Databáze Hot News -
Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  -
2018  2017  2016  2015  2014  2013 

Databáze - Úvod  Articles  Èlánky  Bugtraq  Malware   Phishing  Vulnerebility  SANS  Mobil Virus  Exploit  Útoky  IDS/IPS  Techniky hackerù  Threatpost  Papers
Poslední aktualizace v 08.10.2016 14:19:38

 


2018


21.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

 

19.10.2018

Bugtraq

 

Malware

Exp.CVE-2018-8453

Infostealer.Azorult

Phishing

 

Vulnerebility

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-10-19
http://www.securityfocus.com/bid/104207

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-10-19
http://www.securityfocus.com/bid/95429

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-10-19
http://www.securityfocus.com/bid/91067

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-10-19
http://www.securityfocus.com/bid/104442

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105658

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-18
http://www.securityfocus.com/bid/103771

Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105474

Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105476

Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105475

SANS News

Cisco Security Advisories 17 OCT 2018

Threatpost

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Trivial Post-Intrusion Attack Exploits Windows RID

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Exploint

libSSH - Authentication Bypass

OwnTicket 1.0 - 'TicketID' SQL Injection

PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)

Learning with Texts 1.6.2 - 'start' SQL Injection

18.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105658

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-18
http://www.securityfocus.com/bid/103771

Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105474

Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105476

Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105475

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/97702

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103518

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103880

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103203

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/102376

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93604

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103144

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/78215

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104203

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105125

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104222

RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/69058

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/89760

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93236

Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91836

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91869

SANS News

RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence

Threatpost

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

Privacy Regulation Could Be a Test for States’ Rights

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

Oracle Fixes 301 Flaws in October Critical Patch Update

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Exploint

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials

Time and Expense Management System 3.0 - 'table' SQL Injection

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure

17.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/97702

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103518

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103880

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103203

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/102376

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93604

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103144

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/78215

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104203

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105125

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104222

RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/69058

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/89760

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93236

Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91836

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91869

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/83423

GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/72325

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/100872

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105609

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105598

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103771

Oracle Java SE/Java SE Embedded CVE-2018-3211 Local Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105591

Oracle GoldenGate Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105651

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-16
http://www.securityfocus.com/bid/105538

Oracle Siebel CRM CVE-2018-3059 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105655

Oracle WebLogic Server CVE-2018-2902 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105654

Oracle Virtual Directory CVE-2018-3253 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105653

Oracle Hospitality Gift and Loyalty CVE-2018-3131 Local Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105652

SANS News

CyberChef: BASE64/XOR Recipe

Threatpost

Privacy Regulation Could Be a Test for States’ Rights

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Exploint

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure

Any Sound Recorder 2.93 - Buffer Overflow (SEH)

Git Submodule - Arbitrary Code Execution

VLC Media Player - MKV Use-After-Free (Metasploit)

Solaris - RSH Stack Clash Privilege Escalation (Metasploit)

Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)

BigTree CMS 4.2.23 - Cross-Site Scripting

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure

15.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/95814

IBM DB2 CVE-2018-1448 Local Privilege Escalation Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103535

IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103574

IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103422

Samba CVE-2016-2119 Man in the Middle Security Bypass Vulnerability
2018-10-15
http://www.securityfocus.com/bid/91700

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/101666

IBM DB2 CVE-2018-1427 Multiple Local Buffer Overflow Vulnerabilities
2018-10-15
http://www.securityfocus.com/bid/103536

Multiple IBM Products CVE-2018-1447 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/104511

IBM DB2 CVE-2017-1571 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103494

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
2018-10-15
http://www.securityfocus.com/bid/91787

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2018-10-15
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102118

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102659

IBM DB2 CVE-2018-1566 Local Format String Vulnerability
2018-10-15
http://www.securityfocus.com/bid/104740

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103832

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102612

Oracle Java SE and JRockit CVE-2018-2794 Local Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103817

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102103

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102642

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

SANS News

 

Threatpost

ICS Security Plagued with Basic, Avoidable Mistakes

Exploint

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Advanced HRM 1.6 - Remote Code Execution

College Notes Management System 1.0 - 'user' SQL Injection

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution

AlchemyCMS 4.1 - Cross-Site Scripting

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

14.10.2018

Bugtraq

 

Malware

Trojan.Danabot.B

Phishing

iCloud 12th October 2018
[Important] : Activate Your
Account
WESTER UNION OFFICE 10th October 2018
FROM OFFICE OF THE WESTERN
UNION MONEY TRANSFER.

Vulnerebility

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

Oracle October 2018 Critical Patch Update Multiple Vulnerabilities
2018-10-12
http://www.securityfocus.com/bid/105555

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/67898

IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
2018-10-11
http://www.securityfocus.com/bid/105546

SANS News

Maldoc: Once More It's XOR

Threatpost

 

Exploint

SugarCRM 6.5.26 - Cross-Site Scripting

HaPe PKH 1.1 - Arbitrary File Upload

CAMALEON CMS 2.4 - Cross-Site Scripting

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

12.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/67898

IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
2018-10-11
http://www.securityfocus.com/bid/105546

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-10-11
http://www.securityfocus.com/bid/95814

Multiple IBM Products CVE-2018-1447 Local Information Disclosure Vulnerability
2018-10-11
http://www.securityfocus.com/bid/104511

SANS News

More Equation Editor Exploit Waves

Threatpost

Fake Adobe Flash Updates Hide Malicious Crypto Miners

Adaptable, All-in-One Android Trojan Shows the Future of Malware

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

Exploint

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

WAGO 750-881 01.09.18 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

11.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SAP Business Client Unspecified Security Vulnerability
2018-10-11
http://www.securityfocus.com/bid/104436

IBM Tivoli Netcool Service Quality Manager CVE-2015-0159 Unspecified Security Weakness
2018-10-11
http://www.securityfocus.com/bid/73402

Multiple IBM Products GSKit CVE-2014-6221 Random Data Generation Security Weakness
2018-10-11
http://www.securityfocus.com/bid/73915

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
2018-10-11
http://www.securityfocus.com/bid/73326

SANS News

New Campaign Using Old Equation Editor Vulnerability

Threatpost

FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw

Innovative Phishing Tactic Makes Inroads Using Azure Blob

Exploint

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

WAGO 750-881 01.09.18 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting

Ektron CMS 9.20 SP2 - Improper Access Restrictions

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions

WhatsApp - RTP Processing Heap Corruption

FileZilla 3.33 - Buffer Overflow (PoC)

10.10.2018

Bugtraq

 

Malware

Trojan.Betabot.B

Phishing

WESTER UNION OFFICE 10th October 2018
FROM OFFICE OF THE WESTERN
UNION MONEY TRANSFER.
support 9th October 2018
Important Unusual activity on
your PayPal account
Apple 9th October 2018
Attention: Your account status
change

Vulnerebility

wolfSSL CVE-2017-13099 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/102174

IBM General Parallel File System CVE-2016-0263 Unspecified Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90525

Samba CVE-2016-2114 Remote Security Bypass Vulnerability
2018-10-10
http://www.securityfocus.com/bid/86011

Samba CVE-2016-2118 Man in the Middle Security Bypass Vulnerability
2018-10-10
http://www.securityfocus.com/bid/86002

Samba CVE-2015-7560 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/84267

IBM Spectrum Scale CVE-2016-0361 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90550

IBM Spectrum Scale and GPFS CVE-2016-0392 Local Command Injection Vulnerability
2018-10-10
http://www.securityfocus.com/bid/91082

IBM General Parallel File System CVE-2015-7403 Local Denial of Service Vulnerability
2018-10-10
http://www.securityfocus.com/bid/79805

IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/48514

IBM General Parallel File System CVE-2015-4981 Local Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/77027

IBM General Parallel File System CVE-2015-4974 Local Unspecified Command Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/77025

RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/51181

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90979

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/84213

Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
2018-10-10
http://www.securityfocus.com/bid/91501

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2018-10-10
http://www.securityfocus.com/bid/83423

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/42811

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105376

DB2 Universal Database CVE-2012-0710 Denial-Of-Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/78282

DB2 Universal Database CVE-2012-0711 Remote Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/77826

IBM DB2 Multiple Security Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/53873

IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73278

IBM General Parallel File System CVE-2015-0199 Local Denial of Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73283

IBM General Parallel File System CVE-2015-0197 Unspecified Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73282

General Electric iFix CVE-2018-17925 Unspecified Local Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105540

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105538

Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105537

Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105536

Adobe Technical Communications Suite DLL Loading Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105535

SAP Fiori CVE-2018-2474 Cross Site Request Forgery Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105534

SANS News

"OG" Tools Remain Valuable

October 2018 Microsoft Patch Tuesday

Threatpost

Microsoft Patches Zero-Day Under Active Attack by APT

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape

New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants

Magecart Group Targets Shopper Approved in Latest Attack

Exploint

Microsoft Edge Chakra JIT - Type Confusion

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow...

Wikidforum 2.20 - 'message_id' SQL Injection

Wikidforum 2.20 - 'select_sort' SQL Injection

ifwatchd - Privilege Escalation (Metasploit)

ghostscript - executeonly Bypass with errorhandler Setup

Seqrite End Point Security 7.4 - Privilege Escalation

9.10.2018

Bugtraq

 

Malware

 

Phishing

Apple 9th October 2018
Attention: Your account status
change

Vulnerebility

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/42811

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105376

DB2 Universal Database CVE-2012-0710 Denial-Of-Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/78282

DB2 Universal Database CVE-2012-0711 Remote Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/77826

IBM DB2 Multiple Security Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/53873

IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73278

IBM General Parallel File System CVE-2015-0199 Local Denial of Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73283

IBM General Parallel File System CVE-2015-0197 Unspecified Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73282

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105538

Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105537

Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105536

Adobe Technical Communications Suite DLL Loading Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105535

SAP Fiori CVE-2018-2474 Cross Site Request Forgery Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105534

Adobe Digital Editions CVE-2018-12822 Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105533

Adobe Digital Editions Out-of-bounds Read APSB18-27 Multiple Information Disclosure Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105532

SAP BusinessObjects Web Intelligence CVE-2018-2472 Cross Site Scripting Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105531

SAP BusinessObjects BI Suite Client CVE-2018-2471 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105530

SAP Data Services Management Console CVE-2018-2466 Cross Site Scripting Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105529

SAP Adaptive Server Enterprise CVE-2018-2468 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105527

SAP Adaptive Server Enterprise CVE-2018-2469 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105526

Microsoft Windows DirectX Graphics Kernel CVE-2018-8484 Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105500

Microsoft Word CVE-2018-8504 Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105499

