Databáze Hot News -

Rok - Úvod  2019  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  List  - 2018  2017  2016  2015  2014  2013 

Databáze - Úvod  Articles  Články  Bugtraq  Malware   Phishing  Vulnerebility  SANS  Mobil Virus  Exploit  Útoky  IDS/IPS  Techniky hackerů  Threatpost  Papers

- Databáze Hot News 2014 -

Poslední aktualizace v 08.10.2016 14:19:38


2014


31.12.2014

Bugtraq

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)

Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29
z fedotkin infosec ru

[SECURITY] [DSA 3115-1] pyyaml security update 2014-12-29
Moritz Muehlenhoff (jmm debian org)

nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)

[SECURITY] [DSA 3113-1] unzip security update 2014-12-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3114-1] mime-support security update 2014-12-29
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Spybot.bfr!3579B79FF705

Generic.bfr!0E361092DC71

RDN/Generic.dx!583FE8361C55

RDN/Generic PUP.x!3EA905D70130

RDN/Generic Dropper!vu!79C9E2DC17E9

RDN/Generic PUP.x!crc!2F6CF576D9D5

RDN/Generic PWS.y!bcf!945C7CEE1F68

RDN/Generic.dx!dhw!FB81F27EB7F8

RDN/Generic.bfr!986D34A2097B

RDN/DNSChanger.bfr!B47DC9E79E92

RDN/DNSChanger.bfr!DC4B059C45F1

Generic.dx!68BDFE238DF1

RDN/Generic.bfr!ia!E134EF50DB53

RDN/Generic.bfr!3B2CA5837595

RDN/Generic PUP.x!crc!7B9FECD3720B

RDN/Generic PUP.x!E373DD3B4B06

RDN/Generic BackDoor!bb3!AC56CD5EE486

Generic PUP.x!6F930603D4B4

RDN/Generic Dropper!vu!49A8BFA00F9D

Generic PUP.x!518478624A2E

Generic.bfr!4322AC83C313

RDN/Generic BackDoor!A4C8C8FCA02B

Generic PUP.x!0DE35E3F69AB

RDN/Generic Downloader.x!mf!C7E30DF91996

RDN/Generic PWS.y!bcf!B0543ED1E059

RDN/Generic BackDoor!1E82F9D68402

RDN/Generic PUP.z!68072D0618A6

RDN/Generic.tfr!eg!6DDE50B9BB29

Ransom!87E362E7540F

Generic PUP.x!DC2FA138F478

Phishing

 

Vulnerebility

JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities
2014-12-30
http://www.securityfocus.com/bid/71476

JasPer CVE-2014-8137 Double Free Remote Code Execution Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71742

PolarSSL Unspecified Memory Corruption Vulnerability
2014-12-30
http://www.securityfocus.com/bid/70905

LibYAML and Perl YAML-LibYAML Module 'scanner.c' Remote Denial of Service Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71349

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2014-12-30
http://www.securityfocus.com/bid/71757

Network Time Protocol CVE-2014-9296 Unspecified Security Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71758

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-12-30
http://www.securityfocus.com/bid/71761

torque 'job name' Argument Remote Buffer Overflow Vulnerability
2014-12-30
http://www.securityfocus.com/bid/48374

Torque Server Security Bypass Vulnerability
2014-12-30
http://www.securityfocus.com/bid/49119

Torque Munge Authentication Bypass Vulnerability
2014-12-30
http://www.securityfocus.com/bid/51224

Little CMS Multiple Remote Buffer Overflow Vulnerabilities
2014-12-30
http://www.securityfocus.com/bid/61607

Torque CVE-2013-4319 Remote Arbitrary Code Execution Vulnerability
2014-12-30
http://www.securityfocus.com/bid/62273

Torque 'send_the_mail()' Function Remote Command Injection Vulnerability
2014-12-30
http://www.securityfocus.com/bid/63722

TORQUE CVE-2014-0749 Stack Buffer Overflow Vulnerability
2014-12-30
http://www.securityfocus.com/bid/67420

Multiple Puppet Products CVE-2014-3248 Remote Code Execution Vulnerability
2014-12-30
http://www.securityfocus.com/bid/68035

Microsoft Windows Graphics Component CVE-2014-6355 Information Disclosure Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71502

Microsoft VBScript CVE-2014-6363 Remote Code Execution Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71504

Multiple F5 Products CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71549

file CVE-2014-8117 Denial of Service Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71692

Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability
2014-12-30
http://www.securityfocus.com/bid/71717

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2014-12-30
http://www.securityfocus.com/bid/71762

Fish-shell CVE-2014-2914 Remote Code Execution Vulnerability
2014-12-30
http://www.securityfocus.com/bid/67095

Fish-shell '/tmp/fishd.socket.user' Local Privilege Escalation Vulnerability
2014-12-30
http://www.securityfocus.com/bid/67097

Fish-shell 'psub' Function Insecure Temporary File Creation Vulnerability
2014-12-30
http://www.securityfocus.com/bid/67098

Fish-shell Insecure Temporary File Creation Vulnerabiliy
2014-12-30
http://www.securityfocus.com/bid/67115

Wireshark Sniffer File CVE-2014-6431 Remote Denial of Service Vulnerability
2014-12-30
http://www.securityfocus.com/bid/69858

Wireshark Netflow Dissector CVE-2014-6424 Denial of Service Vulnerability
2014-12-30
http://www.securityfocus.com/bid/69862

Getmail CVE-2014-7273 SSL Certificate Security Bypass Vulnerability
2014-12-30
http://www.securityfocus.com/bid/70280

Getmail CVE-2014-7274 SSL Certificate Security Bypass Vulnerability
2014-12-30
http://www.securityfocus.com/bid/70281

Getmail CVE-2014-7275 SSL Certificate Security Bypass Vulnerability
2014-12-30
http://www.securityfocus.com/bid/70282

Exploit

Liferay Portal 7.0.x <= 7.0.2 - Pre-Auth RCE

30.12.2014

Bugtraq

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)

FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.dx!dhv!1531860F1651

RDN/Generic.bfr!A4BB0D416E6E

RDN/Generic PUP.x!039DF24978E1

DNSChanger.bfr!8D679ACB9AF3

Downloader.gen.a!F907F3E12622

RDN/Generic Dropper!vu!E4011D6D0E33

Generic PUP.x!E38F99BC96C7

RDN/Generic PWS.y!bcf!2E25E96AA1EB

Generic PUP.x!B67D358929F5

Generic PUP.x!C7FC61FF2CEB

RDN/Downloader.gen.a!557407112CC1

Generic PUP.x!B5CC31261201

RDN/Generic Dropper!vu!B4FCB2CBCB3E

Generic PUP.x!520B07D599A1

RDN/Spybot.bfr!2065F9E63A43

DNSChanger.bfr!D160ED66D84A

Generic PUP.x!5925BDC40D67

Generic PUP.x!213B73DCDD90

Generic PUP.x!1A5CCA9830C8

RDN/Downloader.a!ud!219094AFC7BF

RDN/Generic PWS.y!bcf!B34D917EBD4C

RDN/Generic PUP.x!5BA186B231B4

RDN/Generic.bfr!ia!504DE29B7598

RDN/Generic PUP.x!cr3!742804B395D6

RDN/Downloader.a!ud!C50F3CD54AB0

RDN/Generic PUP.x!0DB1C7F87B25

RDN/Generic PUP.x!cr3!C1B4D476BDB6

RDN/Generic.bfr!0DEBECEAFD71

Generic PUP.x!DABD8FC77626

RDN/Generic.bfr!2CBC5A74DF65

Phishing

 

Vulnerebility

Wireshark HIP Dissector CVE-2014-6426 Remote Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69863

Wireshark RTSP Dissector CVE-2014-6427 Remote Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69861

Wireshark Sniffer File CVE-2014-6430 Remote Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69857

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2014-12-29
http://www.securityfocus.com/bid/71757

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-12-29
http://www.securityfocus.com/bid/71761

Network Time Protocol CVE-2014-9296 Unspecified Security Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71758

Info-ZIP UnZip CVE-2014-8139 Remote Heap Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71790

Linux Kernel CVE-2013-2897 Heap Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/62044

MuPDF 'xps_parse_color()' Function Stack Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/65036

policycoreutils seunshare CVE-2014-3215 Local Privilege Escalation Vulnerability
2014-12-29
http://www.securityfocus.com/bid/67341

Xen 'HVMOP_track_dirty_vram()' Local Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70055

Xen 'x86_emulate.c' Local Privilege Escalation Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70057

Xen Supervisor Mode Permission Checks Local Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70062

Xen CVE-2014-7188 Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70198

Linux Kernel CVE-2014-7841 SCTP NULL Pointer Dereference Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71081

Linux Kernel 'ttusbdecfe.c' Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71097

OpenVPN CVE-2014-8104 Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71402

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2014-12-29
http://www.securityfocus.com/bid/71762

Cisco Adaptive Security Appliance (ASA) Software CVE-2014-3410 Information Disclosure Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71765

Info-ZIP UnZip CVE-2014-8140 Out of Bounds Write Heap Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71792

Info-ZIP UnZip CVE-2014-8141 Out of Bounds Read Heap Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71793

Linux Kernel KVM 'virt/kvm/iommu.c' Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69489

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69763

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability
2014-12-29
http://www.securityfocus.com/bid/69781

Linux Kernel KVM 'asm/kvm_host.h' Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70742

Linux Kernel CVE-2014-3673 Denial of Service Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70883

Linux Kernel 'net/mac80211/tx.c' Information Disclosure Vulnerability
2014-12-29
http://www.securityfocus.com/bid/70965

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
2014-12-29
http://www.securityfocus.com/bid/70971

Linux Kernel 'kernel/tls.c' Local Information Disclosure Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71684

Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
2014-12-29
http://www.securityfocus.com/bid/71685

Exploit

 

29.12.2014

Bugtraq

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)

FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.bfr!hz!861E69442CF5

RDN/Generic.bfr!8C83874A4C72

Generic PUP.x!A672475E0B7C

Generic PUP.x!945B4CF3D358

RDN/Generic.bfr!hz!8D1D7CA67258

Generic PUP.x!94802FD14984

RDN/Generic.bfr!hz!8FAD9011F4D3

RDN/Generic.bfr!hz!8975281D641A

RDN/Generic.dx!B7EA46C58E75

Generic PUP.x!A41F20088C1C

RDN/Generic.dx!dhs!27B01AF456B4

Generic PUP.x!1E4FEB1E9E1B

RDN/Generic PUP.x!A30E1A05028D

RDN/Generic.bfr!hz!8B8FF2790013

RDN/Generic PUP.x!D0B803786532

Generic PUP.x!0E9449E8464C

Generic PUP.x!A4CE34B1A9C9

RDN/Generic.bfr!hz!8A2C7317F1D1

Generic Dropper!C7E0D0E61A3C

Generic Dropper!9C8B9F0E283F

RDN/Generic.bfr!hz!8967F65ED6A2

Generic PUP.x!104D4374B1C2

Downloader.gen.a!DDF5D22B7E91

RDN/Generic.bfr!hz!88615C474B4B

RDN/Generic BackDoor!bbc!93A137415768

RDN/Generic.bfr!hz!7C4E8047F318

Generic PWS.y!D2A21A446577

Generic PUP.x!74E21FE9E7D6

RDN/Generic.bfr!81CDDA0756CE

Generic PUP.x!7FE494EF5B8F

Phishing

 

Vulnerebility

Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71685

Linux Kernel 'kernel/tls.c' Local Information Disclosure Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71684

Linux Kernel 'espfix64' Local Denial of Service Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71250

Network Time Protocol CVE-2014-9296 Unspecified Security Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71758

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-12-25
http://www.securityfocus.com/bid/71761

OpenVPN CVE-2014-8104 Denial of Service Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71402

RPM CVE-2014-8118 CPIO Header Handling Integer Overflow Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71588

RPM CVE-2013-6435 Remote Code Execution Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71558

Mozilla Network Security Services CVE-2014-1569 Security Bypass Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71675

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2014-12-25
http://www.securityfocus.com/bid/71762

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2014-12-25
http://www.securityfocus.com/bid/71757

QEMU CVE-2014-3689 Multiple Local Security Bypass Vulnerabilities
2014-12-25
http://www.securityfocus.com/bid/70997

QEMU 'arch_init.c' Local Memory Corruption Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71658

QEMU 'cirrus_vga.c' Security Bypass Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71477

RSyslog Function Imfile Module Buffer Overflow Vulnerability
2014-12-25
http://www.securityfocus.com/bid/51171

RSyslog and sysklogd CVE-2014-3634 Denial of Service Vulnerability
2014-12-25
http://www.securityfocus.com/bid/70187

RSyslog and sysklogd CVE-2014-3683 Incomplete Fix Denial of Service Vulnerability
2014-12-25
http://www.securityfocus.com/bid/70243

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2014-12-25
http://www.securityfocus.com/bid/67899

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2014-12-25
http://www.securityfocus.com/bid/67898

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-25
http://www.securityfocus.com/bid/70574

Allegro RomPager HTTP Cookie Handling CVE-2014-9222 Security Bypass Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71744

Allegro RomPager CVE-2014-9223 Buffer Overflow Vulnerability
2014-12-25
http://www.securityfocus.com/bid/71756

FreeType 'src/cff/cf2hints.c' Remote Stack Buffer Overflow Vulnerability
2014-12-25
http://www.securityfocus.com/bid/66074

Cisco Prime Infrastructure CVE-2014-8007 Password Disclosure Vulnerability
2014-12-24
http://www.securityfocus.com/bid/71763

Cisco Enterprise Content Delivery System (ECDS) CVE-2014-8019 Arbitrary File Access Vulnerability
2014-12-24
http://www.securityfocus.com/bid/71764

Firebird 'protocol.cpp' NULL Pointer Dereference Denial of Service Vulnerability
2014-12-24
http://www.securityfocus.com/bid/71622

Sendmail File Descriptor Security Vulnerability
2014-12-24
http://www.securityfocus.com/bid/67791

PowerDNS Recursive Server CVE-2012-1193 Multiple Security Bypass Vulnerabilities
2014-12-24
http://www.securityfocus.com/bid/59348

PowerDNS Recursor Remote Cache Poisoning Vulnerability
2014-12-24
http://www.securityfocus.com/bid/37653

PowerDNS Recurser Buffer Overflow Vulnerability
2014-12-24
http://www.securityfocus.com/bid/37650

Exploit

  WhatsApp <= 2.11.476 - Remote Reboot/Crash App Android

  Pimcore 3.0 & 2.3.0 CMS - SQL Injection Vulnerability

  PHPLIST 3.0.6 & 3.0.10 - SQL Injection Vulnerability

  PMB <= 4.1.3 - Post-Auth SQL Injection Vulnerability

  Wickr Desktop 2.2.1 Windows - Denial of Service Vulnerability

25.12.2014

Bugtraq

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 2014-12-19
Onur Yilmaz (onur netsparker com)

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 2014-12-19
Onur Yilmaz (onur netsparker com)

Facebook BB #18 - IDOR Issue & Privacy Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

iBackup v10.0.0.45 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor 2014-12-19
SEC Consult Vulnerability Lab (research sec-consult com)

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 2014-12-18
Apple Product Security (product-security-noreply lists apple com)

[oCERT-2014-012] JasPer input sanitization errors 2014-12-18
Andrea Barisani (lcars ocert org)

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

E-Journal CMS (ID) - Multiple Web Vulnerabilities 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Apple iOS v8.x - Message Context & Privacy Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Malware

RDN/Generic.bfr!hz!3547F58037A5

DNSChanger.bfr!9AF8E550B515

RDN/Generic Dropper!1A05A342CAA7

Generic PUP.x!74ECA1F17961

RDN/Generic Downloader.x!mb!5DF1A6A37ECC

Generic PUP.x!23E85F8436A8

RDN/Generic PUP.x!cqt!2626F871ABB6

RDN/Generic.dx!dh3!269C9DC798E8

RDN/Generic PUP.x!cqt!2639738FFF7F

RDN/Generic PUP.x!9EFD7AB61465

RDN/Generic PUP.x!cqt!5A91F3388BBB

RDN/Spybot.bfr!747B6FD44CC1

RDN/Generic Downloader.x!8D7DF055C7CE

RDN/Spybot.bfr!0C7C3EA238A4

RDN/Spybot.bfr!0C8EF176E70C

RDN/Generic Downloader.x!mb!1A5B25DABA50

BrowseFox-FTQ!9C37005668CE

Generic PUP.x!2FB2AAD45CDE

RDN/Generic PUP.x!DD0F60FA4E0C

Generic PUP.x!2618569C3329

RDN/Generic.dx!2648B65474D1

RDN/Generic PUP.x!cqt!2614F3F2C7A2

RDN/Generic PUP.x!2653C83103F8

RDN/Generic PUP.x!26A5A06170A5

RDN/Downloader.a!ub!1B3FA6F7AFB2

Generic Downloader.x!1A3D1FA9761A

RDN/Generic StartPage!cc!B0C96F5BDDFF

RDN/Generic PUP.x!cqt!A235EB690301

RDN/Generic PUP.x!cqt!724B84E684AA

Generic PUP.x!04F683600409

Phishing

 

Vulnerebility

OProfile Multiple Security Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/48241

LFTP 'Content-Disposition' HTTP Header Arbitrary File Overwrite Vulnerability
2014-12-19
http://www.securityfocus.com/bid/43728

uzbl 'uzbl-core' '@SELECTED_URI' Mouse Button Bindings Command Injection Vulnerability
2014-12-19
http://www.securityfocus.com/bid/42297

libpng Memory Corruption and Memory Leak Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/41174

iputils 'ping.c' Remote Denial Of Service Vulnerability
2014-12-19
http://www.securityfocus.com/bid/41911

pmount Insecure Temporary File Creation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/40939

mlmmj (Mailing List Managing Made Joyful) Directory Traversal Vulnerability
2014-12-19
http://www.securityfocus.com/bid/41841

KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/39467

Beanstalk Job Data Remote Command Execution Vulnerability
2014-12-19
http://www.securityfocus.com/bid/40516

Ghostscript Insecure Temporary File Creation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/40426

GNU Gzip Dynamic Huffman Decompression Remote Code Execution Vulnerability
2014-12-19
http://www.securityfocus.com/bid/37888

dvipng '.dvi' File Parsing Remote Code Execution Vulnerability
2014-12-19
http://www.securityfocus.com/bid/39969

gnome-screensaver Unlock Dialog Race Condition Lock Bypass Vulnerability
2014-12-19
http://www.securityfocus.com/bid/38211

KDE KGet Security Bypass and Directory Traversal Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/40141

GNU gzip LZW Compression Remote Integer Overflow Vulnerability
2014-12-19
http://www.securityfocus.com/bid/37886

XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability
2014-12-19
http://www.securityfocus.com/bid/37455

Libpng 1-bit Interlaced Images Information Disclosure Vulnerability
2014-12-19
http://www.securityfocus.com/bid/35233

FreeType Multiple Integer Overflow Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/34550

Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/33827

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/37128

pam-krb5 Local Privilege Escalation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/33740

pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/33741

BitDefender Antivirus For Linux Multiple File Processing Remote Denial Of Service Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/32751

Libpng Library 'png_handle_tEXt()' Memory Leak Denial of Service Vulnerability
2014-12-19
http://www.securityfocus.com/bid/31920

Little CMS ICC Profile Stack Buffer Overflow Vulnerability
2014-12-19
http://www.securityfocus.com/bid/24001

Tcl/Tk Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
2014-12-19
http://www.securityfocus.com/bid/27655

JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities
2014-12-19
http://www.securityfocus.com/bid/71476

Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
2014-12-19
http://www.securityfocus.com/bid/71685

GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
2014-12-19
http://www.securityfocus.com/bid/71216

GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
2014-12-19
http://www.securityfocus.com/bid/68983

Exploit

  Cacti Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection Exploit

  Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities

  miniBB 3.1 - Blind SQL Injection

  Varnish Cache CLI Interface Remote Code Execution

19.12.2014

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

Exploit

 

17.12.2014

Bugtraq

[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution 2014-12-16
security-alert hp com

[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities 2014-12-16
security-alert hp com

[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) 2014-12-16
security-alert hp com

[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information 2014-12-16
security-alert hp com

RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

iWifi for Chat v1.1 iOS - Denial of Service Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3105-1] heirloom-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3104-1] bsd-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface 2014-12-16
Mazin Ahmed (mazen150 hotmail com)

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA 2014-12-16
Onapsis Research Labs (research onapsis com)

"Ettercap 8.0 - 8.1" multiple vulnerabilities 2014-12-16
Nick Sampanis (n sampanis obrela com)

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) 2014-12-16
Security Explorations (contact security-explorations com)

Malware

RDN/Generic BackDoor!b2z!F542CA8889DF

W32/Expiro!E961D87DE3CE

Generic PWS.y!5ECF5F3F2731

RDN/Generic PUP.x!cqs!9AEB54781C52

RDN/Generic PUP.x!cqs!8398D4381A50

RDN/Generic PUP.x!07E3F54A4E44

RDN/Generic PWS.y!1C057DF9E4F6

Generic PUP.x!7951D50D9234

RDN/Generic PUP.x!cqs!0A5A2E682AD4

RDN/Generic PUP.x!cqs!56DA359E0AEB

RDN/Generic PUP.x!cqs!FA9C54D17D07

RDN/Generic.bfr!hr!1DD9DCA0D329

W32/Expiro!9F02E561D1F6

RDN/Generic PUP.x!cqs!E78537AE86AE

RDN/Generic PUP.x!cqs!CEE54E072D7C

RDN/Generic.tfr!ef!84B048B61C92

RDN/Generic PUP.x!cqs!00D64659159C

RDN/Generic PUP.x!cqs!D5D7D6E2590C

W32/Sality.gen!64E1558CC743

RDN/Generic BackDoor!b2z!0A1617359122

RDN/Generic.tfr!ef!856697A0B189

Generic PUP.x!120737EDD33D

RDN/BackDoor-FBSA!a!679E62CF3081

RDN/Generic PUP.x!cqs!CB88F0D39132

RDN/Generic Downloader.x!021CAAB2453A

RDN/Generic.bfr!hr!65265631A229

RDN/Generic PUP.x!EC2E573F2FC9

RDN/Spybot.bfr!087C41FA5614

Generic PUP.x!53F4CE07ABCD

RDN/Generic BackDoor!D6EB7C7A9404

Phishing

 

Vulnerebility

Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71685

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/55522

ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/50690

ISC BIND 9 Remote Cache Poisoning Vulnerability
2014-12-17
http://www.securityfocus.com/bid/25037

Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
2014-12-17
http://www.securityfocus.com/bid/33151

ISC BIND Multiple Remote Denial of Service Vulnerabilities
2014-12-17
http://www.securityfocus.com/bid/19859

Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
2014-12-17
http://www.securityfocus.com/bid/30131

Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/69428

BSD mailx CVE-2014-7844 Local Arbitrary Command Execution Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71701

BSD mailx CVE-2004-2771 Local Arbitrary Command Execution Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71704

Linux Kernel CVE-2014-3673 Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/70883

Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/70766

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/69799

Linux Kernel 'tcp_set_keepalive()' Function Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/69803

Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
2014-12-17
http://www.securityfocus.com/bid/69396

HawtJNI CVE-2013-2035 Local Privilege Escalation Vulnerability
2014-12-17
http://www.securityfocus.com/bid/59876

Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
2014-12-17
http://www.securityfocus.com/bid/66397

JBoss Enterprise Application Platform Plain Text Password Local Information Disclosure Vulnerability
2014-12-17
http://www.securityfocus.com/bid/65762

OpenSAML-Java ParserPool and Decrypter XML External Entity Injection Vulnerability
2014-12-17
http://www.securityfocus.com/bid/64345

JBoss Enterprise Application Platform Java Security Manager Policy Security Bypass Vulnerability
2014-12-17
http://www.securityfocus.com/bid/66596

Multiple Red Hat JBoss Products Local Security Bypass Vulnerability
2014-12-17
http://www.securityfocus.com/bid/65591

Linux Kernel 'espfix64' Local Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71250

OpenVPN CVE-2014-8104 Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71402

JQuery 'ui/jquery.ui.dialog.js' Cross Site Scripting Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71106

WordPress Download Manager Plugin Remote Code Execution and Remote File Include Vulnerabilities
2014-12-17
http://www.securityfocus.com/bid/71490

phpMyAdmin Long Password Handling Denial of Service Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71434

phpMyAdmin CVE-2014-9219 Cross Site Scripting Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71435

Antiword 'wordole.c' Buffer Overflow Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71386

Xen MMU CVE-2014-8594 Local Security Bypass Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71149

