Databáze Hot News -
Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  -
2018  2017  2016  2015  2014  2013 

Databáze - Úvod  Articles  Èlánky  Bugtraq  Malware   Phishing  Vulnerebility  SANS  Mobil Virus  Exploit  Útoky  IDS/IPS  Techniky hackerù  Threatpost  Papers
Poslední aktualizace v 08.10.2016 14:19:38

 


2018


13.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

 

12.8.2018

Bugtraq

 

Malware

 

Phishing

OFFICE FILE 12th August 2018
INTERNATIONAL MONETARY FUND
AGENCY
Calculation Letter 10th August 2018
P800 (PAYE) taxrevenue
calculations 2016/17 � what to
do.

Vulnerebility

 

SANS News

Peeking into msg files - revisited

Threatpost

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

Exploint

 

10.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/103203

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

SANS News

Hunting SSL/TLS clients using JA3

Threatpost

 

Exploint

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

reSIProcate 1.10.2 - Heap Overflow

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

iSmartViewPro 1.5 - 'Password' Buffer Overflow

MyBB Like Plugin 3.0.0 - Cross-Site Scripting

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting

9.8.2018

Bugtraq

[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

Malware

Trojan.Nibatad

MSH.Dropper

Phishing

 

Vulnerebility

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability
2018-08-08
http://www.securityfocus.com/bid/105046

SANS News

 

Threatpost

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

osTicket 1.10.1 - Arbitrary File Upload

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

reSIProcate 1.10.2 - Heap Overflow

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

Podcast: Black Hat USA 2018 Preview

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

Exploint

osTicket 1.10.1 - Arbitrary File Upload

LG-Ericsson iPECS NMS 30M - Directory Traversal

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

8.8.2018

Bugtraq

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

Malware

 

Phishing

 

Vulnerebility

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104976

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

SANS News

What Do I Need To Know about "SegmentSmack"

Threatpost

Patrick Wardle on Breaking and Bypassing MacOS Firewalls

Threatlist: Manufacturing, a Top Target for Espionage

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Exploint

OpenEMR < 5.0.1 - Remote Code Execution

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

7.8.2018

Bugtraq

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104976

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SANS News

 

Threatpost

Microsoft Adds Direct Trust for Let’s Encrypt

Threatlist: Financial Services Firms Lag in Patching Habits

Exploint

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

OpenEMR < 5.0.1 - Remote Code Execution

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Monstra 3.0.4 - Cross-Site Scripting

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

LAMS < 3.1 - Cross-Site Scripting

Subrion CMS 4.2.1 - Cross-Site Scripting

6.8.2018

Bugtraq

[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

Malware

 

Phishing

Amazon

5th August 2018

Amazon account verification

Service PayPal

4th August 2018

Account Alert

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

SANS Ne

Numeric obfuscation: another example

Threatpost

Top iPhone Supplier Battles WannaCry Infection

Exploint

 

5.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

Malware

Win32/Spy.Buhtrap.L

Phishing

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

Cisco Unified Communications Manager CVE-2018-0411 Cross Site Scripting Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104949

SANS News

My Honeypot is Trendy, My Honeypot is Unpopular

Dealing with numeric obfuscation in malicious scripts

Threatpost

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

Threatlist: SMB Security Challenges Grow with the Cloud

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Exploint

 

3.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

SANS News

 

Threatpost

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Phishing Campaign Steals Money From Industrial Companies

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

 

2.8.2018

Bugtraq

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Intel Puma CVE-2017-5693 Denial of Service Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104941

Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104940

SANS News

DHL-themed malspam reveals embedded malware in animated gif

Threatpost

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)

Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)

Linux/ARM - Reverse (::1:4444/TCP) Shell +IPv6 Shellcode (116 Bytes)

1.8.2018

Bugtraq

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

United Airline

31st July 2018

Your account is locked

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

 

SANS News

Exploiting the Power of Curl

Threatpost

Connected Car Apps Open Privacy Hole For Used Car Owners

HP Offers Up to $10,000 Rewards for Printer Bugs

Facebook Removes 17 Profiles Involved in Political Meddling

ThreatList: Business Email Compromises Way Up for Q2

Complex Malvertising Scheme Impacts Multiple Levels of Web Economy

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

Exploint

 

31.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

Malware

OSX.Calisto

Phishing

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

Linux Kernel Multiple Denial of Service Vulnerabilities
2018-07-27
http://www.securityfocus.com/bid/104917

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

IBM Sterling File Gateway CVE-2018-1398 Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104919

SoftNAS Cloud CVE-2018-14417 OS Command Injection Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104914

IBM Sterling B2B Integrator Multiple Unspecified Cross Site Scripting Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/104910

Linux Kernel 'kernel/time/posix-timers.c' Local Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104909

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Multiple F5 BIG-IP Products CVE-2018-5530 Denial of Service Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104908

SANS News

Exploiting the Power of Curl

Threatpost

DMARC Compliance Lacking in 28 Percent of .Gov Agencies

Jailhouse Tablets Allow Inmates to Steal Thousands of Dollars in Credits

Updated AZORult Spyware Comes with Sophisticated New Techniques

Connected Car Apps Open Privacy Hole For Used Car Owners

Exploint

H2 Database 1.4.197 - Information Disclosure

Charles Proxy 4.2 - Local Privilege Escalation

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

30.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

Malware

 

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

SANS News

Using RITA for Threat Analysis

Threatpost

 

Exploint

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

29.7.2018

Bugtraq

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

[CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26
Core Security Advisories Team (advisories coresecurity com)

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

Hacktool.Phantom

Trojan.Redgamble

Exp.CVE-2018-5008

Exp.CVE-2018-5028

Exp.CVE-2018-5040

Exp.CVE-2018-5061

Exp.CVE-2018-12789

Exp.CVE-2018-8324

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Bank of America

27th July 2018

Update Your Account

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Google Chrome Prior to 68.0.3440.75 Multiple Security Vulnerabilities
2018-07-24
http://www.securityfocus.com/bid/104887

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Apple iOS and macOS Multiple Security Vulnerabilities
2018-07-23
http://www.securityfocus.com/bid/104897

SANS News

Sextortion - Follow the Money

Threatpost

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack

Highly Sophisticated Parasite RAT Emerges on the Dark Web

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

COSCO’s American Operations Hit With Crippling Ransomware Attack

Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist

Skills That a ‘Next-Level’ Pentester Should Have

Exploint

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

SoftNAS Cloud < 4.0.3 - OS Command Injection

Online Trade 1 - Information Disclosure

Skia - Heap Overflow in SkScan::FillPath due to Precision Error

NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)

26.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

SANS News

Windows Batch File Deobfuscation

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Exploint

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

25.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-07-23
http://www.securityfocus.com/bid/104879

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Cell Phone Monitoring. Who is Watching the Watchers?