Microsoft Excel CVE-2018-8502 Security Bypass Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105498

Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105497

Microsoft SharePoint Server CVE-2018-8518 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105496

Microsoft SharePoint Server CVE-2018-8498 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105495

Microsoft SharePoint Server CVE-2018-8488 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105494

Microsoft SharePoint Server CVE-2018-8480 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105493

Microsoft Exchange Server CVE-2018-8448 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105492

Microsoft Exchange Server CVE-2018-8265 Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105491

SANS News

Latest Release of rockNSM 2.1

October 2018 Microsoft Patch Tuesday

Threatpost

Magecart Group Targets Shopper Approved in Latest Attack

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape

ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume

Exploint

Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)

Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)

Unitrends UEB - HTTP API Remote Code Execution (Metasploit)

Cisco Prime Infrastructure - Unauthenticated Remote Code Execution

Imperva SecureSphere 13 - Remote Command Execution

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

Git Submodule - Arbitrary Code Execution

Android - sdcardfs Changes current->fs Without Proper Locking

Linux - Kernel Pointer Leak via BPF

8.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2018-10-08
http://www.securityfocus.com/bid/71936

Multiple IBM DB2 Products CVE-2016-5995 Local Privilege Escalation Vulnerability
2018-10-08
http://www.securityfocus.com/bid/93012

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-10-05
http://www.securityfocus.com/bid/101665

SANS News

YARA XOR Strings: Some Remarks

Threatpost

PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

Sony Smart TV Bug Allows Remote Access, Root Privileges

Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem

Exploint

360 3.5.0.1033 - Sandbox Escape

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Cisco Prime Infrastructure - Unauthenticated Remote Code Execution

Git Submodule - Arbitrary Code Execution

Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation

net-snmp 5.7.3 - Authenticated Denial of Service (PoC)

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)

7.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

A strange spam

YARA: XOR Strings

Threatpost

Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat

Sony Smart TV Bug Allows Remote Access, Root Privileges

Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem

Exploint

Chamilo LMS 1.11.8 - Cross-Site Scripting

ISPConfig < 3.1.13 - Remote Command Execution

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)

5.10.2018

Bugtraq

 

Malware

Heur.AdvML.JS.C

CL.Downloader

Phishing

Bank of America

5th October 2018

Your credit card account is
scheduled to be closed

Vulnerebility

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-10-05
http://www.securityfocus.com/bid/101665

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-10-05
http://www.securityfocus.com/bid/105276

Mozilla Firefox and Firefox ESR CVE-2018-12385 Denial of Service Vulnerability
2018-10-05
http://www.securityfocus.com/bid/105380

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-10-05
http://www.securityfocus.com/bid/105280

Multiple IBM DB2 Products CVE-2016-5995 Local Privilege Escalation Vulnerability
2018-10-05
http://www.securityfocus.com/bid/93012

IBM Tivoli System Automation for Multiplatforms Local Privilege Escalation Vulnerability
2018-10-05
http://www.securityfocus.com/bid/96764

GE Communicator CVE-2017-7908 Heap Based Buffer Overflow Vulnerability
2018-10-04
http://www.securityfocus.com/bid/99580

SANS News

It is the End of the World as We Know It. So What's Next?

Threatpost

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

Apple, Amazon Strongly Refute Server Infiltration Report

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

ThreatList: 83% of Routers Contain Vulnerable Code

Exploint

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)

4.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability
2018-10-03
http://www.securityfocus.com/bid/69546

Cisco SD-WAN CVE-2018-15387 Certificate Validation Security Bypass Vulnerability
2018-10-03
http://www.securityfocus.com/bid/105509

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

Mozilla Firefox and Firefox ESR Remote Code Execution and Information Disclosure Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/105460

LibTIFF CVE-2018-17795 Heap Based Buffer Overflow Vulnerability
2018-10-02
http://www.securityfocus.com/bid/105445

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

 

Threatpost

 

Exploint

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

virtualenv 16.0.0 - Sandbox Escape

FTP Voyager 16.2.0 - Denial of Service (PoC)

Linux\x86 - (NOT +SHIFT-N+ XOR-N) + encoded (/bin/sh) Shellcode (50 byes)

3.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability
2018-10-03
http://www.securityfocus.com/bid/69546

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

LibTIFF CVE-2018-17795 Heap Based Buffer Overflow Vulnerability
2018-10-02
http://www.securityfocus.com/bid/105445

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

Developing YARA Rules: a Practical Example

Identifying a phisher

Threatpost

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

Foxit PDF Reader Fixes High-Severity Remote Code Execution Flaws

NOKKI Malware Sports Mysterious Link to Reaper APT Group

Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration

Google Cracks Down on Malicious Chrome Extensions in Major Update

Exploint

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection

Coaster CMS 5.5.0 - Cross-Site Scripting

OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection

Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection

Zechat 1.5 - 'uname' SQL Injection

2.10.2018

Bugtraq

 

Malware

Trojan.Madominer

Trojan.Lojax

Phishing

 

Vulnerebility

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

Decoding Custom Substitution Encodings with translate.py

Threatpost

Dark Web Azorult Generator Offers Free Binaries to Cybercrooks

California, U.S. Government Battle Over Net Neutrality State Law

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

Exploint

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection

Coaster CMS 5.5.0 - Cross-Site Scripting

OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection

OPAC EasyWeb Five 5.7 - 'biblio' SQL InjectionLinux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

1.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

SANS News

When DOSfuscation Helps...

Threatpost

 

Exploint

H2 Database 1.4.196 - Remote Code Execution

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Snes9K 0.0.9z - Denial of Service (PoC)

Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection

Binary MLM Software 1.0 - 'pid' SQL Injection

Singleleg MLM Software 1.0 - 'msg_id' SQL Injection

Education Website 1.0 - 'subject' SQL Injection

Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection

Fork CMS 5.4.0 - Cross-Site Scripting

ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Snes9K 0.0.9z - Denial of Service (PoC)

30.9.2018

Bugtraq

 

Malware

MSIL/Kryptik

MSIL/GenKryptik

Trojan.Flawedammyy

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Facebook Data Breach Impacts Almost 50 Million Accounts

Another Linux Kernel Bug Surfaces, Allowing Root Access

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

ThreatList: Hackers Turn to Python as Attack Coding Language of Choice

Exploint

PCProtect 4.8.35 - Privilege Escalation

28.9.2018

Bugtraq

 

Malware

Coinminer.Unix.MALXMR.AA

Trojan.JS.POWLOAD.AA

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

Multiple IBM DB2 Products CVE-2014-8901 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71734

Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71730

Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71729

Multiple Cisco Products CVE-2015-6420 Remote Code Execution Vulnerability
2018-09-27
http://www.securityfocus.com/bid/78872

Multiple Fuji Electric FRENIC Devices ICSA-18-270-03 Multiple Security Vulnerabilities
2018-09-27
http://www.securityfocus.com/bid/105408

Emerson AMS Device Manager ICSA-18-270-01 Multiple Security Vulnerabilities
2018-09-27
http://www.securityfocus.com/bid/105406
SANS News

Enriching Radare2 and x64dbg malware analysis with statically decoded strings

More Excel DDE Code Injection

Threatpost

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Exploint

Microsoft Edge - Sandbox Escape Microsoft Edge - Sandbox Escape

PCProtect 4.8.35 - Privilege Escalation

27.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

Multiple IBM DB2 Products CVE-2014-8901 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71734

Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71730

Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71729

Multiple Cisco Products CVE-2015-6420 Remote Code Execution Vulnerability
2018-09-27
http://www.securityfocus.com/bid/78872

Multiple IBM DB2 Products CVE-2014-8910 File Disclosure Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75949

Multiple IBM DB2 Products CVE-2015-1935 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75908

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2018-09-26
http://www.securityfocus.com/bid/73684

Multiple IBM DB2 Products CVE-2015-1922 Security Bypass Vulnerablity
2018-09-26
http://www.securityfocus.com/bid/75911

Cisco IOS and IOS XE Software CVE-2018-0475 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105404

Cisco IOS and IOS XE Software CVE-2018-0466 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105403

Drupal Taxonomy File Tree Module Access Bypass Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105401

Cisco IOS XE Software Errdisable CVE-2018-0480 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105400

Drupal Commerce Klarna Checkout Module Access Bypass Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105399

Cisco IOS XE Software CVE-2018-0471 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105398

Cisco IOS XE Software CVE-2018-0470 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105397

IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
2018-09-25
http://www.securityfocus.com/bid/64336

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

SANS News

One Emotet infection leads to three follow-up malware infections

Threatpost

2018 Has Been Open Season on Open Source Supply Chains

Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks

Malware on SHEIN Servers Compromises Data of 6.4M Customers

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Exploint

Rausoft ID.prove 2.95 - 'Username' SQL injection

ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

CrossFont 7.5 - Denial of Service (PoC)

TransMac 12.2 - Denial of Service (PoC)

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)

26.9.2018

Bugtraq

 

Malware

 

Phishing

Privacy Policy Updated

26th September 2018

@aol.com

Vulnerebility

Multiple IBM DB2 Products CVE-2014-8910 File Disclosure Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75949

Multiple IBM DB2 Products CVE-2015-1935 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75908

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2018-09-26
http://www.securityfocus.com/bid/73684

Multiple IBM DB2 Products CVE-2015-1922 Security Bypass Vulnerablity
2018-09-26
http://www.securityfocus.com/bid/75911

IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
2018-09-25
http://www.securityfocus.com/bid/64336

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

SANS News

One Emotet infection leads to three follow-up malware infections

Threatpost

Cybercriminals Target Kodi Media Player for Malware Distribution

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

Tricky DoS Attack Crashes Mozilla Firefox

Exploint

Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

RICOH MP C406Z Printer - Cross-Site Scripting

RICOH MP 305+ Printer - Cross-Site Scripting

Joomla! Component Timetable Schedule 3.6.8 - SQL Injection

Joomla! Component Article Factory Manager 4.3.9 - SQL Injection

Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection

Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection

Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)

Easy PhoroResQ 1.0 - Buffer Overflow

WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded'...

WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free

WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free

WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free

WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free

WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read

WebKit - 'WebCore::Node::ensureRareData' Use-After-Free

25.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-24
http://www.securityfocus.com/bid/105276

SANS News

Sextortion Spam and the Infinite Monkey Theorem

Threatpost

 

Exploint

 

24.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-24
http://www.securityfocus.com/bid/105276

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Cisco Video Surveillance Manager Appliance CVE-2018-15427 Insecure Default Password Vulnerability
2018-09-21
http://www.securityfocus.com/bid/105381

SANS News

 

Threatpost

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

Tricky DoS Attack Crashes Mozilla Firefox

Critical Vulnerability Found in Cisco Video Surveillance Manager

Exploint

RICOH MP C6003 Printer - Cross-Site Scripting

Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection

RICOH Aficio MP 301 Printer - Cross-Site Scripting

Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection

Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

LG SuperSign EZ CMS 2.5 - Remote Code Execution

Beyond Remote 2.2.5.3 - Denial of Service (PoC)

SoftX FTP Client 3.3 - Denial of Service (PoC)

Termite 3.4 - Denial of Service (PoC)

udisks2 2.8.0 - Denial of Service (PoC)

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode...

Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

22.9.2018

Bugtraq

 

Malware

Backdoor.SofacyX

Trojan.Loaderinit

Phishing

Mr Baea Jim

23rd September 2018

CONTACT US IMMEDIATELY FROM
MONEY GRAM AND RIA MONEY
TRANSFER TO RECEIVER YOU
PAYMENT,

Vulnerebility

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Ghostscript Multiple Security Bypass Vulnerabilities
2018-09-20
http://www.securityfocus.com/bid/105122

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105376

Foreman CVE-2018-14643 Authentication Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105375

SANS News

Suspicious DNS Requests ... Issued by a Firewall

Threatpost

Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

Lucy Gang Debuts with Unusual Android MaaS Package

Exploint

WebRTC - FEC Out-of-Bounds Read

WebRTC - VP9 Processing Use-After-Free

21.9.2018

Bugtraq

 

Malware

Infostealer.Jscoffe

Phishing

 

Vulnerebility

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Ghostscript Multiple Security Bypass Vulnerabilities
2018-09-20
http://www.securityfocus.com/bid/105122

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105376

Foreman CVE-2018-14643 Authentication Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105375

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

ISC BIND CVE-2018-5741 Security Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105379

Citrix ShareFile StorageZones Control Directory Traversal and Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105377

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105374

Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105360

Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105359

Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105358

Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105330

Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105329

SANS News

Pre-Pwned AMI Images in Amazon's AWS public instance store

Threatpost

Thousands of Breached Websites Turn Up On MagBo Black Market

Magecart Strikes Again, Siphoning Payment Info from Newegg

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

Critical Out-of-Band Patch Issued for Adobe Acrobat Reader

Exploint

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)

WebRTC - FEC Out-of-Bounds Read

WebRTC - VP9 Processing Use-After-Free

Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)

20.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105360

Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105359

Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105358

Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105330

Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105329

Google Chrome Unspecified Security Vulnerabilities
2018-09-17
http://www.securityfocus.com/bid/105355

Moodle CVE-2018-14630 Remote Code Execution Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105354

Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105352

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

SANS News

Hunting for Suspicious Processes with OSSEC

Threatpost

 

Exploint

 

19.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

Google Chrome Unspecified Security Vulnerabilities
2018-09-17
http://www.securityfocus.com/bid/105355

Moodle CVE-2018-14630 Remote Code Execution Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105354

Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105352

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

SANS News

Certificates Revisited - SSL VPN Certificates 2 Ways

Threatpost

Dangerous Pegasus Spyware Has Spread to 45 Countries

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Facebook Now Offers Bounties For Access Token Exposure

State Government Online Payment Service Exposes 14M Customers

Exploint

Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU

Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion

Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion

LG SuperSign EZ CMS 2.5 - Local File Inclusion

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting

18.9.2018

Bugtraq

 

Malware

RANSOM_PYLOCKY.A

Phishing

 

Vulnerebility

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

WebKit '-webkit-backdrop-filter CSS' Property Denial of Service Vulnerability
2018-09-15
http://www.securityfocus.com/bid/105349

Linux Kernel CVE-2018-6555 Multiple Denial of Service Vulnerabilities
2018-09-14
http://www.securityfocus.com/bid/105304

SANS News

Using Certificate Transparency as an Attack / Defense Tool

Threatpost

Facebook Now Offers Bounties For Access Token Exposure

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Exploint

Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution

NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)

Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)

CA Release Automation NiMi 6.5 - Remote Command Execution

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

17.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

20/20 malware vision

Dissecting Malicious MS Office Docs

Threatpost

CSS-Based Attack Causes iOS, macOS Devices to Crash

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

Exploint

Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

Notebook Pro 2.0 - Denial Of Service (PoC)

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)

16.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Sextortion - Follow the Money Update

Threatpost

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

OilRig APT Continues Its Ongoing Malware Evolution

E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content

Exploint

Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)

Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)

Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)

14.9.2018

Bugtraq

 

Malware

Trojan.Chainshot

Downloader.Pocode

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-6555 Multiple Denial of Service Vulnerabilities
2018-09-14
http://www.securityfocus.com/bid/105304

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-09-13
http://www.securityfocus.com/bid/105108

Linux Kernel CVE-2018-6554 Multiple Denial of Service Vulnerabilities
2018-09-13
http://www.securityfocus.com/bid/105302

SANS News

 

Threatpost

 

Exploint

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)

Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault...

TeamViewer App 13.0.100.0 - Denial of Service (PoC) MediaTek Wirless Utility rt2870 - Denial of Service (PoC)

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)

Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)

Faleemi Plus 1.0.2 - Denial of Service (PoC)

InfraRecorder 0.53 - '.txt' Denial of Service (PoC)

CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)

13.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-09-13
http://www.securityfocus.com/bid/105108

Linux Kernel CVE-2018-6554 Multiple Denial of Service Vulnerabilities
2018-09-13
http://www.securityfocus.com/bid/105302

SAP Business Client Unspecified Security Vulnerability
2018-09-12
http://www.securityfocus.com/bid/104436

IBM QRadar SIEM CVE-2018-1571 OS Command Injection Vulnerability
2018-09-12
http://www.securityfocus.com/bid/105333

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/102376

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/104054

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

Siemens SIMATIC WinCC OA CVE-2018-13799 Access Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105332

Multiple Siemens SCALANCE X Switches CVE-2018-13807 Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105331

Fuji Electric V-Server Lite CVE-2018-10637 Remote Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105328

SAP NetWeaver Business Intelligence CVE-2018-2462 XML External Entity Injection Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105326

SAP NetWeaver AS JAVA CVE-2018-2452 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105325

SANS News

Malware Delivered Through MHT Files

Threatpost

Experts Bemoan Shortcomings with IoT Security Bill

Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw

Osiris Banking Trojan Displays Modern Malware Innovation

Threatlist: Email Attacks Surge, Targeting Execs

Exploint

Apache Syncope 2.0.7 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution

Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault...

TeamViewer App 13.0.100.0 - Denial of Service (PoC)

MediaTek Wirless Utility rt2870 - Denial of Service (PoC)

12.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SAP Business Client Unspecified Security Vulnerability
2018-09-12
http://www.securityfocus.com/bid/104436

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/102376

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/104054

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

SANS News

Microsoft September Patch Tuesday Summary

Threatpost

Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday

Millions of Records Exposed in Veeam Misconfigured Server

Exploint

Apple macOS 10.13.4 - Denial of Service (PoC)

Android - 'zygote->init;' Chain from USB Privilege Escalation

InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

PicaJet FX 2.6.5 - Denial of Service (PoC)

RoboImport 1.2.0.72 - Denial of Service (PoC)

PixGPS 1.1.8 - Denial of Service (PoC)

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)

11.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

Microsoft OData CVE-2018-8269 Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105322

SAP Enterprise Financial Services CVE-2018-2455 Remote Authorization Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105320

Adobe ColdFusion CVE-2018-15962 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105318

Adobe ColdFusion CVE-2018-15960 Arbitrary File Overwrite Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105317

SAP Enterprise Financial Services CVE-2018-2454 Remote Authorization Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105316

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105315

Adobe ColdFusion CVE-2018-15961 Arbitrary File Upload Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105314

Adobe ColdFusion APSB18-33 Deserialization Multiple Remote Code Execution Vulnerabilities
2018-09-11
http://www.securityfocus.com/bid/105313

Adobe ColdFusion CVE-2018-15964 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105311

Adobe ColdFusion CVE-2018-15963 Security Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105310

SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105309

SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105308

SAP Business One CVE-2018-2458 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105307

Microsoft Windows Subsystem for Linux CVE-2018-8441 Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105271

Microsoft Windows GDI Component CVE-2018-8424 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105261

Microsoft Internet Explorer and Edge CVE-2018-8452 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105252

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows 'Win32k.sys' Graphics CVE-2018-8332 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105248

Microsoft Windows 'bowser.sys' CVE-2018-8271 Local Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105247

Microsoft Windows Hyper-V CVE-2018-8439 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105233

Microsoft ChakraCore Scripting Engine CVE-2018-8354 Remote Memory Corruption Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105232

Microsoft Windows Hyper-V CVE-2018-0965 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105229

Microsoft Jet Database Engine CVE-2018-8393 Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105214

Microsoft Jet Database Engine CVE-2018-8392 Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105213

Microsoft Office SharePoint CVE-2018-8426 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105208

Microsoft Excel CVE-2018-8331 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105206

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-10
http://www.securityfocus.com/bid/105215

SANS News

Microsoft September Patch Tuesday Summary

Threatpost

Magecart Group Pinned in Recent British Airways Breach

ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation

Tor Brings Onion Browser to Android Devices

Exploint

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)

HTML5 Video Player 1.2.5 - Denial of Service (PoC)

10.9.2018

Bugtraq

 

Malware

 

Phishing

Outlook.com

10th September 2018

Your E-mail Request For
Rectification

Vulnerebility

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-10
http://www.securityfocus.com/bid/105215

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-09-06
http://www.securityfocus.com/bid/101665

SANS News

Video: Using scdbg to analyze shellcode

Threatpost

‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets

Apple Finally Boots Sneaky Adware Doctor App from Mac App Store

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Exploint

Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

LW-N605R 12.20.2.1486 - Remote Code Execution

Ghostscript - Failed Restore Command Execution (Metasploit)

Zenmap (Nmap) 7.70 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)

Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)

Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)

9.9.2018

Bugtraq

 

Malware

Trojan.Zexlex

Phishing

UNMAN MOHAMMED

7th September 2018

Re: DID YOU ASK ANY BODY TO
PICK UP YOU FUND?

Vulnerebility

 

SANS News

Crypto Mining in a Windows Headless Browser

Threatpost

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

The Vulnerability Disclosure Process: Still Broken

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

Threat Actors Eyeing IQY Files To Peddle Malspam

Exploint

D-Link Dir-600M N150 - Cross-Site Scripting

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection

7.9.2018

Bugtraq

 

Malware

Trojan.Zexlex

Phishing

UNMAN MOHAMMED

7th September 2018

Re: DID YOU ASK ANY BODY TO
PICK UP YOU FUND?

