Databáze Hot News -
Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  List  -
2018  2017  2016  2015  2014  2013 

Databáze - Úvod  Articles  Èlánky  Bugtraq  Malware   Phishing  Vulnerebility  SANS  Mobil Virus  Exploit  Útoky  IDS/IPS  Techniky hackerù  Threatpost  Papers
Poslední aktualizace v 08.10.2016 14:19:38

 


2018


18.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

 

16.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability
2018-11-16
http://www.securityfocus.com/bid/105941

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
http://www.securityfocus.com/bid/105933

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

SANS News

Basic Obfuscation With Permissive Languages

Threatpost

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

tRat Emerges as New Pet for APT Group TA505

Exploint

DomainMOD 4.11.01 - Cross-Site Scripting

Helpdezk 1.1.1 - Arbitrary File Upload

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

PHP Mass Mail 1.0 - Arbitrary File Upload

2-Plan Team 1.0.4 - Arbitrary File Upload

15.11.2018

Bugtraq

 

Malware

 

Phishing

TV Licensing

14th November 2018

Update your billing
information; 14 November,
2018.

Vulnerebility

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
http://www.securityfocus.com/bid/105933

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/103144

Asterisk Open Source Remote Buffer Overflow Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105934

Amazon PayFort payfort-php-SDK Multiple Cross Site Scripting Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105930

Siemens SIMATIC Panels Multiple Security Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105922

SANS News

Emotet infection with IcedID banking Trojan

Threatpost

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Siemens Patches Firewall Flaw That Put Operations at Risk

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Exploint

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)

SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)

14.11.2018

Bugtraq

 

Malware

Ransom.Kraken

Phishing

 

Vulnerebility

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/103144

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105916

Dell OpenManage Network Manager CVE-2018-15768 Remote Privilege Escalation Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105914

Dell OpenManage Network Manager CVE-2018-15767 Authorization Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105912

SANS News

Day in the life of a researcher: Finding a wave of Trickbot malspam

Threatpost

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Exploint

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)

Advanced Comment System 1.0 - SQL Injection

SwitchVPN for macOS 2.1012.03 - Privilege Escalation

EdTv 2 - 'id' SQL Injection

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

AMPPS 2.7 - Denial of Service (PoC)

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

Helpdezk 1.1.1 - 'query' SQL Injection

iServiceOnline 1.0 - 'r' SQL Injection

ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)

13.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/103144

Adobe Flash Player Out-Of-Bounds Read CVE-2018-15978 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105909

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105908

Adobe Acrobat and Reader CVE-2018-15979 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105907

SAP ABAP CVE-2018-2481 Remote Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105906

Adobe Photoshop CC CVE-2018-15980 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105905

SAP Basis CVE-2018-2478 Remote Code Execution Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105904

SAP BusinessObjects Business Intelligence Platform CVE-2018-2473 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105903

SAP NetWeaver Knowledge Management CVE-2018-2477 XML External Entity Injection Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105901

SAP Mobile Secure for Android CVE-2018-2482 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105900

SAP BusinessObjects Business Intelligence CVE-2018-2483 Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105899

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105898

Microsoft Dynamics 365 CVE-2018-8609 Remote Code Execution Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105894

Microsoft Skype for Business and Lync CVE-2018-8546 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105802

Microsoft .NET Core CVE-2018-8416 Tampering Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105798

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8589 Local Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105796

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8565 Local Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105791

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8562 Local Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105790

Microsoft Windows Kernel CVE-2018-8408 Local Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105789

SANS News

November 2018 Microsoft Patch Tuesday

Using the Neutrino ip-blocklist API to test general badness of an IP

Threatpost

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Google’s G Suite, Search and Analytics Taken Down in Hijacking

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains

Exploint

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58...

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service

Evince 3.24.0 - Command Injection

SIPve 0.0.2-R19 - SQL Injection

Webiness Inventory 2.3 - SQL Injection

Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)

12.11.2018

Bugtraq

 

Malware

 

Phishing

Chase

12th November 2018

Service Update

Vulnerebility

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability
2018-11-12
http://www.securityfocus.com/bid/105058

Google Chrome V8 Out of Bounds Memory Access Vulnerability
2018-11-12
http://www.securityfocus.com/bid/105879

SANS News

Community contribution: joining forces or multiply solutions?

Threatpost

New Boom in Facial Recognition Tech Prompts Privacy Alarms

Exploint

Nominas 0.27 - 'username' SQL Injection

D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery

ServerZilla 1.0 - 'email' SQL Injection

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration...

Paroiciel 11.20 - 'tRecIdListe' SQL Injection

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal

TufinOS 2.17 Build 1193 - XML External Entity Injection

Data Center Audit 2.6.2 - 'username' SQL Injection

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)

11.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Community contribution: joining forces or multiply solutions?

Video: CyberChef: BASE64/XOR Recipe

Threatpost

Recently-Patched Adobe ColdFusion Flaw Exploited By APT

Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies

ThreatList: Google Play Nine Times Safer Than Third-Party App Stores

Exploint

 

9.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability
2018-11-09
http://www.securityfocus.com/bid/104894

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-11-09
http://www.securityfocus.com/bid/103069

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104203

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103144

Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103170

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104936

Apache Tomcat Native Connector CVE-2018-8020 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104934

Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104898

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104895

SANS News

Playing with T-POT

Threatpost

Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

Cisco Accidentally Released Dirty Cow Exploit Code in Software

‘DerpTroll’ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen

DJI Patches Forum Bug That Allowed Drone Account Takeovers

Exploint

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)

OpenSLP 2.0.0 - Multiple Vulnerabilities

8.11.2018

Bugtraq

 

Malware

Trojan.Fastcash

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104203

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103144

Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103170

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104936

Apache Tomcat Native Connector CVE-2018-8020 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104934

Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104898

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104895

Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
2018-11-07
http://www.securityfocus.com/bid/101757

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/54948

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/93604

Cisco Content Security Management Appliance CVE-2018-15393 Cross Site Scripting Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105858

Cisco Prime Service Catalog CVE-2018-15451 Cross Site Scripting Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105857

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105856

Cisco Integrated Management Controller Supervisor CVE-2018-15447 SQL Injection Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105855

Oracle VM VirtualBox Privilege Escalation Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105854

Cisco Stealthwatch Management Console CVE-2018-15394 Authentication Bypass Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105853

SANS News

 

Threatpost

Apple Modernizes Its Hardware Security with T2

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

Exploint

PlayJoom 0.10.1 - 'catid' SQL Injection

7.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
2018-11-07
http://www.securityfocus.com/bid/101757

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/54948

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/93604

Multiple Roche Point of Care Handheld Medical Services Multiple Security Vulnerabilities
2018-11-06
http://www.securityfocus.com/bid/105843

Self-Encrypting Drives CVE-2018-12038 Local Security Bypass Vulnerability
2018-11-06
http://www.securityfocus.com/bid/105841

Self-Encrypting Drives CVE-2018-12037 Local Security Bypass Vulnerability
2018-11-06
http://www.securityfocus.com/bid/105840

Google Android Framework Component Multiple Privilege Escalation Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105848

Google Android 'Framework' Component Multiple Security Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105847

Google Android System CVE-2018-9457 Remote Privilege Escalation Vulnerability
2018-11-05
http://www.securityfocus.com/bid/105845

Google Android Media Framework CVE-2018-9347 Denial of Service Vulnerability
2018-11-05
http://www.securityfocus.com/bid/105844

Qualcomm Closed-Source Components Multiple Unspecified Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105838

Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
2018-11-01
http://www.securityfocus.com/bid/105816

Microsoft Edge Unspecfied Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105815

Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105814

Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105812

SANS News

Tunneling scanners (or really anything) over SSH

Threatpost

HSBC Data Breach Hits Online Banking Customers

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

U.S. Elections True Test for Facebook’s Disinformation Crackdown

HSBC Data Breach Hits Online Banking Customers

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Exploint

LibreHealth 2.0.0 - Arbitrary File Actions

OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection

OOP CMS BLOG 1.0 - 'search' SQL Injection

Grocery crud 1.6.1 - 'search_field' SQL Injection

VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)

eToolz 3.4.8.0 - Denial of Service (PoC)

Blue Server 1.1 - Denial of Service (PoC)

6.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Script Dissection

Threatpost

Apache Struts Warns Users of Two-Year-Old Vulnerability

Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections

Passwords: Here to Stay, Despite Smart Alternatives?

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

Exploint

FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption

FaceTime - 'readSPSandGetDecoderParams' Stack Corruption

FaceTime - RTP Video Processing Heap Corruption

Voovi Social Networking Script 1.0 - 'user' SQL Injection

Royal TS/X - Information Disclosure

LiquidVPN 1.36 / 1.37 - Privilege Escalation

Morris Worm - fingerd Stack Buffer Overflow (Metasploit)

blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)

Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)

5.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
2018-11-01
http://www.securityfocus.com/bid/105816

Microsoft Edge Unspecfied Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105815

Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105814

Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105812

Fr. Sauter AG CASE Suite CVE-2018-17912 XML External Entity Information Disclosure Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105804

SANS News

Beyond good ol' LaunchAgent - part 1

Threatpost

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections

Passwords: Here to Stay, Despite Smart Alternatives?

Exploint

Microsoft Internet Explorer 11 - Null Pointer Difference

Poppy Web Interface Generator 0.8 - Arbitrary File Upload

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

WebVet 0.1a - 'id' SQL Injection

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution

SiAdmin 1.1 - 'id' SQL Injection

Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

Softros LAN Messenger 9.2 - Denial of Service (PoC)

Voovi Social Networking Script 1.0 - 'user' SQL Injection

Royal TS/X - Information Disclosure

PHP Proxy 3.0.3 - Local File Inclusion

4.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

TriJklcj2HIUCheDES decryption failed?

