity org

[SECURITY] [DSA 2750-1] imagemagick security update 2013-09-03
Florian Weimer (fw deneb enyo de)

PayPal's "invalid" aksession Padding Oracle Flaw 2013-09-03
Timothy D. Morgan (tmorgan vsecurity com)

Malware

RDN/Generic.dx!cqg!FCC006FAA998
Generic PUP.x!FE0B114E2423
RDN/Generic.dx!cqg!FCEEFF19BAE3
RDN/Generic PUP.x!bhh!A2F596EC9A75
RDN/Generic BackDoor!tg!FC2836637833
Generic PUP.x!FD118FC56D73
Generic PUP.x!A4B166665F97
Generic PUP.x!A3A424549688
RDN/Generic.dx!cqg!FC1A71F4FC91
RDN/Generic BackDoor!tg!A2FCB160BDD5
RDN/Generic BackDoor!tg!FB99FE096DC6
RDN/Generic PUP.x!bhh!A3731351941E
RDN/Generic PWS.y!up!FB2539314383
Generic PUP.x!FC6C4EEFF824
RDN/Downloader.gen.a!FBDF0425EBBD
RDN/tdss!g!FA50B0521CA4
Generic PUP.x!A1E29C70CAB1
RDN/PWS-Mmorpg!kc!FAC6BD2C2F4E
RDN/Generic.dx!cqg!FA935635D4FB
Generic PUP.z!FB3DE0FCDB8D
RDN/Generic BackDoor!tg!FA230B834EE8
RDN/Generic PUP.x!F99AEE0A4E80
RDN/Generic Dropper!rk!F9F12F7037BB
RDN/Generic PWS.y!up!FA1716DA5CC9
RDN/Generic PUP.x!bhh!F99AEE0A4E80
RDN/Generic.bfr!ez!9FED50E6CA04
RDN/Generic PUP.x!F9C2E4AD9D5A
RDN/Generic PUP.x!FA2AC8332E33
Generic.bfr!A04CD3EDA338
Generic PUP.x!F9B70C370232

Phishing

Vulnerebility

Exploit

IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL

Woltlab Burning Board FLVideo Addon (video.php, value param) - SQL Injection

5.9.2013

Bugtraq

[SECURITY] [DSA 2751-1] libmodplug security update 2013-09-04
Raphael Geissert (geissert debian org)

Call for Paper/Event - nullcon Goa 2014 2013-09-04
nullcon (nullcon nullcon net)

SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities 2013-09-04
SEC Consult Vulnerability Lab (research sec-consult com)

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow 2013-09-04
bugtraq packetstormsecurity org

[SECURITY] [DSA 2750-1] imagemagick security update 2013-09-03
Florian Weimer (fw deneb enyo de)

PayPal's "invalid" aksession Padding Oracle Flaw 2013-09-03
Timothy D. Morgan (tmorgan vsecurity com)

ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities 2013-09-03
Security Alert (Security_Alert emc com)

[ MDVSA-2013:225 ] libdigidoc 2013-09-02
security mandriva com

Malware

Obfuscated-FBU!hb!5699B36615B9
Obfuscated-FBU!hb!7C85A3AC19D7
Obfuscated-FBU!hb!A842FD8AC455
Obfuscated-FBU!hb!13778802BB45
Obfuscated-FBU!hb!C7E4F98CF833
Obfuscated-FBU!hb!0890573092FD
Obfuscated-FBU!hb!3D1AD2FC86B9
Obfuscated-FBU!hb!2E55FC577A3B
Obfuscated-FBU!hb!EFBD8D427627
Obfuscated-FBU!hb!342991630844
Obfuscated-FBU!hb!5D20E9D67884
Obfuscated-FBU!hb!19ACE98729D3
Obfuscated-FBU!hb!2B9105DF095A
Obfuscated-FBU!hb!BA287C938D5E
Generic PUP.x!45D878023A42
Generic.bfr!10880AD2B8B6
Obfuscated-FBU!hb!E31933D6F2A8
Obfuscated-FBU!hb!EE94841C6CCE
Obfuscated-FBU!hb!6ABA6F489A4D
RDN/Generic StartPage!4821D0CD8D94
RDN/Generic BackDoor!tg!1F00E7231381
Generic PUP.x!76E46BEB698D
Obfuscated-FBU!hb!85AD18DF59DA
Obfuscated-FBU!hb!5DE97FDEF54E
Obfuscated-FBU!hb!F795DA7ABDF8
Obfuscated-FBU!hb!C4A1DEDA828D
Obfuscated-FBU!hb!98B92FA67FA1
Obfuscated-FBU!hb!8CD07939AC1D
Obfuscated-FBU!hb!573B2EB61FB8
Obfuscated-FBU!hb!A5FE05B7AAF0

