Databáze Hot News -

Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  List  - 2018  2017  2016  2015  2014  2013 

Databáze - Úvod  Articles  Èlánky  Bugtraq  Malware   Phishing  Vulnerebility  SANS  Mobil Virus  Exploit  Útoky  IDS/IPS  Techniky hackerù  Threatpost  Papers

- Hot News List 2018 -

 

Datum

Název

Kategorie

10.5.2018

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09

Bugtraq

10.5.2018

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09

Bugtraq

10.5.2018

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09

Bugtraq

10.5.2018

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09

Bugtraq

10.5.2018

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10

Bugtraq

10.5.2018

[slackware-security] wget (SSA:2018-129-02) 2018-05-10

Bugtraq

10.5.2018

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’ 

Threatpost

10.5.2018

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service 

Exploint

10.5.2018

Exfiltrating data from (very) isolated environments

SANS News

10.5.2018

Linux/x86 - Read /etc/passwd Shellcode (62 bytes) 

Exploint

10.5.2018

May Patch Tuesday Fixes Two Bugs Under Active Attack 

Threatpost

10.5.2018

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability

Vulnerebility

10.5.2018

ModbusPal 1.6b - XML External Entity Injection 

Exploint

10.5.2018

Multiple Siemens Products Multiple Denial of Service Vulnerabilities

Vulnerebility

10.5.2018

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting 

Exploint

10.5.2018

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09

Bugtraq

10.5.2018

Win32/SdbMine.B

Malware

10.5.2018

Win64/NukeSped.AQ

Malware

9.5.2018

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08

Bugtraq

9.5.2018

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05

Bugtraq

9.5.2018

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06

Bugtraq

9.5.2018

[SECURITY] [DSA 4195-1] wget security update 2018-05-08

Bugtraq

9.5.2018

[SECURITY] [DSA 4196-1] linux security update 2018-05-08

Bugtraq

9.5.2018

2345 Security Guard 3.7 - Denial of Service 

Exploint

9.5.2018

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability

Vulnerebility

9.5.2018

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities

Vulnerebility

9.5.2018

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Apple iOS and macOS Multiple Security Vulnerabilities

Vulnerebility

9.5.2018

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08

Bugtraq

9.5.2018

CANADIAN JOB VACANCY!!! 2018-05-06

Bugtraq

9.5.2018

Exp.CVE-2018-0946 

Malware

9.5.2018

Exp.CVE-2018-0951 

Malware

9.5.2018

Exp.CVE-2018-0953 

Malware

9.5.2018

Exp.CVE-2018-0955 

Malware

9.5.2018

Exp.CVE-2018-8114 

Malware

9.5.2018

Exp.CVE-2018-8122 

Malware

9.5.2018

Exp.CVE-2018-8123 

Malware

9.5.2018

Exp.CVE-2018-8133 

Malware

9.5.2018

Exp.CVE-2018-8147 

Malware

9.5.2018

Exp.CVE-2018-8148 

Malware

9.5.2018

Exp.CVE-2018-8157 

Malware

9.5.2018

Exp.CVE-2018-8158 

Malware

9.5.2018

Exp.CVE-2018-8174 

Malware

9.5.2018

Exp.CVE-2018-8179 

Malware

9.5.2018

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08

Bugtraq

9.5.2018

Georgia Governor Vetoes Controversial Hack-Back Bill 

Threatpost

9.5.2018

GNU wget - Cookie Injection 

Exploint

9.5.2018

Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes) 

Exploint

9.5.2018

Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability

Vulnerebility

9.5.2018

Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability

Vulnerebility

9.5.2018

Microsoft Edge CVE-2018-8179 Remote Memory Corruption Vulnerability

Vulnerebility

9.5.2018

Microsoft Excel CVE-2018-8148 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Excel CVE-2018-8162 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Excel CVE-2018-8163 Information Disclosure Vulnerability

Vulnerebility

9.5.2018

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Exchange Server CVE-2018-8159 Remote Privilege Escalation Vulnerability

Vulnerebility

9.5.2018

Microsoft ChakraCore Scripting Engine CVE-2018-8177 Remote Memory Corruption Vulnerability

Vulnerebility

9.5.2018

Microsoft InfoPath CVE-2018-8173 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Internet Explorer and Edge CVE-2018-8178 Remote Memory Corruption Vulnerability

Vulnerebility

9.5.2018

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Office CVE-2018-8158 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Office CVE-2018-8161 Remote Code Execution Vulnerability

Vulnerebility

9.5.2018

Microsoft Outlook CVE-2018-8160 Information Disclosure Vulnerability

Vulnerebility

9.5.2018

Microsoft SharePoint Server CVE-2018-8168 Remote Privilege Escalation Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Device Guard CVE-2018-8129 Local Security Bypass Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Device Guard CVE-2018-8132 Local Security Bypass Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Kernel CVE-2018-8141 Local Information Disclosure Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Kernel Image CVE-2018-8170 Local Privilege Escalation Vulnerability

Vulnerebility

9.5.2018

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8166 Local Privilege Escalation Vulnerability

Vulnerebility

9.5.2018

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

Vulnerebility

9.5.2018

Nice Phishing Sample Delivering Trickbot

SANS News

9.5.2018

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers 

Threatpost

9.5.2018

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07

Bugtraq

8.5.2018

“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach 

Threatpost

8.5.2018

Adding Persistence Via Scheduled Tasks

SANS News

8.5.2018

Adobe Patches Critical Bugs In Flash Player, Creative Cloud 

Threatpost

8.5.2018

FBI: Cyber-Fraud Losses Rise to Reach $1.4B 

Threatpost

8.5.2018

FTPShell Client 6.7 - Buffer Overflow 

Exploint

8.5.2018

JS.Facexworm

Malware

8.5.2018

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

Vulnerebility

8.5.2018

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness

Vulnerebility

8.5.2018

Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit) 

Exploint

8.5.2018

PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit) 

Exploint

8.5.2018

PlaySMS 1.4 - sendfromfile.php Authenticated "Filename" Field Code Execution (Metasploit) 

Exploint

7.5.2018

Apple Swift CVE-2018-4220 Arbitrary Code Execution Vulnerability

Vulnerebility

7.5.2018

Asylo Open-Source Framework Tackles TEEs for Cloud 

Threatpost

7.5.2018

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked 

Threatpost

7.5.2018

CSP MySQL User Manager 2.3.1 - Authentication Bypass 

Exploint

7.5.2018

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH) 

Exploint

7.5.2018

HWiNFO 5.82-3410 - Denial of Service 

Exploint

7.5.2018

Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability

Vulnerebility

7.5.2018

Romanian Hackers Extradited to U.S. over $18M Vishing Scam 

Threatpost

7.5.2018

Scans Attempting to use PowerShell to Download PHP Script

SANS News

7.5.2018

Variant of SynAck Malware Adopts Doppelgänging Technique 

Threatpost

7.5.2018

WordPress Plugin User Role Editor < 4.25 - Privilege Escalation 

Exploint

6.5.2018

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03

Bugtraq

6.5.2018

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03

Bugtraq

6.5.2018

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04

Bugtraq

6.5.2018

Cisco Prime Service Catalog CVE-2018-0285 Denial of Service Vulnerability

Vulnerebility

6.5.2018

Google Chrome V8 - Object Allocation Size Integer Overflow 

Exploint

6.5.2018

IceWarp Mail Server < 11.1.1 - Directory Traversal 

Exploint

6.5.2018

Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability

Vulnerebility

6.5.2018

Pr0nbot is Back – and Evading Twitter Censors 

Threatpost

6.5.2018

Report: Intel Facing New Spectre-Like Security Flaws 

Threatpost

6.5.2018

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04

Bugtraq

6.5.2018

Vulnerabilities on the Rise?