Dissecting a CVE-2017-11882 Exploit

Threatpost

 

Exploint

 

2.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

GDPR’s First 150 Days Impact on the U.S.

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

Cisco Security Appliance Zero-Day Found Actively Exploited in the Wild

ThreatList: Fewer Big DDoS Attacks in Q3, Overall Rate Holds Steady

Exploint

Arm Whois 3.11 - Denial of Service (PoC)

WebDrive 18.00.5057 - Denial of Service (PoC)

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)

qdPM 9.1 - 'filter_by' SQL Injection

Gate Pass Management System 2.1 - 'login' SQL Injection

Jelastic 5.4 - 'host' SQL Injection

Fantastic Blog CMS 1.0 - 'id' SQL Injection

Anviz AIM CrossChex Standard 4.3 - CSV Injection

1.11.2018

Bugtraq

 

Malware

 

Phishing

pstreet1

31st October 2018

Your AOL experience - 2 minute
survey!

Chase Notification

30th October 2018

Someone tried to access your
online banking

Vulnerebility

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105758

Mozilla Thunderbird MFSA2018-28 Multiple Security Vulnerabilities
2018-10-31
http://www.securityfocus.com/bid/105769

PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105767

Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105764

SANS News

Windows Defender's Sandbox

Threatpost

Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack

Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Vulnerability

Kraken Ransomware Upgrades Distribution with RaaS Model

Exploint

Arm Whois 3.11 - Denial of Service (PoC)

Arm Whois 3.11 - Denial of Service (PoC)

WebDrive 18.00.5057 - Denial of Service (PoC)

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)

31.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105758

PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105767

Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105764

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-10-30
http://www.securityfocus.com/bid/104871

Oniguruma Multiple Memory Corruption Vulnerabilities
2018-10-30
http://www.securityfocus.com/bid/101244

nghttp2 CVE-2018-1000168 Remote Denial of Service Vulnerability
2018-10-30
http://www.securityfocus.com/bid/103952

Linux Kernel 'drivers/cdrom/cdrom.c' Local Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105334

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105218

SANS News

More malspam using password-protected Word docs

Threatpost

Google Updates reCAPTCHA: No More Boxes to Check

Square, PayPal POS Hardware Open to Multiple Attack Vectors

Exploint

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)

30.10.2018

Bugtraq

 

Malware

 

Phishing

Chase Notification

30th October 2018

Someone tried to access your
online banking

Vulnerebility

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-10-30
http://www.securityfocus.com/bid/104871

Oniguruma Multiple Memory Corruption Vulnerabilities
2018-10-30
http://www.securityfocus.com/bid/101244

nghttp2 CVE-2018-1000168 Remote Denial of Service Vulnerability
2018-10-30
http://www.securityfocus.com/bid/103952

Linux Kernel 'drivers/cdrom/cdrom.c' Local Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105334

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105218

Linux Kernel 'create_elf_tables()' Function Local Integer Overflow Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105407

Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105417

Linux Kernel 'drivers/acpi/acpica/nseval.c' Local Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/100497

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-10-30
http://www.securityfocus.com/bid/105758

SANS News

Campaign evolution: Hancitor malspam starts pushing Ursnif this week

Threatpost

Girl Scouts Issues Data Breach Warning to 2,800 Members

ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms

Google Updates reCAPTCHA: No More Boxes to Check

ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms

Exploint

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)

Instagram Clone 1.0 - Arbitrary File Upload

Notes Manager 1.0 - Arbitrary File Upload

University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)

NETGEAR WiFi Router R6120 - Credential Disclosure

Webiness Inventory 2.9 - Arbitrary File Upload

phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection

Electricks eCommerce 1.0 - 'prodid' SQL Injection

South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection

xorg-x11-server 1.20.3 - Privilege Escalation

R 3.4.4 - Buffer Overflow DEP/ASLR Bypass Win10 x86

29.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105718

Mozilla Firefox ESR CVE-2018-12389 Multiple Memory Corruption Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105723

Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105417

Linux Kernel 'drivers/cdrom/cdrom.c' Local Information Disclosure Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105334

Linux Kernel 'net/rds/rdma.c' Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/103185

Linux Kernel 'drivers/acpi/acpica/nseval.c' Local Information Disclosure Vulnerability
2018-10-29
http://www.securityfocus.com/bid/100497

Linux Kernel CVE-2018-14678 Local Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/104924

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105347

Spice CVE-2018-10873 Buffer Overflow Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105152

Linux Kernel 'snd_seq_write()' Function Local Buffer Overflow Vulnerability
2018-10-29
http://www.securityfocus.com/bid/103605

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105609

Mozilla Firefox and Firefox ESR CVE-2018-12385 Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105380

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105108

Ghostscript 'psi/interp.c' Remote Memory Corruption Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105337

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105218

Ghostscript Multiple Security Bypass Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105122

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-10-29
http://www.securityfocus.com/bid/104442

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105276

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-10-29
http://www.securityfocus.com/bid/103766

Mozilla Firefox and Firefox ESR Remote Code Execution and Information Disclosure Vulnerabilities
2018-10-29
http://www.securityfocus.com/bid/105460

Linux Kernel 'create_elf_tables()' Function Local Integer Overflow Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105407

Cisco Webex Meetings Desktop App CVE-2018-15442 Local Command Injection Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105734

OpenSSL CVE-2018-0735 Side Channel Attack Information Disclosure Vulnerability
2018-10-29
http://www.securityfocus.com/bid/105750

SANS News

Maldoc Duplicating PowerShell Prior to Use

Detecting Compressed RTF

Threatpost

X.Org Flaw Allows Privilege Escalation in Linux Systems

Exploint

K-iwi Framework 1775 - SQL Injection

SaltOS Erp Crm 3.1 r8126 - Database File Download

SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)

SaltOS Erp Crm 3.1 r8126 - SQL Injection

E-Negosyo System 1.0 - SQL Injection

RhinOS CMS 3.x - Arbitrary File Download

Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Grapixel New Media 2 - 'pageref' SQL Injection

Paramiko 2.4.1 - Authentication Bypass

Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Local Server 1.0.9 - Denial of Service (PoC)

AlienIP 2.41 - Denial of Service (PoC)

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)

Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection

Open Faculty Evaluation System 7 - 'batch_name' SQL Injection

Library Management System 1.0 - 'frmListBooks' SQL Injection

School Equipment Monitoring System 1.0 - 'login' SQL Injection

AlienIP 2.41 - Denial of Service (PoC)

28.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

DemonBot Fans DDoS Flames with Hadoop Enslavement

British Airways Data Breach Takes Off Again with 185K More Victims

PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware

Exploint

Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection

Delta Sql 1.8.2 - 'id' SQL Injection

MPS Box 0.1.8.0 - Arbitrary File Upload

Quick Count 2.0 - 'txtInstID' SQL Injection

xorg-x11-server < 1.20.3 - Local Privilege Escalation

26.10.2018

Bugtraq

 

Malware

 

Phishing

Amazon.com

26th October 2018

Final Reminder: Restriction on
Your Amazon.com account

Vulnerebility

systemd CVE-2018-15688 Heap Buffer Overflow Vulnerability
2018-10-26
http://www.securityfocus.com/bid/105745

Veritas NetBackup Appliance CVE-2018-18652 Arbitrary Command Execution Vulnerability
2018-10-26
http://www.securityfocus.com/bid/105737

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-10-25
http://www.securityfocus.com/bid/105140

Sophos HitmanPro.Alert Multiple Security Vulnerabilities
2018-10-25
http://www.securityfocus.com/bid/105743

X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation Vulnerability
2018-10-25
http://www.securityfocus.com/bid/105741

Geovap Reliance SCADA CVE-2018-17904 Cross Site Scripting Vulnerability
2018-10-25
http://www.securityfocus.com/bid/105738

Advantech WebAccess ICSA-18-298-02 WebAccess Multiple Security Vulnerabilities
2018-10-25
http://www.securityfocus.com/bid/105736

SANS News

Dissecting Malicious Office Documents with Linux

Threatpost

DemonBot Fans DDoS Flames with Hadoop Enslavement

Pentagon Expands Bug-Bounty Program to Include Physical Systems

UK Slaps Facebook with $645K Fine Over Cambridge Analytica Scandal

Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Pentagon Expands Bug-Bounty Program to Include Physical Systems

Exploint

WebExec - Authenticated User Code Execution (Metasploit)

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer

Open STA Manager 2.3 - Arbitrary File Download

MPS Box 0.1.8.0 - 'uuid' SQL Injection

AjentiCP 1.2.23.13 - Cross-Site Scripting

BORGChat 1.0.0 build 438 - Denial of Service (PoC)

25.10.2018

Bugtraq

 

Malware

Trojan.Crobaruko

Phishing

 

Vulnerebility

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-10-25
http://www.securityfocus.com/bid/105140

SANS News

Fake Bank/Post Office Phone Calls Targeting Chinese Immigrants

Threatpost

Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction

sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting

Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Exploint

Microsoft Data Sharing - Local Privilege Escalation (PoC)

WebExec - Authenticated User Code Execution (Metasploit)

WebEx - Local Service Permissions Exploit (Metasploit)

Ekushey Project Manager CRM 3.1 - Cross-Site Scripting

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution

exim 4.90 - Remote Code Execution

Apache OFBiz 16.11.04 - XML External Entity Injection

LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting

Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting

24.10.2018

Bugtraq

 

Malware

Hacktool.Posh

Win32/Agent.ZXC

Phishing

 