Phishing

Vulnerebility

Exploit

KingView 6.53 - Insecure ActiveX Control (SuperGrid)

KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)

4.9.2013

Bugtraq

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow 2013-09-04
bugtraq packetstormsecurity org

[SECURITY] [DSA 2750-1] imagemagick security update 2013-09-03
Florian Weimer (fw deneb enyo de)

PayPal's "invalid" aksession Padding Oracle Flaw 2013-09-03
Timothy D. Morgan (tmorgan vsecurity com)

ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities 2013-09-03
Security Alert (Security_Alert emc com)

[ MDVSA-2013:225 ] libdigidoc 2013-09-02
security mandriva com

[ MDVSA-2013:224 ] libtiff 2013-09-02
security mandriva com

[SECURITY] [DSA 2749-1] asterisk security update 2013-09-02
Moritz Muehlenhoff (jmm debian org)

Malware

Generic PUP.x!A0BE0E9F6391
Generic PUP.x!E8CF3F695CE4
Generic PUP.x!A23164BECF1B
RDN/Generic.tfr!do!EEAE7D5C0667
RDN/Generic PWS.y!up!220F7229C991
Generic PUP.x!C7834871A2FC
Generic PUP.x!772BAF7A2273
Generic PUP.x!75AA31BE3EA8
Generic PUP.x!E638F66D68CD
Generic PUP.x!D4EC40C76344
Generic PUP.x!4C8D7798E886
Generic PUP.x!C3B22AAF6A8F
Generic PUP.x!C25CBB763D77
Generic PUP.x!4B08D8748982
Generic PUP.x!EBFB63CF1A08
Generic PUP.x!A93543757D8D
Generic PUP.x!243C67A34F39
Generic PUP.x!0B211FAC7023
Generic PUP.x!8B4AEFC9AF6A
Generic PUP.x!8E470E4161FF
Generic PUP.x!0EFCADE3EA42
W32/Virut.gen!308C121F0A69
Generic PUP.x!AE0FF148A8EC
RDN/Generic Downloader.x!il!A590A36716F3
Generic PUP.x!F6D78E695FEF
RDN/Generic BackDoor!tg!225E361DD7E9
Generic PUP.x!FBE43E4DF66E
Generic.bfr!F324A076B2F1
Generic PUP.x!A0C2FE6FD561
Generic PUP.x!AECD48DCE04B

Phishing

Vulnerebility

Exploit

GOMPlayer 2.2.53.5169 (.wav) - Crash POC

jetAudio 8.0.16.2000 Plus VX - (.wav) - Crash POC

Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow

MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free

HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

Oracle Java lookUpByteBI - Heap Buffer Overflow

GreenBrowser 6.4.0515 - Heap Overflow Vulnerability

3.9.2013

Bugtraq

[ MDVSA-2013:225 ] libdigidoc 2013-09-02
security mandriva com

[ MDVSA-2013:224 ] libtiff 2013-09-02
security mandriva com

[SECURITY] [DSA 2749-1] asterisk security update 2013-09-02
Moritz Muehlenhoff (jmm debian org)

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption 2013-09-02
king cope (isowarez isowarez isowarez googlemail com)