Xen CVE-2014-8595 Local Privilege Escalation Vulnerability
2014-12-17
http://www.securityfocus.com/bid/71151

Exploit

  ActualAnalyzer 'ant' Cookie Command Execution

  CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution

  CMS Papoo 6.0.0 Rev. 4701 - Stored XSS

16.12.2014

Bugtraq

CA20141215-01: Security Notice for CA LISA Release Automation 2014-12-15
Williams, Ken (Ken Williams ca com)

[ MDVSA-2014:252 ] nss 2014-12-15
security mandriva com

[ MDVSA-2014:253 ] apache-mod_wsgi 2014-12-15
security mandriva com

Malware

RDN/Spybot.bfr!o!573E6228C366

RDN/Generic.dx!B8BFCD6C2B8D

RDN/Generic.dx!B973C946394F

Generic Dropper!F67F5ACFDB7A

RDN/Generic.dx!B7E1BB056964

RDN/Generic.bfr!hy!5A83F889F1D5

Generic PUP.x!670FE5B3D191

Generic PUP.x!CA6D9DA1F479

RDN/Generic.dx!ADB24F1C4561

Generic PUP.x!97F875B92C6D

RDN/Generic Dropper!vs!111F2B3E1D26

RDN/Generic PUP.x!cqq!CB4E9CD380CB

RDN/Generic.dx!dhm!EA6816D2B24D

Generic PUP.x!21DB0BFA7902

RDN/Generic PUP.x!cqq!D90E0D49B21C

RDN/Generic.dx!dhm!A7373A3B327A

RDN/Generic PUP.x!B1AE742BAD81

Generic PUP.x!F26D1450CAA5

RDN/Generic BackDoor!b2z!7A2CBD82783C

RDN/Generic.dx!dhm!2B3BD772196E

Generic PUP.x!C4D6B4BF51D0

RDN/Generic.bfr!CBD9DF96C27D

Generic PUP.x!1153EFC27530

Generic PUP.x!C18590F1E5A9

RDN/Generic.bfr!hy!366BEB355C90

RDN/Generic.bfr!hy!3AA3BA0BB730

RDN/Generic.bfr!hy!85848A153B93

W32/Virut.gen!5A00083F332A

RDN/PWS-Banker.dldr!i!8041326FFE81

RDN/Generic PUP.x!cqq!8F7ECB797D42

Phishing

 

Vulnerebility

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/66690

Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/59000

Libxml2 Entities Expansion CVE-2013-0338 Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/58180

Multiple OpenStack Products CVE-2013-1664 Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/58892

libxml2 Multiple Use After Free Memory Corruption Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/59265

libpng Memory Corruption and Memory Leak Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/41174

Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71161

Google Chrome CVE-2014-7906 Use After Free Remote Code Execution Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71159

X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Corruption Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71606

X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71604

X.Org X Server CVE-2014-8101 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71605

X.Org X Server CVE-2014-8100 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71602

X.Org X Server Protocol Handling Out-of-Bounds Multiple Denial of Service Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71603

X.Org X Server CVE-2014-8102 Out of Bounds Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71608

X.Org X Server CVE-2014-8094 Out of Bounds Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71601

X.Org X Server CVE-2014-8099 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71600

X.Org X Server CVE-2014-8091 Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71597

X.Org X Server Protocol Handling Multiple Integer Overflow Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71595

X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Access Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71599

X.Org X Server CVE-2014-8093 Multiple Integer Overflow Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/71596

X.Org X Server CVE-2014-8096 Out of Bounds Read Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71598

Firebird 'protocol.cpp' NULL Pointer Dereference Denial of Service Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71622

Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
2014-12-16
http://www.securityfocus.com/bid/68111

Google Chrome CVE-2014-7907 Use After Free Remote Code Execution Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71170

Google Chrome CVE-2014-7899 Unspecified Address Bar Spoofing Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71160

Google Chrome CVE-2014-7904 Buffer Overflow Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71166

Google Chrome CVE-2014-7900 Use After Free Remote Code Execution Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71163

Google Chrome CVE-2014-7902 Use After Free Remote Code Execution Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71165

Google Chrome Prior to 38.0.2125.101 Multiple Security Vulnerabilities
2014-12-16
http://www.securityfocus.com/bid/70273

Google Chrome CVE-2014-7908 Integer Overflow Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71168

Exploit

  Tuleap PHP Unserialize Code Execution

  Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.m3u)

  Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.lst)

  jaangle 0.98i.977 - Denial of Service Vulnerability

  HTCSyncManager 3.1.33.0 - Service Trusted Path Privilege Escalation

  Avira 14.0.7.342 - (avguard.exe) Service Trusted Path Privilege Escalation

  CodeMeter 4.50.906.503 - Service Trusted Path Privilege Escalation

  GLPI 0.85 - Blind SQL Injection

  Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Exploit

  Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

  ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling

  Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit

15.12.2014

Bugtraq

[ MDVSA-2014:242 ] yaml 2014-12-14
security mandriva com

[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3102-1] libyaml security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... 2014-12-13
Stefan Kanthak (stefan kanthak nexgo de)

[ MDVSA-2014:238 ] bind 2014-12-13
security mandriva com

[SECURITY] [DSA 3101-1] c-icap security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

[ MDVSA-2014:243 ] phpmyadmin 2014-12-14
security mandriva com

[ MDVSA-2014:244 ] openafs 2014-12-14
security mandriva com

[ MDVSA-2014:245 ] mutt 2014-12-14
security mandriva com

CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" 2014-12-14
Christian Schneider (mail Christian-Schneider net)

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" 2014-12-14
Christian Schneider (mail Christian-Schneider net)

[SECURITY] [DSA 3100-1] mediawiki security update 2014-12-13
Sebastien Delafond (seb debian org)

[ MDVSA-2014:251 ] rpm 2014-12-14
security mandriva com

[ MDVSA-2014:239 ] flac 2014-12-14
security mandriva com

[ MDVSA-2014:250 ] cpio 2014-12-14
security mandriva com

[ MDVSA-2014:249 ] qemu 2014-12-14
security mandriva com

[ MDVSA-2014:248 ] graphviz 2014-12-14
security mandriva com

[ MDVSA-2014:247 ] jasper 2014-12-14
security mandriva com

[ MDVSA-2014:246 ] openvpn 2014-12-14
security mandriva com

Malware

Generic PUP.x!2162F7A0B0B1

RDN/Generic Dropper!EE586D102E0A

Generic PUP.x!457A1B32F266

Generic PUP.x!9D17AE644668

Generic PUP.x!55177817FFE5

Generic PUP.x!30CF353C836C

RDN/Generic PUP.x!cqp!9D8EAB90C30A

Generic PUP.x!7E189B586D4A

RDN/Generic PUP.x!0ED6209D0694

Generic PUP.x!40063A03E7EF

Generic PUP.x!246117D07613

Ransom!18919C306EA4

RDN/Generic.dx!DB0192556405

RDN/Generic.dx!dhm!A123EF553902

RDN/Generic PUP.x!cqp!A07C5716E874

RDN/Generic PUP.x!3808ED714971

RDN/Generic PUP.x!cqp!93CD1F8CF804

RDN/Generic PUP.x!165BD5981245

RDN/Generic PUP.x!34243A89DA6A

RDN/Generic PUP.x!cqp!937E15D5BB76

RDN/Generic PUP.x!cqp!91C0596595C0

RDN/Generic PUP.x!cqp!345A0020F5A8

Generic PUP.x!47C37AD484AD

Generic PUP.x!6433F15A9257

RDN/Generic PUP.x!cqp!9B05F89C97C2

RDN/Generic PUP.x!cqp!9AC2F7132046

Generic PUP.x!72396B1B5D8C

Generic PUP.x!C68FF433737C

Generic PUP.x!0B0A8B55C001

Generic PUP.x!9B36A075327F

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
2014-12-15
http://www.securityfocus.com/bid/65769

Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
2014-12-15
http://www.securityfocus.com/bid/65773

Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
2014-12-15
http://www.securityfocus.com/bid/65768

Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
2014-12-15
http://www.securityfocus.com/bid/59799

Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
2014-12-15
http://www.securityfocus.com/bid/59798

Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/65767

Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
2014-12-15
http://www.securityfocus.com/bid/56814

Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
2014-12-15
http://www.securityfocus.com/bid/56812

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/65400

Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
2014-12-15
http://www.securityfocus.com/bid/56403

Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/56813

Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/56402

OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability
2014-12-15
http://www.securityfocus.com/bid/58299

OpenAFS CVE-2013-4134 Information Disclosure Vulnerability
2014-12-15
http://www.securityfocus.com/bid/61439

OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability
2014-12-15
http://www.securityfocus.com/bid/58300

OpenAFS CVE-2013-4135 Information Disclosure Vulnerability
2014-12-15
http://www.securityfocus.com/bid/61438

OpenAFS GetStatistics64 RPC Remote Denial Of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/66776

phpMyAdmin CVE-2014-9219 Cross Site Scripting Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71435

phpMyAdmin Long Password Handling Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71434

LibYAML and Perl YAML-LibYAML Module 'scanner.c' Remote Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71349

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-15
http://www.securityfocus.com/bid/70574

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71150

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71153

tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71468

MantisBT 'soap/mc_account_api.php' Security Bypass Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71553

Linux Kernel CVE-2014-8559 Local Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/70854

libFLAC 'src/libFLAC/stream_decoder.c' Stack Buffer Overflow Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71280

libFLAC 'src/libFLAC/stream_decoder.c' Heap Buffer Overflow Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71282

ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
2014-12-15
http://www.securityfocus.com/bid/71590

Exploit

 

12.12.2014

Bugtraq

[security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack 2014-12-11
security-alert hp com

Docker 1.3.3 - Security Advisory [11 Dec 2014] 2014-12-12
Eric Windisch (eric windisch docker com)

[SECURITY] [DSA 3099-1] dbus security update 2014-12-11
Florian Weimer (fw deneb enyo de)

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities 2014-12-11
petri iivonen tmbc gov uk

APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 2014-12-11
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3098-1] graphviz security update 2014-12-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3097-1] unbound security update 2014-12-10
Yves-Alexis Perez (corsac debian org)

[slackware-security] openssh (SSA:2014-344-03) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] wpa_supplicant (SSA:2014-344-07) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] mozilla-firefox (SSA:2014-344-02) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] pidgin (SSA:2014-344-05) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2014-344-01) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] seamonkey (SSA:2014-344-06) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] openvpn (SSA:2014-344-04) 2014-12-11
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3096-1] pdns-recursor security update 2014-12-11
Sebastien Delafond (seb debian org)

Malware

RDN/Generic PUP.x!800B12C999F0

RDN/Generic PUP.x!cqm!3E67D8A6B6E5

Generic PUP.x!182AD4EE434A

Generic PUP.x!D1390FE10703

RDN/Generic.bfr!hy!DC009B4CBECA

RDN/Generic Downloader.x!lx!EF1F320E4BC4

RDN/Generic PUP.x!cqm!32A855917E2C

Generic PUP.x!B722121B2F85

RDN/Generic.dx!dhk!CAF89054CA41

Generic PUP.x!8DCB06E5261C

RDN/Generic.bfr!hy!F69301B6A9C2

RDN/Generic Downloader.x!FEFDA7B4CD45

Generic PUP.x!3402B2256F3B

RDN/Spybot.bfr!o!091A5A811931

RDN/Ransom!680C3147CA83

Generic PUP.x!B55E0A4DCFAB

RDN/Generic PUP.x!cqm!31DFD3C67A31

RDN/Generic PUP.x!cqm!602BDCFDCDCB

RDN/Ransom!CC176FDF8DE8

RDN/Generic PUP.x!cqm!10F663474EB7

RDN/Generic BackDoor!b2w!EFB8156D0102

RDN/Generic Downloader.x!lx!7C054A348B82

RDN/Generic PUP.x!cqm!67BD3FC62352

Generic PUP.x!B714CADEACCD

RDN/DNSChanger.bfr!f!91DCEE49A884

RDN/DNSChanger.bfr!f!D6368D693751

RDN/Generic PUP.x!cqm!4BCCEB0D396A

RDN/Generic BackDoor!b2w!E738581CCC00

RDN/Generic PWS.y!bc3!DF87FED7B766

Generic.bfr!B88590217930

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

X.Org X Server CVE-2014-8099 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71600

X.Org X Server CVE-2014-8091 Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71597

X.Org X Server CVE-2014-8096 Out of Bounds Read Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71598

X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Access Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71599

X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71604

Mutt 'mutt_substrdup()' Function Heap Based Buffer Overflow Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71334

ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71590

X.Org X Server Protocol Handling Multiple Integer Overflow Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71595

X.Org X Server CVE-2014-8093 Multiple Integer Overflow Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71596

X.Org X Server CVE-2014-8100 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71602

X.Org X Server CVE-2014-8101 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71605

X.Org X Server Protocol Handling Multiple Out-of-Bounds Memory Corruption Vulnerabilities
2014-12-12
http://www.securityfocus.com/bid/71606

X.Org X Server CVE-2014-8102 Out of Bounds Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71608

OpenSSL CVE-2014-0076 Information Disclosure Weakness
2014-12-12
http://www.securityfocus.com/bid/66363

OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
2014-12-12
http://www.securityfocus.com/bid/66801

OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/67193

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2014-12-12
http://www.securityfocus.com/bid/67899

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-12-12
http://www.securityfocus.com/bid/68636

Shim CVE-2014-3675 Remote Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/70407

Shim CVE-2014-3676 Heap Based Buffer Overflow Vulnerability
2014-12-12
http://www.securityfocus.com/bid/70409

Shim CVE-2014-3677 Memory Corruption Vulnerability
2014-12-12
http://www.securityfocus.com/bid/70410

D-Bus CVE-2014-7824 Incomplete Fix Denial of Service Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71012

Graphviz 'agerr()' Function Remote Format String Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71283

Microsoft Internet Explorer CVE-2014-6329 Remote Memory Corruption Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71447

Microsoft Internet Explorer CVE-2014-6373 Remote Memory Corruption Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71453

Microsoft Internet Explorer CVE-2014-8966 Remote Memory Corruption Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71457

Microsoft Internet Explorer XSS Filter CVE-2014-6328 Security Bypass Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71460

Adobe Flash Player CVE-2014-9162 Information Disclosure Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71581

Adobe Flash Player CVE-2014-9163 Stack Based Buffer Overflow Vulnerability
2014-12-12
http://www.securityfocus.com/bid/71582

Exploit

 

10.12.2014

Bugtraq

Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities 2014-12-09
simo morxploit com

[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information 2014-12-09
security-alert hp com

[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-12-09
security-alert hp com

NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability 2014-12-09
VMware Security Response Center (security vmware com)

[CVE-2014-8340] phpTrafficA SQL injection 2014-12-09
Daniël Geerts (dgeerts nikhef nl)

[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com

[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com

Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 2014-12-09
Onur Yilmaz (onur netsparker com)

Malware

RDN/Generic PUP.x!9229DE0F4550

Generic PUP.x!59BB1588B0D7

RDN/Generic Dropper!CB071AB48A43

W32/Autorun.worm.aaeh!5331BAED2229

RDN/Generic.dx!dhh!E908A7B34261

Generic PUP.x!CFEDE9614756

RDN/Generic PUP.x!cql!EFD29FEEFCD0

RDN/Generic.tfr!ef!131338C5DDFB

RDN/Generic PUP.x!cql!113BECD44DE2

RDN/Generic PUP.x!cql!2456B4D3C3C8

RDN/Generic BackDoor!b2v!9E03E7076352

Generic PUP.x!64B7C901809E

DNSChanger.bfr!212E6E26D255

Generic Dropper!EF81368C766B

Generic PUP.x!A2802E5DB212

RDN/Generic PUP.x!cql!AB72EF5A28D4

Downloader.gen.a!EC4498931F4B

RDN/Generic Downloader.x!lw!2568B9FC647C

RDN/Generic StartPage!4BAFA4A023E2

Generic PUP.x!F1FA25DE8E7F

RDN/Generic Downloader.x!lw!7F38656A8BC7

RDN/Generic BackDoor!b2v!CB7F315D1A36

Generic PUP.x!2F9CCA2FAA4F

Generic PUP.x!0055B1F813D7

RDN/Generic Downloader.x!lw!EB770CA7FBDE

RDN/Generic Downloader.x!lw!0AE10A8E3D35

RDN/Generic BackDoor!b2v!BACFA358FA87

RDN/Generic BackDoor!b2v!F55EDE4A7973

RDN/Generic PUP.x!19938D4EB609

RDN/Downloader.a!tz!74788F35DCFA

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

Mozilla Firefox/Thunderbird CVE-2014-1592 Use After Free Memory Corruption Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71398

Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
2014-12-10
http://www.securityfocus.com/bid/71391

Mozilla Firefox/Thunderbird CVE-2014-1593 Buffer Overflow Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71395

Mozilla Firefox/Thunderbird CVE-2014-1594 Security Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71396

Mozilla Firefox/Thunderbird CVE-2014-1590 Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71397

Linux Kernel '/drivers/media/media-device.c' Local Information Disclosure Vulnerability
2014-12-10
http://www.securityfocus.com/bid/68048

Linux Kernel Multiple Local Security Bypass Vulnerabilities
2014-12-10
http://www.securityfocus.com/bid/68162

Linux Kernel CVE-2014-5045 Local Privilege Escalation Vulnerability
2014-12-10
http://www.securityfocus.com/bid/68862

Linux Kernel CVE-2014-3182 'hid-logitech-dj.c' Buffer Overflow Vulnerability
2014-12-10
http://www.securityfocus.com/bid/69770

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70574

OpenVPN CVE-2014-8104 Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71402

PowerDNS Recursor CVE-2014-8601 Remote Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71545

RPM CVE-2013-6435 Remote Code Execution Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71558

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2014-12-10
http://www.securityfocus.com/bid/64111

Linux Kernel 'rd_build_device_space()' Function Information Disclosure Vulnerability
2014-12-10
http://www.securityfocus.com/bid/68159

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-12-10
http://www.securityfocus.com/bid/69763

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities
2014-12-10
http://www.securityfocus.com/bid/69768

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-12-10
http://www.securityfocus.com/bid/69779

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability
2014-12-10
http://www.securityfocus.com/bid/69781

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/69799

Oracle Java SE CVE-2014-6558 Remote Security Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70544

Oracle Java SE CVE-2014-6515 Remote Security Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70565

OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70584

GNU Wget CVE-2014-4877 Symlink Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70751

Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70766

Linux Kernel CVE-2014-3673 Denial of Service Vulnerability
2014-12-10
http://www.securityfocus.com/bid/70883

Moodle LTI Module CVE-2014-7832 Access Bypass Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71121

Moodle CVE-2014-7845 Insecure Password Generation Weakness
2014-12-10
http://www.securityfocus.com/bid/71128

Graphviz 'agerr()' Function Remote Format String Vulnerability
2014-12-10
http://www.securityfocus.com/bid/71283

Exploit

 

9.12.2014

Bugtraq

[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds 2014-12-08
jlk apache org

[ANN] Apache Struts 2.3.20 GA release available with security fix 2014-12-08
Lukasz Lenart (lukaszlenart apache org)

CFP: InfoSec SouthWest 2015 (ISSW) 2014-12-08
Tod Beardsley (todb packetfu com)

Malware

Generic PUP.x!391008A6951A

RDN/Generic Downloader.x!lw!1B904B66BC2E

RDN/Generic PUP.x!6EF6FE98A3AB

Generic PUP.x!62EA1B9E4DB0

RDN/Generic.dx!0D16269BA604

Generic PUP.x!65AF418038BC

RDN/Spybot.bfr!o!74AC6FFD7A2F

Generic PUP.x!63048FB8C704

RDN/Generic.tfr!ef!062DFB0D87F6

RDN/Generic Downloader.x!lw!6314FE26A3B6

Generic PUP.x!295E252B1F82

RDN/Generic.dx!dhh!765CED612BAB

RDN/Generic.dx!66A176B3A70B

RDN/Generic.dx!190865AA137D

RDN/Generic PUP.x!626C7D510D9A

Generic PUP.x!64126E2A24F6

RDN/Generic.hra!cd!570313706885

Generic PUP.x!5A001CCDE177

Generic PUP.x!6249CC174D79

RDN/Generic PUP.x!cqk!3D06DE7CDC43

Generic PUP.x!5C9F42D85E29

Generic PUP.x!5AB2A956AE7D

Generic PUP.x!682A171D0C74

Generic PUP.x!C78B66E1679A

Generic PUP.x!6B01B593D558

RDN/Generic.dx!69B5792532E1

RDN/Spybot.bfr!448E404BA180

Generic PUP.x!61BCF0767085

Generic PUP.x!64DC1768D819

Generic PUP.x!60B0A0B51CFB

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

libvirt CVE-2014-7823 Information Disclosure Vulnerability
2014-12-09
http://www.securityfocus.com/bid/71095

libvirt CVE-2013-4399 Remote Denial Of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/62972

libvirt Event Registration API Remote Security Bypass Vulnerability
2014-12-09
http://www.securityfocus.com/bid/65004

libvirt Unsafe Paths Usage Symlink Multiple Security Vulnerabilities
2014-12-09
http://www.securityfocus.com/bid/65743

libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
2014-12-09
http://www.securityfocus.com/bid/67289

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-12-09
http://www.securityfocus.com/bid/70186

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-09
http://www.securityfocus.com/bid/70574

Linux Kernel KVM CVE-2014-8369 Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/70749

Linux Kernel CVE-2014-7841 SCTP NULL Pointer Dereference Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/71081

Linux Kernel 'ttusbdecfe.c' Buffer Overflow Vulnerability
2014-12-09
http://www.securityfocus.com/bid/71097

Linux Kernel 'espfix64' Local Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/71250

Graphviz 'agerr()' Function Remote Format String Vulnerability
2014-12-09
http://www.securityfocus.com/bid/71283

JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities
2014-12-09
http://www.securityfocus.com/bid/71476

nfs-utils 'rpc.gssd' DNS Spoofing Vulnerability
2014-12-09
http://www.securityfocus.com/bid/58854

libvirt 'virBitmapParse()' Function Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/62070

libvirt 'remoteDispatchDomainMemoryStats()' Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/62510

libvirt 'virFileNBDDeviceAssociate()' Remote Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/62576

libvirt CVE-2013-4292 Multiple Remote Denial of Service Vulnerabilities
2014-12-09
http://www.securityfocus.com/bid/62791

libvirt 'virt-login-shell' Local Privilege Escalation Vulnerability
2014-12-09
http://www.securityfocus.com/bid/63324

libvirt 'virConnectDomainXMLToNative()' API Remote Security Bypass Vulnerability
2014-12-09
http://www.securityfocus.com/bid/63325

libvirt 'virDomainBlockStats()' Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/64723

Dovecot Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/67306

QEMU CVE-2014-3471 Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/68145

libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities
2014-12-09
http://www.securityfocus.com/bid/69033

QEMU 'vmstate_xhci_event' Field Memory Corruption Vulnerability
2014-12-09
http://www.securityfocus.com/bid/69247

QEMU 'pcihp.c' Out of Bounds Memory Corruption Vulnerability
2014-12-09
http://www.securityfocus.com/bid/69356

QEMU 'vga.c' Information Disclosure Vulnerability
2014-12-09
http://www.securityfocus.com/bid/69654

QEMU CVE-2014-3640 Local Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/70237

QEMU CVE-2014-7815 Local Denial of Service Vulnerability
2014-12-09
http://www.securityfocus.com/bid/70998

Exploit

 

8.12.2014

Bugtraq

[SECURITY] [DSA 3091-1] getmail4 security update 2014-12-07
Giuseppe Iuculano (iuculano debian org)

[SECURITY] [DSA 3092-1] icedove security update 2014-12-07
Moritz Muehlenhoff (jmm debian org)