Vulnerebility

CakePHP CVE-2016-4793 Security Bypass Vulnerability
2018-10-24
http://www.securityfocus.com/bid/95846

Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
2018-10-24
http://www.securityfocus.com/bid/105536

Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
2018-10-24
http://www.securityfocus.com/bid/105537

Ansible CVE-2018-16837 Local Information Disclosure Vulnerability
2018-10-23
http://www.securityfocus.com/bid/105700

Splunk Multiple Local Privilege Escalation Vulnerabilities
2018-10-22
http://www.securityfocus.com/bid/101664

SANS News

Diving into Malicious AutoIT Code

Threatpost

Thousands of Applications Vulnerable to RCE via jQuery File Upload

Obamacare Sign-Up Channel Breach Affects 75K Consumers

Adult Website Hack Exposes 1.2M ‘Wife Lover’ Fans

StrongPity APT Changes Tactics to Stay Stealthy

Exploint

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes

ADULT FILTER 1.0 - Denial of Service (PoC)

Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting

Fifa Master XLS 2.3.2 - 'usw' SQL Injection

MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection

SIM-PKH 2.4.1 - 'id' SQL Injection

School ERP Pro+Responsive 1.0 - 'fid' SQL Injection

School ERP Pro+Responsive 1.0 - Arbitrary File Download

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)

23.10.2018

Bugtraq

 

Malware

Win32/Braces.A

Phishing

Netflix Account

22nd October 2018

Re : [ Status Updater] Your
receipt from Netflix. - Mon,
Oct 22, 2018. - Document
Purchase: - Recibo :

Google

22nd October 2018

CANNABIS GUMMIES Without a
Prescription in All 50 States

Vulnerebility

Ansible CVE-2018-16837 Local Information Disclosure Vulnerability
2018-10-23
http://www.securityfocus.com/bid/105700

Splunk Multiple Local Privilege Escalation Vulnerabilities
2018-10-22
http://www.securityfocus.com/bid/101664

Libssh CVE-2018-10933 Authentication Bypass Vulnerability
2018-10-22
http://www.securityfocus.com/bid/105677

SANS News

Malicious Powershell using a Decoy Picture

Threatpost

Thousands of Applications Vulnerable to RCE via jQuery File Upload

Obamacare Sign-Up Channel Breach Affects 75K Consumers

Exploint

Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)

Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection

The Open ISES Project 3.30A - Arbitrary File Download

eNdonesia Portal 8.7 - 'artid' SQL Injection

School ERP Ultimate 2018 - 'fid' SQL Injection

The Open ISES Project 3.30A - 'tick_lat' SQL Injection

22.10.2018

Bugtraq

 

Malware

 

Phishing

Google

22nd October 2018

CANNABIS GUMMIES Without a
Prescription in All 50 States

Vulnerebility

Splunk Multiple Local Privilege Escalation Vulnerabilities
2018-10-22
http://www.securityfocus.com/bid/101664

Libssh CVE-2018-10933 Authentication Bypass Vulnerability
2018-10-22
http://www.securityfocus.com/bid/105677

SANS News

MSG Files: Compressed RTF

Threatpost

Critical Bug Impacts Live555 Media Streaming Libraries

Exploint

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in...

Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory

Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value

Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID...

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking

MySQL Edit Table 1.0 - 'id' SQL Injection

Modbus Poll 7.2.2 - Denial of Service (PoC)

The Open ISES Project 3.30A - 'tick_lat' SQL Injection

Oracle Siebel CRM 8.1.1 - CSV Injection

School ERP Ultimate 2018 - Arbitrary File Download

AudaCity 2.3 - Denial of Service (PoC)

21.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

libSSH - Authentication Bypass

Threatpost

 

Exploint

 

19.10.2018

Bugtraq

 

Malware

Exp.CVE-2018-8453

Infostealer.Azorult

Phishing

 

Vulnerebility

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-10-19
http://www.securityfocus.com/bid/104207

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-10-19
http://www.securityfocus.com/bid/95429

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-10-19
http://www.securityfocus.com/bid/91067

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-10-19
http://www.securityfocus.com/bid/104442

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105658

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-18
http://www.securityfocus.com/bid/103771

Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105474

Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105476

Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105475

SANS News

Cisco Security Advisories 17 OCT 2018

Threatpost

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Trivial Post-Intrusion Attack Exploits Windows RID

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Exploint

libSSH - Authentication Bypass

OwnTicket 1.0 - 'TicketID' SQL Injection

PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)

Learning with Texts 1.6.2 - 'start' SQL Injection

18.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105658

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-18
http://www.securityfocus.com/bid/103771

Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105474

Microsoft SQL Server Management Studio CVE-2018-8533 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105476

Microsoft SQL Server Management Studio CVE-2018-8532 Information Disclosure Vulnerability
2018-10-18
http://www.securityfocus.com/bid/105475

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/97702

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103518

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103880

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103203

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/102376

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93604

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103144

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/78215

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104203

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105125

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104222

RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/69058

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/89760

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93236

Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91836

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91869

SANS News

RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence

Threatpost

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

Privacy Regulation Could Be a Test for States’ Rights

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

Oracle Fixes 301 Flaws in October Critical Patch Update

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Exploint

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials

Time and Expense Management System 3.0 - 'table' SQL Injection

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure

17.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/97702

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103518

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103880

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103203

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/102376

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93604

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103144

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/78215

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104203

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105125

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104222

RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/69058

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/89760

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/93236

Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91836

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/91869

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/83423

GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
2018-10-17
http://www.securityfocus.com/bid/72325

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/100872

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105609

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105598

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-10-17
http://www.securityfocus.com/bid/104252

Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
2018-10-17
http://www.securityfocus.com/bid/103771

Oracle Java SE/Java SE Embedded CVE-2018-3211 Local Security Vulnerability
2018-10-17
http://www.securityfocus.com/bid/105591

Oracle GoldenGate Multiple Remote Security Vulnerabilities
2018-10-17
http://www.securityfocus.com/bid/105651

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-16
http://www.securityfocus.com/bid/105538

Oracle Siebel CRM CVE-2018-3059 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105655

Oracle WebLogic Server CVE-2018-2902 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105654

Oracle Virtual Directory CVE-2018-3253 Remote Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105653

Oracle Hospitality Gift and Loyalty CVE-2018-3131 Local Security Vulnerability
2018-10-16
http://www.securityfocus.com/bid/105652

SANS News

CyberChef: BASE64/XOR Recipe

Threatpost

Privacy Regulation Could Be a Test for States’ Rights

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Exploint

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure

Any Sound Recorder 2.93 - Buffer Overflow (SEH)

Git Submodule - Arbitrary Code Execution

VLC Media Player - MKV Use-After-Free (Metasploit)

Solaris - RSH Stack Clash Privilege Escalation (Metasploit)

Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)

BigTree CMS 4.2.23 - Cross-Site Scripting

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure

15.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/95814

IBM DB2 CVE-2018-1448 Local Privilege Escalation Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103535

IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103574

IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103422

Samba CVE-2016-2119 Man in the Middle Security Bypass Vulnerability
2018-10-15
http://www.securityfocus.com/bid/91700

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/101666

IBM DB2 CVE-2018-1427 Multiple Local Buffer Overflow Vulnerabilities
2018-10-15
http://www.securityfocus.com/bid/103536

Multiple IBM Products CVE-2018-1447 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/104511

IBM DB2 CVE-2017-1571 Local Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103494

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
2018-10-15
http://www.securityfocus.com/bid/91787

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2018-10-15
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102118

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102659

IBM DB2 CVE-2018-1566 Local Format String Vulnerability
2018-10-15
http://www.securityfocus.com/bid/104740

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103832

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102612

Oracle Java SE and JRockit CVE-2018-2794 Local Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/103817

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102103

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-10-15
http://www.securityfocus.com/bid/102642

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

SANS News

 

Threatpost

ICS Security Plagued with Basic, Avoidable Mistakes

Exploint

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Advanced HRM 1.6 - Remote Code Execution

College Notes Management System 1.0 - 'user' SQL Injection

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution

AlchemyCMS 4.1 - Cross-Site Scripting

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

14.10.2018

Bugtraq

 

Malware

Trojan.Danabot.B

Phishing

iCloud

12th October 2018

[Important] : Activate Your
Account

WESTER UNION OFFICE

10th October 2018

FROM OFFICE OF THE WESTERN
UNION MONEY TRANSFER.