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Emotet Malware Evolves Beyond Banking to Threat Delivery Service

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Podcast: The Industrial World is Facing a Security Crisis

Exploint

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)

24.7.2018

Bugtraq

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

[SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Malware

BKDR_FLAWEDMMYY.B

BKDR_FLAWEDAMMYY.DLOADR

TROJ_KILLMBR.EE

Trojan.Zombieboy

Phishing

 

Vulnerebility

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

SANS News

Recent Emotet activity

Threatpost

Privacy Questions Raised as Tech Giants Join Forces on Data Portability

 

Privacy Questions Raised as Tech Giants Join Forces on Data Portability


 

Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops

 

Exploint

Microsoft Windows - 'dnslint.exe' Drive-By Download

Windows Speech Recognition - Buffer Overflow

Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Davolink DVW 3200 Router - Password Disclosure

NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

23.7.2018

Bugtraq

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23
Anton Black (ablack atlassian com)

[slackware-security] php (SSA:2018-201-01) 2018-07-20
Slackware Security Team (security slackware com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Malware

 

Phishing

BOA

22nd July 2018

YOUR PAYMENT OF $11.500,000
USD

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

Vulnerebility

 

SANS News

Analyzing MSG files

Threatpost

Facebook Suspends Analytics Firm Over Surveillance Concerns

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

Leaky Backup Spills 157 GB of Automaker Secrets

Facebook Suspends Analytics Firm Over Surveillance Concerns

ThreatList: Supply-Chain Defenses Need Improvement

Exploint

 

22.7.2018

Bugtraq

Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19
Secunia Research (remove-vuln secunia com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19
Secunia Research (remove-vuln secunia com)

Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] httpd (SSA:2018-199-01) 2018-07-18
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4252-1] znc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4251-1] vlc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)

Malware

Downloader.Zacinlo

Phishing

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Reporting Malicious Websites in 2018

Threatpost

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

ThreatList: Sizing Up The Scourge of Credential-Stuffing

Stealthy Malware Hidden in Images Takes to GoogleUserContent

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

GangWang GPS Navigation Attack Leads Unsuspecting Drivers Astray

Exploint

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

19.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Cisco Policy Suite CVE-2018-0376 Access Bypass Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104849

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

SANS News

Request for Packets: Port 15454

Oracle Critical Patch Update Release

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Oracle Sets All-Time Record with July Critical Patch Update

ThreatList: Popular Apps Get Enterprise Blacklisted

Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

LabCorp Investigates a Potential Breach that Could Affect Millions

Oracle Sets All-Time Record with July Critical Patch Update

Exploint

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

HomeMatic Zentrale CCU2 - Remote Code Execution

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

JavaScript Core - Arbitrary Code Execution

18.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17
Justin Bull (me justinbull ca)

Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104655

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104460

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2923 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104843

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2905 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104842

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104841

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104840

Oracle PeopleSoft HRMS CVE-2018-3072 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104839

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104838

Oracle E-Business Suite CVE-2018-2996 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104837

Oracle E-Business Suite CVE-2018-2934 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104836

Oracle E-Business Suite CVE-2018-2997 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104835

Oracle Order Management CVE-2018-2954 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104834

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104833

Oracle PeopleSoft Enterprise HCM Human Resources CVE-2018-3068 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104832

Oracle E-Business Suite CVE-2018-2953 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104831

Oracle Retail Bulk Data Integration CVE-2018-2891 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104829

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104828

Oracle Retail Customer Management and Segmentation Foundation Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104827

Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104826

Oracle MICROS Relate CRM Software CVE-2018-3052 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104825

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104823

Oracle MICROS Retail-J Multiple Remote Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104822

SANS News

Oracle Critical Patch Update Release

Searching for Geographically Improbable Login Attempts

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

Oracle Sets All-Time Record with July Critical Patch Update

Microsoft Bounty Program Offers Payouts for Identity Service Bugs

Smaller Nation State Attacks: A Growing Cyber Menace

Exploint

HomeMatic Zentrale CCU2 - Remote Code Execution

Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)

QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

17.7.2018

Bugtraq

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12
Secunia Research (remove-vuln secunia com)

SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

Malware

Trojan.Peralta

Win32/Emotet.BK

Phishing

Bank of America

13th July 2018

Notice: Your Profile is
Updated !

Vulnerebility

phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95720

phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95721

phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95726

phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95738

phpMyAdmin PMASA-2017-6 Server Side Request Forgery Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95732

Symantec Norton App Lock CVE-2018-5239 Local Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/104693

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

VMware Tools HGFS CVE-2018-6969 Local Information Disclosure Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104737

Eaton 9000X Drive CVE-2018-8847 Stack Based Buffer Overflow Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104736

Oracle July 2018 Critical Patch Update Multiple Vulnerabilities
2018-07-12
http://www.securityfocus.com/bid/104735

F5 BIG-IP APM Client CVE-2018-5529 Local Privilege Escalation Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104730

SANS News

Extracting BTC addresses from emails

Threatpost

DanaBot Trojan Targets Bank Customers In Phishing Scam

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

No Evidence of GandCrab Leveraging SMB Exploit – Yet

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race

DanaBot Trojan Targets Bank Customers In Phishing Scam

Exploint

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

macOS/iOS - JavaScript Injection Bug in OfficeImporter

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

VelotiSmart WiFi B-380 Camera - Directory Traversal

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)

12.7.2018

Bugtraq

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4243-1] cups security update 2018-07-11
Luciano Bello (luciano debian org)

AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11
Slackware Security Team (security slackware com)

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

Malware

Exp.CVE-2018-8125

Exp.CVE-2018-8242

Exp.CVE-2018-8262

Exp.CVE-2018-8274

Exp.CVE-2018-8297

Exp.CVE-2018-8296

Exp.CVE-2018-8291

Exp.CVE-2018-8289

Exp.CVE-2018-8288

Exp.CVE-2018-8275

Exp.CVE-2018-8279

Exp.CVE-2018-8283

Phishing

Microsoft.com Team

11th July 2018

REMINDER: Account closure
alert

Vulnerebility

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

SAP Business Client Unspecified Security Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104436

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/103700

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

Cisco FireSIGHT System Software CVE-2018-0383 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104726

Cisco FireSIGHT System Software CVE-2018-0384 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104725

Cisco Web Security Appliance CVE-2018-0366 Cross Site Scripting Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104724

Cisco StarOS for ASR 5000 Series Routers CVE-2018-0369 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104723

Juniper Junos CVE-2018-0027 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104721

Juniper Junos CVE-2018-0026 Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104720

Juniper Junos CVE-2018-0025 Information Disclosure Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104719

Juniper Junos CVE-2018-0024 Local Privilege Escalation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104718

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

SANS News

Well, Hello Again Peppa!