SANS News

6.5.2018

Windows WMI - Recieve Notification Exploit (Metasploit) 

Exploint

6.5.2018

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting 

Exploint

4.5.2018

Call of Duty Modern Warefare 2 - Buffer Overflow 

Exploint

4.5.2018

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03

Bugtraq

4.5.2018

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability

Vulnerebility

4.5.2018

Google Android Qualcomm Components Multiple Security Vulnerabilities

Vulnerebility

4.5.2018

GPON Routers - Authentication Bypass / Command Injection 

Exploint

4.5.2018

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0 

Threatpost

4.5.2018

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability

Vulnerebility

4.5.2018

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability

Vulnerebility

4.5.2018

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability

Vulnerebility

4.5.2018

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability

Vulnerebility

4.5.2018

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability

Vulnerebility

4.5.2018

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability

Vulnerebility

4.5.2018

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability

Vulnerebility

4.5.2018

MassMiner Takes a Kitchen-Sink Approach to Cryptomining 

Threatpost

4.5.2018

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability

Vulnerebility

4.5.2018

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability

Vulnerebility

4.5.2018

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Vulnerebility

4.5.2018

Mozilla Firefox ESR Multiple Security Vulnerabilities

Vulnerebility

4.5.2018

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability

Vulnerebility

4.5.2018

NTP CVE-2017-6463 Denial of Service Vulnerability

Vulnerebility

4.5.2018

NTP CVE-2017-6464 Denial of Service Vulnerability

Vulnerebility

4.5.2018

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability

Vulnerebility

4.5.2018

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability

Vulnerebility

4.5.2018

OpenSSL CVE-2017-3737 Security Bypass Vulnerability

Vulnerebility

4.5.2018

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability

Vulnerebility

4.5.2018

OpenSSL CVE-2018-0739 Denial of Service Vulnerability

Vulnerebility

4.5.2018

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability

Vulnerebility

4.5.2018

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction 

Threatpost

4.5.2018

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability

Vulnerebility

4.5.2018

QEMU CVE-2017-13711 Denial of Service Vulnerability

Vulnerebility

4.5.2018

QEMU CVE-2017-15124 Denial of Service Vulnerability

Vulnerebility

4.5.2018

QEMU CVE-2017-15268 Denial of Service Vulnerability

Vulnerebility

4.5.2018

QEMU CVE-2018-5683 Denial of Service Vulnerability

Vulnerebility

4.5.2018

QEMU 'hw/display/vga.c' Denial of Service Vulnerability

Vulnerebility

4.5.2018

SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03

Bugtraq

4.5.2018

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service 

Exploint

4.5.2018

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability

Vulnerebility

4.5.2018

TBK DVR4104 / DVR4216 - Credentials Leak 

Exploint

4.5.2018

WebLogic Exploited in the Wild (Again)

SANS News

4.5.2018

Win32/SdbMine.A

Malware

4.5.2018

Win32/SdbMine.C

Malware

4.5.2018

WPA2 Key Reinstallation Multiple Security Weaknesses

Vulnerebility

3.5.2018

[SECURITY] [DSA 4187-1] linux security update 2018-05-01

Bugtraq

3.5.2018

[SECURITY] [DSA 4188-1] linux security update 2018-05-01

Bugtraq

3.5.2018

[SECURITY] [DSA 4189-1] quassel security update 2018-05-02

Bugtraq

3.5.2018

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01

Bugtraq

3.5.2018

Adobe Reader PDF - Client Side Request Injection 

Exploint

3.5.2018

CA20180501-01: Security Notice for CA Spectrum 2018-05-02

Bugtraq

3.5.2018

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery 

Exploint

3.5.2018

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01

Bugtraq

3.5.2018

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) 

Exploint

3.5.2018

Exim < 4.90.1 - 'base64d' Remote Code Execution 

Exploint

3.5.2018

Facebook Introduces ‘Clear History’ Option Amid Data Scandal 

Threatpost

3.5.2018

LibreOffice/Open Office - '.odt' Information Disclosure 

Exploint

3.5.2018

Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free 

Exploint

3.5.2018

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit) 

Exploint

3.5.2018

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit) 

Exploint

3.5.2018

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC) 

Exploint

3.5.2018

Schneider Electric Patches Critical RCE Vulnerability 

Threatpost

3.5.2018

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01

Bugtraq

3.5.2018

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free 

Exploint

3.5.2018

Win32/Delf.BFP

Malware

3.5.2018

Win32/Qadars.AZ

Malware

3.5.2018

Windows - Local Privilege Escalation 

Exploint

3.5.2018

xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit) 

Exploint

2.5.2018

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01

Bugtraq

2.5.2018

Apache Tomcat CVE-2017-15706 Remote Security Weakness

Vulnerebility

2.5.2018

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

Vulnerebility

2.5.2018

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability

Vulnerebility

2.5.2018

Millions of Home Fiber Routers Vulnerable to Complete Takeover 

Threatpost

2.5.2018

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability

Vulnerebility

2.5.2018

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities

Vulnerebility

2.5.2018

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability

Vulnerebility

2.5.2018

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability

Vulnerebility

2.5.2018

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability

Vulnerebility

2.5.2018

NTP CVE-2018-7182 Information Disclosure Vulnerability

Vulnerebility

2.5.2018

NTP CVE-2018-7183 Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

NTP CVE-2018-7184 Denial of Service Vulnerability

Vulnerebility

2.5.2018

NTP CVE-2018-7185 Denial of Service Vulnerability

Vulnerebility

2.5.2018

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability

Vulnerebility

2.5.2018

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability

Vulnerebility

2.5.2018

PHP CVE-2017-11143 Denial of Service Vulnerability

Vulnerebility

2.5.2018

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

PHP CVE-2018-5712 Cross Site Scripting Vulnerability

Vulnerebility

2.5.2018

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability

Vulnerebility

2.5.2018

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

PHP 'gd_gif_in.c' Memory Corruption Vulnerability

Vulnerebility

2.5.2018

Quagga CVE-2016-1245 Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

Quagga CVE-2018-5379 Remote Code Execution Vulnerability

Vulnerebility

2.5.2018

Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software

Threatpost

2.5.2018

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability

Vulnerebility

2.5.2018

TigerVNC Multiple Security Vulnerabilities

Vulnerebility

2.5.2018

Volkswagen Cars Open To Remote Hacking, Researchers Warn 

Threatpost

2.5.2018

Windows Commands Reference - An InfoSec Must Have

SANS News

2.5.2018

WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent... 