Vulnerebility

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

Oracle October 2018 Critical Patch Update Multiple Vulnerabilities
2018-10-12
http://www.securityfocus.com/bid/105555

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/67898

IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
2018-10-11
http://www.securityfocus.com/bid/105546

SANS News

Maldoc: Once More It's XOR

Threatpost

 

Exploint

SugarCRM 6.5.26 - Cross-Site Scripting

HaPe PKH 1.1 - Arbitrary File Upload

CAMALEON CMS 2.4 - Cross-Site Scripting

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

12.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
http://www.securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
http://www.securityfocus.com/bid/105324

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/67898

IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
2018-10-11
http://www.securityfocus.com/bid/105546

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2018-10-11
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-10-11
http://www.securityfocus.com/bid/95814

Multiple IBM Products CVE-2018-1447 Local Information Disclosure Vulnerability
2018-10-11
http://www.securityfocus.com/bid/104511

SANS News

More Equation Editor Exploit Waves

Threatpost

Fake Adobe Flash Updates Hide Malicious Crypto Miners

Adaptable, All-in-One Android Trojan Shows the Future of Malware

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

Exploint

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

WAGO 750-881 01.09.18 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

11.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SAP Business Client Unspecified Security Vulnerability
2018-10-11
http://www.securityfocus.com/bid/104436

IBM Tivoli Netcool Service Quality Manager CVE-2015-0159 Unspecified Security Weakness
2018-10-11
http://www.securityfocus.com/bid/73402

Multiple IBM Products GSKit CVE-2014-6221 Random Data Generation Security Weakness
2018-10-11
http://www.securityfocus.com/bid/73915

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
2018-10-11
http://www.securityfocus.com/bid/73326

SANS News

New Campaign Using Old Equation Editor Vulnerability

Threatpost

FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw

Innovative Phishing Tactic Makes Inroads Using Azure Blob

Exploint

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

WAGO 750-881 01.09.18 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting

Ektron CMS 9.20 SP2 - Improper Access Restrictions

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions

WhatsApp - RTP Processing Heap Corruption

FileZilla 3.33 - Buffer Overflow (PoC)

10.10.2018

Bugtraq

 

Malware

Trojan.Betabot.B

Phishing

WESTER UNION OFFICE

10th October 2018

FROM OFFICE OF THE WESTERN
UNION MONEY TRANSFER.

support

9th October 2018

Important Unusual activity on
your PayPal account

Apple

9th October 2018

Attention: Your account status
change

Vulnerebility

wolfSSL CVE-2017-13099 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/102174

IBM General Parallel File System CVE-2016-0263 Unspecified Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90525

Samba CVE-2016-2114 Remote Security Bypass Vulnerability
2018-10-10
http://www.securityfocus.com/bid/86011

Samba CVE-2016-2118 Man in the Middle Security Bypass Vulnerability
2018-10-10
http://www.securityfocus.com/bid/86002

Samba CVE-2015-7560 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/84267

IBM Spectrum Scale CVE-2016-0361 Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90550

IBM Spectrum Scale and GPFS CVE-2016-0392 Local Command Injection Vulnerability
2018-10-10
http://www.securityfocus.com/bid/91082

IBM General Parallel File System CVE-2015-7403 Local Denial of Service Vulnerability
2018-10-10
http://www.securityfocus.com/bid/79805

IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/48514

IBM General Parallel File System CVE-2015-4981 Local Information Disclosure Vulnerability
2018-10-10
http://www.securityfocus.com/bid/77027

IBM General Parallel File System CVE-2015-4974 Local Unspecified Command Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/77025

RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/51181

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2018-10-10
http://www.securityfocus.com/bid/90979

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2018-10-10
http://www.securityfocus.com/bid/84213

Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
2018-10-10
http://www.securityfocus.com/bid/91501

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2018-10-10
http://www.securityfocus.com/bid/83423

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/42811

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105376

DB2 Universal Database CVE-2012-0710 Denial-Of-Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/78282

DB2 Universal Database CVE-2012-0711 Remote Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/77826

IBM DB2 Multiple Security Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/53873

IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73278

IBM General Parallel File System CVE-2015-0199 Local Denial of Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73283

IBM General Parallel File System CVE-2015-0197 Unspecified Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73282

General Electric iFix CVE-2018-17925 Unspecified Local Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105540

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105538

Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105537

Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105536

Adobe Technical Communications Suite DLL Loading Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105535

SAP Fiori CVE-2018-2474 Cross Site Request Forgery Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105534

SANS News

"OG" Tools Remain Valuable

October 2018 Microsoft Patch Tuesday

Threatpost

Microsoft Patches Zero-Day Under Active Attack by APT

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape

New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants

Magecart Group Targets Shopper Approved in Latest Attack

Exploint

Microsoft Edge Chakra JIT - Type Confusion

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow...

Wikidforum 2.20 - 'message_id' SQL Injection

Wikidforum 2.20 - 'select_sort' SQL Injection

ifwatchd - Privilege Escalation (Metasploit)

ghostscript - executeonly Bypass with errorhandler Setup

Seqrite End Point Security 7.4 - Privilege Escalation

9.10.2018

Bugtraq

 

Malware

 

Phishing

Apple

9th October 2018

Attention: Your account status
change

Vulnerebility

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/42811

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105376

DB2 Universal Database CVE-2012-0710 Denial-Of-Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/78282

DB2 Universal Database CVE-2012-0711 Remote Security Vulnerability
2018-10-09
http://www.securityfocus.com/bid/77826

IBM DB2 Multiple Security Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/53873

IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73278

IBM General Parallel File System CVE-2015-0199 Local Denial of Service Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73283

IBM General Parallel File System CVE-2015-0197 Unspecified Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/73282

SAP Plant Connectivity Multiple Denial of Service Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105538

Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105537

Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105536

Adobe Technical Communications Suite DLL Loading Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105535

SAP Fiori CVE-2018-2474 Cross Site Request Forgery Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105534

Adobe Digital Editions CVE-2018-12822 Arbitrary Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105533

Adobe Digital Editions Out-of-bounds Read APSB18-27 Multiple Information Disclosure Vulnerabilities
2018-10-09
http://www.securityfocus.com/bid/105532

SAP BusinessObjects Web Intelligence CVE-2018-2472 Cross Site Scripting Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105531

SAP BusinessObjects BI Suite Client CVE-2018-2471 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105530

SAP Data Services Management Console CVE-2018-2466 Cross Site Scripting Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105529

SAP Adaptive Server Enterprise CVE-2018-2468 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105527

SAP Adaptive Server Enterprise CVE-2018-2469 Information Disclosure Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105526

Microsoft Windows DirectX Graphics Kernel CVE-2018-8484 Local Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105500

Microsoft Word CVE-2018-8504 Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105499

Microsoft Excel CVE-2018-8502 Security Bypass Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105498

Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105497

Microsoft SharePoint Server CVE-2018-8518 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105496

Microsoft SharePoint Server CVE-2018-8498 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105495

Microsoft SharePoint Server CVE-2018-8488 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105494

Microsoft SharePoint Server CVE-2018-8480 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105493

Microsoft Exchange Server CVE-2018-8448 Remote Privilege Escalation Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105492

Microsoft Exchange Server CVE-2018-8265 Remote Code Execution Vulnerability
2018-10-09
http://www.securityfocus.com/bid/105491

SANS News

Latest Release of rockNSM 2.1

October 2018 Microsoft Patch Tuesday

Threatpost

Magecart Group Targets Shopper Approved in Latest Attack

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape

ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume

Exploint

Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)

Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)

Unitrends UEB - HTTP API Remote Code Execution (Metasploit)

Cisco Prime Infrastructure - Unauthenticated Remote Code Execution

Imperva SecureSphere 13 - Remote Command Execution

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

Git Submodule - Arbitrary Code Execution

Android - sdcardfs Changes current->fs Without Proper Locking

Linux - Kernel Pointer Leak via BPF

8.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2018-10-08
http://www.securityfocus.com/bid/71936

Multiple IBM DB2 Products CVE-2016-5995 Local Privilege Escalation Vulnerability
2018-10-08
http://www.securityfocus.com/bid/93012

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-10-05
http://www.securityfocus.com/bid/101665

SANS News

YARA XOR Strings: Some Remarks

Threatpost

PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

Sony Smart TV Bug Allows Remote Access, Root Privileges

Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem

Exploint

360 3.5.0.1033 - Sandbox Escape

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Cisco Prime Infrastructure - Unauthenticated Remote Code Execution

Git Submodule - Arbitrary Code Execution

Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation

net-snmp 5.7.3 - Authenticated Denial of Service (PoC)

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)

7.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

A strange spam

YARA: XOR Strings

Threatpost

Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat

Sony Smart TV Bug Allows Remote Access, Root Privileges

Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem

Exploint

Chamilo LMS 1.11.8 - Cross-Site Scripting

ISPConfig < 3.1.13 - Remote Command Execution

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)

5.10.2018

Bugtraq

 

Malware

Heur.AdvML.JS.C

CL.Downloader

Phishing

Bank of America

5th October 2018

Your credit card account is
scheduled to be closed

Vulnerebility

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-10-05
http://www.securityfocus.com/bid/101665

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-10-05
http://www.securityfocus.com/bid/105276

Mozilla Firefox and Firefox ESR CVE-2018-12385 Denial of Service Vulnerability
2018-10-05
http://www.securityfocus.com/bid/105380

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-10-05
http://www.securityfocus.com/bid/105280

Multiple IBM DB2 Products CVE-2016-5995 Local Privilege Escalation Vulnerability
2018-10-05
http://www.securityfocus.com/bid/93012

IBM Tivoli System Automation for Multiplatforms Local Privilege Escalation Vulnerability
2018-10-05
http://www.securityfocus.com/bid/96764

GE Communicator CVE-2017-7908 Heap Based Buffer Overflow Vulnerability
2018-10-04
http://www.securityfocus.com/bid/99580

SANS News

It is the End of the World as We Know It. So What's Next?