Vulnerebility

 

SANS News

Crypto Mining in a Windows Headless Browser

Threatpost

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

The Vulnerability Disclosure Process: Still Broken

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

Threat Actors Eyeing IQY Files To Peddle Malspam

Exploint

D-Link Dir-600M N150 - Cross-Site Scripting

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection

6.9.2018

Bugtraq

 

Malware

TSPY_BEBLOH.YMNPV

TROJ_MALIQY.E

TSPY_URSNIF.TIBAIDO

TSPY_URSNIF.AUSIQJ

Phishing

 

Vulnerebility

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-09-06
http://www.securityfocus.com/bid/101665

Cisco Meeting Server CVE-2018-0439 Cross Site Request Forgery Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105287

Cisco Umbrella Enterprise Roaming Client CVE-2018-0438 Local Privilege Escalation Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105286

Cisco RV110W/RV130W/RV215W Routers Management Interface CVE-2018-0423 Buffer Overflow Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105285

Cisco Umbrella Service CVE-2018-0435 Unauthorized Access Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105283

Multiple Cisco Products CVE-2018-0421 Denial Of Service Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105282

Cisco Webex Meetings Client CVE-2018-0422 Local Privilege Escalation Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105281

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-09-05
http://www.securityfocus.com/bid/105280

Cisco Webex Player CVE-2018-0457 Denial of Service Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105279

Cisco Tetration Analytics CVE-2018-0452 Cross Site Scripting Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105278

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-05
http://www.securityfocus.com/bid/105276

Cisco Tetration Analytics CVE-2018-0451 Cross Site Request Forgery Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105270

Opto 22 PAC Control CVE-2018-04154 Remote Stack Based Buffer Overflow Vulnerability
2018-09-04
http://www.securityfocus.com/bid/105273

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-04
http://www.securityfocus.com/bid/105215

GNU Libextractor 'EXTRACTOR_zip_extract_method()' Function Out-of-Bounds Read Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105254

ImageMagick Multiple Heap Buffer Overflow Vulnerabilities
2018-09-03
http://www.securityfocus.com/bid/105241

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105218

GNOME GLib 'gmarkup.c' Remote Denial of Service Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105210

OpenJPEG CVE-2018-16375 Remote Heap Based Buffer Overflow Vulnerability
2018-09-02
http://www.securityfocus.com/bid/105266

OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
2018-09-02
http://www.securityfocus.com/bid/105262

SANS News

Malicious PowerShell Compiling C# Code on the Fly

Threatpost

The Vulnerability Disclosure Process: Still Broken

High-Severity Flaws in Cisco Secure Internet Gateway Service Patched

Mozilla Patches Critical Code Execution Bug in Firefox 62

Exploint

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Jorani Leave Management 0.6.5 - Cross-Site Scripting

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

5.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-04
http://www.securityfocus.com/bid/105215

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105218

GNOME GLib 'gmarkup.c' Remote Denial of Service Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105210

Docker for Windows CVE-2018-15514 Remote Privilege Escalation Vulnerability
2018-08-31
http://www.securityfocus.com/bid/105202

SANS News

Let's Trade: You Read My Email, I'll Read Your Password!

Threatpost

Thousands of MikroTik Routers Hijacked for Eavesdropping

‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

ThreatList: 60% of BEC Attacks Fly Under the Radar

Exploint

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

iSmartViewPro 1.5 - 'DDNS' Buffer Overflow

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (20 Bytes)

4.9.2018

Bugtraq

 

Malware

Win32/Agent.ZPG

Win64/Agent.ZPG

Win64/Filecoder.R

Phishing

 

Vulnerebility

 

SANS News

Another quickie: Using scdbg to analyze shellcode

Threatpost

APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security

‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

Exploint

mooSocial Store Plugin 2.6 - SQL Injection

Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection

PHP File Browser Script 1 - Directory Traversal

Logicspice FAQ Script 2.9.7 - Remote Code Execution

Online Quiz Maker 1.0 - 'catid' SQL Injection

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

iSmartViewPro 1.5 - 'DDNS' Buffer Overflow

3.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Another quickie: Discovering patterns in network traffic with silk

Threatpost

 

Exploint

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)

Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service...

Wikipedia 12.0 - Denial of Service (PoC)

D-Link DIR-615 - Denial of Service (PoC)

Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)

VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)

Online Quiz Maker 1.0 - 'catid' SQL Injection

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

2.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox

MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites

ThreatList: Security Pros Confident They Could Compromise Their Own Orgs

Exploint

Network Manager VPNC - Username Privilege Escalation (Metasploit)

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)

31.8.2018

Bugtraq

 

Malware

 

Phishing

Bank of America

30th August 2018

IMPORTANT: Restore Your Bank
of America Account

Apple Support

30th August 2018

RE: [ Notification Alerts ] [
Update Statement Info ] We
have sent an email about your
information account has

Vulnerebility

Apache Traffic Server CVE-2018-8005 Denial of Service Vulnerability
2018-08-31
http://www.securityfocus.com/bid/105187

Microsoft Windows LSASS Buffer Overrun Vulnerability
2018-08-30
http://www.securityfocus.com/bid/10108

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-30
http://www.securityfocus.com/bid/105125

SANS News

 

Threatpost

Travel Breaches Hit Air Canada and Asia-Pac Hotelier

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Exploint

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

WordPress Plugin Quizlord 2.0 - Cross-Site Scripting

DLink DIR-601 - Credential Disclosure

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Nord VPN 6.14.31 - Denial of Service (PoC)

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

30.8.2018

Bugtraq

 

Malware

 

Phishing

Apple Support

30th August 2018

RE: [ Notification Alerts ] [
Update Statement Info ] We
have sent an email about your
information account has

Vulnerebility

Microsoft Windows LSASS Buffer Overrun Vulnerability
2018-08-30
http://www.securityfocus.com/bid/10108

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-30
http://www.securityfocus.com/bid/105125

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Wireshark Multiple Denial of Service Vulnerabilities
2018-08-29
http://www.securityfocus.com/bid/105174

Symantec Norton Identity Safe CVE-2018-12240 Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105146

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

SANS News

 

Threatpost

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

BusyGasper Malware Packs a Simple but Potent Punch

Exploint

DLink DIR-601 - Credential Disclosure

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Nord VPN 6.14.31 - Denial of Service (PoC)

29.8.2018

Bugtraq

 

Malware

Backdoor.Datper

Phishing

 

Vulnerebility

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Cisco Data Center Network Manager CVE-2018-0464 Directory Traversal Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105159

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

SANS News

3D Printers in The Wild, What Can Go Wrong?

OctoPrint 3D Web Interfaces: EXPOSED, Port 5000 default

Threatpost

Microsoft Windows Zero-Day Found in Task Scheduler

Facebook Flaw Allowed Remote Commands

Adobe Pushes Out Unscheduled Creative Cloud Application Fix

Crashing Mobile Apps Capture Screens, Leak Private Data

Microsoft Windows Zero-Day Found in Task Scheduler

Exploint

Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)

Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)

Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Episerver 7 patch 4 - XML External Entity Injection

phpMyAdmin 4.7.x - Cross-Site Request Forgery

R 3.4.4 - Buffer Overflow (SEH)

SIPP 3.3 - Stack-Based Buffer Overflow

Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of ...

Fathom 2.4 - Denial Of Service (PoC)

ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)

Immunity Debugger 1.85 - Denial of Service (PoC)

NASA openVSP 3.16.1 - Denial of Service (PoC)

28.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

SANS News

"When was this machine infected?"

Threatpost

AT Command Hitch Leaves Android Phones Open to Attack

Fortnite Android App Falls Victim to Man-in-the-Disk Flaw

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Exploint

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)

Schneider Electric BMX P34 CPU B - Open Redirect

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

Instagram App 41.1788.50991.0 - Denial of Service (PoC)

27.8.2018

Bugtraq

 

Malware

Backdoor.Fallchill

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

SANS News

"When was this machine infected?"

Threatpost

 

Exploint

Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)

Firefox 55.0.3 - Denial of Service (PoC)

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Electron WebPreferences - Remote Code Execution

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection

Responsive FileManager < 9.13.4 - Directory Traversal

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

LiteCart 2.1.2 - Arbitrary File Upload

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

CuteFTP 5.0 - Buffer Overflow

Adobe Flash - AVC Processing Out-of-Bounds Read

Libpango 1.40.8 - Denial of Service (PoC)

26.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

SANS News

Identifying numeric obfuscation

Threatpost

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

24.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

IBM Tivoli Application Dependency Discovery Manager Cross Site Request Forgery Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105135

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Microsoft Publisher Files Delivering Malware

Threatpost

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

StyleWriter 4 1.0 - Denial of Service (PoC)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

23.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Simple Phishing Through formcrafts.com

Threatpost

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Unpatched Ghostscript Flaws Allow Remote Takeover of Systems

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Triout Malware Carries Out Extensive, Targeted Android Surveillance

Exploint

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

CuteFTP 8.3.1 - Denial of Service (PoC)

22.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Openlinux\SunOS\Windows NT\HP-UX Denial of Service Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80175

Unix Echo and Chargen CVE-1999-0103 Remote Security Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80171

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-22
http://www.securityfocus.com/bid/105125

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

SANS News

 

Threatpost

Airmail 3 Exploit Instantly Steals Info from Apple Users

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

Exploint

Geutebrueck re_porter 16 - Cross-Site Scripting

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure

KingMedia 4.1 - Remote Code Execution

ZyXEL VMG3312-B10B - Cross-Site Scripting

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Ghostscript - Multiple Vulnerabilities

Project64 2.3.2 - Buffer Overflow (SEH)

Easyboot 6.6.0 - Denial Of Service (PoC)

UltraISO 9.7.1.3519 - Denial Of Service (PoC)

Textpad 7.6.4 - Denial Of Service (PoC)

21.8.2018

Bugtraq

 

Malware

 

Phishing

Amazon Order

21st August 2018

Amazon Order Confirmation

Walmart Order

21st August 2018

Thank You For Buying From
Walmart

eBay Collections

21st August 2018

KEEP YOUR ACCOUNT IN GOOD
STANDING - PAYMENT NEEDED

Vulnerebility

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

SANS News

OpenSSH user enumeration (CVE-2018-15473)

Malicious DLL Loaded Through AutoIT

Threatpost

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Google Faces Legal Turmoil After Location Tracking Debacle

Canadian Telcos Patch an APT-Ready Flaw in Disability Services

Exploint

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Twitter-Clone 1 - 'userid' SQL Injection

Project64 2.3.2 - Denial Of Service (PoC)

OpenSSH 7.7 - Username Enumeration

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

20.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

SANS News

 

Threatpost

GandCrab’s Rotten EGGs Hatch Ransomware in South Korea

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

Philips Vulnerability Exposes Sensitive Cardiac Patient Information

Exploint

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution

SEIG SCADA System 9 - Remote Code Execution

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery

WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection

Prime95 29.4b7 - Denial Of Service (PoC)

Restorator 1793 - Denial of Service (PoC)

Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service (PoC)

19.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Video: Peeking into msg files - revisited

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

Exploint

 

17.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-8414

Exp.CVE-2018-8373

RANSOM_PRINCESSLOCKER.B

Win32/Filecoder.Ouroboros.A

Win32/TrojanDownloader.Agent.EAT

MSIL/Agent.RY

Phishing

Apple Support

17th August 2018

[ News Statements Reports ] [
Updated Privacy Policy ] New
Update Your Payments - Thanks!
your order from App

Vulnerebility

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-17
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

Emerson DeltaV Multiple Security Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105105

Multiple Philips Products Buffer Overflow and Hardcoded Credentials Security Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105103

Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105101

SANS News

Back to the 90's: FragmentSmack

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

Highly Flexible Marap Malware Enters the Financial Scene

‘China’s MIT’ Linked to Espionage Campaign Against Alaska, Economic Partners

Exploint

Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type...

Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion

Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion

Microsoft Edge Chakra JIT - Scope Parsing Type Confusion

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

CEWE Photoshow 6.3.4 - Denial of Service (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

ADM 3.1.2RHG1 - Remote Code Execution

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

16.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

NTP CVE-2016-1549 Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/88200

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103192

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103194

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103191

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103351

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/103723

NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/104517

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/105089

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Multiple VMware Products CVE-2018-6973 Out-Of-Bounds Write Local Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105094

Apache HTTP Server CVE-2016-4975 HTTP Response Splitting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105093

SAP HANA Extended Application Services CVE-2018-2451 Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105091

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105090

SAP User Interface Technology CVE-2018-2434 Unspecified Content Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105088

SAP BusinessObjects Financial Consolidation CVE-2018-2444 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105087

Samba CVE-2018-10858 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105085

SANS News

Truncating Payloads and Anonymizing PCAP files

More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware

Threatpost

Open MQTT Servers Raise Physical Threats in Smart Homes

Google Chrome Bug Opens Access to Private Facebook Information

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Exploint

Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection

OpenEMR 5.0.1.3 - Arbitrary File Actions

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)

15.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-12799

Exp.CVE-2018-12824

Exp.CVE-2018-12827

Exp.CVE-2018-12826

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/105080

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Samba CVE-2018-1139 Remote Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105084

Samba CVE-2018-10918 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105083

Samba CVE-2018-1140 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105082

Samba CVE-2018-10919 Access Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105081

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105070

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Microsoft Windows Diagnostics Hub CVE-2018-0952 Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105048

Microsoft Edge CVE-2018-8390 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105041

Microsoft Internet Explorer and Edge CVE-2018-8385 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105039

Microsoft Internet Explorer and Edge CVE-2018-8372 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105038

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105037

Microsoft Internet Explorer CVE-2018-8389 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105036

Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105035

Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105034

Microsoft Internet Explorer and Edge CVE-2018-8403 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105033

Microsoft Windows Installer CVE-2018-8339 DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105030

Microsoft Windows ADFS CVE-2018-8340 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105029

Microsoft Windows LNK CVE-2018-8346 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105028

Microsoft Windows LNK CVE-2018-8345 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105027

Microsoft Edge CVE-2018-8388 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105025

Microsoft Edge CVE-2018-8383 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105024

SANS News

Microsoft August 2018 Patch Tuesday

Threatpost

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

ThreatList: Financial-Themed Phishing Hooks Targets in Q2

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Google Services Track User Movements In Privacy Faux Pas

Exploint

ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

14.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

SANS News

New Extortion Tricks: Now Including Your (Partial) Phone Number!

Threatpost

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Google Services Track User Movements In Privacy Faux Pas

Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

Exploint

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

13.8.2018

Bugtraq

 

Malware

JS.Cesaletat

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

SANS News

A URL shortener handy for phishers

Threatpost

DEF CON 2018: Voting Hacks Prompt Push Back from Election Officials, Vendors

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks

DEF CON 2018: ‘Man in the Disk’ Attack Surface Affects All Android Phones

Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

Exploint

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Android - Directory Traversal over USB via Injection in blkid Output

PostgreSQL 9.4-0.5.3 - Privilege Escalation

Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow

Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)

PLC Wireless Router GPN2.4P21-C-CN - Denial of Service

Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)

IP Finder 1.5 - Denial of Service (PoC)

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

12.8.2018

Bugtraq

 

Malware

 

Phishing

OFFICE FILE

12th August 2018

INTERNATIONAL MONETARY FUND
AGENCY

Calculation Letter

10th August 2018

P800 (PAYE) taxrevenue
calculations 2016/17 � what to
do.

Vulnerebility

 

SANS News

Peeking into msg files - revisited

Threatpost

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

Exploint

 

10.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/103203

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

SANS News

Hunting SSL/TLS clients using JA3

Threatpost

 

Exploint

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

reSIProcate 1.10.2 - Heap Overflow

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

iSmartViewPro 1.5 - 'Password' Buffer Overflow

MyBB Like Plugin 3.0.0 - Cross-Site Scripting

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting

9.8.2018

Bugtraq

[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

Malware

Trojan.Nibatad

MSH.Dropper

Phishing

 

Vulnerebility

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability
2018-08-08
http://www.securityfocus.com/bid/105046

SANS News

 

Threatpost

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

osTicket 1.10.1 - Arbitrary File Upload

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

reSIProcate 1.10.2 - Heap Overflow

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

Podcast: Black Hat USA 2018 Preview

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

Exploint

osTicket 1.10.1 - Arbitrary File Upload

LG-Ericsson iPECS NMS 30M - Directory Traversal

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

8.8.2018

Bugtraq

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

Malware

 

Phishing

 

Vulnerebility

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104976

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

SANS News

What Do I Need To Know about "SegmentSmack"

Threatpost

Patrick Wardle on Breaking and Bypassing MacOS Firewalls

Threatlist: Manufacturing, a Top Target for Espionage

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Exploint

OpenEMR < 5.0.1 - Remote Code Execution

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

7.8.2018

Bugtraq

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104976

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SANS News

 

Threatpost

Microsoft Adds Direct Trust for Let’s Encrypt

Threatlist: Financial Services Firms Lag in Patching Habits

Exploint

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

OpenEMR < 5.0.1 - Remote Code Execution

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Monstra 3.0.4 - Cross-Site Scripting

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

LAMS < 3.1 - Cross-Site Scripting

Subrion CMS 4.2.1 - Cross-Site Scripting

6.8.2018

Bugtraq

[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

Malware

 

Phishing

Amazon

5th August 2018

Amazon account verification

Service PayPal

4th August 2018

Account Alert

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

SANS Ne

Numeric obfuscation: another example

Threatpost

Top iPhone Supplier Battles WannaCry Infection

Exploint

 

5.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

Malware

Win32/Spy.Buhtrap.L

Phishing

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

Cisco Unified Communications Manager CVE-2018-0411 Cross Site Scripting Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104949

SANS News

My Honeypot is Trendy, My Honeypot is Unpopular

Dealing with numeric obfuscation in malicious scripts

Threatpost

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

Threatlist: SMB Security Challenges Grow with the Cloud

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Exploint

 

3.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

SANS News

 

Threatpost

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Phishing Campaign Steals Money From Industrial Companies

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

 

2.8.2018

Bugtraq

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Intel Puma CVE-2017-5693 Denial of Service Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104941

Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104940

SANS News

DHL-themed malspam reveals embedded malware in animated gif

Threatpost

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)

Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)

Linux/ARM - Reverse (::1:4444/TCP) Shell +IPv6 Shellcode (116 Bytes)

1.8.2018

Bugtraq

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

United Airline

31st July 2018

Your account is locked

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

 

SANS News

Exploiting the Power of Curl

Threatpost

Connected Car Apps Open Privacy Hole For Used Car Owners

HP Offers Up to $10,000 Rewards for Printer Bugs

Facebook Removes 17 Profiles Involved in Political Meddling

ThreatList: Business Email Compromises Way Up for Q2

Complex Malvertising Scheme Impacts Multiple Levels of Web Economy

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

Exploint

 

31.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

Malware

OSX.Calisto

Phishing

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

Linux Kernel Multiple Denial of Service Vulnerabilities
2018-07-27
http://www.securityfocus.com/bid/104917

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

IBM Sterling File Gateway CVE-2018-1398 Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104919

SoftNAS Cloud CVE-2018-14417 OS Command Injection Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104914

IBM Sterling B2B Integrator Multiple Unspecified Cross Site Scripting Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/104910

Linux Kernel 'kernel/time/posix-timers.c' Local Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104909

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Multiple F5 BIG-IP Products CVE-2018-5530 Denial of Service Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104908

SANS News

Exploiting the Power of Curl

Threatpost

DMARC Compliance Lacking in 28 Percent of .Gov Agencies

Jailhouse Tablets Allow Inmates to Steal Thousands of Dollars in Credits

Updated AZORult Spyware Comes with Sophisticated New Techniques

Connected Car Apps Open Privacy Hole For Used Car Owners

Exploint

H2 Database 1.4.197 - Information Disclosure

Charles Proxy 4.2 - Local Privilege Escalation

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

30.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

Malware

 

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

SANS News

Using RITA for Threat Analysis

Threatpost

 

Exploint

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

29.7.2018

Bugtraq

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

[CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26
Core Security Advisories Team (advisories coresecurity com)

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

Hacktool.Phantom

Trojan.Redgamble

Exp.CVE-2018-5008

Exp.CVE-2018-5028

Exp.CVE-2018-5040

Exp.CVE-2018-5061

Exp.CVE-2018-12789

Exp.CVE-2018-8324

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Bank of America

27th July 2018

Update Your Account

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Google Chrome Prior to 68.0.3440.75 Multiple Security Vulnerabilities
2018-07-24
http://www.securityfocus.com/bid/104887

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Apple iOS and macOS Multiple Security Vulnerabilities
2018-07-23
http://www.securityfocus.com/bid/104897

SANS News

Sextortion - Follow the Money

Threatpost

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack

Highly Sophisticated Parasite RAT Emerges on the Dark Web

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

COSCO’s American Operations Hit With Crippling Ransomware Attack

Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist

Skills That a ‘Next-Level’ Pentester Should Have

Exploint

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

SoftNAS Cloud < 4.0.3 - OS Command Injection

Online Trade 1 - Information Disclosure

Skia - Heap Overflow in SkScan::FillPath due to Precision Error

NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)

26.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

SANS News

Windows Batch File Deobfuscation

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Exploint

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

25.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-07-23
http://www.securityfocus.com/bid/104879

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Cell Phone Monitoring. Who is Watching the Watchers?