Exploint

2.5.2018

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability

Vulnerebility

2.5.2018

Xen XSA-258 Information Disclosure Vulnerability

Vulnerebility

1.5.2018

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30

Bugtraq

1.5.2018

Diving into a Simple Maldoc Generator

SANS News

1.5.2018

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) 

Exploint

1.5.2018

Tens of Thousands of Malicious Apps Using Facebook APIs 

Threatpost

1.5.2018

USB Sticks Can Trigger BSOD – Even on a Locked Device

Threatpost

1.5.2018

Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site... 

Exploint

30.4.2018

[SECURITY] [DSA 4183-1] tor security update 2018-04-28

Bugtraq

30.4.2018

[SECURITY] [DSA 4186-1] gunicorn security update 2018-04-28

Bugtraq

30.4.2018

Another approach to webapplication fingerprinting

SANS News

30.4.2018

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG... 

Exploint

30.4.2018

macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership... 

Exploint

30.4.2018

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability

Vulnerebility

30.4.2018

Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root 

Exploint

30.4.2018

Navicat < 12.0.27 - Oracle Connection Overflow 

Exploint

30.4.2018

Oracle Java SE and JRockit CVE-2018-2794 Local Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE CVE-2018-2790 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Java SE CVE-2018-2814 Remote Security Vulnerability

Vulnerebility

30.4.2018

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote... 

Exploint

30.4.2018

Symantec Norton Core CVE-2018-5234 Local Command Injection Vulnerability

Vulnerebility

30.4.2018

Twitter Sold Data To Cambridge Analytica-Linked Company 

Threatpost

30.4.2018

Updated GravityRAT Malware Adds Advanced AV Detection 

Threatpost

30.4.2018

WordPress Plugin Form Maker 1.12.20 - CSV Injection 

Exploint

29.4.2018

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26

Bugtraq

29.4.2018

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27

Bugtraq

29.4.2018

Microsoft Security Update for Spectre V2

SANS News

29.4.2018

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability

Vulnerebility

29.4.2018

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability

Vulnerebility

29.4.2018

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability

Vulnerebility

29.4.2018

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies 

Threatpost

29.4.2018

ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks 

Threatpost

29.4.2018

Uber Tightens Bug Bounty Extortion Policies 

Threatpost

27.4.2018

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24

Bugtraq

27.4.2018

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25

Bugtraq

27.4.2018

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH) 

Exploint

27.4.2018

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability

Vulnerebility

27.4.2018

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

Vulnerebility

27.4.2018

Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability

Vulnerebility

27.4.2018

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities

Vulnerebility

27.4.2018

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24

Bugtraq

27.4.2018

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24

Bugtraq

27.4.2018

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24

Bugtraq

27.4.2018

Delta Electronics PMSoft CVE-2018-8839 Multiple Stack Based Buffer Overflow Vulnerabilities

Vulnerebility

27.4.2018

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability

Vulnerebility

27.4.2018

Drupal JSON API Module Cross Site Request Forgery Vulnerability

Vulnerebility

27.4.2018

Frog CMS 0.9.5 - Persistent Cross-Site Scripting 

Exploint

27.4.2018

GitList 0.6 - Unauthenticated Remote Code Execution 

Exploint

27.4.2018

GNU Binutils CVE-2018-10372 Remote Buffer Overflow Vulnerability

Vulnerebility

27.4.2018

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability

Vulnerebility

27.4.2018

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability

Vulnerebility

27.4.2018

Metamorfo Targets Brazilian Users with Banking Trojans 

Threatpost

27.4.2018

Microsoft Issues More Spectre Updates For Intel CPUs 

Threatpost

27.4.2018

More Threat Hunting with User Agent and Drupal Exploits

SANS News

27.4.2018

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting 

Exploint

27.4.2018

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2758 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2766 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2782 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2784 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2787 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2805 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability

Vulnerebility

27.4.2018

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability

Vulnerebility

27.4.2018

Rubella Crimeware Kit: Cheap, Easy and Gaining Traction 

Threatpost

27.4.2018

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25

Bugtraq

27.4.2018

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot 

Exploint

26.4.2018

Adobe Flash - Info Leak in Image Inflation 

Exploint

26.4.2018

Adobe Flash - Out-of-Bounds Write in blur Filtering 

Exploint

26.4.2018

Adobe Flash - Overflow in Slab Rendering 

Exploint

26.4.2018

Adobe Flash - Overflow when Playing Sound 

Exploint

26.4.2018

Bezop Cryptocurrency Server Spills 25K in Private Investor, Promoter Data 

Threatpost

26.4.2018

Blog Master Pro v1.0 - CSV Injection 

Exploint

26.4.2018

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) 

Exploint

26.4.2018

Europol Smacks Down World’s Largest DDoS-for-Hire Market 

Threatpost

26.4.2018

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability

Vulnerebility

26.4.2018

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability

Vulnerebility

26.4.2018

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability

Vulnerebility

26.4.2018

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability

Vulnerebility

26.4.2018

HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting 

Exploint

26.4.2018

HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection 

Exploint

26.4.2018

HRSALE The Ultimate HRM v1.0.2 - CSV Injection 

Exploint

26.4.2018

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion 

Exploint

26.4.2018

Chrome V8 JIT - Arrow Function Scope Fixing Bug 

Exploint

26.4.2018

Chrome V8 JIT - 'AwaitedPromise' Update Bug 

Exploint

26.4.2018

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion 

Exploint

26.4.2018

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command... 