Malware

RDN/Generic.bfr!00DD55F14869

RDN/Generic.dx!D3A39A90401B

RDN/Generic.bfr!98020D83A9B4

RDN/Generic.bfr!CD1042080EA2

RDN/Generic.dx!D33627C8D4BB

RDN/Generic.bfr!5EB658A32E03

RDN/Generic.bfr!CCA81CD51AF1

RDN/Generic.bfr!18D758F08C92

RDN/Generic PWS.y!bb3!B68427EFCE31

RDN/Generic.dx!dhg!464DE1957DD6

RDN/Generic.dx!E728075A30B4

RDN/Generic.bfr!75D1F68DD7B1

RDN/Generic.dx!D36EF214F161

RDN/Generic.bfr!2AE7CC0FDF68

RDN/Generic.bfr!B7ED4D8E22A4

RDN/Generic.bfr!016D00B60E76

RDN/Sdbot.worm!62230CFE8AEF

RDN/Generic PUP.x!A64858F103B8

RDN/Generic.dx!D2D3C1BFADDE

RDN/Generic Dropper!7AE2189384D6

RDN/Generic.bfr!017B524C6E57

RDN/PWS-Banker!dp!BEFBBCD9839E

RDN/Generic PUP.x!1615087403C8

Generic PWS.y!CAC109385C51

Generic PWS.y!15BC0DFBBC3D

Generic PWS.y!ACD9608887D4

RDN/Generic.bfr!45492755ACCA

RDN/Generic.bfr!348E1DA52D6C

RDN/Generic.bfr!17D4E25658B3

RDN/Generic.bfr!8F3768A6C7DF

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

ClamAV 'libclamav/pe.c' Heap Based Buffer Overflow Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71242

ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71178

Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
2014-12-08
http://www.securityfocus.com/bid/70522

MantisBT 'copy_field.php' Cross Site Scripting Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71371

Getmail CVE-2014-7273 SSL Certificate Security Bypass Vulnerability
2014-12-08
http://www.securityfocus.com/bid/70280

Getmail CVE-2014-7275 SSL Certificate Security Bypass Vulnerability
2014-12-08
http://www.securityfocus.com/bid/70282

Getmail CVE-2014-7274 SSL Certificate Security Bypass Vulnerability
2014-12-08
http://www.securityfocus.com/bid/70281

Mozilla Firefox/Thunderbird CVE-2014-1592 Use After Free Memory Corruption Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71398

Mozilla Firefox/Thunderbird CVE-2014-1590 Denial of Service Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71397

Mozilla Firefox/Thunderbird CVE-2014-1594 Security Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71396

OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
2014-12-08
http://www.securityfocus.com/bid/70584

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2014-12-08
http://www.securityfocus.com/bid/69748

WordPress SP Project & Document Manager Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71267

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71190

Teeworlds Memory Corruption and Denial of Service Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71301

Docker CVE-2014-6407 Local Privilege Escalation Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71315

blkid 'blkid.c' Local Command Injection Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71327

Mozilla Firefox/Thunderbird CVE-2014-1595 Multiple Local Information Disclosure Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71394

Mozilla Firefox/Thunderbird CVE-2014-1593 Buffer Overflow Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71395

Mozilla Firefox/Thunderbird CVE-2014-1588 Multiple Memory Corruption Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71392

Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/71391

Linux Kernel 'control.c' File Use After Free Memory Corruption Vulnerability
2014-12-08
http://www.securityfocus.com/bid/68164

Mozilla Firefox CVE-2014-1591 Information Disclosure Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71399

Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
2014-12-08
http://www.securityfocus.com/bid/68678

ClickDesk Multiple HTML Injection Vulnerabilities
2014-12-08
http://www.securityfocus.com/bid/65971

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71153

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71150

Linux Kernel CVE-2014-0181 Local Security Vulnerability
2014-12-08
http://www.securityfocus.com/bid/67034

MantisBT 'admin/upgrade_unattended.php' Security Bypass Vulnerability
2014-12-08
http://www.securityfocus.com/bid/71359

Exploit

 

6.12.2014

Bugtraq

NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) 2014-12-05
Vulnerability Lab (research vulnerability-lab com)

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)

Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)

[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com

Malware

RDN/Generic PUP.x!cq3!87B6EA190355

RDN/Generic PUP.x!3217DC0D978E

Generic PUP.x!2C2F22733F56

Generic PUP.x!0106BC5B4A78

Generic PUP.x!B2D43C998B84

Generic PUP.x!1C41135C3730

Generic PUP.x!1D2696F0BE06

RDN/Generic PUP.x!9FEEB7FA4EDB

RDN/Generic PUP.x!cq3!F9F93597F11C

RDN/Generic PUP.x!019AE0E9D6D0

RDN/Generic PUP.x!D13E402D8D92

RDN/Generic PUP.x!58A3420FB44F

Generic PUP.x!20951CF0817D

RDN/Generic PUP.x!99920706BF86

RDN/Generic.dx!6DD1446DA6B7

Generic PUP.x!9DEDFCE1277B

Generic Downloader.x!E8605FC052A8

RDN/Generic BackDoor!b2t!BE45946FCB4D

RDN/Generic PUP.x!7CD5B3183FC1

RDN/Generic PUP.x!9682A88AB2BD

RDN/Generic PUP.x!06C0D336DC76

RDN/Generic PUP.x!DA69897C63FD

RDN/Generic PUP.x!9A83CFC86968

RDN/Generic PUP.x!8DBBFDA12D03

Downloader.gen.a!2F28800649B2

RDN/Generic.dx!dhf!FCE52F14C722

RDN/Downloader.a!ty!09CB8DBB3812

Generic PUP.x!D893776612A0

RDN/Downloader.a!ty!5FBF7819D65B

Downloader.gen.a!38BF8B2D2F81

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2014-12-06
http://www.securityfocus.com/bid/69748

WordPress SP Project & Document Manager Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71267

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71190

Teeworlds Memory Corruption and Denial of Service Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71301

Docker CVE-2014-6407 Local Privilege Escalation Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71315

blkid 'blkid.c' Local Command Injection Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71327

Mozilla Firefox/Thunderbird CVE-2014-1595 Multiple Local Information Disclosure Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71394

Mozilla Firefox/Thunderbird CVE-2014-1593 Buffer Overflow Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71395

Mozilla Firefox/Thunderbird CVE-2014-1588 Multiple Memory Corruption Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71392

Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/71391

Linux Kernel 'control.c' File Use After Free Memory Corruption Vulnerability
2014-12-06
http://www.securityfocus.com/bid/68164

Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70522

Mozilla Firefox CVE-2014-1591 Information Disclosure Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71399

Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
2014-12-06
http://www.securityfocus.com/bid/68678

Mozilla Firefox/Thunderbird CVE-2014-1590 Denial of Service Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71397

ClickDesk Multiple HTML Injection Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/65971

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71153

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71150

Linux Kernel CVE-2014-0181 Local Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/67034

MantisBT 'admin/upgrade_unattended.php' Security Bypass Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71359

MantisBT 'core/current_user_api.php' PHP Object Injection Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71361

ZTE 831CII Multiple Security Vulnerabilities
2014-12-06
http://www.securityfocus.com/bid/70984

Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2014-12-06
http://www.securityfocus.com/bid/71420

IP.Board 'ipsconnect.php' SQL Injection Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70994

Spring Framework Unspecified Directory Traversal Vulnerability
2014-12-06
http://www.securityfocus.com/bid/68042

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70538

Oracle Java SE CVE-2014-6558 Remote Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70544

Oracle Java SE CVE-2014-6531 Remote Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70572

Oracle Java SE CVE-2014-6527 Remote Security Vulnerability
2014-12-06
http://www.securityfocus.com/bid/70560

Exploit

  Windows Kerberos - Elevation of Privilege (MS14-068)

  Offset2lib: Bypassing Full ASLR On 64bit Linux

  PBBoard CMS 3.0.1 - SQL Injection

5.12.2014

Bugtraq

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)

Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)

[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com

[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-12-05
security-alert hp com

[SECURITY] [DSA 3090-1] iceweasel security update 2014-12-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3089-1] jasper security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

[oCERT-2014-009] JasPer input sanitization errors 2014-12-04
Andrea Barisani (lcars ocert org)

[SECURITY] [DSA 3088-1] qemu-kvm security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3087-1] qemu security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

Re: Slider Revolution/Showbiz Pro shell upload exploit 2014-12-04
assistenz crm-br com

CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn

Malware

RDN/Generic.dx!343CF189A818

Generic PUP.x!4AE63E42B433

RDN/Generic Dropper!vq!35F55097DB42

RDN/Generic BackDoor!b2t!36388B28CFAB

FakeAV-M.bfr!976F9202EEFA

Generic PUP.x!FC10088FEBCA

RDN/Generic PUP.x!cq3!C572EE23AF44

Generic PUP.x!253860E5413C

RDN/Generic Downloader.x!lv!CE5E6E9D2C1C

RDN/Generic PWS.y!520BAAE837CF

Generic PUP.x!67199DE2EE80

Generic Downloader.x!5B8CA093491A

RDN/Generic PUP.x!cq3!964C1D7756C6

Generic.dx!CC8DD1E9A5B8

RDN/Generic PUP.x!cq3!CD66DF1EDFF6

RDN/Generic PUP.x!cq3!6B600649B029

RDN/Generic PUP.x!cq3!1F4366455542

RDN/Generic Downloader.x!lv!CDD4ECE0A925

Generic PUP.x!60123132637F

RDN/Generic Dropper!vq!FA0DA4B0EFB5

RDN/Generic PUP.x!6B2807497B47

Generic.bfr!A60CFBABDE0E

RDN/Generic BackDoor!b2t!7E254702A871

Downloader.gen.a!5F926E2C92CC

RDN/Generic PUP.x!79A3AE4F634B

RemAdm-Gneric!A41FFEDFF6CE

RDN/Generic.bfr!hy!1E2EEAA82CE0

RDN/Generic PUP.x!cq3!6E3033CEB9B7

FakeAV-M.bfr!D0250AA731D6

RDN/Generic.dx!6BFA39C53802

Phishing

 

Vulnerebility

D-Link DCS-2103 CVE-2014-9238 Directory Traversal Vulnerability
2014-12-16
http://www.securityfocus.com/bid/71484

OpenStack Neutron 'dns_nameservers' Parameter Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/71278

Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70935

Ruby 'pack.c' Buffer Overflow Vulnerability
2014-12-05
http://www.securityfocus.com/bid/68474

Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/71230

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70142

Linux Kernel 'xfs_da_btree.c' Local Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70261

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
2014-12-05
http://www.securityfocus.com/bid/70971

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
2014-12-05
http://www.securityfocus.com/bid/70972

GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities
2014-12-05
http://www.securityfocus.com/bid/71003

QEMU 'vga.c' Information Disclosure Vulnerability
2014-12-05
http://www.securityfocus.com/bid/69654

libvirt CVE-2014-7823 Information Disclosure Vulnerability
2014-12-05
http://www.securityfocus.com/bid/71095

libvirt 'domain_conf.c' Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70210

OpenStack Cinder/Nova/Trove CVE-2014-7230 Local Password Disclosure Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70185

OpenStack Cinder/Nova/Trove CVE-2014-7231 Local Password Disclosure Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70184

wpa_supplicant and hostapd CVE-2014-3686 Remote Command Execution Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70396

GNU Wget CVE-2014-4877 Symlink Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70751

Linux Kernel KVM CVE-2014-3645 Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70746

Linux Kernel Multiple Local Security Bypass Vulnerabilities
2014-12-05
http://www.securityfocus.com/bid/68162

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities
2014-12-05
http://www.securityfocus.com/bid/69768

Linux Kernel 'shmem.c' CVE-2014-4171 Local Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/68157

Linux Kernel KVM 'virt/kvm/iommu.c' Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/69489

Linux Kernel 'netdevice.h' NULL Pointer Dereference Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/69721

Linux Kernel CVE-2014-4014 Local Privilege Escalation Vulnerability
2014-12-05
http://www.securityfocus.com/bid/67988

Linux Kernel '/drivers/media/media-device.c' Local Information Disclosure Vulnerability
2014-12-05
http://www.securityfocus.com/bid/68048

Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70766

Linux Kernel CVE-2014-3673 Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70883

Linux Kernel KVM CVE-2014-3646 Local Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70745

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-12-05
http://www.securityfocus.com/bid/69779

Linux Kernel KVM CVE-2014-3611 Denial of Service Vulnerability
2014-12-05
http://www.securityfocus.com/bid/70743

Exploit

  Offset2lib: Bypassing Full ASLR On 64bit Linux

  PBBoard CMS 3.0.1 - SQL Injection

  Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities

  Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities

4.12.2014

Bugtraq

CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn

APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 2014-12-03
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3086-1] tcpdump security update 2014-12-03
Salvatore Bonaccorso (carnil debian org)

Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection 2014-12-03
Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br)

[slackware-security] mozilla-thunderbird (SSA:2014-337-01) 2014-12-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)

Malware

RDN/Generic PUP.x!cqh!D465E754F1BE

Generic PUP.x!899B175F4B8A

RDN/Generic PUP.x!0A2570CF8123

Generic-FAVO!42B5B68762AC

RDN/Generic Dropper!vp!A45BB31A2176

RDN/Generic StartPage!cb!438D4B2CDF5F

RDN/Generic StartPage!cb!D87134986F56

Generic-FAVO!465FCD4E9E58

RDN/Generic BackDoor!b2s!FB58875E93B1

RDN/Generic BackDoor!b2s!A170B88E68EA

W32/Virut.gen!0F43F01EB8A2

Generic PUP.x!E2EC744CB09A

DNSChanger.bfr!8875804EFA93

Generic PUP.x!DDD969DC77DD

Generic-FAVO!6FED865F5E56

Generic PUP.x!1B1FBD382555

Generic.dx!DAB4BC8BEC6D

Generic PUP.x!1E84C66BBA9C

RDN/Qhost-Gen!be!FA6E631924E4

RDN/Generic.bfr!EE999CA4B4BB

RDN/Generic.bfr!hy!2A69217C18B7

RDN/Generic PUP.x!cqh!D3B8BC6A0E40

Generic.dx!1F6051137BAB

RDN/Generic PUP.x!5092B8A6AA7C

RDN/Generic PUP.x!CD58EC23AF66

FakeAV-M.bfr!0F6E5C509E33

Generic PWS.y!C911B724EC01

RDN/Generic.grp!hr!9FA101CE841F

RDN/Generic.dx!dh3!0D585906CE24

RDN/Generic PUP.x!C961774BF2F1

Phishing

 

Vulnerebility

WebKit CVE-2014-4452 Unspecified Memory Corruption Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71137

WebKit CVE-2014-4459 Unspecified Memory Corruption Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71144

Google Chrome 35.0.1916.114 Multiple Security Vulnerabilities
2014-12-04
http://www.securityfocus.com/bid/67517

wpa_supplicant and hostapd CVE-2014-3686 Remote Command Execution Vulnerability
2014-12-04
http://www.securityfocus.com/bid/70396

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71150

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71153

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities
2014-12-04
http://www.securityfocus.com/bid/71190

GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71216

GNU glibc 'iconv()' Denial of Service Vulnerability
2014-12-04
http://www.securityfocus.com/bid/69472

GNU glibc 'iconv()' Function Denial of Service Vulnerability
2014-12-04
http://www.securityfocus.com/bid/69470

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-04
http://www.securityfocus.com/bid/70574

Xen CVE-2014-8866 Denial of Service Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71332

Xen CVE-2014-8595 Local Privilege Escalation Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71151

Xen 'PHYSDEVOP_{prepare,release}_msix' Operations Local Privilege Escalation Vulnerability
2014-12-04
http://www.securityfocus.com/bid/65125

Xen CVE-2014-8867 Denial of Service Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71331

WordPress WooCommerce 'range' Parameter Cross Site Scripting Vulnerability
2014-12-04
http://www.securityfocus.com/bid/69868

Multiple ManageEngine Products Multiple Arbitrary File Download Vulnerabilities
2014-12-04
http://www.securityfocus.com/bid/71404

tinc CVE-2013-1428 Stack Buffer Overflow Vulnerability
2014-12-04
http://www.securityfocus.com/bid/59369

WordPress SupportEzzy Ticket System Plugin 'URL' Parameter HTML Injection Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71088

WordPress Google Analytics by Yoast Plugin CVE-2014-9174 Cross Site Scripting Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71330

WordPress wpDataTables Plugin 'wp-admin/admin-ajax.php' SQL Injection Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71271

WordPress Google Doc Embedder Plugin 'google-document-embedder\view.php' SQL Injection Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71304

Mozilla Firefox/Thunderbird CVE-2014-1593 Buffer Overflow Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71395

Mozilla Firefox/Thunderbird CVE-2014-1594 Security Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71396

Mozilla Firefox/Thunderbird CVE-2014-1592 Use After Free Memory Corruption Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71398

Plex Media Server Directory Traversal and Authentication-Bypass Vulnerabilities
2014-12-04
http://www.securityfocus.com/bid/65881

Anchor CMS 'comment.php' Mail Header Injection Vulnerability
2014-12-04
http://www.securityfocus.com/bid/71020

Mozilla Firefox/Thunderbird CVE-2014-1555 Use After Free Memory Corruption Vulnerability
2014-12-04
http://www.securityfocus.com/bid/68814

Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
2014-12-04
http://www.securityfocus.com/bid/68111

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
2014-12-04
http://www.securityfocus.com/bid/70567

Exploit

  Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities

  Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability

3.12.2014

Bugtraq

[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)

F5 BIGIP - (OLD!) Persistent XSS in ASM Module 2014-12-02
jplopezy gmail com

ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress 2014-12-02
Henri Salo (henri nerv fi)

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components 2014-12-02
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com

Malware

RDN/Generic BackDoor!b2s!07BB07F1111E

RDN/Generic FakeAlert!FC924071FACD

RDN/Downloader.gen.a!69B98C806EE1

RDN/Generic BackDoor!b2s!BFAE6E15F91F

RDN/Generic PUP.x!F6EC39B4D3A7

DNSChanger.bfr!16AF421598CA

RDN/Generic.dx!A942E36830AA

RDN/Generic PUP.x!5B622DD95C38

RDN/Generic PUP.x!064DF4B4176A

RDN/Generic PWS.y!bbw!D6B4B6C8FE1C

RDN/Generic.dx!4C0D5348022D

RDN/Generic Downloader.x!lv!2250B2B7FA61

RDN/Generic Dropper!vp!AED0EF2C4AB0

Generic.dx!1CB526B022E6

Generic PUP.x!7087B861AF99

RDN/Generic PUP.x!48CA2E09A302

RDN/Generic PUP.x!3DAD8B2E3517

Generic StartPage!CA03719731FA

RDN/Generic PUP.x!207E6BDDE7A6

RDN/Generic.bfr!5FA8C8966926

RDN/Generic.dx!dh3!96165A5D2B81

RDN/Generic PUP.x!05E1F69EB946

RDN/Generic PUP.x!cqg!5245A8191005

Generic PUP.x!7E020E35EE9B

RDN/Generic PUP.x!4D7BF7EBB13C

RDN/Generic.bfr!630F3AC6DC67

RDN/Generic PUP.x!58F9F09EE4BA

RDN/Downloader.gen.a!A4E8F0AF9D1B

Downloader.gen.a!C948D623B541

RDN/Generic BackDoor!b2s!7AE2EFA5F3A8

Phishing

 

Vulnerebility

Multiple Yokogawa Products CVE-2014-5208 Remote Security Weakness
2014-12-03
http://www.securityfocus.com/bid/69886

Mozilla Firefox/Thunderbird CVE-2014-1593 Buffer Overflow Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71395

Mozilla Firefox/Thunderbird CVE-2014-1594 Security Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71396

Mozilla Firefox/Thunderbird CVE-2014-1592 Use After Free Memory Corruption Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71398

Mozilla Firefox/Thunderbird CVE-2014-1590 Denial of Service Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71397

Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
2014-12-03
http://www.securityfocus.com/bid/71391

Mozilla Firefox/Thunderbird CVE-2014-1588 Multiple Memory Corruption Vulnerabilities
2014-12-03
http://www.securityfocus.com/bid/71392

Mozilla Firefox CVE-2014-1589 XBL Bindings Security Bypass Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71393

Apple Mac OS X CVE-2014-1314 Remote Arbitrary Code Execution Vulnerability
2014-12-03
http://www.securityfocus.com/bid/67026

Drupal Avatar Uploader Module Information Disclosure Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69577

Drupal Notify Module Multiple Access Bypass Vulnerabilities
2014-12-03
http://www.securityfocus.com/bid/69228

blkid 'blkid.c' Local Command Injection Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71327

Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69038

Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69041

Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69046

Antiword 'wordole.c' Buffer Overflow Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71386

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-03
http://www.securityfocus.com/bid/70574

OpenVPN CVE-2014-8104 Denial of Service Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71402

Kingsoft Office CVE-2014-2271 Remote Code Execution Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71381

Huawei P2 CVE-2014-2273 Local Privilege Escalation Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71374

Huawei Mobile Partner 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
2014-12-03
http://www.securityfocus.com/bid/70671

Huawei Mobile Partner Local Privilege Escalation Vulnerability
2014-12-03
http://www.securityfocus.com/bid/70672

check_diskio CVE-2014-8994 Symlink Vulnerability
2014-12-03
http://www.securityfocus.com/bid/71208

Huawei Honor Cube WS860S Arbitrary File Upload Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69806

eyeD3 Insecure Temporary File Creation Vulnerability
2014-12-03
http://www.securityfocus.com/bid/65480

Django CVE-2014-0482 Authentication Bypass Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69430

Django 'contrib.admin' Information Disclosure Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69429

Django CVE-2014-0481 Denial of Service Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69423

Django 'return()' Function URI Redirection Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69425

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2014-12-03
http://www.securityfocus.com/bid/69748

Exploit

Cart66 Lite WordPress Ecommerce 1.5.1.17 - Blind SQL Injection

Google Document Embedder 2.5.16 - mysql_real_escpae_string bypass SQL Injection 

 Tincd Post-Authentication Remote TCP Stack Buffer Overflow

  Mac OS X IOKit Keyboard Driver Root Privilege Escalation

  Prolink PRN2001 - Multiple Vulnerabilities

  IPUX Cube Type CS303C IP Camera - (UltraMJCamX.ocx) ActiveX Stack Buffer Overflow

  IPUX CL5452/CL5132 IP Camera - (UltraSVCamX.ocx) ActiveX Stack Buffer Overflow

  IPUX CS7522/CS2330/CS2030 IP Camera - (UltraHVCamX.ocx) ActiveX Stack Buffer Overflow

  Wordpress Nextend Facebook Connect Plugin 1.4.59 - XSS Vulnerability

  EntryPass N5200 - Credentials Exposure

  TYPO3 ke DomPDF Extension - Remote Code Execution

2.12.2014

Bugtraq

[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com

[SECURITY] [DSA 3081-1] libvncserver security update 2014-11-29
Luciano Bello (luciano debian org)

[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 2014-11-30
Pedro Ribeiro (pedrib gmail com)

Malware

Generic PUP.x!E41709B9B1FC

RDN/Generic PUP.x!590485900AED

Generic.dx!DF72EA725B65

RDN/Generic.dx!DEA5F9A60B57

Generic PUP.x!9218911A9FDF

RDN/Generic.dx!DDD7E8D6F019

RDN/Generic.dx!DDCE64D63FC5

Generic PUP.x!0A5BA1B1685F

Generic PUP.x!67DBCC7ABD59

RDN/Generic PUP.x!BBDCD75B4BAA

RDN/Generic.bfr!DF20845E1F40

Generic.bfr!9CED1AE8A6A9

RDN/Generic.bfr!hy!E906BDF5528B

RDN/Generic.dx!DDB099D74746

RDN/Generic PUP.x!87B7E9C36BA3

RDN/Generic PUP.x!AE5D9EFA46F1

RDN/Generic PUP.x!cqf!DEFDADBC1573

RDN/Spybot.bfr!o!93453FBA8DE4

RDN/Generic.dx!DE3E3E7C6D11

RDN/Generic.dx!DD7322E81D8B

RDN/Generic Downloader.x!lv!EF777F531ED6

RDN/Generic PUP.x!DE920A989D74

RDN/Generic.dx!DDABB1A8EC49

RDN/Generic BackDoor!830DA0D2003E

RDN/Generic.dx!DD420F1472DD

RDN/Generic PUP.x!cqf!DE746FD836B4

RDN/Generic BackDoor!A843119C8DAC

RDN/Generic PWS.y!bbw!DE6DC637BF01

RDN/Generic PUP.x!A17B579837C7

RDN/Generic.dx!DD09A81B4BF1

Phishing

Yahoo.com

29th November 2014

Atn Dear Customer,

Vulnerebility

Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/69947

TYPO3 Questionnaire Extension CVE-2014-8874 Information Disclosure Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71390

Graphviz 'agerr()' Function Remote Format String Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71283

PPP 'options.c' CVE-2014-3158 Remote Integer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/69399

Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71230

Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70935

Ruby 'pack.c' Buffer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/68474

Oracle Java SE CVE-2014-6519 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70570

Oracle Java SE CVE-2014-6531 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70572

Huawei P7-L10 'PackageInstaller' Module Remote Security Bypass Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71196

WordPress Password Check Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71233

Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass Vulnerabilities
2014-12-02
http://www.securityfocus.com/bid/71306

libFLAC 'src/libFLAC/stream_decoder.c' Stack Buffer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71280