Threatpost

Fresh Spectre Variants Come to Light

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Chrome Now Features Site Isolation to Defend Against Spectre

Ticketmaster Breach: Just One Part of a Wide-Ranging Campaign

Multiple Bugs Found in QNAP Q’Center Web Console

Deceased Patient Data Being Sold on Dark Web

Exploint

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE...

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Dicoogle PACS 2.5.0 - Directory Traversal

Instagram-Clone Script 2.0 - Cross-Site Scripting

Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

11.7.2018

Bugtraq

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Emotet.BK

Hacktool.Zacinlo

Backdoor.Ophop

Backdoor.Plaintee

Phishing

 

Vulnerebility

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

Adobe Acrobat and Reader CVE-2018-12802 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104704

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104703

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104702

Adobe Acrobat and Reader APSB18-21 Multiple Arbitrary Code Execution Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104701

Adobe Acrobat and Reader APSB18-21 Multiple Heap Buffer Overflow Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104700

Adobe Acrobat and Reader APSB18-21 Multiple Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104699

Adobe Flash Player APSB18-24 Arbiitrary Code Execution and Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104698

Adobe Connect CVE-2018-12804 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104697

Adobe Connect Add-in Installer CVE-2018-12805 DLL Loading Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104696

SAP BusinessObjects Business Intelligence Suite CVE-2018-2431 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104695

Microsoft Windows Kernel CVE-2018-8313 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104670

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104669

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8282 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104668

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104667

Microsoft .NET Framework CVE-2018-8260 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104666

Microsoft .NET Framework CVE-2018-8202 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104665

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104664

Microsoft ASP.NET Core CVE-2018-8171 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104659

Microsoft Web Customization for ADFS CVE-2018-8326 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104656

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104655

Microsoft Edge CVE-2018-8301 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104654

Microsoft Edge CVE-2018-8274 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104653

Microsoft Windows CVE-2018-8314 Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104652

Microsoft Edge CVE-2018-8325 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104651

Microsoft Edge CVE-2018-8324 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104650

Microsoft Windows PowerShell CVE-2018-8327 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104649

Microsoft Windows CVE-2018-8309 Local Denial of Service Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104648

SANS News

Microsoft Patch Tuesday July 2018 (now with Dashboard!)

Threatpost

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Adobe Issues Over 100 Patches for Flash, Acrobat and Reader

Researchers Reveal Workaround for Apple’s USB Restricted Mode

Apple OS Update Lifts Curtain on iPhone USB Restricted Mode

How to Solve the Developer vs. Cybersecurity Team Battle

Exploint

D-Link DIR601 2.02 - Credential Disclosure

Elektronischer Leitz-Ordner 10 - SQL Injection

WolfSight CMS 3.2 - SQL Injection

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote...

7.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

dd progress indicator on Linux

Threatpost

Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining

Google Patches Critical Remote Code Execution Bugs in Android OS

Keeping False Positives in Check

Newsmaker Interview: VDOO CEO Talks Top IoT Threats

Exploint

PolarisOffice 2017 8 - Remote Code Execution

Airties AIR5444TT - Cross-Site Scripting

6.7.2018

Bugtraq

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-07-06
http://www.securityfocus.com/bid/101274

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

SANS News

 

Threatpost

Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear

ThreatList: Biggest Cybercrime Developments in 2018, So Far

Exploint

PolarisOffice 2017 8 - Remote Code Execution

5.7.2018

Bugtraq

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

Malware

 

Phishing

TSB Bank

5th July 2018

We are having problems with
your account

LLOYDS BANK

5th July 2018

Important Notice OR Important
Update

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

SANS News

XPS Metadata

Threatpost

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Exploint

ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Local Root Jailbreak

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection

4.7.2018

Bugtraq

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

Backdoor.Plaintee

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

Mozilla Thunderbird MFSA2018-18 Multiple Information Disclosure Vulnerabilities
2018-07-03
http://www.securityfocus.com/bid/104613

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

SANS News

Progress indication for scripts on Windows

Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Newsmaker Interview: Marten Mickos on the Future of Bug Bounty

Samsung Investigates Claims of Spontaneous Texting of Images to Contacts

More Federal Agencies Wrapped Up in Facebook Data Privacy Probe

Welcome to a New Look for Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Exploint

ShopNx - Arbitrary File Upload

Online Trade - Information Disclosure

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

CMS Made Simple 2.2.5 - Remote Code Execution

ntop-ng < 3.4.180617 - Authentication Bypass

ModSecurity 3.0.0 - Cross-Site Scripting

Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)

openslp 2.0.0 - Double-Free

3.7.2018

Bugtraq

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

 

Phishing

 

Vulnerebility

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

SANS News

 

Threatpost

 

Exploint

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

2.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

SANS News

Hello Peppa! - PHP Scans

Threatpost

 

Exploint

VMware NSX SD-WAN Edge < 3.1.2 - Command Injection

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution...

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

SIPp 3.6 - Local Buffer Overflow (PoC)

Core FTP LE 2.2 - Buffer Overflow (PoC)

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)

30.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

SANS News

XPS samples

Threatpost

Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

Exploint

 

29.6.2018

Bugtraq

 

Malware

Win32/Formbook.AA

Phishing

 

Vulnerebility

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

Atlassian Fisheye and Crucible CVE-2017-16859 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104578

OpenSLP 'slpd_process.c' Double Free Denial of Service Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104576

SANS News

Crypto community target of MacOS malware

New and Improved Cryptominers: Now with 50% less Greed.

Threatpost

Norwegian Agency Dings Facebook, Google For “Unethical” Privacy Tactics

Rewards Points Targeted by Teens in Hack of 500K Accounts

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches

Exploint

Cisco Adaptive Security Appliance - Path Traversal

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

28.6.2018

Bugtraq

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

Malware

Win32/Formbook

Phishing

 

Vulnerebility

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104558

Xen CVE-2018-12893 Local Denial of Service Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104572

Xen CVE-2018-12892 Local Security Bypass Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104571

Xen CVE-2018-12891 Local Denial of Service Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104570

WordPress CVE-2018-12895 Directory Traversal Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104569

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104567

Joomla! Core CVE-2018-12712 Local File Include Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104566

Joomla! Core CVE-2018-12711 Cross Site Scripting Vulnerabilitiy
2018-06-26
http://www.securityfocus.com/bid/104565

Mozilla Firefox MFSA2018-15 Multiple Security Bypass Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104562

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104560

Google Chrome OS Local Privilege Escalation Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104559

Mozilla Firefox CVE-2018-5186 Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104557

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104555

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

SANS News

Silently Profiling Unknown Malware Samples

Threatpost

Ticketmaster Chat Feature Leads to Credit-Card Breach

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case

Exploint

Quest KACE Systems Management - Command Injection (Metasploit)