Exploint

26.4.2018

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability

Vulnerebility

26.4.2018

Linux Kernel 'fs/xfs/libxfs/xfs_inode_buf.c' Local Denial of Service Vulnerability

Vulnerebility

26.4.2018

Multiple Intel 2G Modem Products CVE-2018-3624 Buffer Overflow Vulnerability

Vulnerebility

26.4.2018

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting 

Exploint

26.4.2018

Shopy Point of Sale v1.0 - CSV Injection 

Exploint

26.4.2018

SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response 

Exploint

26.4.2018

Vecna VGo Robot ICSA-18-114-01 Information Disclosure and OS Command Execution Vulnerabilities

Vulnerebility

26.4.2018

WebKit Multiple Memory Corruption Vulnerabilities

Vulnerebility

26.4.2018

Western Digital My Cloud EX2 NAS Device Leaks Files 

Threatpost

26.4.2018

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion 

Exploint

26.4.2018

Yet Another Drupal RCE Vulnerability

SANS News

25.4.2018

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20

Bugtraq

25.4.2018

Exploit Targets Nvidia Tegra-Based Nintendo Systems 

Threatpost

25.4.2018

Malicious Network Traffic From /bin/bash

SANS News

25.4.2018

Orangeworm Mounts Espionage Campaign Against Healthcare 

Threatpost

25.4.2018

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2 

Threatpost

25.4.2018

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24

Bugtraq

25.4.2018

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24

Bugtraq

24.4.2018

[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18

Bugtraq

24.4.2018

[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20

Bugtraq

24.4.2018

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability

Vulnerebility

24.4.2018

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability

Vulnerebility

24.4.2018

Seagate Media Server path traversal vulnerability 2018-04-19

Bugtraq

23.4.2018

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability

Vulnerebility

23.4.2018

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability

Vulnerebility

23.4.2018

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability

Vulnerebility

23.4.2018

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability

Vulnerebility

23.4.2018

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability

Vulnerebility

23.4.2018

New IE 0-day in the wild

SANS News

22.4.2018

A malicious word document with a VBA form - video

SANS News

22.4.2018

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats 

Threatpost

22.4.2018

HackerOne CEO Talks Bug Bounty Programs at RSA Conference 

Threatpost

20.4.2018

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16

Bugtraq

20.4.2018

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17

Bugtraq

20.4.2018

[slackware-security] gd (SSA:2018-108-01) 2018-04-19

Bugtraq

20.4.2018

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability

Vulnerebility

20.4.2018

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability

Vulnerebility

20.4.2018

Cloud Credentials: New Attack Surface for Old Problem 

Threatpost

20.4.2018

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability

Vulnerebility

20.4.2018

Gold Galleon Hacking Group Plunders Shipping Industry 

Threatpost

20.4.2018

iOS Sync Glitch Lets Attackers Control Devices 

Threatpost

20.4.2018

Malspam pushing ransomware using two layers of password protection to avoid detection

SANS News

20.4.2018

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability

Vulnerebility

20.4.2018

OpenSSL CVE-2016-6304 Denial of Service Vulnerability

Vulnerebility

20.4.2018

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability

Vulnerebility

20.4.2018

Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19

Bugtraq

20.4.2018

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability

Vulnerebility

20.4.2018

Use of ‘StegWare’ Increases in Stealth Malware Attacks 

Threatpost

20.4.2018

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17

Bugtraq

19.4.2018

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability

Vulnerebility

19.4.2018

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Vulnerebility

19.4.2018

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability

Vulnerebility

19.4.2018

Cisco Unified Computing System Director CVE-2018-0238 Information Disclosure Vulnerability

Vulnerebility

19.4.2018

Millions of Apps Leak Private User Data Via Leaky Ad SDKs 

Threatpost

19.4.2018

Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018 

Threatpost

19.4.2018

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability

Vulnerebility

19.4.2018

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability

Vulnerebility

19.4.2018

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability

Vulnerebility

19.4.2018

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability

Vulnerebility

19.4.2018

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability

Vulnerebility

19.4.2018

Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018 

Threatpost

19.4.2018

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Threatpost

19.4.2018

Win32/Agent.OBS

Malware

19.4.2018

Win32/Filecoder.Crysis.P

Malware

19.4.2018

Win32/Korplug.HM

Malware

18.4.2018

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12

Bugtraq

18.4.2018

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12

Bugtraq

18.4.2018

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12

Bugtraq

18.4.2018

A Review of Recent Drupal Attacks (CVE-2018-7600)

SANS News

18.4.2018

Automated Bots Growing Tool For Hackers 

Threatpost

18.4.2018

Cryptominer Malware Threats Overtake Ransomware, Report Warns 

Threatpost

18.4.2018

Oracle MySQL Server CVE-2018-2759 Remote Security Vulnerability

Vulnerebility

18.4.2018

Oracle MySQL Server CVE-2018-2780 Remote Security Vulnerability

Vulnerebility

18.4.2018

Oracle MySQL Server CVE-2018-2786 Remote Security Vulnerability

Vulnerebility

18.4.2018

Python rhn-setup CVE-2015-1777 SSL Certificate Validation Security Bypass Vulnerability

Vulnerebility

18.4.2018

Webshell looking for interesting files

SANS News

17.4.2018

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11

Bugtraq

17.4.2018

A malicious word document with a VBA form

SANS News

17.4.2018

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities

Vulnerebility

17.4.2018

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities

Vulnerebility

17.4.2018

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Threatpost

17.4.2018

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability

Vulnerebility

17.4.2018

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities

Vulnerebility

17.4.2018

Trojan.Cryptoshuf

Malware

17.4.2018

Win32/Agent.ZIL

Malware

17.4.2018

Win32/Liech.G

Malware

16.4.2018

Metasploit's Payload UUID

SANS News

15.4.2018

Don’t Trust Android OEM Patching, Claims Researcher

Threatpost

15.4.2018

Getting Incident Response Help from Richard Feynman

SANS News

15.4.2018

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability

Vulnerebility

15.4.2018

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability

Vulnerebility

15.4.2018

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability

Vulnerebility

15.4.2018

PE_XIAOBAMINER.SM

Malware

15.4.2018

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability

Vulnerebility

15.4.2018

Poppler CVE-2017-9776 Denial of Service Vulnerability

Vulnerebility

15.4.2018

QEMU 'b/nbd/server.c' Denial of Service Vulnerability

Vulnerebility

15.4.2018

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability

Vulnerebility

15.4.2018

VMware vRealize Automation Cross Site Scripting and Session Hijacking Vulnerabilities

Vulnerebility

13.4.2018

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09

Bugtraq

13.4.2018

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability

Vulnerebility

13.4.2018

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10

Bugtraq

13.4.2018

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution 

Exploint

13.4.2018

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) 

Exploint

13.4.2018

Drupal CVE-2018-7600 PoC is Public

SANS News

13.4.2018

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability

Vulnerebility

13.4.2018

GNU Binutils CVE-2018-9996 Remote Denial of Service Vulnerability

Vulnerebility

13.4.2018

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) 