Mutt 'mutt_substrdup()' Function Heap Based Buffer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71334

LibYAML and Perl YAML-LibYAML Module 'scanner.c' Remote Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71349

Oracle Java SE CVE-2014-6558 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70544

libFLAC 'src/libFLAC/stream_decoder.c' Heap Buffer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/71282

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70094

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70092

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70091

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-12-02
http://www.securityfocus.com/bid/70096

Oracle Java SE CVE-2014-6517 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70552

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70567

Oracle Java SE CVE-2014-6511 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70548

Oracle Java SE CVE-2014-6506 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70556

Oracle Java SE CVE-2014-6504 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70564

Oracle Java SE CVE-2014-6502 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70533

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-12-02
http://www.securityfocus.com/bid/70538

CBN CH6640E and CG6640E Wireless Gateway Series Multiple Security Vulnerabilities
2014-12-02
http://www.securityfocus.com/bid/70762

Exploit

 

1.12.2014

Bugtraq

[SECURITY] [DSA 3080-1] openjdk-7 security update 2014-11-29
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3079-1] ppp security update 2014-11-29
Sebastien Delafond (seb debian org)

WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) 2014-11-29
john secureli com

[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com

Malware

RDN/Generic BackDoor!b2s!74490E7396D0

RDN/Generic Dropper!vp!88FFF8924E55

RDN/Generic BackDoor!b2s!0B072A4189E0

RDN/Generic BackDoor!b2s!79046CEB2E5B

Generic PUP.x!5D5F99B10DF6

RDN/Generic.dx!dhc!9BFD27B1EE51

Generic.dx!9423FB506267

RDN/Downloader.gen.a!0055BAA9A6F5

RDN/Downloader.gen.a!01D601993AEA

RDN/Generic PUP.x!2F12D9B8B66D

Generic Downloader.x!A7F5027B7E98

RDN/Generic PUP.x!cqf!F2DF1E7F9B7A

RDN/Generic StartPage!cb!CF5C52A7E908

RDN/Generic PWS.y!bbw!51FB66AA10EF

RDN/Generic.bfr!hy!F5DBF6D8F1D4

RDN/Generic StartPage!cb!6043E7958526

Generic PUP.x!B7DBE0761D56

Generic PUP.x!AC21AA7493F9

RDN/Downloader.a!tv!4B1AA1978701

RDN/Generic.hra!cc!E74A68564D03

RDN/Generic.dx!dhc!9F6B8004B1C9

RDN/Spybot.bfr!CDAA35954DCD

Trojan-FFHL

RDN/Generic BackDoor!b2s!87399E1F75BB

RDN/Generic.bfr!BB09E0EFEC43

Generic PUP.x!59543FE1C821

RDN/Generic PUP.x!03FF0C9B8705

RDN/Generic PUP.x!cqf!F6BDA8C6F920

RDN/Generic.dx!66BD1EFED291

RDN/Generic StartPage!cb!F0A732C70AB9

Phishing

Yahoo.com

29th November 2014

Atn Dear Customer,

Support Paypal

28th November 2014

[NOTICE] YOU HAVE TO UPDATE
YOUR INFORMATION FOR SECURITY
REASON WITHIN 24 HOURS

Vulnerebility

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70094

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70092

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70091

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-12-01
http://www.securityfocus.com/bid/70096

Oracle Java SE CVE-2014-6517 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70552

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70567

Oracle Java SE CVE-2014-6511 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70548

Oracle Java SE CVE-2014-6506 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70556

Oracle Java SE CVE-2014-6504 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70564

Oracle Java SE CVE-2014-6502 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70533

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70538

PPP 'options.c' CVE-2014-3158 Remote Integer Overflow Vulnerability
2014-12-01
http://www.securityfocus.com/bid/69399

CBN CH6640E and CG6640E Wireless Gateway Series Multiple Security Vulnerabilities
2014-12-01
http://www.securityfocus.com/bid/70762

Mojolicious Command Line Parameter Injection Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70706

PHP 'donote()' Function Out-of-Bounds Read Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70807

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70574

WordPress Wordfence Firewall Plugin 'wp-admin/admin.php' Cross Site Scripting Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70915

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70116

Arris VAP2500 CVE-2014-8423 Remote Code Execution Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71299

Plack::App::File Information Disclosure Vulnerability
2014-12-01
http://www.securityfocus.com/bid/69185

Aircrack-ng 'network.c' Denial of Service Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71342

Libksba 'ksba_oid_to_str() Function Buffer Overflow Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71285

Polarssl Multiple Security Vulnerabilities
2014-12-01
http://www.securityfocus.com/bid/70902

PolarSSL Unspecified Memory Corruption Vulnerability
2014-12-01
http://www.securityfocus.com/bid/70905

libFLAC 'src/libFLAC/stream_decoder.c' Heap Buffer Overflow Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71282

libFLAC 'src/libFLAC/stream_decoder.c' Stack Buffer Overflow Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71280

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2014-12-01
http://www.securityfocus.com/bid/67898

WordPress Cross Site Request Forgery Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71232

WordPress Password Reset Email Security Bypass Vulnerability
2014-12-01
http://www.securityfocus.com/bid/71231

Exploit

  WordPress <=4.0 Denial of Service Exploit

  Wordpress < 4.0.1 - Denial of Service

  Drupal < 7.34 - Denial of Service

29.11.2014

Bugtraq

[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com

[ MDVSA-2014:236 ] file 2014-11-28
security mandriva com

[ MDVSA-2014:235 ] perl-Plack 2014-11-28
security mandriva com

[ MDVSA-2014:234 ] libksba 2014-11-28
security mandriva com

Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com

Malware

RDN/Generic PUP.x!cq3!15565B91F56E

RDN/Generic.bfr!hy!5BA0A2D6ED32

RDN/FakeAV-N.bfr!52E9CC5D2870

Generic PUP.x!7405E11AF1C0

RDN/Generic StartPage!cb!7989FBB3BEF4

Generic PUP.x!2BC1F99A47D0

RDN/Generic PUP.x!cq3!011786CA9528

Generic PUP.x!4FCF6B06FD19

Generic PUP.x!647E9F6A5A01

Generic PUP.x!1A23E3312B74

Generic Downloader.x!D74EBE96CDF5

Generic PUP.x!8D3B4842D02A

Generic PUP.x!BDB5CC596C5E

RDN/Generic PUP.x!cq3!398A17AD226E

RDN/Generic PUP.x!cq3!9FD20ABA6D9D

RDN/Generic PUP.x!cq3!861A5D57D022

Generic PUP.x!6FEE550800B4

Generic PUP.x!DEC0686B367C

RDN/Generic PUP.x!cq3!11D8B44C0520

RDN/Generic.grp!B95C18C7F7AC

RDN/Generic PUP.x!25E628597B6B

RDN/Generic PUP.x!cq3!8AD9D1E145A0

DNSChanger.bfr!32CD531C2A6F

Generic PUP.x!40C497980AB4

FakeAV-M.bfr!3250F44FE9CC

RDN/Generic PUP.x!8D2445F510F5

RDN/Generic PUP.x!6ACE1F717466

Generic PUP.x!266BB7286C3B

RDN/Generic PUP.x!B8DF00D860BD

Generic PUP.x!95E7E5F1D367

Phishing

Yahoo.com

29th November 2014

Atn Dear Customer,

Support Paypal

28th November 2014

[NOTICE] YOU HAVE TO UPDATE
YOUR INFORMATION FOR SECURITY
REASON WITHIN 24 HOURS

RBS

28th November 2014

RBS Bank Notification!

Vulnerebility

CBN CH6640E and CG6640E Wireless Gateway Series Multiple Security Vulnerabilities
2014-11-29
http://www.securityfocus.com/bid/70762

Mojolicious Command Line Parameter Injection Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70706

PHP 'donote()' Function Out-of-Bounds Read Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70807

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70574

WordPress Wordfence Firewall Plugin 'wp-admin/admin.php' Cross Site Scripting Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70915

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70116

Arris VAP2500 CVE-2014-8423 Remote Code Execution Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71299

Plack::App::File Information Disclosure Vulnerability
2014-11-29
http://www.securityfocus.com/bid/69185

Aircrack-ng 'network.c' Denial of Service Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71342

Libksba 'ksba_oid_to_str() Function Buffer Overflow Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71285

Polarssl Multiple Security Vulnerabilities
2014-11-29
http://www.securityfocus.com/bid/70902

PolarSSL Unspecified Memory Corruption Vulnerability
2014-11-29
http://www.securityfocus.com/bid/70905

libFLAC 'src/libFLAC/stream_decoder.c' Heap Buffer Overflow Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71282

libFLAC 'src/libFLAC/stream_decoder.c' Stack Buffer Overflow Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71280

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2014-11-29
http://www.securityfocus.com/bid/67898

WordPress Cross Site Request Forgery Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71232

WordPress Password Reset Email Security Bypass Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71231

WordPress Password Check Denial of Service Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71233

WordPress Multiple Unspecified Cross Site Scripting Vulnerabilities
2014-11-29
http://www.securityfocus.com/bid/71236

WordPress Server Side Request Forgery Security Bypass Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71234

WordPress Unspecified Security Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71238

WordPress 'comment' Field HTML Injection Vulnerability
2014-11-29
http://www.securityfocus.com/bid/71237

Raritan PowerIQ Multiple SQL Injection Vulnerabilities
2014-11-29
http://www.securityfocus.com/bid/68722

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2014-11-29
http://www.securityfocus.com/bid/67899

OpenSSL CVE-2014-0076 Information Disclosure Weakness
2014-11-29
http://www.securityfocus.com/bid/66363

OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
2014-11-29
http://www.securityfocus.com/bid/67193

OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
2014-11-29
http://www.securityfocus.com/bid/66801

OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability
2014-11-29
http://www.securityfocus.com/bid/67901

OpenSSL CVE-2014-0195 Memory Corruption Vulnerability
2014-11-29
http://www.securityfocus.com/bid/67900

WordPress DZS-VideoGallery Plugin Cross Site Scripting and Command Injection Vulnerabilities
2014-11-29
http://www.securityfocus.com/bid/68525

Exploit

CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation

28.11.2014

Bugtraq

Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com

[ MDVSA-2014:233 ] wordpress 2014-11-27
security mandriva com

[SECURITY] [DSA 3078-1] libksba security update 2014-11-27
Salvatore Bonaccorso (carnil debian org)

[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability 2014-11-27
Egidio Romano (research karmainsecurity com)

[ MDVSA-2014:232 ] glibc 2014-11-27
security mandriva com

[ MDVSA-2014:231 ] icecast 2014-11-27
security mandriva com

[ MDVSA-2014:230 ] kernel 2014-11-27
security mandriva com

[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-11-26
security-alert hp com

Malware

RDN/Generic Dropper!vp!0966355D25F1

RDN/Generic BackDoor!b2q!89C07A29E26D

RDN/Generic BackDoor!b2q!87711DC84BCC

RDN/Generic Dropper!vp!68EF168DBFD2

RDN/Generic BackDoor!b2q!7E064C15EEB0

RDN/Spybot.bfr!o!EA4ACFFAC969

Generic PUP.x!58DD81061015

4shared!B626165E7922

4shared!FBD103925983

4shared!87320DF0D600

Downloader.gen.a!8CD9BE143174

RDN/Generic BackDoor!50246D16D37B

RDN/Generic BackDoor!b2q!7570CCA9DEE0

Generic PUP.x!142F43270344

RDN/Generic PUP.x!A1E22C549DC8

Generic.dx!0B6D00076F98

W32/Spybot.bfr!733E623D5A0D

RDN/Generic.bfr!hx!F359F599A536

Generic PWS.y!0972F56FA445

RDN/Generic Dropper!vp!6CC8387767BF

RDN/Generic.dx!dhc!FC60D85E027F

RDN/Generic.tfr!ef!4C03EBAD16C1

RDN/PWS-Banker!CAC3CF81E0D9

Generic PUP.x!F6B6763BC9E1

RDN/Generic.dx!dhc!19E2C74EFBAC

RDN/Downloader.a!tv!C315E45DEDC0

RDN/Downloader.a!tv!42BD8B8BCF22

Generic PUP.x!7BF189BFA748

Generic PUP.x!158822026500

4shared!16DC6B91A1F6

Phishing

Admin

27th November 2014

Automatic Email Update Needed.
howiem@bigfoot.com

BT

27th November 2014

Your account has been frozen
temporarily

Halifax

27th November 2014

SECURE YOUR ACCESS !

PayPal

26th November 2014

Now check the account

BT at home

26th November 2014

BT.com Important Account
Notice

Halifax UK

26th November 2014

Secure Online Banking

BT

26th November 2014

BT Internet unable to process
your recent payment of bill

Vulnerebility

Libksba 'ksba_oid_to_str() Function Buffer Overflow Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71285

Polarssl Multiple Security Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/70902

PolarSSL Unspecified Memory Corruption Vulnerability
2014-11-28
http://www.securityfocus.com/bid/70905

libFLAC 'src/libFLAC/stream_decoder.c' Heap Buffer Overflow Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71282

libFLAC 'src/libFLAC/stream_decoder.c' Stack Buffer Overflow Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71280

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/67898

WordPress Cross Site Request Forgery Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71232

WordPress Password Reset Email Security Bypass Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71231

WordPress Password Check Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71233

WordPress Multiple Unspecified Cross Site Scripting Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/71236

WordPress Server Side Request Forgery Security Bypass Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71234

WordPress Unspecified Security Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71238

WordPress 'comment' Field HTML Injection Vulnerability
2014-11-28
http://www.securityfocus.com/bid/71237

Raritan PowerIQ Multiple SQL Injection Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68722

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2014-11-28
http://www.securityfocus.com/bid/67899

OpenSSL CVE-2014-0076 Information Disclosure Weakness
2014-11-28
http://www.securityfocus.com/bid/66363

OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/67193

OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
2014-11-28
http://www.securityfocus.com/bid/66801

OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/67901

OpenSSL CVE-2014-0195 Memory Corruption Vulnerability
2014-11-28
http://www.securityfocus.com/bid/67900

WordPress DZS-VideoGallery Plugin Cross Site Scripting and Command Injection Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68525

OpenVPN Access Server Desktop Client Cross Site Request Forgery Vulnerability
2014-11-28
http://www.securityfocus.com/bid/68666

WordPress Video Gallery Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68883

WordPress WhyDoWork AdSense Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68954

SkaDate Lite Multiple Cross Site Request Forgery and HTML Injection Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68971

Kunena Multiple SQL Injection and Cross Site Scripting Vulnerabilities
2014-11-28
http://www.securityfocus.com/bid/68956

Pligg CMS 'recover.php' SQL Injection Vulnerability
2014-11-28
http://www.securityfocus.com/bid/68893

Squid CVE-2014-0128 Remote Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/66112

Squid CVE-2014-7142 Unspecified Security Vulnerability
2014-11-28
http://www.securityfocus.com/bid/70022

Squid 'src/icmp/Icmp4.cc' Remote Denial of Service Vulnerability
2014-11-28
http://www.securityfocus.com/bid/69688

Exploit

 

27.11.2014

Bugtraq

[ MDVSA-2014:230 ] kernel 2014-11-27
security mandriva com

[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-11-26
security-alert hp com

[SECURITY] [DSA 3077-1] openjdk-6 security update 2014-11-26
Moritz Muehlenhoff (jmm debian org)

[ MDVSA-2014:229 ] libvncserver 2014-11-26
security mandriva com

CVE-2014-5439 - Root shell on Sniffit [with exploit] 2014-11-26
Hector Marco (hecmargi upv es)

Сross-Site Request Forgery (CSRF) in xEpan 2014-11-26
High-Tech Bridge Security Research (advisory htbridge com)

Malware

Generic PUP.x!2E11E4319FEA

Generic PUP.x!F384F57FED1B

RDN/Generic PUP.x!4A30470DF689

RDN/Generic PUP.x!cq3!5AF9A75019E8

RDN/Generic.bfr!hx!642F3C3A8DC7

Generic PUP.x!8996416C09FB

Generic PUP.x!AAE1CC9C1A39

RDN/Spybot.bfr!A3CAAC93B376

RDN/Generic.bfr!hx!2300E314ADF7

RDN/Generic.bfr!hx!471EB2B8ECF3

Generic PUP.x!62486BA681F5

Generic PUP.x!DC465AFB6965

Generic PUP.x!4CADC97BE705

Generic BackDoor!DEED3C81A7EC

Generic PUP.x!76BCFA2F04FE

RDN/Generic PUP.x!1AE0648239CB

Generic PUP.x!7BB5E11BB2D6

Generic PUP.x!0F66AFC663B8

Generic PUP.x!C123480C3730

Generic PUP.x!9F777BCFC0D1

Generic PUP.x!259867925D9C

Generic PUP.x!556E43A8CF48

RDN/Generic PUP.x!cq3!732A3CA1EB61

Generic PUP.x!3E056F4AE1AF

Generic PUP.x!F78B628407B4

RDN/Generic PUP.x!cq3!D5C163F636F0

Generic PUP.x!5EBF3663762D

RDN/Generic PUP.x!cq3!653CD70FC69C

Generic PUP.x!E02FABEF6E62

Generic PUP.x!A4F693DD0F2A

Phishing

Halifax

27th November 2014

SECURE YOUR ACCESS !

PayPal

26th November 2014

Now check the account

BT at home

26th November 2014

BT.com Important Account
Notice

Halifax UK

26th November 2014

Secure Online Banking

BT

26th November 2014

BT Internet unable to process
your recent payment of bill

Tom Holder

25th November 2014

Important Document

Vulnerebility

FortiManager and FortiAnalyzer CVE-2014-2334 Multiple Cross Site Scripting Vulnerabilities
2014-11-27
http://www.securityfocus.com/bid/70887

tnftp CVE-2014-8517 Arbitrary Command Execution Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70792

Oracle Java SE CVE-2014-6504 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70564

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70567

FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70913

Adobe Flash Player CVE-2014-8439 Remote Code Execution Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71289

Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71230

Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70935

ClamAV 'libclamav/pe.c' Heap Based Buffer Overflow Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71242

ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71178

Linux Kernel cpio 'list_file()' Function Heap Based Buffer Overflow Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71248

Oracle Java SE CVE-2014-6558 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70544

Oracle Java SE CVE-2014-6531 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70572

Oracle Java SE CVE-2014-6506 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70556

Oracle Java SE CVE-2014-6511 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70548

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70538

Oracle Java SE CVE-2014-6517 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70552

Oracle Java SE CVE-2014-6502 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70533

Oracle Java SE CVE-2014-6519 Remote Security Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70570

Cisco Adaptive Security Appliance (ASA) Software CVE-2014-3407 Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71317

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70574

MantisBT 'view_all_set.php' Multiple SQL Injection Vulnerabilities
2014-11-27
http://www.securityfocus.com/bid/71298

Linux Kernel 'espfix64' Local Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71250

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70091

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-11-27
http://www.securityfocus.com/bid/70096

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70092

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-11-27
http://www.securityfocus.com/bid/70094

Moodle 'forum_get_discussions()' Function Security Bypass Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71126

Moodle 'lib/phpunit/bootstrap.php' Path Disclosure Vulnerability
2014-11-27
http://www.securityfocus.com/bid/71129

Exploit

  Pandora FMS SQLi Remote Code Execution

  Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow

  WordPress HTML 5 MP3 Player with Playlist Plugin - Full Path Disclosure

  xEpan 1.0.1 - CSRF Vulnerability

  Device42 WAN Emulator 2.3 Traceroute Command Injection

  Device42 WAN Emulator 2.3 Ping Command Injection

  Slider Revolution/Showbiz Pro Shell Upload Exploit

  Elipse E3 HTTP Denial of Service

  Android WAPPushManager - SQL Injection

26.11.2014

 

Bugtraq

[SECURITY] [DSA 3076-1] wireshark security update 2014-11-25
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass 2014-11-25
security-alert hp com

[security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information 2014-11-25
security-alert hp com

[security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information 2014-11-25
security-alert hp com

Slider Revolution/Showbiz Pro shell upload exploit 2014-11-25
simo morxploit com

[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution 2014-11-25
security-alert hp com

[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information 2014-11-25
security-alert hp com

[ MDVSA-2014:227 ] ffmpeg 2014-11-25
security mandriva com

Malware

RDN/DNSChanger.bfr!e!3E9F61659DCB

RDN/Generic.bfr!hx!F4E8EC8F6309

RDN/Generic.hra!54EBADE7CF2B

RDN/Generic BackDoor!b2q!3E26C9130541

RDN/BackDoor-FBSA!a!3BCCD237AB2C

RDN/Generic BackDoor!b2q!3C68CACEE00E

RDN/Generic BackDoor!b2q!3E0A2AE85E72

RDN/DNSChanger.bfr!e!3D3C0EFC2DE7

RDN/Generic BackDoor!b2q!3BF93A3DAAD3

RDN/Generic PUP.x!0F459E5BD7C1

Generic PUP.x!3B1681C874D6

Generic PUP.x!12CCBF422212

RDN/Generic.bfr!hx!5616D309BA0F

Generic PUP.x!25B1AB701DF1

Downloader-FSH!45156A1B0E47

Generic PUP.x!1EDCABA72F1C

Generic PUP.x!15E78B32E575

Generic PUP.x!16EC4694985C

Generic PUP.x!2A3F75A57A32

Generic PUP.x!250DCD90C6CC

Generic PUP.x!20FF94C3E22D

Generic PUP.x!02FC3AAB13C3

Generic PUP.x!20B559EF0186

Generic PUP.x!0C9BFB83CF7B

Generic PUP.x!257BD3076C95

Generic PUP.x!0996CF63237C

Generic PUP.x!1842A04A903B

Generic PUP.x!13116166AE13

Generic PUP.x!084F3EDA5016

Generic PUP.x!1241B8A5C49A

Phishing

PayPal

26th November 2014

Now check the account

BT at home

26th November 2014

BT.com Important Account
Notice

Halifax UK

26th November 2014

Secure Online Banking

BT

26th November 2014

BT Internet unable to process
your recent payment of bill

Tom Holder

25th November 2014

Important Document

Citibank

25th November 2014

ACCOUNT VERIFICATION REQUIRED

PayPal

25th November 2014

Suspicious Activity on Your
Paypal Account

Apple INC

25th November 2014

YOUR APPLE ACCOUNT WILL BE
BLOCKED

Apple Inc

25th November 2014

YOUR ACCOUNT HAS BEEN LIMITED

PayPal Service

25th November 2014

[PAYPAL] : ATTENTION YOUR
ACCOUNT HAS BEEN LIMITED

Bank of America

25th November 2014

Bank of America Corporate
Office Headquarters

Vulnerebility

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70574

Linux Kernel CVE-2014-3153 Local Privilege Escalation Vulnerability
2014-11-26
http://www.securityfocus.com/bid/67906

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities
2014-11-26
http://www.securityfocus.com/bid/71190

Wireshark SigComp Dissector CVE-2014-8710 Remote Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71069

Wireshark NCP Dissector CVE-2014-8712 Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71071

Wireshark NCP Dissector CVE-2014-8713 Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71073

Wireshark AMQP Dissector CVE-2014-8711 Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71070

Wireshark TN5250 Dissector CVE-2014-8714 Infinite Loop Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71072

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70137

Mozilla Firefox/SeaMonkey 'OnChannelRedirect' Method Memory Corruption Vulnerability
2014-11-26
http://www.securityfocus.com/bid/47659

Squid CVE-2014-7142 Unspecified Security Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70022

Direct Web Remoting CVE-2014-5325 XML External Entity Injection Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71093

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70186

libvirt 'domain_conf.c' Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/70210

libvirt CVE-2014-7823 Information Disclosure Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71095

Multiple Asterisk Products 'funcs/func_db.c' Remote Privilege Escalation Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71227

Multiple Asterisk Products Access Control List Security Bypass Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71218

Asterisk Open Source 'res_pjsip_acl' Module Security Bypass Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71221

Asterisk Open Source PJSIP Channel Driver Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71225

Squid 'src/icmp/Icmp4.cc' Remote Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/69688

Multiple Asterisk Products ConfBridge Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71222

Multiple Asterisk Products ConfBridge Dialplan Functions Remote Privilege Escalation Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71228

Asterisk 'res_pjsip_refer' Module Denial of Service Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71224

MantisBT 'core/file_api.php' Security Bypass Vulnerability
2014-11-26
http://www.securityfocus.com/bid/71104

Moodle LTI Module CVE-2014-9060 Security Bypass Vulnerabilities
2014-11-26
http://www.securityfocus.com/bid/71134