HPE VAN SDN 2.7.18.0503 - Remote Root

Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

hycus CMS 1.0.4 - Authentication Bypass

HongCMS 3.0.0 - SQL Injection

BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)

27.6.2018

Bugtraq

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-06-27
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104560

Google Chrome OS Local Privilege Escalation Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104559

Mozilla Firefox CVE-2018-5186 Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104557

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-06-26
http://www.securityfocus.com/bid/104555

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

SANS News

 

Threatpost

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Exploint

Liferay Portal < 7.0.4 - Server-Side Request Forgery

PoDoFo 0.9.5 - Buffer Overflow

26.6.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

 

Vulnerebility

SSSD CVE-2018-10852 Local Information Disclosure Vulnerability
2018-06-26
http://www.securityfocus.com/bid/104547

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

Linux Kernel 'kernel/trace/trace_events_filter.c' Local Denial of Service Vulnerability
2018-06-24
http://www.securityfocus.com/bid/104544

GNU Binutils CVE-2018-12700 Denial of Service Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104541

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104540

GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104539

SANS News

Analyzing XPS files

Guilty by association

Threatpost

Simple Security Flaws Could Steer Ships Off Course

WannaCry Extortion Fraud Reemerges

Exploint

Liferay Portal < 7.0.4 - Server-Side Request Forgery

PoDoFo 0.9.5 - Buffer Overflow

25.6.2018

Bugtraq

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

Malware

Backdoor.Veilev

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-25
http://www.securityfocus.com/bid/104460

GNU Binutils CVE-2018-12700 Denial of Service Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104541

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104540

GNU libiberty CVE-2018-12698 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104539

GNU libiberty CVE-2018-12697 Memory Corruption Vulnerability
2018-06-23
http://www.securityfocus.com/bid/104538

Fortinet FortiAnalyzer and FortiManager CVE-2018-1354 Access Bypass Vulnerability
2018-06-22
http://www.securityfocus.com/bid/104537

Fortinet FortiOS CVE-2018-9185 Information Disclosure Vulnerability
2018-06-22
http://www.securityfocus.com/bid/104535

SANS News

 

Threatpost

Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries

DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

Financial Services Sector Rife with Hidden Tunnels

Exploint

Travel Agency 1.1 - 'cid' SQL Injection

WordPress Plugin iThemes Security < 7.0.3 - SQL Injection

Wordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection

Intex Router N-150 - Arbitrary File Upload

Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)

Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

DIGISOL DG-BR4000NG - Cross-Site Scripting

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

23.6.2018

Bugtraq

 

Malware

 

Phishing

Col Patrica D Horoho

23rd June 2018

Good news my dear

 

Account

20th June 2018

[Support] : Your bank account
has been limited !

Vulnerebility

 

SANS News

Creative Hiring From Non-Traditional Places

Threatpost

Fortnite Fraudsters Infest the Web with Fake Apps, Scams

Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries

DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail

Roku TV, Sonos Speaker Devices Open to Takeover

Exploint

 

22.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

OSX.Evilosx

Backdoor.Sagerunex

Phishing

Account

20th June 2018

[Support] : Your bank account
has been limited !

 

AOL

18th June 2018

YOUR AOL EMAIL WILL BE DELETED

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
2018-06-21
http://www.securityfocus.com/bid/104528

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco Unified Communications Manager IM CVE-2018-0363 Cross Site Request Forgery Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104523

SANS News

XPS Attachment Used for Phishing

Are Your Hunting Rules Still Working?

Threatpost

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

Financial Services Sector Rife with Hidden Tunnels

Exploint

phpMyAdmin 4.8.1 - Local File Inclusion

phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)

GreenCMS 2.3.0603 - Information Disclosure

LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)

Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution

21.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco NX-OS Software NX-API CVE-2018-0301 Remote Code Execution Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104512

Symantec Endpoint Protection CVE-2018-5237 Local Privilege Escalation Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104199

Symantec Endpoint Protection CVE-2018-5236 Local Denial of Service Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104198

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

SANS News

 

Threatpost

New Phishing Scam Reels in Netflix Users to TLS-Certified Sites

When It Comes To IoT Security, Liability Is Muddled

Exploint

Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege...

Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

VideoInsight WebClient 5 - SQL Injection

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

20.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities
2018-06-19
http://www.securityfocus.com/bid/104490

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

Secure Phishing: Netflix Phishing Goes TLS

Threatpost

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

When It Comes To IoT Security, Liability Is Muddled

Exploint

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

MaDDash 2.0.2 - Directory Listing

Mirasys DVMS Workstation 5.12.6 - Path Traversal

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

19.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Trojan.Invisimole

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

PowerShell: ScriptBlock Logging... Or Not?

Threatpost

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

Google Home, Chromecast Leak Location Information

macOS QuickLook Feature Leaks Data Despite Encrypted Drive

22K Open, Vulnerable Containers Found Exposed on the Net

Exploint

Microsoft COM for Windows - Privilege Escalation

Redis-cli < 5.0 - Buffer Overflow (PoC)

18.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Exp.CVE-2018-5002

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

SANS News

Malicious JavaScript Targeting Mobile Browsers

Threatpost

 

Exploint

Redatam Web Server < 7 - Directory Traversal

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery

Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery

Redis-cli < 5.0 - Buffer Overflow (PoC)

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Pale Moon Browser < 27.9.3 - Use After Free (PoC)

Nikto 2.1.6 - CSV Injection

17.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

SANS News

Anomaly Detection & Threat Hunting with Anomalize

Encrypted Office Documents

Threatpost

WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little

New Banking Trojan Can Launch Overlay Attacks on Latest Android Versions

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Soroush IM Desktop app 0.15 - Authentication Bypass

15.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104465

Node.js CVE-2018-7164 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104463

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104462

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

SANS News

SMTP Strangeness - Possible C2

Threatpost

Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement

Microsoft Reveals Which Bugs It Won’t Patch

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Joomla Component Ek rishta 2.10 - SQL Injection

Soroush IM Desktop app 0.15 - Authentication Bypass

rtorrent 0.9.6 - Denial of Service

14.6.2018

Bugtraq

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Danabot

Phishing

 

Vulnerebility

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104460

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

SANS News

A Bunch of Compromized Wordpress Sites

Threatpost

Malicious Docker Containers Earn Cryptomining Criminals $90K

Two Bugs in WordPress Tooltipy Plugin Patched

Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist

Exploint

DHCP Client - Command Injection (DynoRoot) (Metasploit)

Joomla Component Ek rishta 2.10 - SQL Injection

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload

MACCMS 10 - Cross-Site Request Forgery (Add User)

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

glibc - 'realpath()' Privilege Escalation (Metasploit)