Threatpost

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

Apple, Amazon Strongly Refute Server Infiltration Report

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

ThreatList: 83% of Routers Contain Vulnerable Code

Exploint

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)

4.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability
2018-10-03
http://www.securityfocus.com/bid/69546

Cisco SD-WAN CVE-2018-15387 Certificate Validation Security Bypass Vulnerability
2018-10-03
http://www.securityfocus.com/bid/105509

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

Mozilla Firefox and Firefox ESR Remote Code Execution and Information Disclosure Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/105460

LibTIFF CVE-2018-17795 Heap Based Buffer Overflow Vulnerability
2018-10-02
http://www.securityfocus.com/bid/105445

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

 

Threatpost

 

Exploint

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

virtualenv 16.0.0 - Sandbox Escape

FTP Voyager 16.2.0 - Denial of Service (PoC)

Linux\x86 - (NOT +SHIFT-N+ XOR-N) + encoded (/bin/sh) Shellcode (50 byes)

3.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability
2018-10-03
http://www.securityfocus.com/bid/69546

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

LibTIFF CVE-2018-17795 Heap Based Buffer Overflow Vulnerability
2018-10-02
http://www.securityfocus.com/bid/105445

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

Developing YARA Rules: a Practical Example

Identifying a phisher

Threatpost

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

Foxit PDF Reader Fixes High-Severity Remote Code Execution Flaws

NOKKI Malware Sports Mysterious Link to Reaper APT Group

Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration

Google Cracks Down on Malicious Chrome Extensions in Major Update

Exploint

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection

Coaster CMS 5.5.0 - Cross-Site Scripting

OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection

Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection

Zechat 1.5 - 'uname' SQL Injection

2.10.2018

Bugtraq

 

Malware

Trojan.Madominer

Trojan.Lojax

Phishing

 

Vulnerebility

IBM DB2 Multiple Security Vulnerabilities
2018-10-02
http://www.securityfocus.com/bid/53873

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

SANS News

Decoding Custom Substitution Encodings with translate.py

Threatpost

Dark Web Azorult Generator Offers Free Binaries to Cybercrooks

California, U.S. Government Battle Over Net Neutrality State Law

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

Exploint

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection

Coaster CMS 5.5.0 - Cross-Site Scripting

OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection

OPAC EasyWeb Five 5.7 - 'biblio' SQL InjectionLinux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

1.10.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2018-10-01
http://www.securityfocus.com/bid/75158

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

SANS News

When DOSfuscation Helps...

Threatpost

 

Exploint

H2 Database 1.4.196 - Remote Code Execution

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Snes9K 0.0.9z - Denial of Service (PoC)

Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection

Binary MLM Software 1.0 - 'pid' SQL Injection

Singleleg MLM Software 1.0 - 'msg_id' SQL Injection

Education Website 1.0 - 'subject' SQL Injection

Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection

Fork CMS 5.4.0 - Cross-Site Scripting

ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Snes9K 0.0.9z - Denial of Service (PoC)

30.9.2018

Bugtraq

 

Malware

MSIL/Kryptik

MSIL/GenKryptik

Trojan.Flawedammyy

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Facebook Data Breach Impacts Almost 50 Million Accounts

Another Linux Kernel Bug Surfaces, Allowing Root Access

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

ThreatList: Hackers Turn to Python as Attack Coding Language of Choice

Exploint

PCProtect 4.8.35 - Privilege Escalation

28.9.2018

Bugtraq

 

Malware

Coinminer.Unix.MALXMR.AA

Trojan.JS.POWLOAD.AA

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

Multiple IBM DB2 Products CVE-2014-8901 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71734

Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71730

Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71729

Multiple Cisco Products CVE-2015-6420 Remote Code Execution Vulnerability
2018-09-27
http://www.securityfocus.com/bid/78872

Multiple Fuji Electric FRENIC Devices ICSA-18-270-03 Multiple Security Vulnerabilities
2018-09-27
http://www.securityfocus.com/bid/105408

Emerson AMS Device Manager ICSA-18-270-01 Multiple Security Vulnerabilities
2018-09-27
http://www.securityfocus.com/bid/105406
SANS News

Enriching Radare2 and x64dbg malware analysis with statically decoded strings

More Excel DDE Code Injection

Threatpost

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Exploint

Microsoft Edge - Sandbox Escape Microsoft Edge - Sandbox Escape

PCProtect 4.8.35 - Privilege Escalation

27.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2018-09-27
http://www.securityfocus.com/bid/74217

Multiple IBM DB2 Products CVE-2014-8901 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71734

Multiple IBM DB2 Products CVE-2014-6210 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71730

Multiple IBM DB2 Products CVE-2014-6209 Remote Denial of Service Vulnerability
2018-09-27
http://www.securityfocus.com/bid/71729

Multiple Cisco Products CVE-2015-6420 Remote Code Execution Vulnerability
2018-09-27
http://www.securityfocus.com/bid/78872

Multiple IBM DB2 Products CVE-2014-8910 File Disclosure Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75949

Multiple IBM DB2 Products CVE-2015-1935 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75908

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2018-09-26
http://www.securityfocus.com/bid/73684

Multiple IBM DB2 Products CVE-2015-1922 Security Bypass Vulnerablity
2018-09-26
http://www.securityfocus.com/bid/75911

Cisco IOS and IOS XE Software CVE-2018-0475 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105404

Cisco IOS and IOS XE Software CVE-2018-0466 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105403

Drupal Taxonomy File Tree Module Access Bypass Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105401

Cisco IOS XE Software Errdisable CVE-2018-0480 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105400

Drupal Commerce Klarna Checkout Module Access Bypass Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105399

Cisco IOS XE Software CVE-2018-0471 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105398

Cisco IOS XE Software CVE-2018-0470 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/105397

IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
2018-09-25
http://www.securityfocus.com/bid/64336

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

SANS News

One Emotet infection leads to three follow-up malware infections

Threatpost

2018 Has Been Open Season on Open Source Supply Chains

Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks

Malware on SHEIN Servers Compromises Data of 6.4M Customers

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Exploint

Rausoft ID.prove 2.95 - 'Username' SQL injection

ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

CrossFont 7.5 - Denial of Service (PoC)

TransMac 12.2 - Denial of Service (PoC)

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)

26.9.2018

Bugtraq

 

Malware

 

Phishing

Privacy Policy Updated

26th September 2018

@aol.com

Vulnerebility

Multiple IBM DB2 Products CVE-2014-8910 File Disclosure Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75949

Multiple IBM DB2 Products CVE-2015-1935 Denial of Service Vulnerability
2018-09-26
http://www.securityfocus.com/bid/75908

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2018-09-26
http://www.securityfocus.com/bid/73684

Multiple IBM DB2 Products CVE-2015-1922 Security Bypass Vulnerablity
2018-09-26
http://www.securityfocus.com/bid/75911

IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
2018-09-25
http://www.securityfocus.com/bid/64336

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

SANS News

One Emotet infection leads to three follow-up malware infections

Threatpost

Cybercriminals Target Kodi Media Player for Malware Distribution

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

Tricky DoS Attack Crashes Mozilla Firefox

Exploint

Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

RICOH MP C406Z Printer - Cross-Site Scripting

RICOH MP 305+ Printer - Cross-Site Scripting

Joomla! Component Timetable Schedule 3.6.8 - SQL Injection

Joomla! Component Article Factory Manager 4.3.9 - SQL Injection

Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection

Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection

Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)

Easy PhoroResQ 1.0 - Buffer Overflow

WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded'...

WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free

WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free

WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free

WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free

WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read

WebKit - 'WebCore::Node::ensureRareData' Use-After-Free

25.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apple Mac OS X Server APPLE-SA-2016-03-21-7 Multiple Security Vulnerabilities
2018-09-25
http://www.securityfocus.com/bid/85054

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-24
http://www.securityfocus.com/bid/105276

SANS News

Sextortion Spam and the Infinite Monkey Theorem

Threatpost

 

Exploint

 

24.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

IBM DB2 and DB2 Connect CVE-2013-5466 Remote Denial of Service Vulnerability
2018-09-24
http://www.securityfocus.com/bid/64334

IBM DB2 and DB2 Connect Audit Facility Local Privilege Escalation Vulnerability
2018-09-24
http://www.securityfocus.com/bid/60255

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-24
http://www.securityfocus.com/bid/105276

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Cisco Video Surveillance Manager Appliance CVE-2018-15427 Insecure Default Password Vulnerability
2018-09-21
http://www.securityfocus.com/bid/105381

SANS News

 

Threatpost

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

Tricky DoS Attack Crashes Mozilla Firefox

Critical Vulnerability Found in Cisco Video Surveillance Manager

Exploint

RICOH MP C6003 Printer - Cross-Site Scripting

Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection

RICOH Aficio MP 301 Printer - Cross-Site Scripting

Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection

Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

LG SuperSign EZ CMS 2.5 - Remote Code Execution

Beyond Remote 2.2.5.3 - Denial of Service (PoC)

SoftX FTP Client 3.3 - Denial of Service (PoC)

Termite 3.4 - Denial of Service (PoC)

udisks2 2.8.0 - Denial of Service (PoC)

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode...

Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

22.9.2018

Bugtraq

 

Malware

Backdoor.SofacyX

Trojan.Loaderinit

Phishing

Mr Baea Jim

23rd September 2018

CONTACT US IMMEDIATELY FROM
MONEY GRAM AND RIA MONEY
TRANSFER TO RECEIVER YOU
PAYMENT,

Vulnerebility

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Ghostscript Multiple Security Bypass Vulnerabilities
2018-09-20
http://www.securityfocus.com/bid/105122

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105376

Foreman CVE-2018-14643 Authentication Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105375

SANS News

Suspicious DNS Requests ... Issued by a Firewall

Threatpost

Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

Lucy Gang Debuts with Unusual Android MaaS Package

Exploint

WebRTC - FEC Out-of-Bounds Read

WebRTC - VP9 Processing Use-After-Free

21.9.2018

Bugtraq

 

Malware

Infostealer.Jscoffe

Phishing

 

Vulnerebility

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
2018-09-21
http://www.securityfocus.com/bid/103539

Ghostscript Multiple Security Bypass Vulnerabilities
2018-09-20
http://www.securityfocus.com/bid/105122

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105376

Foreman CVE-2018-14643 Authentication Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/105375

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

ISC BIND CVE-2018-5741 Security Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105379

Citrix ShareFile StorageZones Control Directory Traversal and Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105377

Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105374

Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105360

Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105359

Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105358

Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105330

Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105329

SANS News

Pre-Pwned AMI Images in Amazon's AWS public instance store

Threatpost

Thousands of Breached Websites Turn Up On MagBo Black Market

Magecart Strikes Again, Siphoning Payment Info from Newegg

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

Critical Out-of-Band Patch Issued for Adobe Acrobat Reader

Exploint

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)

WebRTC - FEC Out-of-Bounds Read

WebRTC - VP9 Processing Use-After-Free

Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)

20.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-09-20
http://www.securityfocus.com/bid/104879

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105360

Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105359

Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
2018-09-19
http://www.securityfocus.com/bid/105358

Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105330

Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105329

Google Chrome Unspecified Security Vulnerabilities
2018-09-17
http://www.securityfocus.com/bid/105355

Moodle CVE-2018-14630 Remote Code Execution Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105354

Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105352

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

SANS News

Hunting for Suspicious Processes with OSSEC

Threatpost

 

Exploint

 

19.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-19
http://www.securityfocus.com/bid/105315

Google Chrome Unspecified Security Vulnerabilities
2018-09-17
http://www.securityfocus.com/bid/105355

Moodle CVE-2018-14630 Remote Code Execution Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105354

Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105352

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

SANS News

Certificates Revisited - SSL VPN Certificates 2 Ways

Threatpost

Dangerous Pegasus Spyware Has Spread to 45 Countries

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Facebook Now Offers Bounties For Access Token Exposure

State Government Online Payment Service Exposes 14M Customers

Exploint

Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU

Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion

Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion

LG SuperSign EZ CMS 2.5 - Local File Inclusion

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting

18.9.2018

Bugtraq

 

Malware

RANSOM_PYLOCKY.A

Phishing

 

Vulnerebility

Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability
2018-09-17
http://www.securityfocus.com/bid/105347

Oracle WebCenter Interaction Multiple Security Vulnerabilities
2018-09-16
http://www.securityfocus.com/bid/105350

WebKit '-webkit-backdrop-filter CSS' Property Denial of Service Vulnerability
2018-09-15
http://www.securityfocus.com/bid/105349

Linux Kernel CVE-2018-6555 Multiple Denial of Service Vulnerabilities
2018-09-14
http://www.securityfocus.com/bid/105304

SANS News

Using Certificate Transparency as an Attack / Defense Tool

Threatpost

Facebook Now Offers Bounties For Access Token Exposure

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Exploint

Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution

NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)

Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)

CA Release Automation NiMi 6.5 - Remote Command Execution

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

17.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

20/20 malware vision

Dissecting Malicious MS Office Docs

Threatpost

CSS-Based Attack Causes iOS, macOS Devices to Crash

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

Exploint

Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

Notebook Pro 2.0 - Denial Of Service (PoC)

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)

16.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Sextortion - Follow the Money Update

Threatpost

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

OilRig APT Continues Its Ongoing Malware Evolution

E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content

Exploint

Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)

Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)

Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)

14.9.2018

Bugtraq

 

Malware

Trojan.Chainshot

Downloader.Pocode

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-6555 Multiple Denial of Service Vulnerabilities
2018-09-14
http://www.securityfocus.com/bid/105304

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-09-13
http://www.securityfocus.com/bid/105108

Linux Kernel CVE-2018-6554 Multiple Denial of Service Vulnerabilities
2018-09-13
http://www.securityfocus.com/bid/105302

SANS News

 

Threatpost

 

Exploint

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)

Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault...

TeamViewer App 13.0.100.0 - Denial of Service (PoC) MediaTek Wirless Utility rt2870 - Denial of Service (PoC)

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)

Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)

Faleemi Plus 1.0.2 - Denial of Service (PoC)

InfraRecorder 0.53 - '.txt' Denial of Service (PoC)

CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)

13.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-09-13
http://www.securityfocus.com/bid/105108

Linux Kernel CVE-2018-6554 Multiple Denial of Service Vulnerabilities
2018-09-13
http://www.securityfocus.com/bid/105302

SAP Business Client Unspecified Security Vulnerability
2018-09-12
http://www.securityfocus.com/bid/104436

IBM QRadar SIEM CVE-2018-1571 OS Command Injection Vulnerability
2018-09-12
http://www.securityfocus.com/bid/105333

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/102376

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/104054

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

Siemens SIMATIC WinCC OA CVE-2018-13799 Access Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105332

Multiple Siemens SCALANCE X Switches CVE-2018-13807 Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105331

Fuji Electric V-Server Lite CVE-2018-10637 Remote Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105328

SAP NetWeaver Business Intelligence CVE-2018-2462 XML External Entity Injection Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105326

SAP NetWeaver AS JAVA CVE-2018-2452 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105325

SANS News

Malware Delivered Through MHT Files

Threatpost

Experts Bemoan Shortcomings with IoT Security Bill

Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw

Osiris Banking Trojan Displays Modern Malware Innovation

Threatlist: Email Attacks Surge, Targeting Execs

Exploint

Apache Syncope 2.0.7 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution

Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault...

TeamViewer App 13.0.100.0 - Denial of Service (PoC)

MediaTek Wirless Utility rt2870 - Denial of Service (PoC)

12.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SAP Business Client Unspecified Security Vulnerability
2018-09-12
http://www.securityfocus.com/bid/104436

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/102376

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/104054

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

SANS News

Microsoft September Patch Tuesday Summary

Threatpost

Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday

Millions of Records Exposed in Veeam Misconfigured Server

Exploint

Apple macOS 10.13.4 - Denial of Service (PoC)

Android - 'zygote->init;' Chain from USB Privilege Escalation

InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

PicaJet FX 2.6.5 - Denial of Service (PoC)

RoboImport 1.2.0.72 - Denial of Service (PoC)

PixGPS 1.1.8 - Denial of Service (PoC)

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)

11.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105153

Microsoft OData CVE-2018-8269 Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105322

SAP Enterprise Financial Services CVE-2018-2455 Remote Authorization Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105320

Adobe ColdFusion CVE-2018-15962 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105318

Adobe ColdFusion CVE-2018-15960 Arbitrary File Overwrite Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105317

SAP Enterprise Financial Services CVE-2018-2454 Remote Authorization Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105316

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105315

Adobe ColdFusion CVE-2018-15961 Arbitrary File Upload Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105314

Adobe ColdFusion APSB18-33 Deserialization Multiple Remote Code Execution Vulnerabilities
2018-09-11
http://www.securityfocus.com/bid/105313

Adobe ColdFusion CVE-2018-15964 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105311

Adobe ColdFusion CVE-2018-15963 Security Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105310

SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105309

SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105308

SAP Business One CVE-2018-2458 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105307

Microsoft Windows Subsystem for Linux CVE-2018-8441 Local Privilege Escalation Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105271

Microsoft Windows GDI Component CVE-2018-8424 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105261

Microsoft Internet Explorer and Edge CVE-2018-8452 Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105252

Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105249

Microsoft Windows 'Win32k.sys' Graphics CVE-2018-8332 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105248

Microsoft Windows 'bowser.sys' CVE-2018-8271 Local Information Disclosure Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105247

Microsoft Windows Hyper-V CVE-2018-8439 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105233

Microsoft ChakraCore Scripting Engine CVE-2018-8354 Remote Memory Corruption Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105232

Microsoft Windows Hyper-V CVE-2018-0965 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105229

Microsoft Jet Database Engine CVE-2018-8393 Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105214

Microsoft Jet Database Engine CVE-2018-8392 Buffer Overflow Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105213

Microsoft Office SharePoint CVE-2018-8426 Cross Site Scripting Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105208

Microsoft Excel CVE-2018-8331 Remote Code Execution Vulnerability
2018-09-11
http://www.securityfocus.com/bid/105206

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-10
http://www.securityfocus.com/bid/105215

SANS News

Microsoft September Patch Tuesday Summary

Threatpost

Magecart Group Pinned in Recent British Airways Breach

ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation

Tor Brings Onion Browser to Android Devices

Exploint

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)

HTML5 Video Player 1.2.5 - Denial of Service (PoC)

10.9.2018

Bugtraq

 

Malware

 

Phishing

Outlook.com

10th September 2018

Your E-mail Request For
Rectification

Vulnerebility

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-10
http://www.securityfocus.com/bid/105215

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-09-06
http://www.securityfocus.com/bid/101665

SANS News

Video: Using scdbg to analyze shellcode

Threatpost

‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets

Apple Finally Boots Sneaky Adware Doctor App from Mac App Store

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Exploint

Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

LW-N605R 12.20.2.1486 - Remote Code Execution

Ghostscript - Failed Restore Command Execution (Metasploit)

Zenmap (Nmap) 7.70 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)

Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)

Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)

9.9.2018

Bugtraq

 

Malware

Trojan.Zexlex

Phishing

UNMAN MOHAMMED

7th September 2018

Re: DID YOU ASK ANY BODY TO
PICK UP YOU FUND?

Vulnerebility

 

SANS News

Crypto Mining in a Windows Headless Browser

Threatpost

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

The Vulnerability Disclosure Process: Still Broken

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

Threat Actors Eyeing IQY Files To Peddle Malspam

Exploint

D-Link Dir-600M N150 - Cross-Site Scripting

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection

7.9.2018

Bugtraq

 

Malware

Trojan.Zexlex

Phishing

UNMAN MOHAMMED

7th September 2018

Re: DID YOU ASK ANY BODY TO
PICK UP YOU FUND?

