Databáze Hot News - Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  - 2018  2017  2016  2015  2014  2013 
Poslední aktualizace v 08.10.2016 14:19:38

27.4.2018

Bugtraq

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-27
http://www.securityfocus.com/bid/104003

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103828

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2784 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103801

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2782 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103799

Oracle MySQL Server CVE-2018-2787 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103804

Oracle MySQL Server CVE-2018-2805 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103831

Oracle MySQL Server CVE-2018-2766 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103805

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2758 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103802

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Delta Electronics PMSoft CVE-2018-8839 Multiple Stack Based Buffer Overflow Vulnerabilities
2018-04-26
http://www.securityfocus.com/bid/104013

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal JSON API Module Cross Site Request Forgery Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104004

Xen XSA-258 Information Disclosure Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104002

Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104001

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

GNU Binutils CVE-2018-10372 Remote Buffer Overflow Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103976

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

SANS News

More Threat Hunting with User Agent and Drupal Exploits

Threatpost

Microsoft Issues More Spectre Updates For Intel CPUs

Rubella Crimeware Kit: Cheap, Easy and Gaining Traction

Metamorfo Targets Brazilian Users with Banking Trojans

Exploint

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot

GitList 0.6 - Unauthenticated Remote Code Execution

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)

26.4.2018

Bugtraq

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Multiple Intel 2G Modem Products CVE-2018-3624 Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103968

Vecna VGo Robot ICSA-18-114-01 Information Disclosure and OS Command Execution Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103966

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_inode_buf.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103960

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Yet Another Drupal RCE Vulnerability

Threatpost

Western Digital My Cloud EX2 NAS Device Leaks Files

Metamorfo Targets Brazilian Users with Banking Trojans

Europol Smacks Down World’s Largest DDoS-for-Hire Market

Exploint

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting

SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command...

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)

Chrome V8 JIT - Arrow Function Scope Fixing Bug

Chrome V8 JIT - 'AwaitedPromise' Update Bug

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

Adobe Flash - Out-of-Bounds Write in blur Filtering

Adobe Flash - Info Leak in Image Inflation

Adobe Flash - Overflow in Slab Rendering

Adobe Flash - Overflow when Playing Sound

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting

HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection

HRSALE The Ultimate HRM v1.0.2 - CSV Injection

Blog Master Pro v1.0 - CSV Injection

Shopy Point of Sale v1.0 - CSV Injection

25.4.2018

Bugtraq

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Malicious Network Traffic From /bin/bash

Threatpost

Exploit Targets Nvidia Tegra-Based Nintendo Systems

Orangeworm Mounts Espionage Campaign Against Healthcare

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

Exploint

 

24.4.2018

Bugtraq

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

SANS News

 

Threatpost

 

Exploint

 

23.4.2018

Bugtraq

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

Malware

 

Phishing

 

Vulnerebility

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

SANS News

New IE 0-day in the wild

Threatpost

 

Exploint

 

22.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

A malicious word document with a VBA form - video

Threatpost

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Exploint

 

20.4.2018

Bugtraq

Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

SANS News

Malspam pushing ransomware using two layers of password protection to avoid detection

Threatpost

Cloud Credentials: New Attack Surface for Old Problem

Use of ‘StegWare’ Increases in Stealth Malware Attacks

iOS Sync Glitch Lets Attackers Control Devices

Gold Galleon Hacking Group Plunders Shipping Industry

Exploint

 

19.4.2018

Bugtraq

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Agent.OBS

Win32/Korplug.HM

Win32/Filecoder.Crysis.P

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Cisco Unified Computing System Director CVE-2018-0238 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103919

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

SANS News

 

Threatpost

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018

Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Exploint

 

18.4.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-11-02
http://www.securityfocus.com/bid/103880

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

Oracle MySQL Server CVE-2018-2759 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103780

Oracle MySQL Server CVE-2018-2786 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103779

Oracle MySQL Server CVE-2018-2780 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103778

Python rhn-setup CVE-2015-1777 SSL Certificate Validation Security Bypass Vulnerability
2018-04-17
http://www.securityfocus.com/bid/72943

SANS News

Webshell looking for interesting files

A Review of Recent Drupal Attacks (CVE-2018-7600)