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Emotet Malware Evolves Beyond Banking to Threat Delivery Service

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Podcast: The Industrial World is Facing a Security Crisis

Exploint

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)

24.7.2018

Bugtraq

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

[SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Malware

BKDR_FLAWEDMMYY.B

BKDR_FLAWEDAMMYY.DLOADR

TROJ_KILLMBR.EE

Trojan.Zombieboy

Phishing

 

Vulnerebility

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

SANS News

Recent Emotet activity

Threatpost

Privacy Questions Raised as Tech Giants Join Forces on Data Portability

 

Privacy Questions Raised as Tech Giants Join Forces on Data Portability


 

Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops

 

Exploint

Microsoft Windows - 'dnslint.exe' Drive-By Download

Windows Speech Recognition - Buffer Overflow

Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Davolink DVW 3200 Router - Password Disclosure

NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

23.7.2018

Bugtraq

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23
Anton Black (ablack atlassian com)

[slackware-security] php (SSA:2018-201-01) 2018-07-20
Slackware Security Team (security slackware com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Malware

 

Phishing

BOA

22nd July 2018

YOUR PAYMENT OF $11.500,000
USD

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

Vulnerebility

 

SANS News

Analyzing MSG files

Threatpost

Facebook Suspends Analytics Firm Over Surveillance Concerns

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

Leaky Backup Spills 157 GB of Automaker Secrets

Facebook Suspends Analytics Firm Over Surveillance Concerns

ThreatList: Supply-Chain Defenses Need Improvement

Exploint

 

22.7.2018

Bugtraq

Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19
Secunia Research (remove-vuln secunia com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19
Secunia Research (remove-vuln secunia com)

Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] httpd (SSA:2018-199-01) 2018-07-18
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4252-1] znc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4251-1] vlc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)

Malware

Downloader.Zacinlo

Phishing

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Reporting Malicious Websites in 2018

Threatpost

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

ThreatList: Sizing Up The Scourge of Credential-Stuffing

Stealthy Malware Hidden in Images Takes to GoogleUserContent

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

GangWang GPS Navigation Attack Leads Unsuspecting Drivers Astray

Exploint

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

19.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Cisco Policy Suite CVE-2018-0376 Access Bypass Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104849

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

SANS News

Request for Packets: Port 15454

Oracle Critical Patch Update Release

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Oracle Sets All-Time Record with July Critical Patch Update

ThreatList: Popular Apps Get Enterprise Blacklisted

Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

LabCorp Investigates a Potential Breach that Could Affect Millions

Oracle Sets All-Time Record with July Critical Patch Update

Exploint

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

HomeMatic Zentrale CCU2 - Remote Code Execution

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

JavaScript Core - Arbitrary Code Execution

18.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17
Justin Bull (me justinbull ca)

Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104655

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104460

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2923 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104843

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2905 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104842

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104841

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104840

Oracle PeopleSoft HRMS CVE-2018-3072 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104839

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104838

Oracle E-Business Suite CVE-2018-2996 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104837

Oracle E-Business Suite CVE-2018-2934 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104836

Oracle E-Business Suite CVE-2018-2997 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104835

Oracle Order Management CVE-2018-2954 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104834

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104833

Oracle PeopleSoft Enterprise HCM Human Resources CVE-2018-3068 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104832

Oracle E-Business Suite CVE-2018-2953 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104831

Oracle Retail Bulk Data Integration CVE-2018-2891 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104829

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104828

Oracle Retail Customer Management and Segmentation Foundation Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104827

Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104826

Oracle MICROS Relate CRM Software CVE-2018-3052 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104825

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104823

Oracle MICROS Retail-J Multiple Remote Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104822

SANS News

Oracle Critical Patch Update Release

Searching for Geographically Improbable Login Attempts

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

Oracle Sets All-Time Record with July Critical Patch Update

Microsoft Bounty Program Offers Payouts for Identity Service Bugs

Smaller Nation State Attacks: A Growing Cyber Menace

Exploint

HomeMatic Zentrale CCU2 - Remote Code Execution

Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)

QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

17.7.2018

Bugtraq

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12
Secunia Research (remove-vuln secunia com)

SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

Malware

Trojan.Peralta

Win32/Emotet.BK

Phishing

Bank of America

13th July 2018

Notice: Your Profile is
Updated !

Vulnerebility

phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95720

phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95721

phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95726

phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95738

phpMyAdmin PMASA-2017-6 Server Side Request Forgery Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95732

Symantec Norton App Lock CVE-2018-5239 Local Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/104693

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

VMware Tools HGFS CVE-2018-6969 Local Information Disclosure Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104737

Eaton 9000X Drive CVE-2018-8847 Stack Based Buffer Overflow Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104736

Oracle July 2018 Critical Patch Update Multiple Vulnerabilities
2018-07-12
http://www.securityfocus.com/bid/104735

F5 BIG-IP APM Client CVE-2018-5529 Local Privilege Escalation Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104730

SANS News

Extracting BTC addresses from emails

Threatpost

DanaBot Trojan Targets Bank Customers In Phishing Scam

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

No Evidence of GandCrab Leveraging SMB Exploit – Yet

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race

DanaBot Trojan Targets Bank Customers In Phishing Scam

Exploint

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

macOS/iOS - JavaScript Injection Bug in OfficeImporter

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

VelotiSmart WiFi B-380 Camera - Directory Traversal

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)

12.7.2018

Bugtraq

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4243-1] cups security update 2018-07-11
Luciano Bello (luciano debian org)

AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11
Slackware Security Team (security slackware com)

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

Malware

Exp.CVE-2018-8125

Exp.CVE-2018-8242

Exp.CVE-2018-8262

Exp.CVE-2018-8274

Exp.CVE-2018-8297

Exp.CVE-2018-8296

Exp.CVE-2018-8291

Exp.CVE-2018-8289

Exp.CVE-2018-8288

Exp.CVE-2018-8275

Exp.CVE-2018-8279

Exp.CVE-2018-8283

Phishing

Microsoft.com Team

11th July 2018

REMINDER: Account closure
alert

Vulnerebility

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

SAP Business Client Unspecified Security Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104436

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/103700

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

Cisco FireSIGHT System Software CVE-2018-0383 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104726

Cisco FireSIGHT System Software CVE-2018-0384 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104725

Cisco Web Security Appliance CVE-2018-0366 Cross Site Scripting Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104724

Cisco StarOS for ASR 5000 Series Routers CVE-2018-0369 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104723

Juniper Junos CVE-2018-0027 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104721

Juniper Junos CVE-2018-0026 Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104720

Juniper Junos CVE-2018-0025 Information Disclosure Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104719

Juniper Junos CVE-2018-0024 Local Privilege Escalation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104718

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

SANS News

Well, Hello Again Peppa!

Threatpost

Fresh Spectre Variants Come to Light

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Chrome Now Features Site Isolation to Defend Against Spectre

Ticketmaster Breach: Just One Part of a Wide-Ranging Campaign

Multiple Bugs Found in QNAP Q’Center Web Console

Deceased Patient Data Being Sold on Dark Web

Exploint

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE...

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Dicoogle PACS 2.5.0 - Directory Traversal

Instagram-Clone Script 2.0 - Cross-Site Scripting

Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

11.7.2018

Bugtraq

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Emotet.BK

Hacktool.Zacinlo

Backdoor.Ophop

Backdoor.Plaintee

Phishing

 

Vulnerebility

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

Adobe Acrobat and Reader CVE-2018-12802 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104704

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104703

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104702

Adobe Acrobat and Reader APSB18-21 Multiple Arbitrary Code Execution Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104701

Adobe Acrobat and Reader APSB18-21 Multiple Heap Buffer Overflow Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104700

Adobe Acrobat and Reader APSB18-21 Multiple Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104699

Adobe Flash Player APSB18-24 Arbiitrary Code Execution and Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104698

Adobe Connect CVE-2018-12804 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104697

Adobe Connect Add-in Installer CVE-2018-12805 DLL Loading Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104696

SAP BusinessObjects Business Intelligence Suite CVE-2018-2431 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104695

Microsoft Windows Kernel CVE-2018-8313 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104670

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104669

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8282 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104668

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104667

Microsoft .NET Framework CVE-2018-8260 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104666

Microsoft .NET Framework CVE-2018-8202 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104665

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104664

Microsoft ASP.NET Core CVE-2018-8171 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104659

Microsoft Web Customization for ADFS CVE-2018-8326 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104656

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104655

Microsoft Edge CVE-2018-8301 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104654

Microsoft Edge CVE-2018-8274 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104653

Microsoft Windows CVE-2018-8314 Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104652

Microsoft Edge CVE-2018-8325 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104651

Microsoft Edge CVE-2018-8324 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104650

Microsoft Windows PowerShell CVE-2018-8327 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104649

Microsoft Windows CVE-2018-8309 Local Denial of Service Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104648

SANS News

Microsoft Patch Tuesday July 2018 (now with Dashboard!)

Threatpost

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Adobe Issues Over 100 Patches for Flash, Acrobat and Reader

Researchers Reveal Workaround for Apple’s USB Restricted Mode

Apple OS Update Lifts Curtain on iPhone USB Restricted Mode

How to Solve the Developer vs. Cybersecurity Team Battle

Exploint

D-Link DIR601 2.02 - Credential Disclosure

Elektronischer Leitz-Ordner 10 - SQL Injection

WolfSight CMS 3.2 - SQL Injection

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote...