Exploint

13.4.2018

Juniper Junos CVE-2018-0022 Denial of Service Vulnerability

Vulnerebility

13.4.2018

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability

Vulnerebility

13.4.2018

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability

Vulnerebility

13.4.2018

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Threatpost

13.4.2018

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability

Vulnerebility

13.4.2018

QEMU CVE-2017-13673 Denial of Service Vulnerability

Vulnerebility

13.4.2018

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability

Vulnerebility

13.4.2018

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09

Bugtraq

12.4.2018

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08

Bugtraq

12.4.2018

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities

Vulnerebility

12.4.2018

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities

Vulnerebility

12.4.2018

Atlassian Application Links CVE-2018-5227 Cross Site Scripting Vulnerability

Vulnerebility

12.4.2018

Atlassian JIRA CVE-2017-18100 Cross Site Scripting Vulnerability

Vulnerebility

12.4.2018

Atlassian JIRA CVE-2017-18101 Security Bypass Vulnerability

Vulnerebility

12.4.2018

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09

Bugtraq

12.4.2018

Exp.CVE-2018-1001 

Malware

12.4.2018

Exp.CVE-2018-1003 

Malware

12.4.2018

Exp.CVE-2018-1004 

Malware

12.4.2018

Exp.CVE-2018-1010 

Malware

12.4.2018

Exp.CVE-2018-1011 

Malware

12.4.2018

Exp.CVE-2018-1012 

Malware

12.4.2018

Exp.CVE-2018-1013 

Malware

12.4.2018

Exp.CVE-2018-1015 

Malware

12.4.2018

Exp.CVE-2018-1016 

Malware

12.4.2018

Exp.CVE-2018-1023 

Malware

12.4.2018

Exp.CVE-2018-1026 

Malware

12.4.2018

Exp.CVE-2018-1027 

Malware

12.4.2018

Exp.CVE-2018-1028 

Malware

12.4.2018

Exp.CVE-2018-1029 

Malware

12.4.2018

Exp.CVE-2018-1030 

Malware

12.4.2018

Exp.CVE-2018-4932 

Malware

12.4.2018

Exp.CVE-2018-4933 

Malware

12.4.2018

Exp.CVE-2018-4934 

Malware

12.4.2018

Exp.CVE-2018-4935 

Malware

12.4.2018

Exp.CVE-2018-4936 

Malware

12.4.2018

Exp.CVE-2018-4937 

Malware

12.4.2018

Glitch in malspam campaign temporarily reduces spread of GandCrab

SANS News

12.4.2018

Linux/x64 - x64 Assembly Shellcode (Generator) 

Exploint

12.4.2018

Multiple SAP Products Multiple Unspecified Security Vulnerabilities

Vulnerebility

12.4.2018

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability

Vulnerebility

12.4.2018

SAP Disclosure Management Multiple Security Vulnerabilities

Vulnerebility

12.4.2018

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09

Bugtraq

12.4.2018

W32.Downuk

Malware

11.4.2018

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09

Bugtraq

11.4.2018

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09

Bugtraq

11.4.2018

A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel

SANS News

11.4.2018

Adobe Digital Editions APSB18-13 Multiple Information Disclosure Vulnerabilities

Vulnerebility

11.4.2018

Adobe Experience Manager CVE-2018-4929 HTML Injection Vulnerability

Vulnerebility

11.4.2018

Adobe Experience Manager CVE-2018-4931 HTML Injection Vulnerability

Vulnerebility

11.4.2018

Adobe InDesign CC CVE-2018-4927 DLL Loading Local Privilege Escalation Vulnerability

Vulnerebility

11.4.2018

Adobe InDesign CC CVE-2018-4928 Memory Corruption Vulnerability

Vulnerebility

11.4.2018

Adobe Patches Four Critical Bugs in Flash, InDesign 

Threatpost

11.4.2018

Adobe PhoneGap Push Plugin CVE-2018-4943 Security Bypass Vulnerability

Vulnerebility

11.4.2018

AMD Rolls Out Spectre Fixes 

Threatpost

11.4.2018

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid... 

Exploint

11.4.2018

DVD X Player Standard 5.5.3.9 - Buffer Overflow 

Exploint

11.4.2018

Exp.CVE-2018-0920 

Malware

11.4.2018

Exp.CVE-2018-0980 

Malware

11.4.2018

Exp.CVE-2018-0988 

Malware

11.4.2018

Exp.CVE-2018-0990 

Malware

11.4.2018

Exp.CVE-2018-0993 

Malware

11.4.2018

Exp.CVE-2018-0994 

Malware

11.4.2018

Exp.CVE-2018-0995 

Malware

11.4.2018

Exp.CVE-2018-0996 

Malware

11.4.2018

Exp.CVE-2018-0998

Malware

11.4.2018

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion 

Exploint

11.4.2018

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting 

Exploint

11.4.2018

Microsoft April 2018 Patch Tuesday

SANS News

11.4.2018

Microsoft Fixes 66 Bugs in April Patch Tuesday Release 

Threatpost

11.4.2018

Microsoft Wireless Keyboard CVE-2018-8117 Local Security Bypass Vulnerability

Vulnerebility

11.4.2018

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files 

Threatpost

11.4.2018

W32.Rarogminer

Malware

11.4.2018

WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting 

Exploint

11.4.2018

Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting 

Exploint

11.4.2018

WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS 

Exploint

11.4.2018

WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery 

Exploint

11.4.2018

WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery 

Exploint

10.4.2018

[slackware-security] patch (SSA:2018-096-01) 2018-04-07

Bugtraq

10.4.2018

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability

Vulnerebility

10.4.2018

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability

Vulnerebility

10.4.2018

Word Attachment Delivers FormBook Malware, No Macros Required

Threatpost

9.4.2018

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05

Bugtraq

9.4.2018

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05

Bugtraq

9.4.2018

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution 

Exploint

9.4.2018

Cisco Smart Install vulnerability exploited in the wild

SANS News

9.4.2018

Cobub Razor 0.7.2 - Add New Superuser Account 

Exploint

9.4.2018

CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure 

Exploint

9.4.2018

CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution 

Exploint

9.4.2018

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) 

Exploint

9.4.2018

H2 Database - 'Alias' Arbitrary Code Execution 

Exploint

9.4.2018

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting 

Exploint

9.4.2018

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection 

Exploint

9.4.2018

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit 

Exploint

9.4.2018

MyBB Plugin Recent Threads On Index - Cross-Site Scripting 

Exploint

9.4.2018

PMS 0.42 - Local Stack-Based Overflow (ROP) 

Exploint

9.4.2018

Trojan.Coinminer.B

Malware

9.4.2018

W32.Mysracoin

Malware

9.4.2018

WebKit - WebAssembly Parsing Does not Correctly Check Section Order 

Exploint

9.4.2018

WolfCMS 0.8.3.1 - Cross Site Request Forgery 

Exploint

9.4.2018

WolfCMS 0.8.3.1 - Open Redirection 

Exploint

9.4.2018

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution 

Exploint

9.4.2018

WordPress Plugin Google Drive 2.2 - Remote Code Execution 

Exploint

9.4.2018

WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code... 