FFmpeg and Libav Multiple Remote Security Vulnerabilities
2014-11-26
http://www.securityfocus.com/bid/63796

FFmpeg Prior to 2.1 Multiple Remote Vulnerabilities
2014-11-26
http://www.securityfocus.com/bid/63936

Exploit

 

25.11.2014

Bugtraq

Docker 1.3.2 - Security Advisory [24 Nov 2014] 2014-11-24
Eric Windisch (eric windisch docker com)

CVE-2014-8419 - CodeMeter Weak Service Permissions 2014-11-24
ajs swordshield com

Malware

RDN/Generic PUP.x!68E6CB96092C

Generic PUP.x!4B8614FC56A2

RDN/Generic.dx!dhb!E4FDF7A92038

RDN/BackDoor-FCHE!74921DBFB53D

RDN/BackDoor-FCHE!a!74921DBFB53D

RDN/Generic PWS.y!bbw!B8B75CD22E5F

Generic PUP.x!160315555D9D

RDN/Spybot.bfr!o!747D1E4FF39B

Generic PUP.x!ED1C78A75799

Generic PUP.x!D09E31965F28

RDN/Generic PUP.x!6D3A2517A3CE

RDN/Generic PUP.x!cq3!CB2B1FAC503D

Generic PUP.x!91B7CAECDF13

Generic PUP.x!21696A4F70F5

RDN/Generic PWS.y!bbw!A62FE923B60A

RDN/Generic.bfr!hx!3E9B9EE55A1E

RDN/Generic PUP.x!cq3!679D7548E8E8

RDN/Generic BackDoor!b2q!3B270C750FBA

Generic PUP.x!1919958A59A5

RDN/Generic.bfr!hr!B24F790C4B44

Generic PUP.x!842D1BA62C84

RDN/Generic PUP.x!4AF7ABF320D3

Generic PUP.x!8D6CF81600D6

4shared!0A602BBB4668

RDN/Generic PWS.y!F0176D398E81

RDN/Generic PWS.y!bbw!F0176D398E81

RDN/Generic Downloader.x!19AF237871AC

RDN/Generic Dropper!vp!210783CD493C

RDN/Ransom!57A9939F36E8

Generic PUP.x!556DBE53EBFC

Phishing

Bank of America

25th November 2014

Bank of America Corporate
Office Headquarters

Paypal Service

24th November 2014

Your Paypal Account Has Been
Limited !

service

24th November 2014

[PAYPAL]: PLEASE LOG IN TO
CONFIRM YOUR DEBIT CARD ✔

Vulnerebility

Linux Kernel LZO Implementation 'lzo1x_decompress_safe.c' Memory Corruption Vulnerability
2014-11-25
http://www.securityfocus.com/bid/68214

Linux Kernel KVM CVE-2014-3690 Local Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70691

Linux Kernel KVM CVE-2014-3646 Local Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70745

Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70766

Linux Kernel KVM CVE-2014-3611 Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70743

Linux Kernel CVE-2014-7207 Local Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70867

Linux Kernel KVM CVE-2014-3647 Local Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70748

Linux Kernel CVE-2014-3673 Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70883

Linux Kernel KVM CVE-2014-3645 Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70746

Linux Kernel KVM 'asm/kvm_host.h' Denial of Service Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70742

Google Chrome CVE-2014-7899 Unspecified Address Bar Spoofing Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71160

Google Chrome CVE-2014-7906 Use After Free Remote Code Execution Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71159

Google Chrome CVE-2014-7909 Information Disclosure Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71167

Google Chrome CVE-2014-7907 Use After Free Remote Code Execution Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71170

Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/71161

Google Chrome CVE-2014-7908 Integer Overflow Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71168

Google Chrome CVE-2014-7904 Buffer Overflow Vulnerability
2014-11-25
http://www.securityfocus.com/bid/71166

X.Org libXfont Multiple Integer Overflow and Memory Corruption Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/67382

Mozilla Firefox/Thunderbird CVE-2014-1581 Use After Free Memory Corruption Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70426

Mozilla Firefox CVE-2014-1583 Same Origin Policy Security Bypass Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70424

Mozilla Firefox/Thunderbird CVE-2014-1578 Out of Bounds Memory Corruption Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70428

Mozilla Firefox/Thunderbird CVE-2014-1586 Security Bypass Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70427

Mozilla Firefox/Thunderbird CVE-2014-1577 Out of Bounds Memory Corruption Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70440

Mozilla Firefox/Thunderbird CVE-2014-1574 Multiple Memory Corruption Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/70436

Mozilla Firefox/Thunderbird CVE-2014-1576 Remote Heap Buffer Overflow Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70430

Mozilla Firefox/Thunderbird CVE-2014-1585 Security Bypass Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70425

Mozilla Firefox/Thunderbird CVE-2014-1575 Multiple Memory Corruption Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/70439

Incredible PBX 11 'reminders/index.php' Remote Command Execution Vulnerability
2014-11-25
http://www.securityfocus.com/bid/70689

ZTE 831CII Multiple Security Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/70984

ZTE ZXDSL 831 Multiple HTML Injection Vulnerabilities
2014-11-25
http://www.securityfocus.com/bid/70985

Exploit

Hikvision DVR RTSP Request Remote Code Execution

TP-Link TL-WR740N - Denial Of Service

Advantech EKI-6340 Command Injection

PHP 5.5.12 Locale::parseLocale Memory Corruption

tcpdump 4.6.2 Geonet Decoder Denial of Service

24.11.2014

Bugtraq

CVE-2014-8419 - CodeMeter Weak Service Permissions 2014-11-24
ajs swordshield com

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin 2014-11-22
Larry W. Cashdollar (larry0 me com)

Malware

RDN/Generic PUP.x!cqd!C8D962B308E8

RDN/Generic BackDoor!b2q!13997EBF7AF8

RDN/Generic Downloader.x!lv!2B6EA49E4802

Generic PUP.x!33B33A1DA754

RDN/Generic PUP.x!cqd!72E78A73398F

Generic PUP.x!6BDC4A2981BE

RDN/DNSChanger.bfr!e!6A1705927EAD

GenericR-CKW!69774702E587

RDN/Generic.bfr!96C068552410

RDN/Generic Downloader.x!6FA662C964DB

W32/Induc!0C1714266C7A

RDN/Spybot.bfr!22CD07F148C8

RDN/Generic.tfr!ef!00825BF9C1A6

RDN/Generic.bfr!hx!CB58A6F1E3EE

Generic.bfr!5A607C45A622

RDN/Generic.bfr!hr!9DD4A253378C

RDN/Generic.dx!dhb!872814BF341F

RDN/Generic.bfr!9841DE5752DF

RDN/Generic.bfr!803AE36DDB2A

RDN/Generic Dropper!7707641D90D8

RDN/Generic-FAOD!a!48DBADBBC0C5

RDN/Generic.dx!dhb!6A84FDCB104A

Generic PUP.x!426A93A6CC1C

RDN/Generic BackDoor!8FE6305DE375

RDN/Generic PUP.x!cqd!1BFC976390CE

RDN/Spybot.bfr!11AB0D51D563

Generic PUP.x!409A5AF57850

Generic PUP.x!2AA0461C4B1C

RDN/Generic PWS.y!bbw!DE0063FBD398

RDN/Generic.bfr!097D46CCB3BB

Phishing

Paypal Service

24th November 2014

Your Paypal Account Has Been
Limited !

service

24th November 2014

[PAYPAL]: PLEASE LOG IN TO
CONFIRM YOUR DEBIT CARD ✔

Halifax

23rd November 2014

Your Internet Banking is
temporarily suspended

PAYPAL

23rd November 2014

UPDATE YOUR LEGAL AGREEMENTS
WITH PAYPAL IN 24 HOURS ! ✔

PAYPAL

22nd November 2014

UPDATE YOUR LEGAL AGREEMENTS
WITH PAYPAL IN 24 HOURS ! ✔

PayPal Team

22nd November 2014

[PAYPAL ] :YOUR ACCOUNT HAS
BEEN LIMITED PAYPAL ID
PP-658-119-347 ✔

Vulnerebility

QEMU 'vmstate_xhci_event' Field Memory Corruption Vulnerability
2014-11-24
http://www.securityfocus.com/bid/69247

QEMU CVE-2014-3689 Multiple Local Security Bypass Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/70997

QEMU L2 Table Size Validation Integer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/67357

QEMU 'hw/usb/bus.c' Heap Based Buffer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/67392

QEMU Image Size Validation Integer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/67391

QEMU Multiple Memory Corruption Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/67483

QEMU 'vga.c' Information Disclosure Vulnerability
2014-11-24
http://www.securityfocus.com/bid/69654

QEMU CVE-2013-4541 Remote Code Execution Vulnerability
2014-11-24
http://www.securityfocus.com/bid/67394

QEMU CVE-2014-3640 Local Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/70237

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/70089

OpenStack Neutron Security Bypass Vulnerability
2014-11-24
http://www.securityfocus.com/bid/69807

CUPS Web Interface Cross Site Scripting Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66788

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/70142

Multiple Puppet Products CVE-2014-3248 Remote Code Execution Vulnerability
2014-11-24
http://www.securityfocus.com/bid/68035

Sendmail File Descriptor Security Vulnerability
2014-11-24
http://www.securityfocus.com/bid/67791

MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/69168

Poppler and xpdf CVE-2012-2142 Security Vulnerability
2014-11-24
http://www.securityfocus.com/bid/62148

OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
2014-11-24
http://www.securityfocus.com/bid/69864

QEMU CVE-2014-7815 Local Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/70998

QEMU 'vhdx' Block Driver Local Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66480

QEMU Block Drivers CVE-2014-0143 Multiple Integer Overflow Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/66486

QEMU CVE-2014-0146 NULL Pointer Dereference Local Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66472

QEMU CVE-2014-0147 Multiple Local Denial of Service Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/66484

QEMU CVE-2014-0144 Multiple Buffer Overflow Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/66483

Qemu 'virtio-net.c' Local Integer Overflow Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66821

QEMU CVE-2014-0145 Multiple Buffer Overflow Vulnerabilities
2014-11-24
http://www.securityfocus.com/bid/66464

QEMU Division By Zero Error Local Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66481

QEMU 'virtio_load()' Function Memory Corruption Vulnerability
2014-11-24
http://www.securityfocus.com/bid/66976

Wireshark SigComp Dissector CVE-2014-8710 Remote Denial of Service Vulnerability
2014-11-24
http://www.securityfocus.com/bid/71069

MIT Kerberos 5 'svr_principal.c' Information Disclosure Vulnerability
2014-11-24
http://www.securityfocus.com/bid/70380

Exploit

TP-Link TL-WR740N - Denial Of Service

22.11.2014

Bugtraq

[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access 2014-11-21
security-alert hp com

[ MDVSA-2014:224 ] krb5 2014-11-21
security mandriva com

[ MDVSA-2014:223 ] wireshark 2014-11-21
security mandriva com

[ MDVSA-2014:222 ] libvirt 2014-11-21
security mandriva com

[ MDVSA-2014:221 ] php-smarty 2014-11-21
security mandriva com

[ MDVSA-2014:220 ] qemu 2014-11-21
security mandriva com

[ MDVSA-2014:219 ] srtp 2014-11-21
security mandriva com

[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities 2014-11-21
security-alert hp com

[ MDVSA-2014:218 ] asterisk 2014-11-21
security mandriva com

WordPress 3 persistent script injection 2014-11-20
Jouko Pynnonen (jouko iki fi)

AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-013: PJSIP ACLs are not loaded on startup 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-018: AMI permission escalation through DB dialplan function 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-014: High call load may result in hung channels in ConfBridge. 2014-11-21
Asterisk Security Team (security asterisk org)

Multiple SQL Injection in SP Client Document Manager plugin 2014-11-21
thai q dang itas vn

[SECURITY] [DSA 3075-1] drupal7 security update 2014-11-20
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.bfr!hx!DE77DB689C43

RDN/Generic BackDoor!b2q!116F9AB018BB

RDN/Generic PUP.x!2EE636D7DE87

RDN/Ransom!el!3CD2F0C9379C

RDN/PWS-Zbot.hb!c!35FAC154FDDD

Generic.bfr!1E9EA8318DCC

RDN/Generic.bfr!hx!C6C2E2091D28

RDN/Generic PWS.y!bb3!8835A343D366

RDN/Generic.dx!dhb!A2B500DC573E

RDN/Generic BackDoor!b2q!2FDA5C7CF103

RDN/Generic PWS.y!E97826126A08

RDN/Generic BackDoor!b2q!6F6CE5127F89

RDN/Autorun.worm!dn!E81883C389B9

RDN/Downloader.a!tv!7937975B19A9

RDN/Generic.dx!dhb!32BDDB37D59F

RDN/Generic Dropper!AC950393D2F9

RDN/Generic PUP.x!D9385F078EA7

Generic.dx!2F360CCBD8A9

RDN/Generic PWS.y!bb3!B96A0757211E

RDN/Generic BackDoor!b2q!84DC4973574D

RDN/Generic.bfr!hx!1063CF236C5F

RDN/Generic BackDoor!b2q!DEECA3CA1A81

RDN/Generic.bfr!hr!7BE47BDC8A07

RDN/YahLover.worm!bd!19EB37A8572E

RDN/Generic PUP.x!42FE0F510450

RDN/Generic PUP.x!B22CD680399B

RDN/Generic PUP.x!2346B92DA18D

RDN/Generic PUP.x!E80738336190

RDN/Generic.dx!dhb!732985B672C3

RDN/Generic BackDoor!b2q!D889ED70D6E2

Phishing

Natwest

21st November 2014

Important Update Alert.

Scotia OnLine

21st November 2014

You Have 1 New Epost...

Joey

21st November 2014

DISCUSSANT SINGING COLIN

Vulnerebility

QEMU 'vmstate_xhci_event' Field Memory Corruption Vulnerability
2014-11-22
http://www.securityfocus.com/bid/69247

QEMU CVE-2014-3689 Multiple Local Security Bypass Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/70997

QEMU L2 Table Size Validation Integer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/67357

QEMU 'hw/usb/bus.c' Heap Based Buffer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/67392

QEMU Image Size Validation Integer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/67391

QEMU Multiple Memory Corruption Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/67483

QEMU 'vga.c' Information Disclosure Vulnerability
2014-11-22
http://www.securityfocus.com/bid/69654

QEMU CVE-2013-4541 Remote Code Execution Vulnerability
2014-11-22
http://www.securityfocus.com/bid/67394

QEMU CVE-2014-3640 Local Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/70237

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/70089

OpenStack Neutron Security Bypass Vulnerability
2014-11-22
http://www.securityfocus.com/bid/69807

CUPS Web Interface Cross Site Scripting Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66788

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/70142

Multiple Puppet Products CVE-2014-3248 Remote Code Execution Vulnerability
2014-11-22
http://www.securityfocus.com/bid/68035

Sendmail File Descriptor Security Vulnerability
2014-11-22
http://www.securityfocus.com/bid/67791

MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/69168

Poppler and xpdf CVE-2012-2142 Security Vulnerability
2014-11-22
http://www.securityfocus.com/bid/62148

OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
2014-11-22
http://www.securityfocus.com/bid/69864

QEMU CVE-2014-7815 Local Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/70998

QEMU 'vhdx' Block Driver Local Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66480

QEMU Block Drivers CVE-2014-0143 Multiple Integer Overflow Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/66486

QEMU CVE-2014-0146 NULL Pointer Dereference Local Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66472

QEMU CVE-2014-0147 Multiple Local Denial of Service Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/66484

QEMU CVE-2014-0144 Multiple Buffer Overflow Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/66483

Qemu 'virtio-net.c' Local Integer Overflow Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66821

QEMU CVE-2014-0145 Multiple Buffer Overflow Vulnerabilities
2014-11-22
http://www.securityfocus.com/bid/66464

QEMU Division By Zero Error Local Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66481

QEMU 'virtio_load()' Function Memory Corruption Vulnerability
2014-11-22
http://www.securityfocus.com/bid/66976

Wireshark SigComp Dissector CVE-2014-8710 Remote Denial of Service Vulnerability
2014-11-22
http://www.securityfocus.com/bid/71069

MIT Kerberos 5 'svr_principal.c' Information Disclosure Vulnerability
2014-11-22
http://www.securityfocus.com/bid/70380

Exploit

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Netgear Wireless Router WNR500 - Parameter Traversal Arbitrary File Access Exploit

MyBB <= 1.8.2 - unset_globals() Function Bypass and Remote Code Execution Vulnerability

21.11.2014

Bugtraq

WordPress 3 persistent script injection 2014-11-20
Jouko Pynnonen (jouko iki fi)

AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-013: PJSIP ACLs are not loaded on startup 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font> 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-018: AMI permission escalation through DB dialplan function 2014-11-21
Asterisk Security Team (security asterisk org)

AST-2014-014: High call load may result in hung channels in ConfBridge. 2014-11-21
Asterisk Security Team (security asterisk org)

Multiple SQL Injection in SP Client Document Manager plugin 2014-11-21
thai q dang itas vn

[SECURITY] [DSA 3075-1] drupal7 security update 2014-11-20
Salvatore Bonaccorso (carnil debian org)

CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin 2014-11-20
phi n le itas vn

[ MDVSA-2014:217 ] clamav 2014-11-20
security mandriva com

[ MDVSA-2014:216 ] php-ZendFramework 2014-11-20
security mandriva com

Malware

RDN/Generic BackDoor!b2p!1D6ED7BEE3DB

RDN/Generic PWS.y!bb3!D5AA95CE380A

RDN/Generic PUP.x!70CE98FA89DC

Generic Downloader.x!8C6EC0F674E4

Generic.dx!9D484F261123

Generic.bfr!2667860FB3DD

RDN/Generic BackDoor!0A0BE53DD9C5

RDN/Generic BackDoor!A5D97019D2E4

Generic PUP.x!437DEAB95D62

Generic.dx!10C8A14931D8

Generic.dx!7F8F7DAC959D

Generic PUP.x!99F252EBB5C1

GenericR-CKP!7C4FDFDAE278

RDN/Generic PUP.x!cqd!2C22C901CA8D

Generic PUP.x!BEE5CAE8CBA8

RDN/Generic PUP.x!cqd!A9CB0EEBF9D5

RDN/Generic PWS.y!bb3!3C297D200E03

Generic PUP.x!BABE8DADF9A7

GenericR-CKP!9C57878AA16B

Generic Downloader.x!9A83F9899DA2

RDN/Generic.bfr!hr!5371303446AE

RDN/Generic.dx!59804F31512F

RDN/Generic.dx!dhb!808239345AE2

RDN/Generic Dropper!vo!7054F85973C1

RDN/Generic BackDoor!b2p!6ED00D41A654

RDN/Downloader.a!tv!19D3C953FC04

Generic PUP.x!CFCE5945D560

Generic PUP.x!6A8C414E3775

RDN/Generic PUP.x!621C771FC00D

RDN/Generic Dropper!5F8801C95507

Phishing

Halifax UK

20th November 2014

Get Halifax Alert now

AT&T

19th November 2014

Please DocuSign this document:
Contract_changes_11_19_2014.pd
f

Vulnerebility

Google Chrome CVE-2014-7909 Information Disclosure Vulnerability
2014-11-21
http://www.securityfocus.com/bid/71167

Libxml2 Entities Expansion CVE-2014-3660 Denial of Service Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70644

GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities
2014-11-21
http://www.securityfocus.com/bid/71003

Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
2014-11-21
http://www.securityfocus.com/bid/71161

Google Chrome CVE-2014-7907 Use After Free Remote Code Execution Vulnerability
2014-11-21
http://www.securityfocus.com/bid/71170

Google Chrome CVE-2014-7908 Integer Overflow Vulnerability
2014-11-21
http://www.securityfocus.com/bid/71168

Google Chrome CVE-2014-7904 Buffer Overflow Vulnerability
2014-11-21
http://www.securityfocus.com/bid/71166

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70165

Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66850

Oracle MySQL Server CVE-2014-2419 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66880

Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66896

Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66875

Oracle MySQL Server CVE-2014-2430 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66858

Oracle MySQL Server CVE-2014-0384 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66835

Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66846

Oracle MySQL Server CVE-2014-2431 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/66890

Oracle Java SE CVE-2014-6527 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70560

Oracle Java SE CVE-2014-6532 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70507

Oracle Java SE CVE-2014-6492 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70456

Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70522

Oracle Java SE CVE-2014-6515 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70565

Oracle Java SE CVE-2014-6458 Local Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70460

Oracle Java SE CVE-2014-4288 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70470

Oracle Java SE CVE-2014-6503 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70518

Oracle Java SE CVE-2014-6493 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70468

Oracle Java SE CVE-2014-6476 Remote Security Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70531

X.Org libXfont Multiple Integer Overflow and Memory Corruption Vulnerabilities
2014-11-21
http://www.securityfocus.com/bid/67382

Multiple Cisco RV Series Routers CVE-2014-2178 Cross Site Request Forgery Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70922

Cisco Small Business RV Series Routers CVE-2014-2179 Arbitrary File Upload Vulnerability
2014-11-21
http://www.securityfocus.com/bid/70920

Exploit

Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution / Powershell VirtualAlloc (MS14-064)

20.11.2014

Bugtraq

[ MDVSA-2014:216 ] php-ZendFramework 2014-11-20
security mandriva com

[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow 2014-11-19
CORE Advisories Team (advisories coresecurity com)

[CORE-2014-0008] - Advantech AdamView Buffer Overflow 2014-11-19
CORE Advisories Team (advisories coresecurity com)

[CORE-2014-0009] - Advantech EKI-6340 Command Injection 2014-11-19
CORE Advisories Team (advisories coresecurity com)

CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM 2014-11-19
Portcullis Advisories (advisories portcullis-security com)

[SECURITY] [DSA 3074-2] php5 regression update 2014-11-19
Yves-Alexis Perez (corsac debian org)

Malware

RDN/Generic Dropper!vo!1F69DB677B1B

Generic PUP.x!017F99BEB30E

RDN/Generic PUP.x!cqd!6448A5D577DB

RDN/Spybot.bfr!o!A77EC13EF601

RDN/Generic Downloader.x!lu!F6CFF1FACC4F

RDN/Generic PUP.x!C13415D7FAEF

RDN/Generic PUP.x!BBE3C05E1FBC

RDN/Generic PUP.x!728B2BBB499A

RDN/Generic BackDoor!b2p!E1DBFC8C732E

RDN/Generic PUP.x!0A327B130FCA

RDN/Spybot.bfr!o!3061729CF360

RDN/Generic PUP.x!8B7ECB1317B1

RDN/Generic PUP.x!7681E9022688

RDN/Generic PUP.x!E6107BBCB280

RDN/Generic PUP.x!cqd!24FE3E91A7B8

RDN/Generic.dx!dh3!FDEA9C47CAF8

RDN/Generic Dropper!565A3E8E6459

RDN/Generic PUP.x!cqd!9913DD4EBAFA

Generic PUP.x!A9EB68E8D0BB

Generic PUP.x!5DCAD3946C61

RDN/Generic PUP.x!6FB4C030F2D8

RDN/Generic PUP.x!E23BB0087414

RDN/Generic PWS.y!bb3!FBEBBA09EBE0

RDN/Generic Dropper!vo!EEA7B3E0F0EB

RDN/Generic Dropper!vo!376CBD9B0DB6

RDN/Generic PUP.x!cqd!C7CC58BCEDBD

RDN/Generic PUP.x!E28CE449C0AA

RDN/Downloader.a!tv!85874AAFE4AE

RDN/Generic PUP.z!eh!BB4B332BFDEB

RDN/Generic PUP.x!D171756F3DD9

Phishing

AT&T

19th November 2014

Please DocuSign this document:
Contract_changes_11_19_2014.pd
f

Vulnerebility

Geary CVE-2014-5444 Man in the Middle Security Bypass Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70318

Oracle Java SE CVE-2014-6532 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70507

Oracle Java SE CVE-2014-6503 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70518

Oracle Java SE CVE-2014-6515 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70565

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70538

Microsoft Internet Explorer CVE-2014-6351 Remote Memory Corruption Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70323

Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities
2014-11-20
http://www.securityfocus.com/bid/68213

Microsoft Internet Explorer CVE-2014-6348 Remote Memory Corruption Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70348

Microsoft Internet Explorer CVE-2014-6343 Remote Memory Corruption Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70344

Microsoft Internet Explorer CVE-2014-6342 Remote Memory Corruption Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70341

Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70522

Oracle Java SE CVE-2014-6527 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70560

Oracle Java SE CVE-2014-6476 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70531

Microsoft Internet Explorer CVE-2014-6347 Remote Memory Corruption Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70347

Oracle Java SE CVE-2014-6502 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70533