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

13.6.2018

Bugtraq

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

Malware

TROJ_KILLMBR.EE

Trojan.Ursnif

Exp.CVE-2018-8267

Exp.CVE-2018-8249

Exp.CVE-2018-8248

Exp.CVE-2018-8236

Exp.CVE-2018-8229

Exp.CVE-2018-8210

Exp.CVE-2018-8111

Exp.CVE-2018-8110

Phishing

 

Vulnerebility

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

Microsoft Windows DNSAPI CVE-2018-8225 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104395

Microsoft Windows Desktop Bridge CVE-2018-8214 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104394

Microsoft Windows Wireless Network Profile CVE-2018-8209 Local Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104393

Microsoft Windows Desktop Bridge CVE-2018-8208 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104392

Microsoft Windows CVE-2018-8205 Local Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104391

Microsoft Windows Code Integrity Module CVE-2018-1040 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104389

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8233 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104383

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104382

Microsoft Windows Kernel CVE-2018-8224 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104381

SANS News

From Microtik with Love

Microsoft June 2018 Patch Tuesday

Threatpost

Android Devices With Misconfigured ADB, a Ripe Target for Cryptojacking Malware

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

FBI’s BEC Crackdown Leads To 74 Arrests Globally

Exploint

MACCMS 10 - Cross-Site Request Forgery (Add User)

Canon LBP6030w - Authentication Bypass

Canon LBP7110Cw - Authentication Bypass

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

12.6.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-5000

Exp.CVE-2018-5001

Phishing

 

Vulnerebility

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

SANS News

 

Threatpost

InvisiMole Burrows into Targets with Rich Espionage Tools

Exploint

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

Canon PrintMe EFI - Cross-Site Scripting

OX App Suite 7.8.4 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

11.6.2018

Bugtraq

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4224-1] gnupg security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4220-1] firefox-esr security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08
ch sangsakul gmail com

[SECURITY] [DSA 4223-1] gnupg1 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4222-1] gnupg2 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4221-1] libvncserver security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

Node.js 'Forwarded' Module CVE-2017-16118 Denial of Service Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104427

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Perl CVE-2018-12015 Directory Traversal Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104423

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

SANS News

More malspam pushing Lokibot

Threatpost

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

Creative Spam Thinks Outside the Macro with .IQY Attachments

Google Tackles AI Principles: Is It Enough?

Exploint

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script - 'get_sec.php' SQL Injection

userSpice 4.3.24 - Username Enumeration

userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting

Schools Alert Management Script - Arbitrary File Deletion

Joomla! Component EkRishta 2.10 - 'cid' SQL Injection

Event Manager Admin panel - 'events_new.php' SQL injection

Schools Alert Management Script - SQL Injection

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS

10.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

Malware

 

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

SANS News

Malspam pushing coin miner and other malware

Threatpost

 

Exploint

 

8.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4995

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

SANS News

Automated twitter loot collection

Threatpost

Zero-Day Flash Exploit Targeting Middle East

GDPR: A Compliance Quagmire, for Now

Targeted Spy Campaign Hits Russian Service Centers

Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen

CloudPets May Be Out of Business, But Security Concerns Remain

Baby Cam Creeper Actively Watched New Mom

PageUp Malware Scare Sheds Light On Third-Party Risks

Exploint

 

7.6.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

PageUp Malware Scare Sheds Light On Third-Party Risks

Zip Slip Flaw Affects Thousands of Open-Source Projects

Auth0 Glitch Allows Attackers to Launch Phishing Attacks

Exploint

 

6.6.2018

Bugtraq

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

VBS/TrojanDownloader.Agent.OBQ

Win32/TrojanDownloader.Agent.DWX

Win32/Filecoder.Rapid.A

Win32/Corebot.F

Phishing

 

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104378

Apple iOS and Safari CVE-2018-4247 Remote Denial of Service Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104366

Apple Safari CVE-2018-4205 Address Bar Spoofing Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104358

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

EMC RSA Web Threat Detection CVE-2018-1252 SQL Injection Vulnerability
2018-05-31
http://www.securityfocus.com/bid/104396

Multiple GE MDS PulseNET Products Multiple Security vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104377

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

Drupalgeddon 2.0 Still Haunting 115K+ Sites

Social Media Privacy Dominates Apple iOS 12, macOS Launches

Exploint

 

3.6.2018

Bugtraq

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4191-2] redmine regression update 2018-06-03
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4217-1] wireshark security update 2018-06-03
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4215-1] batik security update 2018-06-02
Sebastien Delafond (seb debian org)

[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)

APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Apple Security Updates

Threatpost

 

Exploint

 

2.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Binary analysis with Radare2

Threatpost

Researchers Warn of Microsoft Zero-Day RCE Bug

Browser Side-Channel Flaw De-Anonymizes Facebook Data

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Exploint

 

1.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104345

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SANS News

Resetting Your Router the Paranoid (=Right) Way

Binary analysis with Radare2

Threatpost

ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS

Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info

Huawei Patches Four Server Bugs Rated High Severity

Exploint

 

31.5.2018

Bugtraq

 

Malware

Exp.CVE-2018-4995

Trojan.Wipeboot

Phishing

 

Vulnerebility

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

SANS News

Resetting Your Router the Paranoid (=Right) Way

Threatpost

Bug In Git Opens Developer Systems Up to Attack

Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans

Yahoo Hacker Sentenced; Coke Opens Up a Can of Data Breach

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Exploint

 

30.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

SANS News

The end of the lock icon

Threatpost

Fraudsters Claim To Hack Two Canadian Banks

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Google Patches reCAPTCHA Bypass

Exploint

 

29.5.2018

Bugtraq

 

Malware

Win32/Agent.TDK

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

SANS News

DNS is Changing. Are you Ready?

Threatpost

Singapore ISP Leaves 1,000 Routers Open to Attack

Exploint

 

28.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

SANS News

Do you hear Laurel or Yanny or is it On-Off Keying?