7.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

dd progress indicator on Linux

Threatpost

Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining

Google Patches Critical Remote Code Execution Bugs in Android OS

Keeping False Positives in Check

Newsmaker Interview: VDOO CEO Talks Top IoT Threats

Exploint

PolarisOffice 2017 8 - Remote Code Execution

Airties AIR5444TT - Cross-Site Scripting

6.7.2018

Bugtraq

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-07-06
http://www.securityfocus.com/bid/101274

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

SANS News

 

Threatpost

Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear

ThreatList: Biggest Cybercrime Developments in 2018, So Far

Exploint

PolarisOffice 2017 8 - Remote Code Execution

5.7.2018

Bugtraq

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

Malware

 

Phishing

TSB Bank

5th July 2018

We are having problems with
your account

LLOYDS BANK

5th July 2018

Important Notice OR Important
Update

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

SANS News

XPS Metadata

Threatpost

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Exploint

ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Local Root Jailbreak

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection

4.7.2018

Bugtraq

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

Backdoor.Plaintee

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

Mozilla Thunderbird MFSA2018-18 Multiple Information Disclosure Vulnerabilities
2018-07-03
http://www.securityfocus.com/bid/104613

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

SANS News

Progress indication for scripts on Windows

Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Newsmaker Interview: Marten Mickos on the Future of Bug Bounty

Samsung Investigates Claims of Spontaneous Texting of Images to Contacts

More Federal Agencies Wrapped Up in Facebook Data Privacy Probe

Welcome to a New Look for Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Exploint

ShopNx - Arbitrary File Upload

Online Trade - Information Disclosure

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

CMS Made Simple 2.2.5 - Remote Code Execution

ntop-ng < 3.4.180617 - Authentication Bypass

ModSecurity 3.0.0 - Cross-Site Scripting

Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)

openslp 2.0.0 - Double-Free

3.7.2018

Bugtraq

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

 

Phishing

 

Vulnerebility

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

SANS News

 

Threatpost

 

Exploint

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

2.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

SANS News

Hello Peppa! - PHP Scans

Threatpost

 

Exploint

VMware NSX SD-WAN Edge < 3.1.2 - Command Injection

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution...

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

SIPp 3.6 - Local Buffer Overflow (PoC)

Core FTP LE 2.2 - Buffer Overflow (PoC)

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)

30.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

SANS News

XPS samples

Threatpost

Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

Exploint

 

29.6.2018

Bugtraq

 

Malware

Win32/Formbook.AA

Phishing

 

Vulnerebility

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

Atlassian Fisheye and Crucible CVE-2017-16859 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104578

OpenSLP 'slpd_process.c' Double Free Denial of Service Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104576

SANS News

Crypto community target of MacOS malware

New and Improved Cryptominers: Now with 50% less Greed.

Threatpost

Norwegian Agency Dings Facebook, Google For “Unethical” Privacy Tactics

Rewards Points Targeted by Teens in Hack of 500K Accounts

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches

Exploint

Cisco Adaptive Security Appliance - Path Traversal

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

28.6.2018

Bugtraq

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

Malware

Win32/Formbook

Phishing

 

Vulnerebility

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104558

Xen CVE-2018-12893 Local Denial of Service Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104572

Xen CVE-2018-12892 Local Security Bypass Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104571

Xen CVE-2018-12891 Local Denial of Service Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104570

WordPress CVE-2018-12895 Directory Traversal Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104569

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104567

Joomla! Core CVE-2018-12712 Local File Include Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104566

Joomla! Core CVE-2018-12711 Cross Site Scripting Vulnerabilitiy
2018-06-26
http://www.securityfocus.com/bid/104565

Mozilla Firefox MFSA2018-15 Multiple Security Bypass Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104562

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104560

Google Chrome OS Local Privilege Escalation Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104559

Mozilla Firefox CVE-2018-5186 Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104557

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104555

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

SANS News

Silently Profiling Unknown Malware Samples

Threatpost

Ticketmaster Chat Feature Leads to Credit-Card Breach

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

Exploint

Quest KACE Systems Management - Command Injection (Metasploit)

HPE VAN SDN 2.7.18.0503 - Remote Root

Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

hycus CMS 1.0.4 - Authentication Bypass

HongCMS 3.0.0 - SQL Injection

BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)

27.6.2018

Bugtraq

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104560

Google Chrome OS Local Privilege Escalation Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104559

Mozilla Firefox CVE-2018-5186 Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104557

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104555

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

SANS News

 

Threatpost

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Exploint

Liferay Portal < 7.0.4 - Server-Side Request Forgery

PoDoFo 0.9.5 - Buffer Overflow

26.6.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

 

Vulnerebility

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

Linux Kernel 'kernel/trace/trace_events_filter.c' Local Denial of Service Vulnerability
2018-06-24
http://www.securityfocus.com/bid/104544

GNU Binutils CVE-2018-12700 Denial of Service Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104541

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104540

GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104539

SANS News

Analyzing XPS files

Guilty by association

Threatpost

Simple Security Flaws Could Steer Ships Off Course

WannaCry Extortion Fraud Reemerges

Exploint

Liferay Portal < 7.0.4 - Server-Side Request Forgery

PoDoFo 0.9.5 - Buffer Overflow

25.6.2018

Bugtraq

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

Malware

Backdoor.Veilev

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

GNU Binutils CVE-2018-12700 Denial of Service Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104541

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104540

GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104539

GNU libiberty CVE-2018-12697 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104538

Fortinet FortiAnalyzer and FortiManager CVE-2018-1354 Access Bypass Vulnerability
2018-06-22
http://www.securityfocus.com/bid/104537

Fortinet FortiOS CVE-2018-9185 Information Disclosure Vulnerability
2018-06-22
http://www.securityfocus.com/bid/104535

SANS News

 

Threatpost

Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries

DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

Financial Services Sector Rife with Hidden Tunnels

Exploint

Travel Agency 1.1 - 'cid' SQL Injection

WordPress Plugin iThemes Security < 7.0.3 - SQL Injection

Wordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection

Intex Router N-150 - Arbitrary File Upload

Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)

Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

DIGISOL DG-BR4000NG - Cross-Site Scripting

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

23.6.2018

Bugtraq

 

Malware

 

Phishing

Col Patrica D Horoho

23rd June 2018

Good news my dear

 

Account

20th June 2018

[Support] : Your bank account
has been limited !

Vulnerebility

 

SANS News

Creative Hiring From Non-Traditional Places

Threatpost

Fortnite Fraudsters Infest the Web with Fake Apps, Scams

Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries

DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail

Roku TV, Sonos Speaker Devices Open to Takeover

Exploint

 

22.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

OSX.Evilosx

Backdoor.Sagerunex

Phishing

Account

20th June 2018

[Support] : Your bank account
has been limited !

 

AOL

18th June 2018

YOUR AOL EMAIL WILL BE DELETED

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
2018-06-21
http://www.securityfocus.com/bid/104528

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco Unified Communications Manager IM CVE-2018-0363 Cross Site Request Forgery Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104523

SANS News

XPS Attachment Used for Phishing

Are Your Hunting Rules Still Working?

Threatpost

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

Financial Services Sector Rife with Hidden Tunnels

Exploint

phpMyAdmin 4.8.1 - Local File Inclusion

phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)

GreenCMS 2.3.0603 - Information Disclosure

LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)

Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution

21.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco NX-OS Software NX-API CVE-2018-0301 Remote Code Execution Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104512

Symantec Endpoint Protection CVE-2018-5237 Local Privilege Escalation Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104199

Symantec Endpoint Protection CVE-2018-5236 Local Denial of Service Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104198

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

SANS News

 

Threatpost

New Phishing Scam Reels in Netflix Users to TLS-Certified Sites

When It Comes To IoT Security, Liability Is Muddled

Exploint

Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege...

Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

VideoInsight WebClient 5 - SQL Injection

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

20.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities
2018-06-19
http://www.securityfocus.com/bid/104490

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

Secure Phishing: Netflix Phishing Goes TLS

Threatpost

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

When It Comes To IoT Security, Liability Is Muddled

Exploint

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

MaDDash 2.0.2 - Directory Listing

Mirasys DVMS Workstation 5.12.6 - Path Traversal

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

19.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Trojan.Invisimole

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

PowerShell: ScriptBlock Logging... Or Not?

Threatpost

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

Google Home, Chromecast Leak Location Information

macOS QuickLook Feature Leaks Data Despite Encrypted Drive

22K Open, Vulnerable Containers Found Exposed on the Net

Exploint

Microsoft COM for Windows - Privilege Escalation

Redis-cli < 5.0 - Buffer Overflow (PoC)

18.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Exp.CVE-2018-5002

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

SANS News

Malicious JavaScript Targeting Mobile Browsers

Threatpost

 

Exploint

Redatam Web Server < 7 - Directory Traversal

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery

Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery

Redis-cli < 5.0 - Buffer Overflow (PoC)

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Pale Moon Browser < 27.9.3 - Use After Free (PoC)

Nikto 2.1.6 - CSV Injection

17.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

SANS News

Anomaly Detection & Threat Hunting with Anomalize

Encrypted Office Documents

Threatpost

WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little

New Banking Trojan Can Launch Overlay Attacks on Latest Android Versions

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Soroush IM Desktop app 0.15 - Authentication Bypass

15.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104465

Node.js CVE-2018-7164 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104463

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104462

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

SANS News

SMTP Strangeness - Possible C2

Threatpost

Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement

Microsoft Reveals Which Bugs It Won’t Patch

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Joomla Component Ek rishta 2.10 - SQL Injection

Soroush IM Desktop app 0.15 - Authentication Bypass

rtorrent 0.9.6 - Denial of Service

14.6.2018

Bugtraq

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Danabot

Phishing

 

Vulnerebility

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104460

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

SANS News

A Bunch of Compromized Wordpress Sites

Threatpost

Malicious Docker Containers Earn Cryptomining Criminals $90K

Two Bugs in WordPress Tooltipy Plugin Patched

Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist

Exploint

DHCP Client - Command Injection (DynoRoot) (Metasploit)

Joomla Component Ek rishta 2.10 - SQL Injection

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload

MACCMS 10 - Cross-Site Request Forgery (Add User)

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

glibc - 'realpath()' Privilege Escalation (Metasploit)

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

13.6.2018

Bugtraq

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

Malware

TROJ_KILLMBR.EE

Trojan.Ursnif

Exp.CVE-2018-8267

Exp.CVE-2018-8249

Exp.CVE-2018-8248

Exp.CVE-2018-8236

Exp.CVE-2018-8229

Exp.CVE-2018-8210

Exp.CVE-2018-8111

Exp.CVE-2018-8110

Phishing

 

Vulnerebility

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

Microsoft Windows DNSAPI CVE-2018-8225 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104395

Microsoft Windows Desktop Bridge CVE-2018-8214 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104394

Microsoft Windows Wireless Network Profile CVE-2018-8209 Local Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104393

Microsoft Windows Desktop Bridge CVE-2018-8208 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104392

Microsoft Windows CVE-2018-8205 Local Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104391

Microsoft Windows Code Integrity Module CVE-2018-1040 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104389

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8233 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104383

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104382

Microsoft Windows Kernel CVE-2018-8224 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104381

SANS News

From Microtik with Love

Microsoft June 2018 Patch Tuesday

Threatpost

Android Devices With Misconfigured ADB, a Ripe Target for Cryptojacking Malware

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

FBI’s BEC Crackdown Leads To 74 Arrests Globally

Exploint

MACCMS 10 - Cross-Site Request Forgery (Add User)

Canon LBP6030w - Authentication Bypass

Canon LBP7110Cw - Authentication Bypass

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

12.6.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-5000

Exp.CVE-2018-5001

Phishing

 

Vulnerebility

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

SANS News

 

Threatpost

InvisiMole Burrows into Targets with Rich Espionage Tools

Exploint

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

Canon PrintMe EFI - Cross-Site Scripting

OX App Suite 7.8.4 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

11.6.2018

Bugtraq

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4224-1] gnupg security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4220-1] firefox-esr security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08
ch sangsakul gmail com

[SECURITY] [DSA 4223-1] gnupg1 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4222-1] gnupg2 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4221-1] libvncserver security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

Node.js 'Forwarded' Module CVE-2017-16118 Denial of Service Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104427

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Perl CVE-2018-12015 Directory Traversal Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104423

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

SANS News

More malspam pushing Lokibot

Threatpost

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

Creative Spam Thinks Outside the Macro with .IQY Attachments

Google Tackles AI Principles: Is It Enough?