Oracle Java SE CVE-2014-6511 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70548

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70567

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70574

Oracle Java SE CVE-2014-4288 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70470

Oracle Java SE CVE-2014-6558 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70544

Oracle Java SE CVE-2014-6506 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70556

Oracle Java SE CVE-2014-6458 Local Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70460

Oracle Java SE CVE-2014-6531 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70572

IBM Java SDK CVE-2014-3065 Local Arbitrary Code Execution Vulnerability
2014-11-20
http://www.securityfocus.com/bid/71147

Oracle Java SE CVE-2014-6493 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70468

Oracle Java SE CVE-2014-6492 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70456

Rockwell Automation Connected Components Workbench Multiple Arbitrary Code Execution Vulnerabilities
2014-11-20
http://www.securityfocus.com/bid/71052

Oracle Java SE CVE-2014-6466 Local Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/70484

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-20
http://www.securityfocus.com/bid/68636

CKEditor Preview Plugin CVE-2014-5191 Unspecified Cross Site Scripting Vulnerability
2014-11-20
http://www.securityfocus.com/bid/69161

Exploit

  Snowfox CMS 1.0 - CSRF Add Admin Exploit

  Paid Memberships Pro 1.7.14.2 Path Traversal

  MINIX 3.3.0 Remote TCP/IP Stack DoS

19.11.2014

Bugtraq

[SECURITY] [DSA 3074-1] php5 security update 2014-11-18
Yves-Alexis Perez (corsac debian org)

[ MDVSA-2014:213 ] curl 2014-11-18
security mandriva com

[ MDVSA-2014:214 ] dbus 2014-11-18
security mandriva com

CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 2014-11-18
Steffen Bauch (mail steffenbauch de)

CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 2014-11-18
Steffen Bauch (mail steffenbauch de)

Malware

Generic PUP.x!00C13E6E3EB6

Generic PUP.x!00E98E712C2B

FakeAV-M.bfr!BBDC8C713DFB

FakeAV-M.bfr!B5282F5794C1

RDN/Generic.bfr!hx!8C5310EB2E21

RDN/Generic.bfr!hx!C5756F00BDEB

RDN/Generic.bfr!hx!B4FCFF992CF8

RDN/Generic PWS.y!bb3!1ADE20F7B5F4

RDN/Generic BackDoor!b2p!85361CC6DD21

Generic PUP.x!90A7DFCCE751

RDN/Generic BackDoor!b2p!56BF59B841E7

Generic PUP.x!00EDDDCA1644

RDN/Generic.dx!dh3!BC5E4A946D40

RDN/Generic.dx!dh3!E6B330038EA9

RDN/Generic.dx!dh3!47FA264B5895

RDN/Generic.dx!dh3!D32D20350F81

FakeAV-M.bfr!2E4D3FC856E0

Generic PUP.x!68E73B576E5E

Generic PUP.x!00C17DE6F67A

RDN/Generic PWS.y!3C1C7216FE9D

RDN/BackDoor-FBSA!a!4B5361C834F3

Obfuscated-FBU!hb!B4643A3414B5

RDN/Generic PWS.y!bb3!E20307B2950B

Generic PUP.x!56433CD98571

RDN/Generic PWS.y!bb3!451CA4734C60

DNSChanger.bfr!AC72E79583DC

Generic PUP.x!1752930D7B78

RDN/Generic.dx!dh3!3B674035143B

RDN/Generic Dropper!vo!AA27627CC4B9

RDN/Generic.dx!2AF9CF345324

Phishing

 

Vulnerebility

libdigidoc DDOC Routine Arbitrary File Overwrite Vulnerability
2014-11-19
http://www.securityfocus.com/bid/62040

Cisco IOS CVE-2014-7992 Information Disclosure Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71145

Microsoft Windows Kerberos Checksum CVE-2014-6324 Remote Privilege Escalation Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70958

Linux Kernel CVE-2014-7841 SCTP NULL Pointer Dereference Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71081

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
2014-11-19
http://www.securityfocus.com/bid/70971

Linux Kernel CVE-2014-7843 Local Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71082

Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71078

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
2014-11-19
http://www.securityfocus.com/bid/70972

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70186

libvirt 'domain_conf.c' Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70210

PHP 'donote()' Function Out-of-Bounds Read Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70807

libvirt CVE-2014-7823 Information Disclosure Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71095

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70574

Adobe Flash Player and AIR CVE-2014-0574 Double Free Remote Code Execution Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71041

D-Bus CVE-2014-3639 Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/69832

D-Bus CVE-2014-3638 Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/69833

D-Bus CVE-2014-3636 Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/69834

D-Bus CVE-2014-7824 Incomplete Fix Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71012

D-Bus CVE-2014-3635 Local Heap Buffer Overflow Vulnerability
2014-11-19
http://www.securityfocus.com/bid/69831

D-Bus CVE-2014-3637 Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/69829

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70988

Multiple IBM DB2 Products CVE-2014-6159 Remote Denial of Service Vulnerability
2014-11-19
http://www.securityfocus.com/bid/71006

OpenStack Keystone Trust Chained Delegation Privilage Escalation Vulnerability
2014-11-19
http://www.securityfocus.com/bid/68026

OpenStack Keystone Trust CVE-2014-3520 Privilage Escalation Vulnerability
2014-11-19
http://www.securityfocus.com/bid/68344

HP Storage Data Protector CVE-2014-2623 Unspecified Remote Code Execution Vulnerability
2014-11-19
http://www.securityfocus.com/bid/68672

X.Org libXfont Multiple Integer Overflow and Memory Corruption Vulnerabilities
2014-11-19
http://www.securityfocus.com/bid/67382

Microsoft Internet Explorer CVE-2014-6340 Cross Domain Information Disclosure Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70941

Microsoft Internet Explorer CVE-2014-6346 Cross Domain Information Disclosure Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70946

Microsoft Internet Explorer CVE-2014-6342 Remote Memory Corruption Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70341

Microsoft Internet Explorer CVE-2014-6337 Remote Memory Corruption Vulnerability
2014-11-19
http://www.securityfocus.com/bid/70337

Exploit

 

18.11.2014

Bugtraq

CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 2014-11-18
Steffen Bauch (mail steffenbauch de)

CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 2014-11-18
Steffen Bauch (mail steffenbauch de)

CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload 2014-11-18
Steffen Bauch (mail steffenbauch de)

[security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information 2014-11-17
security-alert hp com

[security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code 2014-11-17
security-alert hp com

APPLE-SA-2014-11-17-3 Apple TV 7.0.2 2014-11-17
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 2014-11-17
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2014-11-17-1 iOS 8.1.1 2014-11-17
Apple Product Security (product-security-noreply lists apple com)

Malware

RDN/Generic PUP.x!0724FAB97D94

RDN/Generic.dx!99F84BDE0439

Generic PUP.x!0D44B7CC3FDA

RDN/Generic BackDoor!b2p!FB35705B76B7

RDN/Ransom!0F2AA697E6C7

RDN/Generic PUP.x!017E325AE31C

Generic PUP.x!A76715CB62E6

RDN/Generic.bfr!EBF9B5B0A914

RDN/Generic Dropper!vo!F42597D96562

RDN/Downloader.a!tv!1CD17EABF047

Generic Downloader.x!B56032E405E7

RDN/Generic.dx!39E5F9EA79E1

RDN/Generic.bfr!hx!083DBCADB6C9

Generic Downloader.x!55B31F5F7567

RDN/Ransom!el!136B380E0367

Generic PUP.x!2852EBD71AC8

RDN/Generic PUP.x!F1D8CCA4256F

RDN/Generic PUP.x!1F1B3D50E79A

RDN/Generic PUP.x!011528B058B0

RDN/Generic BackDoor!b2p!29AAF121B6A9

RDN/Generic BackDoor!b2p!1D1187A13387

Generic PUP.x!83C9CE7AA253

RDN/Downloader.gen.a!BBE4A3B1BF31

RDN/Downloader.a!tv!BBE4A3B1BF31

Generic Downloader.x!CF714E4D1863

Generic Downloader.x!EF9B764AB59F

Downloader.gen.a!19ED8B3721C2

Generic PUP.x!1ED584B8EA9D

RDN/Generic.bfr!hx!A39B0C7102C2

Generic Downloader.x!11CABFCE85F1

Phishing

Paypal Security™

18th November 2014

YOUR ACCOUNT WILL BE LIMITED ,
UPDATE YOUR INFORMATION PLEASE
✔

bt.comms@bt.com

17th November 2014

Your account will be close

Vulnerebility

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68636

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68624

OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70584

OpenSSL Session Ticket Memory Leak Remote Denial of Service Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70586

Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
2014-11-18
http://www.securityfocus.com/bid/66397

IBM FileNet Content Manager and Content Foundation Unspecified Cross Site Scripting Vulnerability
2014-11-18
http://www.securityfocus.com/bid/69798

Cisco IOS and IOS XE Software CVE-2014-3409 Denial of Service Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70715

Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70690

Microsoft .NET Framework TypeFilterLevel CVE-2014-1806 Remote Privilege Escalation Vulnerability
2014-11-18
http://www.securityfocus.com/bid/67286

Oracle MySQL Server CVE-2014-6463 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70532

Oracle MySQL Server CVE-2014-4287 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70517

Oracle MySQL Server CVE-2014-6555 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70530

Oracle MySQL Server CVE-2014-6507 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70550

Oracle MySQL Server CVE-2014-6559 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70487

Oracle MySQL Server CVE-2014-6520 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70510

Oracle MySQL Server CVE-2014-6505 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70516

Oracle MySQL Server CVE-2014-6530 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70486

MySQL MyISAM Insecure Temporary File Creation Vulnerability
2014-11-18
http://www.securityfocus.com/bid/69732

Oracle MySQL Server CVE-2014-6464 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70451

Oracle MySQL Server CVE-2014-6551 Local Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70462

Oracle MySQL Server CVE-2014-4243 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68611

Oracle MySQL Server CVE-2014-6484 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70455

Oracle MySQL Server CVE-2014-6469 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70446

Oracle MySQL Server CVE-2014-4207 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68593

Oracle MySQL Server CVE-2014-4260 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68573

Oracle MySQL Server CVE-2014-4258 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68564

Oracle MySQL Server CVE-2014-2494 Remote Security Vulnerability
2014-11-18
http://www.securityfocus.com/bid/68579

Check Point Security Gateway Multiple Denial of Service Vulnerabilities
2014-11-18
http://www.securityfocus.com/bid/67993

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70574

OpenSSL 'no-ssl3' Build Option Security Bypass Vulnerability
2014-11-18
http://www.securityfocus.com/bid/70585

Exploit

 Samsung Galaxy KNOX Android Browser RCE

MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability

Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)

 .NET Remoting Services Remote Command Execution

  Safari 8.0 / OS X 10.10 - Crash PoC

17.11.2014

Bugtraq

[slackware-security] mozilla-thunderbird (SSA:2014-320-01) 2014-11-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3073-1] libgcrypt11 security update 2014-11-16
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information 2014-11-14

Malware

RDN/Generic PWS.y!bb3!0C767EFD8AD1

RDN/Generic.dx!dh3!784B4F0BC132

RDN/Generic.bfr!hx!5CADD3B00653

RDN/Generic.dx!dh3!31C058EB8CF6

RDN/Generic PUP.x!31199323BE81

RDN/Generic Dropper!3229D4A847A2

RDN/Generic BackDoor!314F6AD2D31F

RDN/Generic Dropper!3130D9D07ADD

4shared!30FD3C935734

RDN/Generic Dropper!7D98EBC1E088

RDN/Generic PWS.y!30A7F429ADA2

RDN/Generic PUP.x!cqb!25CE2EC1C9AC

RDN/Generic.bfr!hx!85E7BA4BC94D

RDN/Generic BackDoor!93DD14696152

RDN/Generic.hra!679EEB69B111

RDN/Generic.hra!cc!0C4BB97365B1

RDN/Generic Downloader.x!696FD446F1CA

RDN/Generic PWS.y!bb3!2AF80852D4DD

RDN/Downloader.gen.a!5EBC6CF2959F

Generic Downloader.x!2A22B66D0F63

RDN/Generic PWS.y!bb3!9338B94C3CE0

RDN/Generic.bfr!hx!313665A1810B

RDN/Generic.bfr!hx!7EF69D4C3CEF

RDN/Generic PUP.x!cqb!E0B91352F321

RDN/Generic.bfr!hx!D9F3F471FD03

RDN/Generic PUP.x!cqb!18559D61F448

Generic PUP.x!5064F4DC27CE

Generic PUP.x!2F7873AEA257

RDN/Generic PUP.x!30653FB57520

Generic PUP.x!2F8492DA5598

Phishing

bt.comms@bt.com

17th November 2014

Your account will be close

Paypa1 Online

16th November 2014

Customer Alert

PayPal

16th November 2014

✔ ALERT ! YOUR PAYPAL
ACCOUNT WILL BE LIMITED PP1366

PAYPAL

16th November 2014

UPDATE YOUR LEGAL AGREEMENTS
WITH PAYPAL IN 24 HOURS ! ✔

Vulnerebility

Moodle CVE-2014-7833 Information Disclosure Vulnerability
2014-11-17
http://www.securityfocus.com/bid/71120

Oracle Java SE CVE-2014-6457 Remote Security Vulnerability
2014-11-17
http://www.securityfocus.com/bid/70538

OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
2014-11-17
http://www.securityfocus.com/bid/70584

PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
2014-11-17
http://www.securityfocus.com/bid/68007

cURL/libcURL 'curl_easy_unescape()' Heap Memory Corruption Vulnerability
2014-11-17
http://www.securityfocus.com/bid/60737

cURL/libcURL NTLM connection Remote Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/65270

cURL/libcURL SSL Certificate Host Name Validation Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/63776

cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/66458

IBM Java SDK CVE-2014-0878 Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/67601

Microsoft Secure Channel CVE-2014-6321 Remote Code Execution Vulnerability
2014-11-17
http://www.securityfocus.com/bid/70954

IBM Java CVE-2013-4002 Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/61310

Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
2014-11-17
http://www.securityfocus.com/bid/57778

php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/66233

PHP SSL Certificate Validation CVE-2013-4248 Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/61776

OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69082

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69075

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-11-17
http://www.securityfocus.com/bid/68624

OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/66355

cURL/libcURL CVE-2014-2522 SSL Certificate Validation Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/66296

Libxml2 Entity Substituton CVE-2014-0191 Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/67233

MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69168

OpenSSH Certificate Validation Security Bypass Vulnerability
2014-11-17
http://www.securityfocus.com/bid/66459

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
2014-11-17
http://www.securityfocus.com/bid/64225

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-17
http://www.securityfocus.com/bid/68636

MIT Kerberos 5 CVE-2014-4343 Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69159

MIT Kerberos 5 CVE-2014-4341 Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/68909

MIT Kerberos 5 CVE-2014-4344 NULL Pointer Dereference Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69160

MIT Kerberos 5 GSSAPI Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/68908

OpenSSL DTLS CVE-2014-3507 Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69078

OpenSSL CVE-2014-3509 Remote Denial of Service Vulnerability
2014-11-17
http://www.securityfocus.com/bid/69084

Exploit

  Internet Explorer < 11 - OLE Automation Array Remote Code Execution

  Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF)

  MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python

  MS14-064 Microsoft Windows OLE Package Manager Code Execution

13.11.2014

Bugtraq

[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution 2014-11-12
security-alert hp com

[SECURITY] [DSA 3050-3] iceweasel security update 2014-11-12
Salvatore Bonaccorso (carnil debian org)

Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] 2014-11-12
Programa STIC (stic fundacionsadosky org ar)

CVE-2014-8732 2014-11-12
cert it nrw de

CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 2014-11-12
cert it nrw de

[SECURITY] [DSA 3072-1] file security update 2014-11-12
Thijs Kinkhorst (thijs debian org)

Malware

RDN/Generic.dx!dg3!6E42BE034646

RDN/Generic BackDoor!b2o!A4BA201D27B5

RDN/Generic BackDoor!b2o!B4658D758474

RDN/Generic BackDoor!b2o!D2B0B9F0AE02

RDN/Generic.grp!hq!F4B9ACE7817D

Generic.dx!EB4C797737EF

Generic.dx!FFDBE01BB517

Generic.bfr!427D2EADE182

RDN/Generic BackDoor!b2o!CE91FF247A01

RDN/DNSChanger.bfr!e!8700C0248915

RDN/Generic BackDoor!b2o!5F2C1341E91D

RDN/Generic BackDoor!b2o!8A63EA13713B

RDN/Generic.tfr!ee!7D2C265886AD

RDN/Generic BackDoor!b2o!8C8D2210B359

Generic.dx!DA02991D936A

RDN/Generic.tfr!ee!854420D74AED

RDN/Generic.tfr!ee!6F16E05E3F85

Generic.dx!F23366DAEA88

RDN/DNSChanger.bfr!e!8754E0E82C98

RDN/Generic BackDoor!B1AFF2085375

Generic BackDoor!8F04A34A41B1

Generic.dx!EDD3AF94B508

RDN/Generic PUP.x!331E6FEC610C

Generic PUP.x!001F1D55F1AC

Generic.dx!DF7FF20FAF37

Generic.dx!ACBE550995B0

RDN/Generic Dropper!vo!B6805B88BA9D

Generic.dx!9E45067133F4

Generic BackDoor!3BFA4ADAB672

RDN/Generic.grp!hq!DE8D4CF6F2DD

Phishing

Customer service

13th November 2014

IMPORTANT : WE NOTICED AN
UNUSUAL ACTIVITY IN YOUR
PAYPAL ACCOUNT

PayPal

13th November 2014

UPDATE YOUR ACCOUNT WHEN YOU
ARE READY !

PayPal

12th November 2014

*** CACTUS *** Your account
access is limited

Vulnerebility

Adobe Flash Player and AIR CVE-2014-0582 Unspecified Heap Based Buffer Overflow Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71039

Adobe Flash Player and AIR CVE-2014-8441 Unspecified Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71050

Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71047

Adobe Flash Player and AIR CVE-2014-8438 Use After Free Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71049

Adobe Flash Player and AIR CVE-2014-0590 Type Confusion Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71046

Adobe Flash Player and AIR CVE-2014-0581 Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71042

Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71048

Adobe Flash Player and AIR CVE-2014-0574 Double Free Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71041

Adobe Flash Player and AIR CVE-2014-0586 Type Confusion Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71045

Adobe Flash Player and AIR CVE-2014-0577 Type Confusion Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71038

Adobe Flash Player and AIR CVE-2014-0584 Type Confusion Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71043

Adobe Flash Player and AIR CVE-2014-0573 Use After Free Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71033

Adobe Flash Player and AIR CVE-2014-0585 Type Confusion Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71044

Adobe Flash Player and AIR CVE-2014-0589 Unspecified Heap Based Buffer Overflow Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71051

Adobe Flash Player and AIR CVE-2014-8437 Information Disclosure Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71036

Adobe Flash Player and AIR CVE-2014-0576 Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/71037

Mozilla Firefox/Thunderbird CVE-2014-1586 Security Bypass Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70427

Mozilla Firefox/Thunderbird CVE-2014-1578 Out of Bounds Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70428

Mozilla Firefox/Thunderbird CVE-2014-1577 Out of Bounds Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70440

Mozilla Firefox CVE-2014-1583 Same Origin Policy Security Bypass Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70424

Mozilla Firefox/Thunderbird CVE-2014-1574 Multiple Memory Corruption Vulnerabilities
2014-11-13
http://www.securityfocus.com/bid/70436

Mozilla Firefox/Thunderbird CVE-2014-1585 Security Bypass Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70425

Mozilla Firefox/Thunderbird CVE-2014-1581 Use After Free Memory Corruption Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70426

Mozilla Firefox/Thunderbird CVE-2014-1576 Remote Heap Buffer Overflow Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70430

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-11-13
http://www.securityfocus.com/bid/70166

Cacti Multiple Cross Site Scripting Vulnerabilities
2014-11-12
http://www.securityfocus.com/bid/68759

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70165

Mozilla Firefox/Thunderbird CVE-2014-1544 Use After Free Memory Corruption Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68816

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70103

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70574

Exploit

  MS Office 2007 and 2010 - OLE Arbitrary Command Execution

  WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS Vulnerability

  CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

12.11.2014

Bugtraq

[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information 2014-11-11
security-alert hp com

[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com

[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com

[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code 2014-11-11
security-alert hp com

[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com

[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information 2014-11-11
security-alert hp com

[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access 2014-11-11
security-alert hp com

[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities 2014-11-11
security-alert hp com

[SECURITY] [DSA 3071-1] nss security update 2014-11-11
Sebastien Delafond (seb debian org)

Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] 2014-11-11
Programa STIC (stic fundacionsadosky org ar)

[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities 2014-11-11
security-alert hp com

[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com

[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com

Malware

Downloader.gen.a!9A9A0A560D95

Generic PUP.x!FDD86F1C0E6B

Generic PUP.x!607E046CE594

RDN/Generic Downloader.x!lt!2C8EF96F4FC3

W32/Sdbot.worm!65EAE3A21DE9

W32/Sdbot.worm!4B529E07B886

W32/Sdbot.worm!2A3D30F65D53

Generic Downloader.x!0BD80CC44851

RDN/Generic PUP.x!cp3!75B65B579167

RDN/Generic.bfr!C6720E1E9494

Generic PUP.x!0D2D3AF4334E

Generic Dropper!A36B970EDA1C

Generic PUP.x!ED60892ABA47

Generic PUP.x!224A09A3D3E8

RDN/Generic PUP.x!819BF6C432A3

MultiPlug-FSK!A282AAECDC28

RDN/BackDoor-AWQ!bw!8987988169A0

Generic PUP.x!184C1107422D

Generic PUP.x!ABBC83F26ED7

RDN/Generic Dropper!01EFED3EF44C

RDN/Generic.dx!32C4BCE630B0

Generic PUP.x!0065227B53E7

Generic PUP.x!0C936568EE1B

Generic PUP.x!870B8C5A9F35

Generic PUP.x!EAF0C7B79361

Generic PUP.x!CE2C0055D146

Generic PUP.x!5F268E75C653

Generic PUP.x!48E4BC25D438

Generic PUP.x!3865BCCEE8C6

Generic PUP.x!B3EEB86211E1

Phishing

 

Vulnerebility

Mozilla Firefox/Thunderbird CVE-2014-1544 Use After Free Memory Corruption Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68816

Creative Contact Form 'wp-content/plugins/sexy-contact-form' Arbitrary File Upload Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70723

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-11-12
http://www.securityfocus.com/bid/70096

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70091

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70092

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70094

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability
2014-11-12
http://www.securityfocus.com/bid/69781

Linux Kernel KVM CVE-2014-3611 Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70743

Linux Kernel KVM CVE-2014-3646 Local Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70745

Linux Kernel KVM CVE-2014-3645 Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70746

Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
2014-11-12
http://www.securityfocus.com/bid/70690

Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68632

OpenSSL DTLS CVE-2014-3507 Remote Denial of Service Vulnerability
2014-11-12
http://www.securityfocus.com/bid/69078

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2014-11-12
http://www.securityfocus.com/bid/69079

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68603

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
2014-11-12
http://www.securityfocus.com/bid/69075

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68624

Oracle Java SE CVE-2014-4208 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68580

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68636

Oracle Java SE CVE-2014-4252 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68642

Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68639

Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68571

Oracle Java SE CVE-2014-4268 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68615

Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68620

IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
2014-11-12
http://www.securityfocus.com/bid/69183

Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68596

Oracle Java SE CVE-2014-4220 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68576

Oracle Java SE CVE-2014-4218 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68583

Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
2014-11-12
http://www.securityfocus.com/bid/68599

Exploit

 

11.11.2014

Bugtraq

 

Malware

RDN/Generic PUP.x!cpx!B98A2BB33AEE

RDN/DNSChanger.bfr!e!4F562A3D6907

Generic PUP.x!3B56DBFF8AEE

W32/Sality.gen!30CDECF71F7B

Generic PUP.x!702B32F54DC3

RDN/Generic PUP.x!9A55406ED224

Generic PUP.x!8D216C9D2AAC

RDN/Generic PUP.x!1BD910E77E40

RDN/Generic PUP.x!cpx!C66429526D3E

RDN/Generic.dx!5F04B665934C

RDN/Generic.tfr!ee!AF1DFAADEA0A

RDN/Generic PUP.x!cpx!2745C32D1106

RDN/Generic BackDoor!b2n!C3499199DBE7

Downloader.gen.a!28AB8AB1F217

RDN/Generic.grp!17949BFB7F23

Generic Downloader.x!45EB4AB85539

Generic PUP.x!3B09DAF519E0

RDN/Generic PUP.x!6C786F48F361

RDN/Generic PUP.x!cpx!267B86155BC2

RDN/Generic PUP.x!cpx!D6D91456AF29

RDN/Downloader.a!tu!D7CCD914E707

Generic PUP.x!6E61548B53BD

Generic Downloader.x!1FD0548CAF4A

RDN/Generic PUP.z!eh!7DEDDE778EEC

RDN/Generic PUP.x!FF76273A129F

FakeAV-Y.bfr!13B886DCFEDF

RDN/Generic BackDoor!b2n!982F0752F66A

RDN/Generic.bfr!hr!73254EE8B930

RDN/Generic Downloader.x!lt!F51CC82B81C8

Generic PUP.x!37E1B4ACAFB4

Phishing

 