Exploint

9.4.2018

Yahei PHP Prober 0.4.7 - Cross-Site Scripting 

Exploint

8.4.2018

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04

Bugtraq

8.4.2018

Advisory - Bamboo - CVE-2018-5224 2018-04-05

Bugtraq

8.4.2018

Cobub Razor 0.7.2 - Cross Site Request Forgery 

Exploint

8.4.2018

DotNetNuke DNNarticle Module 11 - Directory Traversal 

Exploint

8.4.2018

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass 

Exploint

8.4.2018

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04

Bugtraq

8.4.2018

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04

Bugtraq

8.4.2018

LineageOS 14.1 Blueborne - Remote Code Execution 

Exploint

8.4.2018

Mirai Variant Targets Financial Sector With IoT DDoS Attacks 

Threatpost

8.4.2018

Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns 

Threatpost

8.4.2018

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 2

SANS News

6.4.2018

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04

Bugtraq

6.4.2018

Delta, Sears Breaches Blamed on Malware Attack Against a Third-Party Chat Service 

Threatpost

6.4.2018

GetSimple CMS 3.3.13 - Cross-Site Scripting 

Exploint

6.4.2018

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass 

Exploint

6.4.2018

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption 

Exploint

6.4.2018

YzmCMS 3.6 - Cross-Site Scripting 

Exploint

6.4.2018

Z-Blog 1.5.1.1740 - Cross-Site Scripting 

Exploint

6.4.2018

Z-Blog 1.5.1.1740 - Full Path Disclosure 

Exploint

5.4.2018

[SECURITY] [DSA 4164-1] apache2 security update 2018-04-03

Bugtraq

5.4.2018

Apple Xcode CVE-2018-4164 Multiple Security Vulnerabilities

Vulnerebility

5.4.2018

Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability

Vulnerebility

5.4.2018

Facebook Bolsters Privacy Measures With New Data Access Restrictions 

Threatpost

5.4.2018

FreeBSD CVE-2018-6917 Multiple Integer Overflow Vulnerabilities

Vulnerebility

5.4.2018

FreeBSD CVE-2018-6918 Denial of Service Vulnerability

Vulnerebility

5.4.2018

Google Android Qualcomm Component CVE-2017-11087 Information Disclosure Vulnerability

Vulnerebility

5.4.2018

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks 

Threatpost

5.4.2018

Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found 

Threatpost

5.4.2018

Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting 

Exploint

5.4.2018

Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability

Vulnerebility

5.4.2018

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods 

Exploint

5.4.2018

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption 

Exploint

5.4.2018

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability

Vulnerebility

5.4.2018

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting 

Exploint

5.4.2018

Oracle Java SE and JRockit CVE-2018-2633 Remote Security Vulnerability

Vulnerebility

5.4.2018

Oracle Java SE CVE-2018-2602 Local Security Vulnerability

Vulnerebility

5.4.2018

ProcessMaker - Plugin Upload (Metasploit) 

Exploint

5.4.2018

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 1

SANS News

5.4.2018

W97M.Eplose

Malware

5.4.2018

Win32/Agent.SWZ

Malware

4.4.2018

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01

Bugtraq

4.4.2018

[SECURITY] [DSA 4163-1] beep security update 2018-04-02

Bugtraq

4.4.2018

A Suspicious Use of certutil.exe

SANS News

4.4.2018

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Threatpost

4.4.2018

Linux.Hajime

Malware

4.4.2018

Ransom.Precist

Malware

4.4.2018

Trojan.Cadbex

Malware

4.4.2018

Trojan.Coinreg

Malware

3.4.2018

[SECURITY] [DSA 4159-1] remctl security update 2018-04-01

Bugtraq

3.4.2018

[SECURITY] [DSA 4160-1] libevt security update 2018-04-01

Bugtraq

3.4.2018

[SECURITY] [DSA 4162-1] irssi security update 2018-04-01

Bugtraq

3.4.2018

[slackware-security] php (SSA:2018-090-01) 2018-04-01

Bugtraq

3.4.2018

Backdoor.Leenania

Malware

3.4.2018

Cloudflare Launches Publicly DNS-Over-HTTPS Service

Threatpost

3.4.2018

DLink DIR-601 - Admin Password Disclosure

Exploint

3.4.2018

Downloader.Malurl

Malware

3.4.2018

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion 

Exploint

3.4.2018

Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write 

Exploint

3.4.2018

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

Threatpost

3.4.2018

Java Deserialization Attack Against Windows

SANS News

3.4.2018

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2) 

Exploint

3.4.2018

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) 

Exploint

3.4.2018

OpenCMS 10.5.3 - Cross-Site Request Forgery

Exploint

3.4.2018

OpenCMS 10.5.3 - Cross-Site Scripting

Exploint

3.4.2018

Phishing PDFs with multiple links - Detection

SANS News

3.4.2018

Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change

Exploint

3.4.2018

U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program

Threatpost

3.4.2018

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

Exploint

3.4.2018

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

Exploint

3.4.2018

WampServer 3.1.2 - Cross-Site Request Forgery

Exploint

3.4.2018

WebLog Expert Enterprise 9.4 - Privilege Escalation

Exploint

2.4.2018

DLink DIR-601 - Admin Password Disclosure 

Exploint

2.4.2018

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) 

Exploint

2.4.2018

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal 

Exploint

2.4.2018

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials 

Exploint

2.4.2018

WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery 

Exploint

2.4.2018

WampServer 3.1.2 - Cross-Site Request Forgery 

Exploint

2.4.2018

WebLog Expert Enterprise 9.4 - Privilege Escalation s

Exploint

1.4.2018

[SECURITY] [DSA 4158-1] openssl1.0 security update 2018-03-29

Bugtraq

1.4.2018

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer... 

Exploint

1.4.2018

Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH) 

Exploint

1.4.2018

Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow 

Exploint

1.4.2018

Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow 

Exploint

1.4.2018

APPLE-SA-2018-3-29-2 watchOS 4.3 2018-03-29

Bugtraq

1.4.2018

D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass 

Exploint

1.4.2018

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow 

Exploint

1.4.2018

Homematic CCU2 2.29.23 - Arbitrary File Write 

Exploint

1.4.2018

Homematic CCU2 2.29.23 - Remote Command Execution 

Exploint

1.4.2018

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection 

Exploint

1.4.2018

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection 

Exploint

1.4.2018

Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack

Threatpost

1.4.2018

MiniCMS 1.10 - Cross-Site Request Forgery 

Exploint

1.4.2018

Open-AuditIT Professional 2.1 - Cross-Site Request Forgery 

Exploint

1.4.2018

osCommerce 2.3.4.1 - Remote Code Execution 

Exploint

1.4.2018

Phishing PDFs with multiple links

SANS News

1.4.2018

SysGauge 4.5.18 - Local Denial of Service 

Exploint

1.4.2018

Systematic SitAware - NVG Denial of Service 

Exploint

1.4.2018

Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change 

Exploint

1.4.2018

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC) 

