Title: Magnitude Exploit Kit on the rise

Description:  The Sourcefire VRT monitors the activity of Exploit Kits throughout the day, and the activity of which exploit kit would be clamoring for the “top title” since the arrest of Blackhole/Cool Exploit Kits author ‘paunch’ has been interesting to watch.  Sweet Orange Exploit Kit had a sharp rise right after the arrest, but as of the writing of this, Magnitude/PopAds seems to be the most active.

Magnitude is currently using ports

51423

44449

33300

and g01pack has been observed on port

15489

Reference:

http://vrt-blog.snort.org/2013/10/sweet-orange-exploit-kit-was-new-king.html

Snort SID:  Multiple

ClamAV: Multiple

Title: EMC AlphaStor Device Manager Format String Vulnerability

Description: EMC AlphaStore uses a proprietary protocol to handle tape-backup tasks.  It is vulnerable to a format string attack in five of the EMC NetWorker commands when a certain OpCode is used.

Reference:

http://www.osvdb.org/show/osvdb/89435

Snort SID: 28394-28398

ClamAV: N/A

Title:  HP Intelligent Management Center BIMS UploadServlet Arbitrary File Upload

Description:  An arbitrary file upload vulnerability exists in the HP Intelligent Management Center Branch Intelligent Management Software module.

Reference:

http://www.osvdb.org/show/osvdb/98247

Snort SID: 28407

ClamAV: N/A