Vulnerebility

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70574

PHP 'date_from_ISO8601()' Function Buffer Overflow Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70928

Mozilla Firefox/Thunderbird CVE-2014-1575 Multiple Memory Corruption Vulnerabilities
2014-11-11
http://www.securityfocus.com/bid/70439

Mozilla Firefox/Thunderbird CVE-2014-1578 Out of Bounds Memory Corruption Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70428

Mozilla Firefox CVE-2014-1583 Same Origin Policy Security Bypass Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70424

Mozilla Firefox/Thunderbird CVE-2014-1581 Use After Free Memory Corruption Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70426

Mozilla Firefox/Thunderbird CVE-2014-1585 Security Bypass Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70425

Mozilla Firefox/Thunderbird CVE-2014-1574 Multiple Memory Corruption Vulnerabilities
2014-11-11
http://www.securityfocus.com/bid/70436

Mozilla Firefox/Thunderbird CVE-2014-1576 Remote Heap Buffer Overflow Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70430

Mozilla Firefox/Thunderbird CVE-2014-1586 Security Bypass Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70427

Mozilla Firefox/Thunderbird CVE-2014-1577 Out of Bounds Memory Corruption Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70440

Nuevoplayer CVE-2014-8339 SQL Injection Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70833

OpenOffice CVE-2014-3575 Information Disclosure Vulnerability
2014-11-11
http://www.securityfocus.com/bid/69354

Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
2014-11-11
http://www.securityfocus.com/bid/64437

WordPress Compfight Plugin 'compfight-search.php' Cross Site Scripting Vulnerability
2014-11-11
http://www.securityfocus.com/bid/68518

RESTEasy JaxB XML Entity References Information Disclosure Vulnerability
2014-11-11
http://www.securityfocus.com/bid/51766

RESTEasy XML Entity References Information Disclosure Vulnerability
2014-11-11
http://www.securityfocus.com/bid/51748

Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
2014-11-11
http://www.securityfocus.com/bid/68599

Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
2014-11-11
http://www.securityfocus.com/bid/68571

IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
2014-11-11
http://www.securityfocus.com/bid/69183

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
2014-11-11
http://www.securityfocus.com/bid/68603

OpenSSL Session Ticket Memory Leak Remote Denial of Service Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70586

OpenSSL CVE-2014-3513 Information Disclosure Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70584

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70137

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-11-11
http://www.securityfocus.com/bid/70165

Oracle Java SE CVE-2014-4252 Remote Security Vulnerability
2014-11-11
http://www.securityfocus.com/bid/68642

Exploit

  Visual Mining NetCharts Server Remote Code Execution

  Internet Explorer 8 MS14-035 Use-After-Free Exploit

  ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities

  XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities

  Password Manager Pro / Pro MSP - Blind SQL Injection

  ZTE ZXDSL 831CII - Insecure Direct Object Reference

  Another Wordpress Classifieds Plugin - SQL Injection

  PHP-Fusion 7.02.07 - SQL Injection

  Progress OpenEdge 11.2 - Directory Traversal

  Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes)

10.11.2014

Bugtraq

[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 2014-11-09
Pedro Ribeiro (pedrib gmail com)

[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro 2014-11-08
Pedro Ribeiro (pedrib gmail com)

[SECURITY] [DSA 3070-1] kfreebsd-9 security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)

Malware

Generic PUP.x!390A7B209C4C

Generic PUP.x!3976D1F0551C

RDN/Generic PUP.x!cpw!CDC4C41E879A

RDN/Generic PUP.x!7681D3CB0430

RDN/Generic BackDoor!b2n!0E21CAB444D9

RDN/Generic BackDoor!b2n!B4FF01CA197E

RDN/Generic.dx!dgw!BD0E64FF6788

RDN/Generic BackDoor!b2n!3EDE0B30BD80

Generic PUP.x!8F62DAEF371E

RDN/Generic BackDoor!b2n!6F65362784B7

RDN/PWS-Banker!53E970CD53D9

RDN/Generic.bfr!hw!F8028E0F82A3

Generic PUP.x!C2C74207F67C

RDN/Generic PUP.x!cpw!EAD09547746C

Generic PUP.x!367196387990

Generic PUP.x!3449CD8E9D43

RDN/Generic PUP.x!5A14A83BA6E3

Generic PUP.x!A648051FCC48

Generic PUP.x!624A08BCE653

Generic PUP.x!6401C93461F8

Generic PUP.x!8C32DE63995E

Generic PUP.x!51BEEDDB0BE9

Generic PUP.x!40BFD8A54A80

Generic PUP.x!53FEF6C835DC

Generic PUP.x!69C6B1BBBF02

Generic PUP.x!5223BAD0C954

Generic PUP.x!5C5A2E52A181

Generic PUP.x!3CA49AE44383

Generic PUP.x!6271A41FBB30

Generic PUP.x!3D37F5D3E78B

Phishing

PayPal

10th November 2014

YOUR PAYPAL ACCOUNT WAS
LIMITED

Vulnerebility

Oracle Java SE CVE-2014-0455 Remote Code Execution Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66899

Oracle Java SE CVE-2014-0453 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66914

MiniUPnP CVE-2013-0230 Stack-Based Buffer Overflow Vulnerabilities
2014-11-10
http://www.securityfocus.com/bid/57608

Oracle Java SE CVE-2014-0459 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66910

Oracle Java SE CVE-2014-0458 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66883

Oracle Java SE CVE-2014-0448 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66904

Oracle Java SE CVE-2014-0451 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66879

Oracle Java SE CVE-2014-0449 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66907

Oracle Java SE CVE-2014-0457 Remote Code Execution Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66866

Oracle Java SE CVE-2014-0454 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66905

Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/68639

Oracle Java SE CVE-2014-4208 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/68580

Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/68596

Oracle Java SE CVE-2014-0452 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66891

IBM Notes Traveler For Android CVE-2014-6130 Man in the Middle Information Disclosure Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70871

Linux Kernel 'net/mac80211/tx.c' Information Disclosure Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70965

PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70665

PHP CVE-2014-3669 Denial of Service Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70611

PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70666

cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66458

cURL/libcURL CVE-2014-0138 Remote Security Bypass Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66457

FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70692

FreeBSD CVE-2014-3952 Local Information Disclosure Vulnerability
2014-11-10
http://www.securityfocus.com/bid/68466

FreeBSD CVE-2014-3953 Multiple Local Information Disclosure Vulnerabilities
2014-11-10
http://www.securityfocus.com/bid/68467

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2014-11-10
http://www.securityfocus.com/bid/69079

Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
2014-11-10
http://www.securityfocus.com/bid/69728

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-10
http://www.securityfocus.com/bid/68636

OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability
2014-11-10
http://www.securityfocus.com/bid/69077

Quassel 'cipher.cpp' Out-of-Bounds Read Vulnerability
2014-11-10
http://www.securityfocus.com/bid/70740

Oracle Java SE CVE-2014-2421 Buffer Overflow Vulnerability
2014-11-10
http://www.securityfocus.com/bid/66881

Exploit

 

9.11.2014

Bugtraq

Open-Xchange Security Advisory 2014-11-07 2014-11-07
Martin Heiland (martin heiland open-xchange com)

[SECURITY] [DSA 3068-1] konversation security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] 2014-11-06
FreeBSD Security Advisories (security-advisories freebsd org)

Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] 2014-11-06
Programa STIC (stic fundacionsadosky org ar)

XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities 2014-11-06
Larry W. Cashdollar (larry0 me com)

ZTE ZXDSL 831 Multiple Cross Site Scripting 2014-11-06
habte yibelo gmail com

ZTE 831CII Multiple Vulnerablities 2014-11-06
habte yibelo gmail com

ZTE ZXDSL 831CII Direct Object Reference 2014-11-06
habte yibelo gmail com

CA20141103-01: Security Notice for CA Cloud Service Management 2014-11-06
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 3067-1] qemu-kvm security update 2014-11-06
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3066-1] qemu security update 2014-11-06
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3065-1] libxml-security-java security update 2014-11-06
Sebastien Delafond (seb debian org)

[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper 2014-11-06
mdgh9 yahoo com

i-FTP Buffer Overflow SEH 2014-11-05
metacom27 gmail com

i.Mage Local Crash Poc 2014-11-05
metacom27 gmail com

SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection 2014-11-06
SEC Consult Vulnerability Lab (research sec-consult com)

Cisco RV Series multiple vulnerabilities 2014-11-06
Securify B.V. (lists securify nl)

[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser 2014-11-05
Pedro Ribeiro (pedrib gmail com)

i.Hex Local Crash Poc 2014-11-05
metacom27 gmail com

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers 2014-11-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability 2014-11-05
Security Alert (Security_Alert emc com)

WordPress Wordfence Firewall 5.1.2 Cross Site Scripting 2014-11-05
bhati contact gmail com

Arbitrary File Upload in HelpDEZk 2014-11-05
High-Tech Bridge Security Research (advisory htbridge com)

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms 2014-11-05
High-Tech Bridge Security Research (advisory htbridge com)

Wordpress bulletproof-security <=.51 multiple vulnerabilities 2014-11-05
Pietro Oliva (pietroliva gmail com)

CVE-2014-6616 Softing FG-100 Webui XSS 2014-11-05
Ingmar Rosenhagen (ingmar rosenhagen csnc de)

CVE-2014-6617 Softing FG-100 Backdoor Account 2014-11-05
Ingmar Rosenhagen (ingmar rosenhagen csnc de)

KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read 2014-11-05
KoreLogic Disclosures (disclosures korelogic com)

FreeBSD Security Advisory FreeBSD-SA-14:26.ftp 2014-11-05
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin 2014-11-05
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

RDN/Generic BackDoor!53BA2EED2CFD

RDN/Generic BackDoor!rk!D4A43FE2F61F

RDN/Generic.bfr!4E7A9B5491F1

RDN/Generic PUP.x!7034064E0C8C

Generic PUP.x!00DBCBE8558E

RDN/Generic.bfr!hw!B4CEB6CD7A85

Generic PUP.x!EF4651C00D5A

Generic PUP.x!F4E5063CCCD6

MultiPlug-FSH!FC1C00D40D21

RDN/YahLover.bfr!c!C1BCBB16CFEC

RDN/Generic PUP.x!2091A0627947

RDN/Generic PUP.x!F9AE42387356

RDN/Generic PUP.x!cpv!6A6832509096

RDN/Generic PUP.x!A1247904002D

RDN/Generic PUP.x!C710130A57FB

RDN/Generic PUP.x!6F5B12EAEA6B

MultiPlug-FSH!F7AEA47FEA3B

RDN/Generic BackDoor!b2n!13C84B531D90

MultiPlug-FSH!ED30767898A1

RDN/Generic PUP.x!9837156B41BE

RDN/Generic PUP.x!5F96171DEABD

RDN/Generic PUP.x!EF65A9DD8A58

RDN/Generic PUP.x!F9ED62A264D1

Generic PUP.x!C69EE71F1FA6

RDN/Generic PUP.x!cpv!7B830701B70A

RDN/Generic PUP.x!3B503988D563

RDN/Generic PUP.x!67E843E1C725

RDN/Generic PUP.x!9B34B1079CDF

RDN/Generic PUP.x!4B0F0C6BB720

RDN/Generic PUP.x!4F3C4C8D026D

Phishing

AMAZON.COM.AU

8th November 2014

Revision to Your Amazon.com.au
Account

Vulnerebility

cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66458

cURL/libcURL CVE-2014-0138 Remote Security Bypass Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66457

FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70692

FreeBSD CVE-2014-3952 Local Information Disclosure Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68466

FreeBSD CVE-2014-3953 Multiple Local Information Disclosure Vulnerabilities
2014-11-09
http://www.securityfocus.com/bid/68467

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2014-11-09
http://www.securityfocus.com/bid/69079

Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
2014-11-09
http://www.securityfocus.com/bid/69728

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68636

OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability
2014-11-09
http://www.securityfocus.com/bid/69077

Quassel 'cipher.cpp' Out-of-Bounds Read Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70740

Oracle Java SE CVE-2014-2421 Buffer Overflow Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66881

Polarssl Multiple Security Vulnerabilities
2014-11-09
http://www.securityfocus.com/bid/70902

PolarSSL Unspecified Memory Corruption Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70905

Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68632

Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68599

Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68571

Oracle Java SE CVE-2014-2427 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66909

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68603

Oracle Java SE CVE-2014-4220 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/68576

Oracle Java SE CVE-2014-2428 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66870

Oracle Java SE CVE-2014-2420 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66919

Oracle Java SE CVE-2014-0446 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66903

IBM Java SDK CVE-2014-0878 Security Bypass Vulnerability
2014-11-09
http://www.securityfocus.com/bid/67601

Oracle Java SE CVE-2014-2423 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66887

Oracle Java SE CVE-2014-2412 Remote Security Vulnerability
2014-11-09
http://www.securityfocus.com/bid/66873

KDE Workspace Arbitrary Command Execution Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70904

requests-kerberos 'requests_kerberos/kerberos_.py' Remote Security Bypass Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70909

PHP CVE-2014-3669 Denial of Service Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70611

PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70665

PHP 'date_from_ISO8601()' Function Buffer Overflow Vulnerability
2014-11-09
http://www.securityfocus.com/bid/70928

Exploit

  Citrix NetScaler SOAP Handler Remote Code Execution

  Belkin n750 jump login Parameter Buffer Overflow

  Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2

  IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation

  Windows TrackPopupMenu Win32k NULL Pointer Dereference

  Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

  ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability

  Drupal < 7.32 Pre Auth SQL Injection

  MINIX 3.3.0 Local Denial of Service PoC

9.10.2014

Bugtraq

[security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code 2014-10-08
security-alert hp com

[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution 2014-10-08
security-alert hp com

[SECURITY] [DSA 3048-1] apt security update 2014-10-08
Thijs Kinkhorst (thijs debian org)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2014-10-08
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 2014-10-08
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection 2014-10-08
Onapsis Research Labs (research onapsis com)

Two XSS in Contact Form DB WordPress plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)

Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)

[SECURITY] [DSA 3047-1] rsyslog security update 2014-10-08
Luciano Bello (luciano debian org)

Malware

Generic.tfr!1715C76BF414

RDN/Generic PUP.x!c2p!AA0FE7943C19

RDN/Generic PUP.x!c2p!89574B6ABF73

MultiPlug-FQW!147D7CF9FA31

RDN/Generic Dropper!vj!A2D133395EF0

Generic PUP.x!18461F0BD58F

RDN/Generic BackDoor!b2e!E34CE66EBDC8

Generic PUP.x!15A35161B1E0

RDN/Generic Downloader.x!BC02E3C81391

MultiPlug-FQW!78DB74984278

RDN/Generic PUP.x!92D947F01284

RDN/Generic PUP.x!2EE9751C294D

RDN/Generic.dx!dgc!970F0D7CED5D

MultiPlug-FQW!34EDE0F9E391

Generic PUP.x!0189948082D0

RDN/Generic PUP.x!c2p!D1AF7E5BF016

Generic Dropper!051E39446DB3

RDN/Generic Downloader.x!6CAD536B5306

RDN/Generic BackDoor!b2e!E427901B9DD7

RDN/YahLover.worm!bd!15786BA4420F

RDN/Generic PUP.x!CED1CCA74072

RDN/Generic Dropper!vj!4F680869ED18

MultiPlug-FQW!766349EC78F6

RDN/Generic PUP.x!8B5D6304D4A9

RDN/Generic PUP.x!c2p!A4390EDE5858

Generic PWS.y!E75350CEC4D3

RDN/Generic PUP.x!c2p!EAC71C0E0861

RDN/Generic PUP.x!c2p!A8E925DF477D

Generic Downloader.x!79B7CA61C02F

RDN/Generic PWS.y!bbj!4824E2738799

Phishing

Natwest

9th October 2014

NatWest Secure Activation
Confirmation

Chase Online

9th October 2014

Verify Your Account

Vulnerebility

OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2014-10-09
http://www.securityfocus.com/bid/66355

OpenSSH Certificate Validation Security Bypass Vulnerability
2014-10-09
http://www.securityfocus.com/bid/66459

IBM FileNet Content Manager and Content Foundation Unspecified Cross Site Scripting Vulnerability
2014-10-09
http://www.securityfocus.com/bid/69798

Exuberant Ctags 'jscript.c' Remote Denial of Service Vulnerability
2014-10-09
http://www.securityfocus.com/bid/70168

Debian 'apt' Package CVE-2014-7206 Insecure Temporary File Creation Vulnerability
2014-10-09
http://www.securityfocus.com/bid/70310

Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68596

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68603

Oracle Java SE CVE-2014-4268 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68615

Oracle Java SE CVE-2014-4208 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68580

Oracle Java SE CVE-2014-4252 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68642

Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68632

Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68599

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68636

IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69183

Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68571

Oracle Java SE CVE-2014-4218 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68583

Oracle Java SE CVE-2014-4220 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68576

Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68620

Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68639

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68624

IBM WebSphere Application Server CVE-2014-4816 Cross Site Request Forgery Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69980

IBM WebSphere Application Server CVE-2014-4770 Cross Site Scripting Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69981

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70137

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70165

Track-It! CVE-2014-4872 Unauthorized Access Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70264

MediaWiki Multiple Remote Code Execution Vulnerabilities
2014-10-08
http://www.securityfocus.com/bid/65223

Exploit

     Wordpress InfusionSoft Plugin Upload Vulnerability

    Rejetto HttpFileServer Remote Command Execution

  F5 iControl Remote Root Command Execution

  Linux Kernel remount FUSE Exploit

  BMC Track-It! - Multiple Vulnerabilities

  DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

  Nessus Web UI 2.3.3 - Stored XSS 

8.10.2014

Bugtraq

OWTF 1.0 "Lionheart" released! 2014-10-06
Abraham Aranguren (abraham aranguren owasp org)

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 2014-10-06
dkl mozilla com

CA20141001-01: Security Notice for Bash Shellshock Vulnerability 2014-10-06
Williams, James K (Ken Williams ca com)

Multiple Vulnerabilities in Draytek Vigor 2130 2014-10-06
Erik-Paul Dittmer (epdittmer digitalmisfits com)

PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)

Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)

Malware

RDN/Generic BackDoor!b2d!A6E5EE456D96

Generic BackDoor!BBD17B5C81EA

RDN/Generic PUP.x!c2m!9C08A79B5445

RDN/Generic PUP.x!c2m!045D129AAC8A

Generic PUP.x!FA05ED28873A

Generic PUP.x!9D85176AEC0B

Generic PUP.x!C1A0A23B36EA

RDN/Generic.bfr!29E90097C981

RDN/Generic PUP.x!DA4A4F1D70E4

RDN/Generic PUP.x!c2m!AD76E2853B18

RDN/Generic.bfr!hs!BB89DA673353

RDN/Generic PUP.x!97D22CCB9485

RDN/Generic Dropper!vi!98C1595083B5

RDN/Generic.bfr!hs!AFB8BB49B823

RDN/Generic BackDoor!2AC7ACB21151

RDN/Generic PUP.x!c2m!202125C7C7A8

RDN/Generic.bfr!hs!FE5713E831AF

Generic.dx!1584676FD155

RDN/Generic Dropper!vi!64B92F10158C

Generic Dropper!98EA33E2CDFD

RDN/Generic Dropper!AB0B0F62FA57

RDN/Generic.bfr!617EF7B58A2C

Generic.tfr!48B80FF03562

RDN/Generic PUP.x!c2m!379DBBF74E5C

RDN/Generic BackDoor!b2d!2E4A64BA2D10

RDN/Generic PUP.x!c2m!15F95766298C

RDN/Generic PUP.x!c2m!703F1BAA8C6B

RDN/Generic.tfr!ed!736FF5FB294D

RDN/Generic PUP.x!2617B4FCE46F

Generic.bfr!21CFBDCE784A

Phishing

no-reply@bt.com

7th October 2014

Account Verification

NatWest

7th October 2014

NatWest YourPoints Online

E-ZPass Customer Service Cente

7th October 2014

Indebtedness for driving on
toll road

Account

6th October 2014

NOTICE:UPDATE YOUR INFORMATION

Dun & BradStreet

6th October 2014

FW: Case - 6393394696

Vulnerebility

Schneider Electric ClearSCADA CVE-2014-5413 Weak Hashing Algorithm Remote Security Weakness
2014-10-08
http://www.securityfocus.com/bid/69842

Schneider Electric ClearSCADA CVE-2014-5412 Remote Security Bypass Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69840

Siemens SIMATIC WinCC and PCS7 CVE-2014-4686 Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68875

Siemens SIMATIC WinCC and PCS 7 CVE-2014-4685 Local Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68872

Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68880

Siemens SIMATIC WinCC And PCS7 CVE-2014-4683 Remote Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68879

Siemens SIMATIC WinCC And PCS7 WebNavigator Server Information Disclosure Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68876

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70137

IBM Embedded WebSphere Application Server CVE-2014-3020 Local Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69034

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68636

IBM Security Access Manager CVE-2014-6079 Unspecified Cross Site Scripting Vulnerability
2014-10-08
http://www.securityfocus.com/bid/70197

Oracle Java SE CVE-2014-4252 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68642

Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68632

IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
2014-10-08
http://www.securityfocus.com/bid/69183

Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68571

Oracle Java SE CVE-2014-4218 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68583

Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68596

Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68639

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68624

Oracle Java SE CVE-2014-4268 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68615

Oracle Java SE CVE-2014-4208 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68580

Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68620

Oracle Java SE CVE-2014-4220 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68576

Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68599

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68603

Oracle Database Server CVE-2014-4245 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68617

Oracle Database Server CVE-2014-4236 Remote Security Vulnerability
2014-10-08
http://www.securityfocus.com/bid/68633

Exploit

Asx to Mp3 2.7.5 - Stack Overflow

7.10.2014

Bugtraq

[SECURITY] [DSA 3046-1] mediawiki security update 2014-10-05
Salvatore Bonaccorso (carnil debian org)

Malware

PUP-FMK!2F218975826E

PUP-FMK!029CCAB6569C

Generic Downloader.x!F77D362082C1

RDN/Generic PUP.x!0011BF22D66C

MultiPlug-FQW!E7351D4BC208

PUP-FMK!BCA3D65CB17C

PUP-FMK!67076CEA7629

PUP-FMK!58969671BF50

RDN/Generic.bfr!hs!5554CA6BA99C

RDN/Generic.bfr!B6A04A798D5B

RDN/Generic.dx!dgb!6B774BEA33D2

RDN/Generic.tfr!ed!6906F155B8EC

PUP-FMK!0E6263B69EDA

PUP-FMK!6E93CE76F4A2

RDN/Generic.bfr!hs!B6A04A798D5B

PUP-FMS!EAFB42D5B89A

Generic PUP.x!00CE66ED87ED

RDN/Generic.bfr!hs!80FDB733C5F2

MultiPlug-FQW!D24B5AE91B2A

MultiPlug-FQW!42A538D69465

RDN/Generic BackDoor!8B57F53EF2F1

RDN/Generic.bfr!hs!E68D82ABD118

RDN/Generic PUP.x!0DE9A77000C3

Generic PUP.x!4D60D8DC2380

RDN/Generic PUP.x!003B95B2F6C6

MultiPlug-FQW!7DABDC9149AA

MultiPlug-FQW!0DB61BA6D2D3

RDN/Generic PUP.x!583D85840F93

RDN/Generic PUP.x!c2k!C2E8E5AE5809

RDN/Generic.dx!dgb!6EF3CDDDE2D0

Phishing

Account

6th October 2014

NOTICE:UPDATE YOUR INFORMATION

Dun & BradStreet

6th October 2014

FW: Case - 6393394696

PayPal

6th October 2014

Your Account is Limited !

Halifax UK

6th October 2014

Halifax Online Banking
SecureForm.