Exploint

1.4.2018

Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change 

Exploint

1.4.2018

Tenda W316R Wireless Router 5.07.50 - Remote DNS Change 

Exploint

1.4.2018

Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) 

Exploint

1.4.2018

WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection 

Exploint

1.4.2018

WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting 

Exploint

1.4.2018

WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure 

Exploint

31.3.2018

[SECURITY] [DSA 4157-1] openssl security update 2018-03-29

Bugtraq

31.3.2018

APPLE-SA-2018-3-29-3 tvOS 11.3 2018-03-29

Bugtraq

31.3.2018

APPLE-SA-2018-3-29-4 Xcode 9.3 2018-03-29

Bugtraq

31.3.2018

APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows 2018-03-29

Bugtraq

31.3.2018

APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 2018-03-29

Bugtraq

31.3.2018

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center 2018-03-30

Bugtraq

31.3.2018

Cisco IOS and IOS XE Software CVE-2018-0172 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS and IOS XE Software CVE-2018-0174 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS and IOS XE Software CVE-2018-0189 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS Login Enhancements Feature Multiple Denial of Service Vulnerabilities

Vulnerebility

31.3.2018

Cisco IOS Software Integrated Services Module for VPN CVE-2018-0154 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0152 Remote Privilege Escalation Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0157 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0164 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0170 Denial of Service Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0183 Local Privilege Escalation Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0184 Local Privilege Escalation Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software CVE-2018-0195 Authorization Bypass Vulnerability

Vulnerebility

31.3.2018

Cisco IOS XE Software Multiple Command Injection Vulnerabilities

Vulnerebility

31.3.2018

Cisco IOS XE Software Multiple Cross Site Scripting Vulnerabilities

Vulnerebility

31.3.2018

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit) 

Exploint

31.3.2018

Heur.AdvML.M

Malware

31.3.2018

Joomla Component Fields - SQLi Remote Code Execution (Metasploit) 

Exploint

31.3.2018

Version 7 of the CIS Controls Released

SANS News

30.3.2018

[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27

Bugtraq

30.3.2018

[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27

Bugtraq

30.3.2018

[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28

Bugtraq

30.3.2018

[SECURITY] [DSA 4155-1] thunderbird security update 2018-03-28

Bugtraq

30.3.2018

[SECURITY] [DSA 4156-1] drupal7 security update 2018-03-28

Bugtraq

30.3.2018

Apache Struts CVE-2018-1327 Denial of Service Vulnerability

Vulnerebility

30.3.2018

CA20180328-01: Security Notice for CA API Developer Portal 2018-03-29

Bugtraq

30.3.2018

GitStack - Unsanitized Argument Remote Code Execution (Metasploit) 

Exploint

30.3.2018

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities

Vulnerebility

30.3.2018

ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability

Vulnerebility

30.3.2018

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability

Vulnerebility

30.3.2018

Novell NetIQ Identity Manager CVE-2018-1350 Information Disclosure Vulnerability

Vulnerebility

30.3.2018

One hash to rule them all: drupalgeddon2

 

30.3.2018

OpenSSL CVE-2018-0733 Security Bypass Vulnerability

Vulnerebility

30.3.2018

Win32/Shyape.T

Malware

30.3.2018

Win64/Emotet.AB

Malware

29.3.2018

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27

Bugtraq

29.3.2018

Alleged Mastermind Behind Carbanak Crime Gang Arrested

Threatpost

29.3.2018

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability

Vulnerebility

29.3.2018

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability

Vulnerebility

29.3.2018

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability

Vulnerebility

29.3.2018

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

Exploint

29.3.2018

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit) 

Exploint

29.3.2018

GraphicsMagick CVE-2018-9018 Denial of Service Vulnerability

Vulnerebility

29.3.2018

How are Your Vulnerabilities?

SANS News

29.3.2018

memcache SASL Authentication Security Bypass Vulnerability

Vulnerebility

29.3.2018

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability

Vulnerebility

29.3.2018

Memcached 'items.c' Denial of Service Vulnerability

Vulnerebility

29.3.2018

Memcached Multiple Integer Overflow Vulnerabilities

Vulnerebility

29.3.2018

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability

Vulnerebility

29.3.2018

memcached Verbose Mode Denial of Service Vulnerability

Vulnerebility

29.3.2018

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27

Bugtraq

29.3.2018

Microsoft Windows Remote Assistance - XML External Entity Injection 

Exploint

29.3.2018

Multiple AMD Processors Multiple Remote Security Vulnerabilities

Vulnerebility

29.3.2018

Ransom.Zenis

Malware

29.3.2018

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27

Bugtraq

29.3.2018

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability

Vulnerebility

29.3.2018

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) 

Exploint

29.3.2018

TwonkyMedia Server 7.0.11-8.5 - Directory Traversal 

Exploint

29.3.2018

TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting 

Exploint

29.3.2018

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27

Bugtraq

28.3.2018

[SECURITY] [DSA 4151-1] librelp security update 2018-03-26

Bugtraq

28.3.2018

[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27

Bugtraq

28.3.2018

Facebook Woes Continue as FTC Opens Data Privacy Probe

Threatpost

28.3.2018

MSH.Gosopad

Malware

28.3.2018

Sanny Malware Updates Delivery Method

Threatpost

28.3.2018

Side-channel information leakage in mobile applications

SANS News

26.3.2018

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22

Bugtraq

26.3.2018

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22

Bugtraq

26.3.2018

[SECURITY] [DSA 4150-1] icu security update 2018-03-23

Bugtraq

26.3.2018

[slackware-security] mozilla-thunderbird (SSA:2018-082-01) 2018-03-24

Bugtraq

26.3.2018

Acrolinx Server < 5.2.5 - Directory Traversal

Exploint

26.3.2018

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links 2018-03-24

Bugtraq

26.3.2018

Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow

Exploint

26.3.2018

FBI: Iranian Firm Stole Data In Massive Spear Phishing Campaign

Threatpost

26.3.2018

LabF nfsAxe 3.7 - Privilege Escalation

Exploint

26.3.2018

Laravel Log Viewer < 0.13.0 - Local File Download

Exploint

26.3.2018

Trojan.Ipafanli

Malware

26.3.2018

Windows IRC Bot in the Wild

SANS News

24.3.2018

"Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence."