Malware

Generic PUP.x!7B63CBF6143D
Generic PUP.x!2BD334C09A2F
Generic PUP.x!402E11ACC6CF
Generic PUP.x!DE07042D71A1
Generic PUP.x!C27707D65ECA
Generic PUP.x!8B59B2F77F62
Generic PUP.x!71AB4E5AD557
RDN/Generic PUP.x!54F3EDF9ABE9
Generic PUP.x!30738DAA52C4
Generic PUP.x!5943632D9AF0
Generic PUP.x!6C64695F747A
Generic PUP.x!6423E7E1EBAF
RDN/Generic PUP.x!bhf!CC5EF373D277
Generic PUP.x!A58A6332FFE0
Generic PUP.x!934B3D00A3A9
Generic PUP.x!907257FCF604
RDN/Generic.bfr!E09E7F3275E8
Generic PUP.x!287EB4C3092B
Generic PUP.x!6EF68C64EF7D
Generic PUP.x!8A729E62DED5
Generic PUP.x!C4DEC92D08A6
Generic PUP.x!8CE6B47E7856
Generic PUP.x!C6484456C63B
Generic PUP.x!AFBAC211EE9A
Generic PUP.x!69F2614E8103
Generic PUP.x!399598FEA08E
RDN/Generic.bfr!C6E657FC4E43
Generic PUP.x!74E6FFE59074
Generic PUP.x!AC474D11346D
Generic PUP.x!EDE4DA967D12

Phishing

Advertisement	2nd September 2013
URGENT SUPPLY, ORDER....
PayPal	2nd September 2013
Your PayPal Transaction Was Declined And What To Do Next !!
Yahoo	1st September 2013
Update.
Adam Jones	1st September 2013
Work from home

Vulnerebility

Exploit

Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption

TP-Link TD-W8951ND - Multiple Vulnerabilities

Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities

Wordpress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities

GreenBrowser 6.4.0515 - Heap Overflow Vulnerability

Oracle Java lookUpByteBI - Heap Buffer Overflow

PotPlayer 1.5.39036 (.wav) - Crash PoC

2.9.2013

Bugtraq

[slackware-security] gnutls (SSA:2013-242-01) 2013-08-30
Slackware Security Team (security slackware com)

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059) 2013-08-30
VUPEN Security Research (advisories vupen com)

[ MDVSA-2013:223 ] asterisk 2013-08-30
security mandriva com

VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) 2013-08-30
VUPEN Security Research (advisories vupen com)

VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) 2013-08-30
VUPEN Security Research (advisories vupen com)

[slackware-security] php (SSA:2013-242-02) 2013-08-30
Slackware Security Team (security slackware com)

Malware

RDN/Generic PUP.x!4AF42D1B6C65
RDN/Generic PUP.x!0C0E2CA988A9
RDN/Generic PUP.x!54398A654CAD
RDN/Generic PUP.x!0328CCFC0B6F
RDN/Generic PUP.x!6320C16D978F
RDN/Generic PUP.x!7B663114A12B
RDN/Generic PUP.x!F60EEF571C49
RDN/Generic PUP.x!bh3!AA3355287B1C
RDN/Generic PUP.x!28C69D9A5E21
Generic PUP.x!C2AB5E15BBFD
RDN/Generic PUP.x!5CB76E2333C1
Generic PUP.x!A9FBB3676726
RDN/Generic PUP.x!E79DAF18C5E7
RDN/Generic PUP.x!bh3!3AB65FAC1546
RDN/Generic PUP.x!402FE96039E0
RDN/Generic PUP.x!0C0CB66B08C0
RDN/Generic PUP.x!bh3!897B0C84DA5A
RDN/Generic PUP.x!bh3!2A49D63A6AB2
RDN/Generic PUP.x!8173202BA790
RDN/Generic PUP.x!FF12798E8373
RDN/Generic PUP.x!358203578D04
RDN/Generic.bfr!ez!DB9447297BE9
RDN/Generic PUP.x!bh3!BD44BA130BF8
RDN/Generic PUP.x!bh3!0D7E293DF807
RDN/BackDoor-AWQ!bm!9735C8095921
RDN/Generic Dropper!EF3ADC91ECC9
RDN/Generic.dx!cqd!EEB5826D4869
Generic.bfr!3088F3611B84
RDN/Generic StartPage!bo!A3A7C80356D7
RDN/Generic PUP.x!4E274D98A692

Phishing

Yahoo	1st September 2013
Update.
Adam Jones	1st September 2013
Work from home
Amazon Shopping UK	31st August 2013
AMAZON ACCOUNT STATUS: RESTRICTED
Amazon	31st August 2013
Important Alert Action For Your Amazon Account .
Apple	30th August 2013
Please confirm your account information
Natwest Bank	29th August 2013
Secure Your Account

Vulnerebility

Exploit

cnzz CMS SQLi (company.php)