Vulnerebility

 

SANS News

Crypto Mining in a Windows Headless Browser

Threatpost

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

The Vulnerability Disclosure Process: Still Broken

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

Threat Actors Eyeing IQY Files To Peddle Malspam

Exploint

D-Link Dir-600M N150 - Cross-Site Scripting

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection

6.9.2018

Bugtraq

 

Malware

TSPY_BEBLOH.YMNPV

TROJ_MALIQY.E

TSPY_URSNIF.TIBAIDO

TSPY_URSNIF.AUSIQJ

Phishing

 

Vulnerebility

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
2018-09-06
http://www.securityfocus.com/bid/101665

Cisco Meeting Server CVE-2018-0439 Cross Site Request Forgery Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105287

Cisco Umbrella Enterprise Roaming Client CVE-2018-0438 Local Privilege Escalation Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105286

Cisco RV110W/RV130W/RV215W Routers Management Interface CVE-2018-0423 Buffer Overflow Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105285

Cisco Umbrella Service CVE-2018-0435 Unauthorized Access Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105283

Multiple Cisco Products CVE-2018-0421 Denial Of Service Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105282

Cisco Webex Meetings Client CVE-2018-0422 Local Privilege Escalation Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105281

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-09-05
http://www.securityfocus.com/bid/105280

Cisco Webex Player CVE-2018-0457 Denial of Service Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105279

Cisco Tetration Analytics CVE-2018-0452 Cross Site Scripting Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105278

Mozilla Firefox MFSA2018-20 Multiple Security Vulnerabilities
2018-09-05
http://www.securityfocus.com/bid/105276

Cisco Tetration Analytics CVE-2018-0451 Cross Site Request Forgery Vulnerability
2018-09-05
http://www.securityfocus.com/bid/105270

Opto 22 PAC Control CVE-2018-04154 Remote Stack Based Buffer Overflow Vulnerability
2018-09-04
http://www.securityfocus.com/bid/105273

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-04
http://www.securityfocus.com/bid/105215

GNU Libextractor 'EXTRACTOR_zip_extract_method()' Function Out-of-Bounds Read Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105254

ImageMagick Multiple Heap Buffer Overflow Vulnerabilities
2018-09-03
http://www.securityfocus.com/bid/105241

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105218

GNOME GLib 'gmarkup.c' Remote Denial of Service Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105210

OpenJPEG CVE-2018-16375 Remote Heap Based Buffer Overflow Vulnerability
2018-09-02
http://www.securityfocus.com/bid/105266

OpenJPEG CVE-2018-16376 Remote Heap Based Buffer Overflow Vulnerability
2018-09-02
http://www.securityfocus.com/bid/105262

SANS News

Malicious PowerShell Compiling C# Code on the Fly

Threatpost

The Vulnerability Disclosure Process: Still Broken

High-Severity Flaws in Cisco Secure Internet Gateway Service Patched

Mozilla Patches Critical Code Execution Bug in Firefox 62

Exploint

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Jorani Leave Management 0.6.5 - 'startdate' SQL Injection

Jorani Leave Management 0.6.5 - Cross-Site Scripting

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

5.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
2018-09-04
http://www.securityfocus.com/bid/105215

Mozilla Network Security Service CVE-2018-12384 Information Disclosure Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105218

GNOME GLib 'gmarkup.c' Remote Denial of Service Vulnerability
2018-09-03
http://www.securityfocus.com/bid/105210

Docker for Windows CVE-2018-15514 Remote Privilege Escalation Vulnerability
2018-08-31
http://www.securityfocus.com/bid/105202

SANS News

Let's Trade: You Read My Email, I'll Read Your Password!

Threatpost

Thousands of MikroTik Routers Hijacked for Eavesdropping

‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

ThreatList: 60% of BEC Attacks Fly Under the Radar

Exploint

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

iSmartViewPro 1.5 - 'DDNS' Buffer Overflow

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (20 Bytes)

4.9.2018

Bugtraq

 

Malware

Win32/Agent.ZPG

Win64/Agent.ZPG

Win64/Filecoder.R

Phishing

 

Vulnerebility

 

SANS News

Another quickie: Using scdbg to analyze shellcode

Threatpost

APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security

‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

Exploint

mooSocial Store Plugin 2.6 - SQL Injection

Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection

PHP File Browser Script 1 - Directory Traversal

Logicspice FAQ Script 2.9.7 - Remote Code Execution

Online Quiz Maker 1.0 - 'catid' SQL Injection

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

iSmartViewPro 1.5 - 'DDNS' Buffer Overflow

3.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Another quickie: Discovering patterns in network traffic with silk

Threatpost

 

Exploint

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)

Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service...

Wikipedia 12.0 - Denial of Service (PoC)

D-Link DIR-615 - Denial of Service (PoC)

Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)

VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)

Online Quiz Maker 1.0 - 'catid' SQL Injection

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

2.9.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox

MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites

ThreatList: Security Pros Confident They Could Compromise Their Own Orgs

Exploint

Network Manager VPNC - Username Privilege Escalation (Metasploit)

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)

31.8.2018

Bugtraq

 

Malware

 

Phishing

Bank of America

30th August 2018

IMPORTANT: Restore Your Bank
of America Account

Apple Support

30th August 2018

RE: [ Notification Alerts ] [
Update Statement Info ] We
have sent an email about your
information account has

Vulnerebility

Apache Traffic Server CVE-2018-8005 Denial of Service Vulnerability
2018-08-31
http://www.securityfocus.com/bid/105187

Microsoft Windows LSASS Buffer Overrun Vulnerability
2018-08-30
http://www.securityfocus.com/bid/10108

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-30
http://www.securityfocus.com/bid/105125

SANS News

 

Threatpost

Travel Breaches Hit Air Canada and Asia-Pac Hotelier

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Exploint

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

WordPress Plugin Quizlord 2.0 - Cross-Site Scripting

DLink DIR-601 - Credential Disclosure

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Nord VPN 6.14.31 - Denial of Service (PoC)

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

30.8.2018

Bugtraq

 

Malware

 

Phishing

Apple Support

30th August 2018

RE: [ Notification Alerts ] [
Update Statement Info ] We
have sent an email about your
information account has

Vulnerebility

Microsoft Windows LSASS Buffer Overrun Vulnerability
2018-08-30
http://www.securityfocus.com/bid/10108

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-30
http://www.securityfocus.com/bid/105125

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Wireshark Multiple Denial of Service Vulnerabilities
2018-08-29
http://www.securityfocus.com/bid/105174

Symantec Norton Identity Safe CVE-2018-12240 Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105146

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

SANS News

 

Threatpost

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

BusyGasper Malware Packs a Simple but Potent Punch

Exploint

DLink DIR-601 - Credential Disclosure

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Nord VPN 6.14.31 - Denial of Service (PoC)

29.8.2018

Bugtraq

 

Malware

Backdoor.Datper

Phishing

 

Vulnerebility

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Cisco Data Center Network Manager CVE-2018-0464 Directory Traversal Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105159

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

SANS News

3D Printers in The Wild, What Can Go Wrong?

OctoPrint 3D Web Interfaces: EXPOSED, Port 5000 default

Threatpost

Microsoft Windows Zero-Day Found in Task Scheduler

Facebook Flaw Allowed Remote Commands

Adobe Pushes Out Unscheduled Creative Cloud Application Fix

Crashing Mobile Apps Capture Screens, Leak Private Data

Microsoft Windows Zero-Day Found in Task Scheduler

Exploint

Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)

Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)

Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Episerver 7 patch 4 - XML External Entity Injection

phpMyAdmin 4.7.x - Cross-Site Request Forgery

R 3.4.4 - Buffer Overflow (SEH)

SIPP 3.3 - Stack-Based Buffer Overflow

Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of ...

Fathom 2.4 - Denial Of Service (PoC)

ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)

Immunity Debugger 1.85 - Denial of Service (PoC)

NASA openVSP 3.16.1 - Denial of Service (PoC)

28.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

SANS News

"When was this machine infected?"

Threatpost

AT Command Hitch Leaves Android Phones Open to Attack

Fortnite Android App Falls Victim to Man-in-the-Disk Flaw

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Exploint

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)

Schneider Electric BMX P34 CPU B - Open Redirect

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

Instagram App 41.1788.50991.0 - Denial of Service (PoC)

27.8.2018

Bugtraq

 

Malware

Backdoor.Fallchill

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

SANS News

"When was this machine infected?"

Threatpost

 

Exploint

Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)

Firefox 55.0.3 - Denial of Service (PoC)

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Electron WebPreferences - Remote Code Execution

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection

Responsive FileManager < 9.13.4 - Directory Traversal

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

LiteCart 2.1.2 - Arbitrary File Upload

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

CuteFTP 5.0 - Buffer Overflow

Adobe Flash - AVC Processing Out-of-Bounds Read

Libpango 1.40.8 - Denial of Service (PoC)

26.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

SANS News

Identifying numeric obfuscation

Threatpost

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

24.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

IBM Tivoli Application Dependency Discovery Manager Cross Site Request Forgery Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105135

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Microsoft Publisher Files Delivering Malware

Threatpost

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

StyleWriter 4 1.0 - Denial of Service (PoC)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

23.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Simple Phishing Through formcrafts.com

Threatpost

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Unpatched Ghostscript Flaws Allow Remote Takeover of Systems

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Triout Malware Carries Out Extensive, Targeted Android Surveillance

Exploint

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

CuteFTP 8.3.1 - Denial of Service (PoC)

22.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Openlinux\SunOS\Windows NT\HP-UX Denial of Service Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80175

Unix Echo and Chargen CVE-1999-0103 Remote Security Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80171

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-22
http://www.securityfocus.com/bid/105125

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

SANS News

 

Threatpost

Airmail 3 Exploit Instantly Steals Info from Apple Users

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

Exploint

Geutebrueck re_porter 16 - Cross-Site Scripting

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure

KingMedia 4.1 - Remote Code Execution

ZyXEL VMG3312-B10B - Cross-Site Scripting

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Ghostscript - Multiple Vulnerabilities