SANS News

24.3.2018

A Closer Look at APT Group Sofacy’s Latest Targets 

Threatpost

24.3.2018

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability

Vulnerebility

24.3.2018

Beckhoff TwinCAT CVE-2018-7502 Multiple Local Privilege Escalation Vulnerabilities

Vulnerebility

24.3.2018

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22

Bugtraq

24.3.2018

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability

Vulnerebility

24.3.2018

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22

Bugtraq

24.3.2018

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability

Vulnerebility

24.3.2018

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability

Vulnerebility

24.3.2018

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability

Vulnerebility

24.3.2018

Linux Kernel CVE-2018-1068 Local Privilege Escalation Vulnerability

Vulnerebility

24.3.2018

Linux Kernel CVE-2018-8822 Multiple Memory Corruption Vulnerabilities

Vulnerebility

24.3.2018

Linux Kernel 'drivers/net/wireless/mac80211_hwsim.c' Local Denial of Service Vulnerability

Vulnerebility

24.3.2018

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities

Vulnerebility

24.3.2018

memcached Remote Denial of Service Vulnerability

Vulnerebility

24.3.2018

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22

Bugtraq

24.3.2018

Open vSwitch CVE-2016-2074 Multiple Buffer Overflow Vulnerabilities

Vulnerebility

24.3.2018

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability

Vulnerebility

24.3.2018

Senate Gives Nod To Controversial Cross-Border Data Access Bill 

Threatpost

24.3.2018

SIMATIC WinCC OA UI CVE-2018-4844 Access Bypass Vulnerability

Vulnerebility

24.3.2018

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability

Vulnerebility

24.3.2018

Xen 'xen/common/memory.c' Denial of Service vulnerability

Vulnerebility

23.3.2018

A Closer Look at APT Group Sofacy’s Latest Targets

Threatpost

23.3.2018

Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22

Bugtraq

23.3.2018

Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow 

Exploint

23.3.2018

Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure 

Exploint

23.3.2018

Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read 

Exploint

23.3.2018

Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve ) 

Exploint

23.3.2018

Dell EMC NetWorker - Denial of Service 

Exploint

23.3.2018

Drupal Forewarns ‘Highly Critical’ Bug to be Patched Next Week 

Threatpost

23.3.2018

Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service 

Exploint

23.3.2018

Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH) 

Exploint

23.3.2018

Extending Hunting Capabilities in Your Network

SANS News

23.3.2018

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control... 

Exploint

23.3.2018

JS/CoinMiner

Malware

23.3.2018

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak 

Exploint

23.3.2018

MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting 

Exploint

23.3.2018

Orbitz Warns 880,000 Payment Cards Suspected Stolen 

Threatpost

23.3.2018

Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21

Bugtraq

23.3.2018

TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery 

Exploint

23.3.2018

Win64/CoinMiner

Malware

23.3.2018

WM Recorder 16.8.1 - Denial of Service 

Exploint

23.3.2018

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion 

Exploint

23.3.2018

XenForo 2 - CSS Loader Denial of Service 

Exploint

22.3.2018

[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20

Bugtraq

22.3.2018

[SECURITY] [DSA 4147-1] polarssl security update 2018-03-21

Bugtraq

22.3.2018

Automatic Hunting for Malicous Files Crossing your Network

SANS News

22.3.2018

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20

Bugtraq

22.3.2018

Experts Call Facebook’s Latest Controversy a Social Media ‘Breach Of Trust’ 

Threatpost

22.3.2018

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability

Vulnerebility

22.3.2018

Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability

Vulnerebility

22.3.2018

Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability

Vulnerebility

22.3.2018

Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability

Vulnerebility

22.3.2018

Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability

Vulnerebility

22.3.2018

Netflix Opens Public Bug Bounty Program with $15K Payout Cap 

Threatpost

22.3.2018

Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability 2018-03-21

Bugtraq

22.3.2018

Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability 2018-03-21

Bugtraq

22.3.2018

Trojan.Fakeinstall

Malware

21.3.2018

[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17

Bugtraq

21.3.2018

[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18

Bugtraq

21.3.2018

A Mirai Botnet Postscript: Lessons Learned

Threatpost

21.3.2018

Administrator's Password Bad Practice 

SANS News

21.3.2018

Bouncy Castle BKS-V1 CVE-2018-5382 Security Weakness

Vulnerebility

21.3.2018

Cisco node-jos < 0.11.0 - Re-sign Tokens

Exploint

21.3.2018

ES2018-05 Kamailio heap overflow 2018-03-20

Bugtraq

21.3.2018

Exp.CVE-2018-4879

Malware

21.3.2018

Exp.CVE-2018-4882

Malware

21.3.2018

Exp.CVE-2018-4883

Malware

21.3.2018

Exp.CVE-2018-4885

Malware

21.3.2018

Exp.CVE-2018-4887

Malware

21.3.2018

Exp.CVE-2018-4889

Malware

21.3.2018

Exp.CVE-2018-4890

Malware

21.3.2018

Exp.CVE-2018-4892

Malware

21.3.2018

Exp.CVE-2018-4895

Malware

21.3.2018

Exp.CVE-2018-4896

Malware

21.3.2018

Exp.CVE-2018-4897

Malware

21.3.2018

Exp.CVE-2018-4898

Malware

21.3.2018

Exp.CVE-2018-4899

Malware

21.3.2018

Exp.CVE-2018-4900

Malware

21.3.2018

Exp.CVE-2018-4901

Malware

21.3.2018

Exp.CVE-2018-4902

Malware

21.3.2018

Exp.CVE-2018-4903

Malware

21.3.2018

Exp.CVE-2018-4904

Malware

21.3.2018

Exp.CVE-2018-4905

Malware

21.3.2018

Exp.CVE-2018-4906

Malware

21.3.2018

Exp.CVE-2018-4907

Malware

21.3.2018

Exp.CVE-2018-4908

Malware

21.3.2018

Exp.CVE-2018-4909

Malware

21.3.2018

Exp.CVE-2018-4910

Malware

21.3.2018

Exp.CVE-2018-4912

Malware

21.3.2018

Exp.CVE-2018-4913

Malware

21.3.2018

Exp.CVE-2018-4914

Malware

21.3.2018

Exp.CVE-2018-4915

Malware

21.3.2018

Exp.CVE-2018-4919

Malware

21.3.2018

Exp.CVE-2018-4920

Malware

21.3.2018

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident

Threatpost

21.3.2018

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Exploint

21.3.2018

Intelbras Telefone IP TIP200 LITE - Local File Disclosure

Exploint

21.3.2018

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)

Exploint

21.3.2018

Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Exploint

21.3.2018

Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege...

Exploint

21.3.2018

Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write...

Exploint

21.3.2018

Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure

Exploint

21.3.2018

Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure

Exploint

21.3.2018

Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit...

Exploint

21.3.2018

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit...

Exploint

21.3.2018

Siemens SIMATIC/SINUMERIK/PROFINET IO CVE-2018-4843 Denial of Service Vulnerability

Vulnerebility

21.3.2018

Surge in blackmailing?

SANS News

21.3.2018

Telegram Ordered to Hand Over Encryption Keys to Russian Authorities

Threatpost

21.3.2018

Unsubscribe - Re: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20

Bugtraq

21.3.2018

Unsubscribe - Re: ES2018-05 Kamailio heap overflow 2018-03-20

Bugtraq

21.3.2018

Vehicle Sales Management System - Multiple Vulnerabilities

Exploint

19.3.2018