PayPal

6th October 2014

Security Measure

Vulnerebility

Cisco Adaptive Security Appliance (ASA) Software Arbitrary File Overwrite Vulnerability
2014-10-07
http://www.securityfocus.com/bid/70251

PolicyKit Local Privilege Escalation Vulnerability
2014-10-07
http://www.securityfocus.com/bid/68771

HTTP File Server 'ParserLib.pas' Remote Command Execution Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69782

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69075

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/70094

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2014-10-07
http://www.securityfocus.com/bid/67899

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/70092

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/70091

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-10-07
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-10-07
http://www.securityfocus.com/bid/70096

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/67898

OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/67901

OpenSSL CVE-2014-0076 Information Disclosure Weakness
2014-10-07
http://www.securityfocus.com/bid/66363

Procmail Formail Utility 'formisc.c' Heap Overflow Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69573

Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
2014-10-07
http://www.securityfocus.com/bid/66397

OpenSSL CVE-2014-3509 Remote Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69084

OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69083

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69079

OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability
2014-10-07
http://www.securityfocus.com/bid/69077

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70166

Cisco ASA Software CVE-2014-3398 Information Disclosure Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70230

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70137

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70103

OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69082

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70165

Cisco IOS XR Software CVE-2014-3396 Access List Security Bypass Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70236

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70154

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70153

Node.js qs Module Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70113

Exploit

 

6.10.2014

Bugtraq

[SECURITY] [DSA 3045-1] qemu security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3046-1] mediawiki security update 2014-10-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3044-1] qemu-kvm security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3042-1] exuberant-ctags security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)

Malware

RDN/Generic PUP.x!DD9B5DAA1F08

RDN/Downloader.a!tl!2E12C5EFE738

RDN/Generic.tfr!ed!D2143D5457E7

RDN/Generic.dx!dg3!0AFC5FADAFDF

RDN/Generic.bfr!hs!84A57FBE4098

RDN/Generic PUP.x!c2i!5C76A69B7978

RDN/DNSChanger.bfr!d!5C0381600E5D

RDN/Generic.dx!dg3!BB3EB3D7F24B

Generic PUP.x!51634A2B0BCD

RDN/DNSChanger.bfr!d!2949C8721183

RDN/DNSChanger.bfr!d!E8D4382B2A34

RDN/PWS-Mmorpg.gen!37168FCED0BF

RDN/Generic PWS.y!bb3!FD3072619AF6

Generic PUP.x!ED3ABE79CDA9

Generic PUP.x!20F65FFE3324

RDN/Generic PUP.x!CFB02A2F2A49

RDN/Generic.dx!dg3!5A32D3C65223

RDN/Downloader.a!tl!1E08A8034DB7

Generic Downloader.x!CAC0C16AC2F0

RDN/Generic PUP.x!c2i!B4800B6D913F

RDN/Generic.bfr!BE8656A8046E

RDN/Generic.bfr!hs!AB8A3DB2596A

RDN/Generic.dx!dg3!D6A4D106DDD2

RDN/Generic.dx!dg3!11563BD7E0B0

RDN/Generic.bfr!A65091F3961A

RDN/Generic Downloader.x!lc!EF75FE4F30EF

RDN/Generic PUP.x!c2i!D40B3A89D19E

RDN/Generic PWS.y!bb3!AE7421D7D1E6

RDN/Sdbot.worm!cb!40F81B74B6B5

RDN/Generic PUP.x!c2i!8ABDA107250E

Phishing

PayPal

6th October 2014

Security Measure

Vulnerebility

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70165

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70137

Linux Kernel 'net_get_random_once' Local Information Disclosure Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70209

FreePBX 'index.php' Remote Command Execution Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70188

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69325

OpenVPN 'openvpn_decrypt()' Function Information Disclosure Vulnerability
2014-10-06
http://www.securityfocus.com/bid/59672

GNU glibc '__gconv_translit_find()' Function Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/68983

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70186

IBM Java CVE-2013-4002 Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/61310

Perl 'Email::Address' Module Local Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/68084

Perl 'Email::Address' Module CVE-2014-4720 Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/68446

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70089

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70153

Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69396

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69763

Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69428

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69779

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69799

nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70025

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70142

Node.js 'lib/send.js' Directory Traversal Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70100

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
2014-10-06
http://www.securityfocus.com/bid/64225

Node.js qs Module Denial of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70113

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-10-06
http://www.securityfocus.com/bid/70116

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69648

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2014-10-06
http://www.securityfocus.com/bid/69647

Exploit

  Postfix SMTP - Shellshock Exploit

  Apache mod_cgi - Remote Exploit (Shellshock)

  Bash - CGI RCE (MSF) Shellshock Exploit

  AutoWeb 3.0 - (noticias.php id_cat) SQL Injection Exploit

4.10.2014

Bugtraq

[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code 2014-10-03
security-alert hp com

PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)

HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)

Malware

RDN/Generic PUP.x!c2h!9964B78F2FE2

Generic PUP.x!2CC475DA3312

RDN/Generic.dx!dfz!BFFFBBB9A3F6

RDN/Autorun.worm!dm!A8FFF76CDF07

RDN/Generic Downloader.x!lc!A8F76130BF79

RDN/Generic.dx!dfz!A8BB0DFC284B

Generic Downloader.x!C30454F3132A

RDN/Generic PUP.x!188701D0F4F9

RDN/Generic PWS.y!0B31DB8353AA

RDN/Generic PUP.x!c2h!C2E1E344313F

RDN/Downloader.a!tl!C2D3F33E43C6

RDN/Downloader.a!tl!C2D26C26446A

RDN/Downloader.a!tl!C2C1B1C96667

RDN/Generic PUP.x!c2h!E03E04DAB267

RDN/Generic.bfr!hs!D6DEF94FF064

RDN/Generic PUP.x!C80C016BF30B

W32/Virus.gen!7F1A038D1464

W32/Sality.gen!0323E943A80B

Generic PUP.x!691B663C872D

Generic PUP.x!5A41C6A2C66C

Generic.bfr!B7E1B3CEA37B

RDN/Generic PUP.x!43A30C12480B

RDN/Generic PUP.x!2A74E54A6BDD

Generic PUP.x!45A0D344D5F9

Generic PUP.x!C88167B3BA2A

Generic PUP.x!B1E07A40B5E7

RDN/Generic PUP.x!c2h!BF123E880141

Generic.bfr!7A91B76599CB

W32/Sality.gen!74A57025FAD5

RDN/Generic BackDoor!b2b!F516EB22C48A

Phishing

Paypal Inc

4th October 2014

YOUR ACCOUNT WILL BE LIMITED !

Paypal Help

4th October 2014

PAYPAL : UPDATE YOUR PAYPAL
ACCOUNT ! ✔

PayPal

4th October 2014

[PAYPAL] : UPDATE YOUR PAYPAL
ACCOUNT ! ✔

Paypal.Inc

4th October 2014

YOUR ACCOUNT HAS LIMITATION!
YOU CAN RESOLVE THIS NOW.?

PayPal

4th October 2014

Account Suspended

Vulnerebility

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70165

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70137

Linux Kernel 'net_get_random_once' Local Information Disclosure Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70209

FreePBX 'index.php' Remote Command Execution Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70188

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69325

OpenVPN 'openvpn_decrypt()' Function Information Disclosure Vulnerability
2014-10-04
http://www.securityfocus.com/bid/59672

GNU glibc '__gconv_translit_find()' Function Memory Corruption Vulnerability
2014-10-04
http://www.securityfocus.com/bid/68983

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70186

IBM Java CVE-2013-4002 Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/61310

Perl 'Email::Address' Module Local Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/68084

Perl 'Email::Address' Module CVE-2014-4720 Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/68446

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70089

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70153

Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69396

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69763

Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69428

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69779

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69799

nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70025

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70142

Node.js 'lib/send.js' Directory Traversal Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70100

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
2014-10-04
http://www.securityfocus.com/bid/64225

Node.js qs Module Denial of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70113

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-10-04
http://www.securityfocus.com/bid/70116

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69648

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2014-10-04
http://www.securityfocus.com/bid/69647

Exploit

 

3.10.2014

Bugtraq

[ MDVSA-2014:195 ] libvirt 2014-10-03
security mandriva com

[security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2014-10-02
security-alert hp com

[security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2014-10-02
security-alert hp com

Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities 2014-10-02
Patrick Webster (patrick osisecurity com au)

[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution 2014-10-01
security-alert hp com

[ MDVSA-2014:194 ] phpmyadmin 2014-10-03
security mandriva com

Elasticsearch vulnerability CVE-2014-6439 2014-10-02
Jordan Sissel (jordan sissel elasticsearch com)

Malware

Generic PUP.x!52C1A906E781

Generic PUP.x!51BE26245F83

Generic PUP.x!53CBB4CB70BC

Generic PUP.x!54DA64B562F5

RDN/Generic PUP.x!c2f!54E05A203165

Generic PUP.z!52EC75639A69

RDN/Generic Downloader.x!lc!57E21B5B733B

Generic PUP.x!5185C59E1736

RDN/Generic Downloader.x!lc!54FD5B4358E9

RDN/Generic.bfr!55FB6858CAD5

RDN/Generic Downloader.x!lc!55B00BFF1C7A

RDN/Generic.dx!dfz!566E7D17FE51

Generic PUP.x!5274D807B402

Generic PUP.x!55825DF93872

RDN/Generic.bfr!hs!50F5C164E1A2

Generic PUP.x!56CC85EF7591

RDN/Generic.dx!dfz!53B406EEDF8E

RDN/Generic.dx!dfz!53844C48AEB2

RDN/Generic.bfr!54530D6295C5

Generic PUP.x!51B929AC8DCE

RDN/Generic BackDoor!b2b!5421ECA29BA8

Generic PUP.x!4F9A14ED4674

RDN/Generic.dx!52A511B7E971

Generic.bfr!5336AC7C99BC

RDN/Generic PWS.y!bbg!5160010240B2

RDN/Generic Downloader.x!lc!507F125364B7

Generic PUP.x!49FEFD6E0BDE

RDN/Generic.bfr!hs!50A61E31E20C

Generic PUP.x!521C513CAA2E

RDN/Generic.dx!dfz!4F2414829594

Phishing

Paypal Inc

2nd October 2014

YOUR ACCOUNT WILL BE LIMITED !

Vulnerebility

Linux Kernel 'net_get_random_once' Local Information Disclosure Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70209

FreePBX 'index.php' Remote Command Execution Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70188

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69325

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70137

OpenVPN 'openvpn_decrypt()' Function Information Disclosure Vulnerability
2014-10-03
http://www.securityfocus.com/bid/59672

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70165

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70152

GNU glibc '__gconv_translit_find()' Function Memory Corruption Vulnerability
2014-10-03
http://www.securityfocus.com/bid/68983

libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70186

IBM Java CVE-2013-4002 Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/61310

Perl 'Email::Address' Module Local Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/68084

Perl 'Email::Address' Module CVE-2014-4720 Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/68446

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70089

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70153

Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69396

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69763

Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69428

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69779

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69799

nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70025

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70142

Node.js 'lib/send.js' Directory Traversal Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70100

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
2014-10-03
http://www.securityfocus.com/bid/64225

Node.js qs Module Denial of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70113

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-10-03
http://www.securityfocus.com/bid/70116

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69648

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2014-10-03
http://www.securityfocus.com/bid/69647

Exploit

 

2.10.2014

Bugtraq

[SECURITY] [DSA 3041-1] xen security update 2014-10-01
Moritz Muehlenhoff (jmm debian org)

Reflected Cross-Site Scripting (XSS) in Textpattern 2014-10-01
High-Tech Bridge Security Research (advisory htbridge com)

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin 2014-10-01
High-Tech Bridge Security Research (advisory htbridge com)

FreePBX (All Versions) RCE 2014-10-01
rob thomas schmoozecom com

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities 2014-10-01
VMware Security Response Center (security vmware com)

[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution 2014-10-01
security-alert hp com

[SECURITY] [DSA 3040-1] rsyslog security update 2014-09-30
Luciano Bello (luciano debian org)

Malware

Generic Downloader.x!91B14B967DD3

Generic PUP.x!15C5A3EF3DE3

Generic.bfr!432180388155

Generic.dx!27620747E668

RDN/Spybot.bfr!n!5E23DA9E75F0

Generic Downloader.x!76431649CAFA

RDN/Generic PWS.y!bbf!5596879AC298

RDN/Generic.bfr!hs!AADAF7941CE9

Generic PUP.x!9AE3200A5329

RDN/PWS-Mmorpg!mh!41D2C78A1EE5

RDN/Spybot.bfr!n!6B1D2F768778

RDN/Generic Dropper!vh!DFB5BA034E9E

RDN/Spybot.bfr!1D5448452A7A

RDN/Spybot.bfr!62D008711AE1

RDN/Spybot.bfr!AB9C87511C9F

RDN/Generic BackDoor!b2b!9095AA6D11A4

RDN/Generic.dx!df3!902F5E576DE6

RDN/Generic Downloader.x!la!884100F78D31

RDN/Ransom!ek!501F42A5DEED

BackDoor-FAJ!15BACEFCD98A

Generic PUP.x!47B7895C349B

RDN/Generic.bfr!8D32EA888C5C

RDN/Generic Dropper!vh!095BF0E5BC7D

Generic PUP.x!91C2866C46E1

Generic.dx!911B87AD568A

RDN/Ransom!ek!BB8FD766348F

RDN/Autorun.worm!dm!8FCB9DB26327

RDN/Autorun.worm!dm!8ED6B07BCD88

RDN/Generic.dx!df3!DA26C1B6428E

RDN/Generic PWS.y!bbf!5F46F598CC97

Phishing

 

Vulnerebility

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70137

IBM Java CVE-2013-4002 Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/61310

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70103

Perl 'Email::Address' Module Local Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/68084

Perl 'Email::Address' Module CVE-2014-4720 Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/68446

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70165

Python 'bufferobject.c' Integer Overflow Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70089

GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70166

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70153

Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69396

Linux Kernel PicoLCD HID Device Driver Buffer Overflow Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69763

Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69428

Linux Kernel Magic Mouse HID Device Driver CVE-2014-3181 Stack-Based Buffer Overflow Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69779

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69799

nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70025

Perl CVE-2014-4330 Stack Overflow Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70142

Node.js 'lib/send.js' Directory Traversal Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70100

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
2014-10-02
http://www.securityfocus.com/bid/64225

Node.js qs Module Denial of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70113

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70116

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69648

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69647

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-02
http://www.securityfocus.com/bid/70154

python-oauth2 CVE-2013-4347 Multiple Predictable Random Number Generator Weaknesses
2014-10-02
http://www.securityfocus.com/bid/62388

python-oauth2 Signed URL Nonce Verification Security Bypass Vulnerability
2014-10-02
http://www.securityfocus.com/bid/62386

Google Chrome Prior to 33.0.1750.146 Multiple Security Vulnerabilities
2014-10-02
http://www.securityfocus.com/bid/65930

cURL/libcURL SSL Certificate Host Name Validation Security Bypass Vulnerability
2014-10-02
http://www.securityfocus.com/bid/64431

WordPress Colormix Theme Multiple Security Vulnerablities
2014-10-02
http://www.securityfocus.com/bid/59371

Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability
2014-10-02
http://www.securityfocus.com/bid/69696

Exploit

  Kolibri Webserver 2.0 Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass

   GNU bash 4.3.11 Environment Variable dhclient Exploit

  Pure-FTPd External Authentication Bash Environment Variable Code Injection

  HP Network Node Manager I PMD Buffer Overflow

  ManageEngine OpManager / Social IT Arbitrary File Upload

  HTTP File Server 2.3a, 2.3b, 2.3c - Remote Command Execution

  All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability

  RBS Change Complet Open Source 3.6.8 - CSRF Vulnerability

  PHPCompta/NOALYSS 6.7.1 5638 - Remote Command Execution

  TestLink 1.9.11 - Multiple SQL Injection Vulnerabilities

  Epicor Enterprise 7.4 - Multiple Vulnerabilities

  Moab < 7.2.9 - Authorization Bypass

  TeamSpeak Client 3.0.14 - Buffer Overflow Vulnerability

1.10.2014

Bugtraq

London DEFCON - September 30th 2014 2014-09-30
Major Malfunction (majormal pirate-radio org)

[slackware-security] bash (SSA:2014-272-01) 2014-09-29
Slackware Security Team (security slackware com)

Malware

RDN/Generic FakeAlert!fe!91ACCED88EC4

Generic PUP.x!165FCB5E97B0

RDN/Downloader.a!tl!47D0AD41F5AB

Generic PUP.x!8DE422768627

RDN/Ransom!ek!FCE8A87FF1BB

RDN/Generic PUP.x!A27E4A674CB8

RDN/Generic.dx!df3!A0ADFEF1DEE6

RDN/Generic PUP.x!c2b!A0610BD60EB9

RDN/Generic PUP.x!c2b!281488DEB6EE

RDN/Generic.tfr!ed!BAAB1F3F8329

Generic PUP.x!D8DFB01D2F04

RDN/Generic.dx!df3!A03839463A9B

RDN/Generic.grp!55D74D8FF0ED

RDN/Generic.dx!df3!242831B991BB

RDN/Generic PWS.y!bbf!DE2DA82F410B

Generic Downloader.x!D2173B0911B4

RDN/Generic.dx!df3!07DF1E790A95

RDN/YahLover.worm!u!DFD93FE1D70C

RDN/Generic.dx!D77DE4696FAF

RDN/Generic.bfr!hs!D2D6D550BC16

RDN/Generic.bfr!hs!F5344F4CC8F8

RDN/Generic BackDoor!b2b!D70D03F2E9D6

RDN/Autorun.bfr!d!BB6AC2AD74F2

RDN/Generic Dropper!vh!7B9DEB304D66

Trojan-FAUE!E49A113A2800

RDN/Generic.bfr!hs!4F358BB80348

RDN/Generic.dx!df3!02BFB2EE9ED9

RDN/Generic BackDoor!b2b!C9A2D2BC7116

Generic PWS.y!006B817BA13F

RDN/Generic BackDoor!b2b!E3CF23CAED95

Phishing

 

Vulnerebility

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/69325

PHP DNS TXT Record Handling CVE-2014-3597 Heap Buffer Overflow Vulnerability
2014-10-01
http://www.securityfocus.com/bid/69322

PHP 'ext/spl/spl_dllist.c' Local Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68513

php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/66233

PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68007

PHP 'ext/spl/spl_array.c' Use After Free Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68511

file Composite Document File Format Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/52225

RSyslog and sysklogd CVE-2014-3634 Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70187

PHP CVE-2014-5120 Multiple Arbitrary File Overwrite Vulnerabilities
2014-10-01
http://www.securityfocus.com/bid/69375

PHP Fileinfo Component CVE-2014-3478 Remote Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68239

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68348

PHP Fileinfo Component Remote Denial of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/66406

Cisco WebEx Meetings Server CVE-2014-3395 Arbitrary File Download Vulnerabilitiy
2014-10-01
http://www.securityfocus.com/bid/70181

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-6277 Incomplete Fix Remote Code Execution Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70165

GNU Bash CVE-2014-6278 Incomplete Fix Unspecified Remote Code Execution Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70166

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70152

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-10-01
http://www.securityfocus.com/bid/70137

Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
2014-10-01
http://www.securityfocus.com/bid/67669

Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
2014-10-01
http://www.securityfocus.com/bid/67671

Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
2014-10-01
http://www.securityfocus.com/bid/67667

Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
2014-10-01
http://www.securityfocus.com/bid/67668

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68624

Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/67975

Mozilla Network Security Services CVE-2014-1490 Use After Free Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/65335

Mozilla Network Security Services CVE-2014-1492 Security Bypass Vulnerability
2014-10-01
http://www.securityfocus.com/bid/66356

Network Security Services 'ssl_Do1stHandshake()' Function Information Disclosure Vulnerability
2014-10-01
http://www.securityfocus.com/bid/64944

Mozilla Firefox/Thunderbird CVE-2014-1544 Use After Free Memory Corruption Vulnerability
2014-10-01
http://www.securityfocus.com/bid/68816

Mozilla Network Security Services CVE-2014-1491 Unspecified Security Vulnerability
2014-10-01
http://www.securityfocus.com/bid/65332

Exploit

 

30.9.2014

Bugtraq

Moab Authentication Bypass (insecure message signing) [CVE-2014-5376] 2014-09-29
john fitzpatrick mwrinfosecurity com

Moab User Impersonation [CVE-2014-5375] 2014-09-29
john fitzpatrick mwrinfosecurity com

Moab Authentication Bypass [CVE-2014-5300] 2014-09-29
john fitzpatrick mwrinfosecurity com

[slackware-security] mozilla-firefox (SSA:2014-271-01) 2014-09-29
Slackware Security Team (security slackware com)

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 2014-09-27
Pedro Ribeiro (pedrib gmail com)

Malware

Generic PUP.x!4259AC93E310

RDN/Generic BackDoor!b2a!423A0C05F700

Generic PUP.x!41861CA2DD3E

Generic PUP.x!41320CDCDD9D

RDN/Generic BackDoor!b2a!401C87402E41

Generic PUP.x!404A2480FC05

RDN/Spybot.bfr!n!C1064CE985A9

RDN/Generic PUP.x!cnz!96C8B548547C

RDN/DNSChanger.bfr!d!96BE64AB6B48

Generic PUP.x!9684124BFA52

RDN/YahLover.worm!FFCD4B330607

RDN/Generic.dx!df3!A0A88A90DE40

RDN/Spybot.bfr!6F2F76BF6B5E

Generic PUP.x!331DE5886CFB

RDN/Generic Dropper!vh!2B87A45B9E4A

RDN/Generic BackDoor!b2a!36A21B2A9BC4

RDN/Spybot.bfr!C3130A742BE9

RDN/Generic PUP.x!cnz!9CAE837AA884

Generic PUP.x!2E8A270EDC33

Generic PUP.x!4A425B5DF504

Generic PUP.x!24DF01A1C821

Generic PUP.x!682AB5CD1A56

Generic PUP.x!09ACAE7FAD31

RDN/Generic PUP.x!cnz!12DA5505939C

Generic PUP.x!09D64E8FC6AD

Generic PUP.x!4785A4A37F5D

Generic PUP.x!DB981CE6541C

Generic PUP.x!3DABBAD83C41

Generic PUP.x!373EC41B9233

Generic PUP.x!37438A3D16D6

Phishing

Paypal.inc

29th September 2014

NOTICE OF POLICY UPDATES

Tesco Credit Card

28th September 2014

Win A Free Tesco Voucher

Vulnerebility

Exuberant Ctags 'jscript.c' Remote Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70168

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
2014-09-30
http://www.securityfocus.com/bid/68636

Oracle Java SE CVE-2014-0453 Remote Security Vulnerability
2014-09-30
http://www.securityfocus.com/bid/66914

Mozilla Network Security Services CVE-2013-1620 Information Disclosure Vulnerability
2014-09-30
http://www.securityfocus.com/bid/57777

GnuTLS Certificate Validation Security Bypass Weakness
2014-09-30
http://www.securityfocus.com/bid/65792

LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70092

libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
2014-09-30
http://www.securityfocus.com/bid/67289

libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70093

LibVNCServer CVE-2014-6055 Multiple Stack Based Buffer Overflow Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/70096

LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70091

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70094

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70137

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70103

GNU Bash CVE-2014-7187 Local Memory Corruption Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70154

GNU Bash CVE-2014-7186 Local Memory Corruption Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70152

ZeroMQ Multiple Security Bypass Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/70157

TYPO3 JobControl SQL Injection and Cross Site Scripting Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/70155

Mediawiki SVG File Handling Security Bypass Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70153

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70116

Go TLS Server Implementation Security Bypass Vulnerability
2014-09-30
http://www.securityfocus.com/bid/70156

python-oauth2 CVE-2013-4347 Multiple Predictable Random Number Generator Weaknesses
2014-09-30
http://www.securityfocus.com/bid/62388

python-oauth2 Signed URL Nonce Verification Security Bypass Vulnerability
2014-09-30
http://www.securityfocus.com/bid/62386

Cisco IOS and IOS XE Software CVE-2014-3354 Multiple Denial of Service Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/70131

Drupal XML-RPC Endpoint Multiple Denial of Service Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/69146

Perl 'Email::Address' Module Local Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/68084

Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
2014-09-30
http://www.securityfocus.com/bid/65768

Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/65767

RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities
2014-09-30
http://www.securityfocus.com/bid/64758

Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
2014-09-30
http://www.securityfocus.com/bid/59797

Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
2014-09-30
http://www.securityfocus.com/bid/69265

Exploit

 

29.9.2014