Exploint

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script - 'get_sec.php' SQL Injection

userSpice 4.3.24 - Username Enumeration

userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting

Schools Alert Management Script - Arbitrary File Deletion

Joomla! Component EkRishta 2.10 - 'cid' SQL Injection

Event Manager Admin panel - 'events_new.php' SQL injection

Schools Alert Management Script - SQL Injection

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS

10.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

Malware

 

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

SANS News

Malspam pushing coin miner and other malware

Threatpost

 

Exploint

 

8.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4995

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

SANS News

Automated twitter loot collection

Threatpost

Zero-Day Flash Exploit Targeting Middle East

GDPR: A Compliance Quagmire, for Now

Targeted Spy Campaign Hits Russian Service Centers

Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen

CloudPets May Be Out of Business, But Security Concerns Remain

Baby Cam Creeper Actively Watched New Mom

PageUp Malware Scare Sheds Light On Third-Party Risks

Exploint

 

7.6.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

PageUp Malware Scare Sheds Light On Third-Party Risks

Zip Slip Flaw Affects Thousands of Open-Source Projects

Auth0 Glitch Allows Attackers to Launch Phishing Attacks

Exploint

 

6.6.2018

Bugtraq

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

VBS/TrojanDownloader.Agent.OBQ

Win32/TrojanDownloader.Agent.DWX

Win32/Filecoder.Rapid.A

Win32/Corebot.F

Phishing

 

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104378

Apple iOS and Safari CVE-2018-4247 Remote Denial of Service Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104366

Apple Safari CVE-2018-4205 Address Bar Spoofing Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104358

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

EMC RSA Web Threat Detection CVE-2018-1252 SQL Injection Vulnerability
2018-05-31
http://www.securityfocus.com/bid/104396

Multiple GE MDS PulseNET Products Multiple Security vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104377

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

Drupalgeddon 2.0 Still Haunting 115K+ Sites

Social Media Privacy Dominates Apple iOS 12, macOS Launches

Exploint

 

3.6.2018

Bugtraq

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4191-2] redmine regression update 2018-06-03
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4217-1] wireshark security update 2018-06-03
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4215-1] batik security update 2018-06-02
Sebastien Delafond (seb debian org)

[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)

APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Apple Security Updates

Threatpost

 

Exploint

 

2.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Binary analysis with Radare2

Threatpost

Researchers Warn of Microsoft Zero-Day RCE Bug

Browser Side-Channel Flaw De-Anonymizes Facebook Data

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Exploint

 

1.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104345

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SANS News

Resetting Your Router the Paranoid (=Right) Way

Binary analysis with Radare2

Threatpost

ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS

Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info

Huawei Patches Four Server Bugs Rated High Severity

Exploint

 

31.5.2018

Bugtraq

 

Malware

Exp.CVE-2018-4995

Trojan.Wipeboot

Phishing

 

Vulnerebility

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

SANS News

Resetting Your Router the Paranoid (=Right) Way

Threatpost

Bug In Git Opens Developer Systems Up to Attack

Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans

Yahoo Hacker Sentenced; Coke Opens Up a Can of Data Breach

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Exploint

 

30.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

SANS News

The end of the lock icon

Threatpost

Fraudsters Claim To Hack Two Canadian Banks

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Google Patches reCAPTCHA Bypass

Exploint

 

29.5.2018

Bugtraq

 

Malware

Win32/Agent.TDK

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

SANS News

DNS is Changing. Are you Ready?

Threatpost

Singapore ISP Leaves 1,000 Routers Open to Attack

Exploint

 

28.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

SANS News

Do you hear Laurel or Yanny or is it On-Off Keying?

Threatpost

 

Exploint

 

27.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-4990

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

SANS News

Quick analysis of malware created with NSIS

Threatpost

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

Pet Trackers Open to MITM Attacks, Interception

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

Attackers Cashing In On Cryptocurrency With Increased Scams

Exploint

 

25.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)

Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

SANS News

Antivirus Evasion? Easy as 1,2,3

"Blocked" Does Not Mean "Forget It"

Threatpost

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Amazon Comes Under Fire for Facial Recognition Platform

James Comey: FBI Faces Deep Tech-Related Questions

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Exploint

 

24.5.2018

Bugtraq

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

Multiple BMW Products Multiple Security Vulnerabilities
2018-05-22
http://www.securityfocus.com/bid/104258

SANS News

"Blocked" Does Not Mean "Forget It"

Threatpost

Amazon Comes Under Fire for Facial Recognition Platform

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Exploint

 

23.5.2018

Bugtraq

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Malware

Win32/Agent.YEV

Win32/Filecoder.SynAck.A

Win32/Agent.ZNG

Phishing

 

Vulnerebility

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104239

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/10422

SANS News

 

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

Track naughty and nice binaries with Google Santa

Exploint

 

22.5.2018

Bugtraq

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104232

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104228

OpenDaylight Controller 'SdniDataBase.java' SQL Injection Vulnerability
2018-05-19
http://www.securityfocus.com/bid/104238

ISC BIND CVE-2018-5737 Remote Denial of Service Vulnerability
2018-05-18
http://www.securityfocus.com/bid/104236

SANS News

Malware Distributed via .sylk Files

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

TeenSafe Tracking App Exposes Thousands of Private Records

Exploint

Superfood 1.0 - Multiple Vulnerabilities

21.5.2018

Bugtraq

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

DASAN GPON home routers exploits in-the-wild

Something Wicked this way comes

Threatpost

 

Exploint

Superfood 1.0 - Multiple Vulnerabilities

mySCADA myPRO 7 - Hard-Coded Credentials

Superfood 1.0 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

19.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Targeting UK Bank Customers

Threatpost

Hurdles Remain After Senate Votes To Restore Net Neutrality

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Exploint

mySCADA myPRO 7 - Hard-Coded Credentials

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution

D-Link DSL-3782 - Authentication Bypass

HPE iMC 7.3 - Remote Code Execution (Metasploit)

SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Cisco SA520W Security Appliance - Path Traversal

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

DynoRoot DHCP - Client Command Injection

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

18.5.2018

Bugtraq

MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)

[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco Meeting Server CVE-2018-0280 Denial of Service Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104209

Cisco Enterprise NFV Infrastructure Software CVE-2018-0324 Local Command Injection Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104208

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104207

SANS News

Business Email Compromise incidents

Anatomy of a Redis mining worm

Threatpost

Fake Fortnite Apps for Android Spread Spyware, Cryptominers

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Exploint

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request...

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

17.5.2018

Bugtraq

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco DNA Center Software CVE-2018-0268 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104192

Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104191

Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104164

Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104163

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

SANS News

 

Threatpost

Critical Linux Flaw Opens the Door to Full Root Access

New Cryptominer Distributes XMRig in Aggressive Attacks

Exploint

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

Jenkins CLI - HTTP Java Deserialization (Metasploit)

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat...

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Intelbras NCLOUD 300 1.0 - Authentication bypass

NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

16.5.2018

Bugtraq

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

Malware

 

Phishing

 

Vulnerebility

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Atlassian Application Links CVE-2017-16860 Cross Site Scripting Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104188

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4965 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104176

SANS News

EFAIL, a weakness in openPGP and S\MIME

Threatpost

Phishing Spy Campaign Targets Top Mideast Officials

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Adobe Doles Out Second Round of Higher Priority Patches

EFAIL Opens Up Encrypted Email to Prying Eyes

Exploint

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

WhatsApp 2.18.31 - Memory Corruption

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity...

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting

Rockwell Scada System 27.011 - Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

Libuser - roothelper Privilege Escalation (Metasploit)

15.5.2018

Bugtraq

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Adobe Acrobat and Reader CVE-2018-4950 Arbitrary Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104174

Adobe Acrobat/Reader/Photoshop CC CVE-2018-4946 Remote Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104171

Multiple Products S/MIME CVE-2017-17689 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104165

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Rockwell Automation Arena CVE-2018-8843 Denial of Service Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104166

SANS News

Phishing emails for fake MyEtherWallet login page

Threatpost

GDPR Phishing Scam Targets Apple Accounts, Financial Data

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung Patches Six Critical Bugs in Flagship Handsets

Exploint

XATABoost 1.0.0 - SQL Injection

Monstra CMS 3.0.4 - Remote Code Execution

2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)

14.5.2018

Bugtraq

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

SANS News

Malspam pushing Trickbot malware on Friday 2018-05-11

Threatpost

 

Exploint

 

12.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Vega Stealer Malware Takes Aim at Chrome, Firefox

Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets

Exploint

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution

WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting

11.5.2018

Bugtraq

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com

[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

Malware

Exp.CVE-2018-8137

Exp.CVE-2018-4944

Phishing

 

Vulnerebility

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-10
http://www.securityfocus.com/bid/104143

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
2018-05-09
http://www.securityfocus.com/bid/101964

SANS News

Reversed C2 traffic from China

Threatpost

GandCrab Ransomware Found Hiding on Legitimate Websites

PoS Malware ‘TreasureHunter’ Source Code Leaked

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Exploint

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

10.5.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

Malware

Win64/NukeSped.AQ

Win32/SdbMine.B

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

SANS News

Exfiltrating data from (very) isolated environments

Threatpost

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

May Patch Tuesday Fixes Two Bugs Under Active Attack

Exploint

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

ModbusPal 1.6b - XML External Entity Injection

9.5.2018

Bugtraq

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)