Threatpost

 

Exploint

 

27.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-4990

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

SANS News

Quick analysis of malware created with NSIS

Threatpost

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

Pet Trackers Open to MITM Attacks, Interception

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

Attackers Cashing In On Cryptocurrency With Increased Scams

Exploint

 

25.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)

Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

SANS News

Antivirus Evasion? Easy as 1,2,3

"Blocked" Does Not Mean "Forget It"

Threatpost

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Amazon Comes Under Fire for Facial Recognition Platform

James Comey: FBI Faces Deep Tech-Related Questions

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Exploint

 

24.5.2018

Bugtraq

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

Multiple BMW Products Multiple Security Vulnerabilities
2018-05-22
http://www.securityfocus.com/bid/104258

SANS News

"Blocked" Does Not Mean "Forget It"

Threatpost

Amazon Comes Under Fire for Facial Recognition Platform

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Exploint

 

23.5.2018

Bugtraq

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Malware

Win32/Agent.YEV

Win32/Filecoder.SynAck.A

Win32/Agent.ZNG

Phishing

 

Vulnerebility

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104239

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/10422

SANS News

 

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

Track naughty and nice binaries with Google Santa

Exploint

 

22.5.2018

Bugtraq

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104232

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104228

OpenDaylight Controller 'SdniDataBase.java' SQL Injection Vulnerability
2018-05-19
http://www.securityfocus.com/bid/104238

ISC BIND CVE-2018-5737 Remote Denial of Service Vulnerability
2018-05-18
http://www.securityfocus.com/bid/104236

SANS News

Malware Distributed via .sylk Files

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

TeenSafe Tracking App Exposes Thousands of Private Records

Exploint

Superfood 1.0 - Multiple Vulnerabilities

21.5.2018

Bugtraq

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

DASAN GPON home routers exploits in-the-wild

Something Wicked this way comes

Threatpost

 

Exploint

Superfood 1.0 - Multiple Vulnerabilities

mySCADA myPRO 7 - Hard-Coded Credentials

Superfood 1.0 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

19.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Targeting UK Bank Customers

Threatpost

Hurdles Remain After Senate Votes To Restore Net Neutrality

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Exploint

mySCADA myPRO 7 - Hard-Coded Credentials

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution

D-Link DSL-3782 - Authentication Bypass

HPE iMC 7.3 - Remote Code Execution (Metasploit)

SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Cisco SA520W Security Appliance - Path Traversal

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

DynoRoot DHCP - Client Command Injection

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

18.5.2018

Bugtraq

MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)

[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco Meeting Server CVE-2018-0280 Denial of Service Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104209

Cisco Enterprise NFV Infrastructure Software CVE-2018-0324 Local Command Injection Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104208

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104207

SANS News

Business Email Compromise incidents

Anatomy of a Redis mining worm

Threatpost

Fake Fortnite Apps for Android Spread Spyware, Cryptominers

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Exploint

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request...

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

17.5.2018

Bugtraq

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco DNA Center Software CVE-2018-0268 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104192

Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104191

Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104164

Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104163

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

SANS News

 

Threatpost

Critical Linux Flaw Opens the Door to Full Root Access

New Cryptominer Distributes XMRig in Aggressive Attacks

Exploint

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

Jenkins CLI - HTTP Java Deserialization (Metasploit)

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat...

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Intelbras NCLOUD 300 1.0 - Authentication bypass

NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

16.5.2018

Bugtraq

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

Malware

 

Phishing

 

Vulnerebility

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Atlassian Application Links CVE-2017-16860 Cross Site Scripting Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104188

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4965 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104176

SANS News

EFAIL, a weakness in openPGP and S\MIME

Threatpost

Phishing Spy Campaign Targets Top Mideast Officials

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Adobe Doles Out Second Round of Higher Priority Patches

EFAIL Opens Up Encrypted Email to Prying Eyes

Exploint

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

WhatsApp 2.18.31 - Memory Corruption

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity...

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting

Rockwell Scada System 27.011 - Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

Libuser - roothelper Privilege Escalation (Metasploit)

15.5.2018

Bugtraq

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Adobe Acrobat and Reader CVE-2018-4950 Arbitrary Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104174

Adobe Acrobat/Reader/Photoshop CC CVE-2018-4946 Remote Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104171

Multiple Products S/MIME CVE-2017-17689 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104165

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Rockwell Automation Arena CVE-2018-8843 Denial of Service Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104166

SANS News

Phishing emails for fake MyEtherWallet login page

Threatpost

GDPR Phishing Scam Targets Apple Accounts, Financial Data

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung Patches Six Critical Bugs in Flagship Handsets

Exploint

XATABoost 1.0.0 - SQL Injection

Monstra CMS 3.0.4 - Remote Code Execution

2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)

14.5.2018

Bugtraq

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

SANS News

Malspam pushing Trickbot malware on Friday 2018-05-11

Threatpost

 

Exploint

 

12.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Vega Stealer Malware Takes Aim at Chrome, Firefox

Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets

Exploint

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution

WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting

11.5.2018

Bugtraq

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com

[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

Malware

Exp.CVE-2018-8137

Exp.CVE-2018-4944

Phishing

 

Vulnerebility

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-10
http://www.securityfocus.com/bid/104143

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
2018-05-09
http://www.securityfocus.com/bid/101964

SANS News

Reversed C2 traffic from China

Threatpost

GandCrab Ransomware Found Hiding on Legitimate Websites

PoS Malware ‘TreasureHunter’ Source Code Leaked

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Exploint

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

10.5.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

Malware

Win64/NukeSped.AQ

Win32/SdbMine.B

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

SANS News

Exfiltrating data from (very) isolated environments

Threatpost

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

May Patch Tuesday Fixes Two Bugs Under Active Attack

Exploint

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

ModbusPal 1.6b - XML External Entity Injection

9.5.2018

Bugtraq

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4196-1] linux security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08
FreeBSD Security Advisories (security-advisories freebsd org)

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

CANADIAN JOB VACANCY!!! 2018-05-06
SUNCOR ENERGY (info suncor-recruitments com)

Malware

Exp.CVE-2018-0953

Exp.CVE-2018-8114

Exp.CVE-2018-8122

Exp.CVE-2018-8133

Exp.CVE-2018-8123

Exp.CVE-2018-8147

Exp.CVE-2018-8148

Exp.CVE-2018-0946

Exp.CVE-2018-0951

Exp.CVE-2018-8174

Exp.CVE-2018-8157

Exp.CVE-2018-8158

Exp.CVE-2018-8179

Exp.CVE-2018-0955

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-09
http://www.securityfocus.com/bid/104071

Apple iOS and macOS Multiple Security Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/103957

Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/102095

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/103998

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Microsoft ChakraCore Scripting Engine CVE-2018-8177 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104090

Microsoft Windows Kernel CVE-2018-8141 Local Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104078

Microsoft Edge CVE-2018-8179 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104077

Microsoft Internet Explorer and Edge CVE-2018-8178 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104076

Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104072

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104070

Microsoft InfoPath CVE-2018-8173 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104069

Microsoft Windows Kernel Image CVE-2018-8170 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104068

Microsoft SharePoint Server CVE-2018-8168 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104067

Microsoft Windows Device Guard CVE-2018-8132 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104066

Microsoft Windows Device Guard CVE-2018-8129 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104065

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104064

Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104063

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8166 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104062

Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104060

Microsoft Excel CVE-2018-8163 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104059

Microsoft Excel CVE-2018-8162 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104058

Microsoft Exchange Server CVE-2018-8159 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104056

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104054

Microsoft Excel CVE-2018-8148 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104053

Microsoft Office CVE-2018-8161 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104052

Microsoft Outlook CVE-2018-8160 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104051

Microsoft Office CVE-2018-8158 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104049