Project64 2.3.2 - Buffer Overflow (SEH)

Easyboot 6.6.0 - Denial Of Service (PoC)

UltraISO 9.7.1.3519 - Denial Of Service (PoC)

Textpad 7.6.4 - Denial Of Service (PoC)

21.8.2018

Bugtraq

 

Malware

 

Phishing

Amazon Order

21st August 2018

Amazon Order Confirmation

Walmart Order

21st August 2018

Thank You For Buying From
Walmart

eBay Collections

21st August 2018

KEEP YOUR ACCOUNT IN GOOD
STANDING - PAYMENT NEEDED

Vulnerebility

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

SANS News

OpenSSH user enumeration (CVE-2018-15473)

Malicious DLL Loaded Through AutoIT

Threatpost

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Google Faces Legal Turmoil After Location Tracking Debacle

Canadian Telcos Patch an APT-Ready Flaw in Disability Services

Exploint

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Twitter-Clone 1 - 'userid' SQL Injection

Project64 2.3.2 - Denial Of Service (PoC)

OpenSSH 7.7 - Username Enumeration

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

20.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

SANS News

 

Threatpost

GandCrab’s Rotten EGGs Hatch Ransomware in South Korea

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

Philips Vulnerability Exposes Sensitive Cardiac Patient Information

Exploint

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution

SEIG SCADA System 9 - Remote Code Execution

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery

WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection

Prime95 29.4b7 - Denial Of Service (PoC)

Restorator 1793 - Denial of Service (PoC)

Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service (PoC)

19.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Video: Peeking into msg files - revisited

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

Exploint

 

17.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-8414

Exp.CVE-2018-8373

RANSOM_PRINCESSLOCKER.B

Win32/Filecoder.Ouroboros.A

Win32/TrojanDownloader.Agent.EAT

MSIL/Agent.RY

Phishing

Apple Support

17th August 2018

[ News Statements Reports ] [
Updated Privacy Policy ] New
Update Your Payments - Thanks!
your order from App

Vulnerebility

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-17
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

Emerson DeltaV Multiple Security Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105105

Multiple Philips Products Buffer Overflow and Hardcoded Credentials Security Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105103

Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105101

SANS News

Back to the 90's: FragmentSmack

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

Highly Flexible Marap Malware Enters the Financial Scene

‘China’s MIT’ Linked to Espionage Campaign Against Alaska, Economic Partners

Exploint

Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type...

Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion

Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion

Microsoft Edge Chakra JIT - Scope Parsing Type Confusion

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

CEWE Photoshow 6.3.4 - Denial of Service (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

ADM 3.1.2RHG1 - Remote Code Execution

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

16.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

NTP CVE-2016-1549 Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/88200

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103192

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103194

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103191

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103351

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/103723

NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/104517

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/105089

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Multiple VMware Products CVE-2018-6973 Out-Of-Bounds Write Local Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105094

Apache HTTP Server CVE-2016-4975 HTTP Response Splitting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105093

SAP HANA Extended Application Services CVE-2018-2451 Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105091

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105090

SAP User Interface Technology CVE-2018-2434 Unspecified Content Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105088

SAP BusinessObjects Financial Consolidation CVE-2018-2444 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105087

Samba CVE-2018-10858 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105085

SANS News

Truncating Payloads and Anonymizing PCAP files

More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware

Threatpost

Open MQTT Servers Raise Physical Threats in Smart Homes

Google Chrome Bug Opens Access to Private Facebook Information

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Exploint

Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection

OpenEMR 5.0.1.3 - Arbitrary File Actions

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)

15.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-12799

Exp.CVE-2018-12824

Exp.CVE-2018-12827

Exp.CVE-2018-12826

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/105080

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Samba CVE-2018-1139 Remote Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105084

Samba CVE-2018-10918 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105083

Samba CVE-2018-1140 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105082

Samba CVE-2018-10919 Access Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105081

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105070

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Microsoft Windows Diagnostics Hub CVE-2018-0952 Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105048

Microsoft Edge CVE-2018-8390 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105041

Microsoft Internet Explorer and Edge CVE-2018-8385 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105039

Microsoft Internet Explorer and Edge CVE-2018-8372 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105038

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105037

Microsoft Internet Explorer CVE-2018-8389 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105036

Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105035

Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105034

Microsoft Internet Explorer and Edge CVE-2018-8403 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105033

Microsoft Windows Installer CVE-2018-8339 DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105030

Microsoft Windows ADFS CVE-2018-8340 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105029

Microsoft Windows LNK CVE-2018-8346 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105028

Microsoft Windows LNK CVE-2018-8345 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105027

Microsoft Edge CVE-2018-8388 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105025

Microsoft Edge CVE-2018-8383 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105024

SANS News

Microsoft August 2018 Patch Tuesday

Threatpost

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

ThreatList: Financial-Themed Phishing Hooks Targets in Q2

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Google Services Track User Movements In Privacy Faux Pas

Exploint

ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

14.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

SANS News

New Extortion Tricks: Now Including Your (Partial) Phone Number!

Threatpost

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Google Services Track User Movements In Privacy Faux Pas

Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

Exploint

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

13.8.2018

Bugtraq

 

Malware

JS.Cesaletat

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

SANS News

A URL shortener handy for phishers

Threatpost

DEF CON 2018: Voting Hacks Prompt Push Back from Election Officials, Vendors

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks

DEF CON 2018: ‘Man in the Disk’ Attack Surface Affects All Android Phones

Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

Exploint

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Android - Directory Traversal over USB via Injection in blkid Output

PostgreSQL 9.4-0.5.3 - Privilege Escalation

Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow

Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)

PLC Wireless Router GPN2.4P21-C-CN - Denial of Service

Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)

IP Finder 1.5 - Denial of Service (PoC)

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

12.8.2018

Bugtraq

 

Malware

 

Phishing

OFFICE FILE

12th August 2018

INTERNATIONAL MONETARY FUND
AGENCY

Calculation Letter

10th August 2018

P800 (PAYE) taxrevenue
calculations 2016/17 � what to
do.

Vulnerebility

 

SANS News

Peeking into msg files - revisited

Threatpost

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

Exploint

 

10.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/103203

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

SANS News

Hunting SSL/TLS clients using JA3

Threatpost

 

Exploint

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

reSIProcate 1.10.2 - Heap Overflow

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

iSmartViewPro 1.5 - 'Password' Buffer Overflow

MyBB Like Plugin 3.0.0 - Cross-Site Scripting

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting

9.8.2018

Bugtraq

[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

Malware

Trojan.Nibatad

MSH.Dropper

Phishing

 

Vulnerebility

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability
2018-08-08
http://www.securityfocus.com/bid/105046

SANS News

 

Threatpost

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

osTicket 1.10.1 - Arbitrary File Upload

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

reSIProcate 1.10.2 - Heap Overflow

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

Podcast: Black Hat USA 2018 Preview

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

Exploint

osTicket 1.10.1 - Arbitrary File Upload

LG-Ericsson iPECS NMS 30M - Directory Traversal

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

8.8.2018

Bugtraq

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

Malware

 

Phishing

 

Vulnerebility

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104976

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

SANS News

What Do I Need To Know about "SegmentSmack"

Threatpost

Patrick Wardle on Breaking and Bypassing MacOS Firewalls

Threatlist: Manufacturing, a Top Target for Espionage

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Exploint

OpenEMR < 5.0.1 - Remote Code Execution

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

7.8.2018

Bugtraq

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104976

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SANS News

 

Threatpost

Microsoft Adds Direct Trust for Let’s Encrypt

Threatlist: Financial Services Firms Lag in Patching Habits

Exploint

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

OpenEMR < 5.0.1 - Remote Code Execution

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Monstra 3.0.4 - Cross-Site Scripting

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

LAMS < 3.1 - Cross-Site Scripting

Subrion CMS 4.2.1 - Cross-Site Scripting

6.8.2018

Bugtraq

[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

Malware

 

Phishing

Amazon

5th August 2018

Amazon account verification

Service PayPal

4th August 2018

Account Alert

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

SANS Ne

Numeric obfuscation: another example

Threatpost

Top iPhone Supplier Battles WannaCry Infection

Exploint

 

5.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

Malware

Win32/Spy.Buhtrap.L

Phishing

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

Cisco Unified Communications Manager CVE-2018-0411 Cross Site Scripting Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104949

SANS News

My Honeypot is Trendy, My Honeypot is Unpopular

Dealing with numeric obfuscation in malicious scripts

Threatpost

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

Threatlist: SMB Security Challenges Grow with the Cloud

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Exploint

 

3.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

SANS News

 

Threatpost

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Phishing Campaign Steals Money From Industrial Companies

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

 

2.8.2018

Bugtraq

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Intel Puma CVE-2017-5693 Denial of Service Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104941

Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104940

SANS News

DHL-themed malspam reveals embedded malware in animated gif

Threatpost

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)

Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)

Linux/ARM - Reverse (::1:4444/TCP) Shell +IPv6 Shellcode (116 Bytes)

1.8.2018

Bugtraq

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

United Airline

31st July 2018

Your account is locked

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

 

SANS News

Exploiting the Power of Curl

Threatpost

Connected Car Apps Open Privacy Hole For Used Car Owners

HP Offers Up to $10,000 Rewards for Printer Bugs

Facebook Removes 17 Profiles Involved in Political Meddling

ThreatList: Business Email Compromises Way Up for Q2

Complex Malvertising Scheme Impacts Multiple Levels of Web Economy

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

Exploint