SANS News

Nice Phishing Sample Delivering Trickbot

Threatpost

Georgia Governor Vetoes Controversial Hack-Back Bill

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

Exploint

Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes)

GNU wget - Cookie Injection

2345 Security Guard 3.7 - Denial of Service

8.5.2018

Bugtraq

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

JS.Facexworm

Phishing

 

Vulnerebility

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

SANS News

Adding Persistence Via Scheduled Tasks

Threatpost

Adobe Patches Critical Bugs In Flash Player, Creative Cloud

“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach

FBI: Cyber-Fraud Losses Rise to Reach $1.4B

Exploint

FTPShell Client 6.7 - Buffer Overflow

PlaySMS 1.4 - sendfromfile.php Authenticated "Filename" Field Code Execution (Metasploit)

PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)

Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)

7.5.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability
2018-05-05
http://www.securityfocus.com/bid/102516

Apple Swift CVE-2018-4220 Arbitrary Code Execution Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104085

SANS News

Scans Attempting to use PowerShell to Download PHP Script

Adding Persistence Via Scheduled Tasks

Threatpost

Romanian Hackers Extradited to U.S. over $18M Vishing Scam

Variant of SynAck Malware Adopts Doppelgänging Technique

Asylo Open-Source Framework Tackles TEEs for Cloud

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Exploint

WordPress Plugin User Role Editor < 4.25 - Privilege Escalation

CSP MySQL User Manager 2.3.1 - Authentication Bypass

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)

HWiNFO 5.82-3410 - Denial of Service

6.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104084

Cisco Prime Service Catalog CVE-2018-0285 Denial of Service Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104082

SANS News

Vulnerabilities on the Rise?

Threatpost

Report: Intel Facing New Spectre-Like Security Flaws

Pr0nbot is Back – and Evading Twitter Censors

Exploint

Google Chrome V8 - Object Allocation Size Integer Overflow

Windows WMI - Recieve Notification Exploit (Metasploit)

IceWarp Mail Server < 11.1.1 - Directory Traversal

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting

4.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03
SEC Consult Vulnerability Lab (research sec-consult com)

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

Malware

Win32/SdbMine.A

Win32/SdbMine.C

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

WebLogic Exploited in the Wild (Again)

Threatpost

MassMiner Takes a Kitchen-Sink Approach to Cryptomining

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Exploint

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

3.5.2018

Bugtraq

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

[SECURITY] [DSA 4189-1] quassel security update 2018-05-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

Malware

Win32/Delf.BFP

Win32/Qadars.AZ

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

 

Threatpost

Facebook Introduces ‘Clear History’ Option Amid Data Scandal

Schneider Electric Patches Critical RCE Vulnerability

Exploint

Windows - Local Privilege Escalation

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)

Exim < 4.90.1 - 'base64d' Remote Code Execution

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)

xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery

Adobe Reader PDF - Client Side Request Injection

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

LibreOffice/Open Office - '.odt' Information Disclosure

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free

Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free

2.5.2018

Bugtraq

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Windows Commands Reference - An InfoSec Must Have

Threatpost

Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software

Millions of Home Fiber Routers Vulnerable to Complete Takeover

Volkswagen Cars Open To Remote Hacking, Researchers Warn

Exploint

WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent...

1.5.2018

Bugtraq

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Diving into a Simple Maldoc Generator

Threatpost

USB Sticks Can Trigger BSOD – Even on a Locked Device

Tens of Thousands of Malicious Apps Using Facebook APIs

Exploint

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site...

30.4.2018

Bugtraq

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)

[SECURITY] [DSA 4183-1] tor security update 2018-04-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4186-1] gunicorn security update 2018-04-28
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-04-30
http://www.securityfocus.com/bid/103432

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-30
http://www.securityfocus.com/bid/99263

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102378

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103872

Oracle Java SE CVE-2018-2790 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103877

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103868

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103841

Oracle Java SE and JRockit CVE-2018-2794 Local Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103817

Oracle Java SE CVE-2018-2814 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103798

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103847

Symantec Norton Core CVE-2018-5234 Local Command Injection Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103955

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-04-29
http://www.securityfocus.com/bid/104020

SANS News

Another approach to webapplication fingerprinting

Threatpost

Updated GravityRAT Malware Adds Advanced AV Detection

Twitter Sold Data To Cambridge Analytica-Linked Company

Exploint

macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership...

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG...

Navicat < 12.0.27 - Oracle Connection Overflow

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote...

Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root

WordPress Plugin Form Maker 1.12.20 - CSV Injection

29.4.2018

Bugtraq

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-27
http://www.securityfocus.com/bid/104003

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103825

SANS News

Microsoft Security Update for Spectre V2

Threatpost

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies

Uber Tightens Bug Bounty Extortion Policies

ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks

Exploint

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote...

27.4.2018

Bugtraq

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-27
http://www.securityfocus.com/bid/104003

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103828

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2784 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103801

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2782 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103799

Oracle MySQL Server CVE-2018-2787 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103804

Oracle MySQL Server CVE-2018-2805 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103831

Oracle MySQL Server CVE-2018-2766 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103805

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2758 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103802

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Delta Electronics PMSoft CVE-2018-8839 Multiple Stack Based Buffer Overflow Vulnerabilities
2018-04-26
http://www.securityfocus.com/bid/104013

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal JSON API Module Cross Site Request Forgery Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104004

Xen XSA-258 Information Disclosure Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104002

Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104001

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

GNU Binutils CVE-2018-10372 Remote Buffer Overflow Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103976

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

SANS News

More Threat Hunting with User Agent and Drupal Exploits

Threatpost

Microsoft Issues More Spectre Updates For Intel CPUs

Rubella Crimeware Kit: Cheap, Easy and Gaining Traction

Metamorfo Targets Brazilian Users with Banking Trojans

Exploint

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot

GitList 0.6 - Unauthenticated Remote Code Execution

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)

26.4.2018

Bugtraq

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Multiple Intel 2G Modem Products CVE-2018-3624 Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103968

Vecna VGo Robot ICSA-18-114-01 Information Disclosure and OS Command Execution Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103966

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_inode_buf.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103960

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Yet Another Drupal RCE Vulnerability

Threatpost

Western Digital My Cloud EX2 NAS Device Leaks Files

Metamorfo Targets Brazilian Users with Banking Trojans

Europol Smacks Down World’s Largest DDoS-for-Hire Market

Exploint

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting

SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command...

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)

Chrome V8 JIT - Arrow Function Scope Fixing Bug

Chrome V8 JIT - 'AwaitedPromise' Update Bug

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

Adobe Flash - Out-of-Bounds Write in blur Filtering

Adobe Flash - Info Leak in Image Inflation

Adobe Flash - Overflow in Slab Rendering

Adobe Flash - Overflow when Playing Sound

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting

HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection

HRSALE The Ultimate HRM v1.0.2 - CSV Injection

Blog Master Pro v1.0 - CSV Injection

Shopy Point of Sale v1.0 - CSV Injection

25.4.2018

Bugtraq

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Malicious Network Traffic From /bin/bash

Threatpost

Exploit Targets Nvidia Tegra-Based Nintendo Systems

Orangeworm Mounts Espionage Campaign Against Healthcare

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

Exploint

 

24.4.2018

Bugtraq

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

SANS News

 

Threatpost

 

Exploint

 

23.4.2018

Bugtraq

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

Malware

 

Phishing

 

Vulnerebility

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

SANS News

New IE 0-day in the wild

Threatpost

 

Exploint

 

22.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

A malicious word document with a VBA form - video

Threatpost

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Exploint

 

20.4.2018

Bugtraq

Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

SANS News

Malspam pushing ransomware using two layers of password protection to avoid detection

Threatpost

Cloud Credentials: New Attack Surface for Old Problem

Use of ‘StegWare’ Increases in Stealth Malware Attacks

iOS Sync Glitch Lets Attackers Control Devices

Gold Galleon Hacking Group Plunders Shipping Industry

Exploint

 

19.4.2018

Bugtraq

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Agent.OBS

Win32/Korplug.HM

Win32/Filecoder.Crysis.P

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Cisco Unified Computing System Director CVE-2018-0238 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103919

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

SANS News

 

Threatpost

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018

Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Exploint

 

18.4.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-11-02
http://www.securityfocus.com/bid/103880

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

Oracle MySQL Server CVE-2018-2759 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103780

Oracle MySQL Server CVE-2018-2786 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103779

Oracle MySQL Server CVE-2018-2780 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103778

Python rhn-setup CVE-2015-1777 SSL Certificate Validation Security Bypass Vulnerability
2018-04-17
http://www.securityfocus.com/bid/72943

SANS News

Webshell looking for interesting files

A Review of Recent Drupal Attacks (CVE-2018-7600)

Threatpost

Cryptominer Malware Threats Overtake Ransomware, Report Warns

Automated Bots Growing Tool For Hackers

Exploint

 

17.4.2018

Bugtraq

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Malware

Win32/Agent.ZIL

Win32/Liech.G

Trojan.Cryptoshuf

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

A Review of Recent Drupal Attacks (CVE-2018-7600)

A malicious word document with a VBA form

Threatpost

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Automated Bots Growing Tool For Hackers

Exploint

 

16.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

Metasploit's Payload UUID

Threatpost

 

Exploint

 

15.4.2018

Bugtraq

 

Malware

PE_XIAOBAMINER.SM

Phishing

 

Vulnerebility

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

VMware vRealize Automation Cross Site Scripting and Session Hijacking Vulnerabilities
2018-04-12
http://www.securityfocus.com/bid/103752

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

SANS News

Getting Incident Response Help from Richard Feynman

Threatpost

Don’t Trust Android OEM Patching, Claims Researcher

Exploint

 

13.4.2018

Bugtraq

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Juniper Junos CVE-2018-0022 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103740

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

GNU Binutils CVE-2018-9996 Remote Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103733

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

SANS News

Drupal CVE-2018-7600 PoC is Public

Threatpost

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Exploint

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

12.4.2018

Bugtraq

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

Malware

W32.Downuk

Exp.CVE-2018-4932

Exp.CVE-2018-4933

Exp.CVE-2018-4934

Exp.CVE-2018-4935

Exp.CVE-2018-4937

Exp.CVE-2018-4936

Exp.CVE-2018-1003

Exp.CVE-2018-1001

Exp.CVE-2018-1004

Exp.CVE-2018-1010

Exp.CVE-2018-1011

Exp.CVE-2018-1012

Exp.CVE-2018-1013

Exp.CVE-2018-1015

Exp.CVE-2018-1016

Exp.CVE-2018-1023

Exp.CVE-2018-1026

Exp.CVE-2018-1027

Exp.CVE-2018-1028

Exp.CVE-2018-1029

Exp.CVE-2018-1030

Phishing

 

Vulnerebility

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

Atlassian Application Links CVE-2018-5227 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103731

Atlassian JIRA CVE-2017-18101 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103730

Atlassian JIRA CVE-2017-18100 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103729

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

SANS News

Glitch in malspam campaign temporarily reduces spread of GandCrab

Threatpost

 

Exploint

Linux/x64 - x64 Assembly Shellcode (Generator)

11.4.2018

Bugtraq

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

Malware

W32.Rarogminer

Exp.CVE-2018-0920

Exp.CVE-2018-0980

Exp.CVE-2018-0988

Exp.CVE-2018-0990

Exp.CVE-2018-0994

Exp.CVE-2018-0993

Exp.CVE-2018-0995

Exp.CVE-2018-0996

Exp.CVE-2018-0998

Phishing

 

Vulnerebility

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

Adobe InDesign CC CVE-2018-4927 DLL Loading Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103716

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103715

Adobe InDesign CC CVE-2018-4928 Memory Corruption Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103714

Adobe Digital Editions APSB18-13 Multiple Information Disclosure Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103712

Microsoft Wireless Keyboard CVE-2018-8117 Local Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103711

Adobe PhoneGap Push Plugin CVE-2018-4943 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103710

Adobe Experience Manager CVE-2018-4931 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103709

Adobe Experience Manager CVE-2018-4929 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103707

SANS News

Microsoft April 2018 Patch Tuesday

A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel

Threatpost

AMD Rolls Out Spectre Fixes

Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Adobe Patches Four Critical Bugs in Flash, InDesign

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Exploint

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion

WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS

WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid...

WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery

WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery

Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

DVD X Player Standard 5.5.3.9 - Buffer Overflow

10.4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102661

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102625

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102615

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102659

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102656

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102576

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102605

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102633

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102612

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102592

SANS News

 

Threatpost

Word Attachment Delivers FormBook Malware, No Macros Required

Exploint

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

9 .4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Malware

Trojan.Coinminer.B

W32.Mysracoin

Phishing

 

Vulnerebility

 

SANS News

Cisco Smart Install vulnerability exploited in the wild

Threatpost

 

Exploint

WordPress Plugin Google Drive 2.2 - Remote Code Execution

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection

CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution

WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code...

Yahei PHP Prober 0.4.7 - Cross-Site Scripting

WolfCMS 0.8.3.1 - Open Redirection

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Cobub Razor 0.7.2 - Add New Superuser Account

WolfCMS 0.8.3.1 - Cross Site Request Forgery

PMS 0.42 - Local Stack-Based Overflow (ROP)

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)

H2 Database - 'Alias' Arbitrary Code Execution

CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure

WebKit - WebAssembly Parsing Does not Correctly Check Section Order