Threatpost

Cryptominer Malware Threats Overtake Ransomware, Report Warns

Automated Bots Growing Tool For Hackers

Exploint

 

17.4.2018

Bugtraq

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Malware

Win32/Agent.ZIL

Win32/Liech.G

Trojan.Cryptoshuf

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

A Review of Recent Drupal Attacks (CVE-2018-7600)

A malicious word document with a VBA form

Threatpost

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Automated Bots Growing Tool For Hackers

Exploint

 

16.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

Metasploit's Payload UUID

Threatpost

 

Exploint

 

15.4.2018

Bugtraq

 

Malware

PE_XIAOBAMINER.SM

Phishing

 

Vulnerebility

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

VMware vRealize Automation Cross Site Scripting and Session Hijacking Vulnerabilities
2018-04-12
http://www.securityfocus.com/bid/103752

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

SANS News

Getting Incident Response Help from Richard Feynman

Threatpost

Don’t Trust Android OEM Patching, Claims Researcher

Exploint

 

13.4.2018

Bugtraq

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Juniper Junos CVE-2018-0022 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103740

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

GNU Binutils CVE-2018-9996 Remote Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103733

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

SANS News

Drupal CVE-2018-7600 PoC is Public

Threatpost

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Exploint

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

12.4.2018

Bugtraq

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

Malware

W32.Downuk

Exp.CVE-2018-4932

Exp.CVE-2018-4933

Exp.CVE-2018-4934

Exp.CVE-2018-4935

Exp.CVE-2018-4937

Exp.CVE-2018-4936

Exp.CVE-2018-1003

Exp.CVE-2018-1001

Exp.CVE-2018-1004

Exp.CVE-2018-1010

Exp.CVE-2018-1011

Exp.CVE-2018-1012

Exp.CVE-2018-1013

Exp.CVE-2018-1015

Exp.CVE-2018-1016

Exp.CVE-2018-1023

Exp.CVE-2018-1026

Exp.CVE-2018-1027

Exp.CVE-2018-1028

Exp.CVE-2018-1029

Exp.CVE-2018-1030

Phishing

 

Vulnerebility

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

Atlassian Application Links CVE-2018-5227 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103731

Atlassian JIRA CVE-2017-18101 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103730

Atlassian JIRA CVE-2017-18100 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103729

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

SANS News

Glitch in malspam campaign temporarily reduces spread of GandCrab

Threatpost

 

Exploint

Linux/x64 - x64 Assembly Shellcode (Generator)

11.4.2018

Bugtraq

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

Malware

W32.Rarogminer

Exp.CVE-2018-0920

Exp.CVE-2018-0980

Exp.CVE-2018-0988

Exp.CVE-2018-0990

Exp.CVE-2018-0994

Exp.CVE-2018-0993

Exp.CVE-2018-0995

Exp.CVE-2018-0996

Exp.CVE-2018-0998

Phishing

 

Vulnerebility

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

Adobe InDesign CC CVE-2018-4927 DLL Loading Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103716

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103715

Adobe InDesign CC CVE-2018-4928 Memory Corruption Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103714

Adobe Digital Editions APSB18-13 Multiple Information Disclosure Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103712

Microsoft Wireless Keyboard CVE-2018-8117 Local Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103711

Adobe PhoneGap Push Plugin CVE-2018-4943 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103710

Adobe Experience Manager CVE-2018-4931 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103709

Adobe Experience Manager CVE-2018-4929 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103707

SANS News

Microsoft April 2018 Patch Tuesday

A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel

Threatpost

AMD Rolls Out Spectre Fixes

Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Adobe Patches Four Critical Bugs in Flash, InDesign

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Exploint

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion

WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS

WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid...

WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery

WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery

Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

DVD X Player Standard 5.5.3.9 - Buffer Overflow

10.4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102661

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102625

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102615

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102659

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102656

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102576

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102605

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102633

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102612

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102592

SANS News

 

Threatpost

Word Attachment Delivers FormBook Malware, No Macros Required

Exploint

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

9 .4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Malware

Trojan.Coinminer.B

W32.Mysracoin

Phishing

 

Vulnerebility

 

SANS News

Cisco Smart Install vulnerability exploited in the wild

Threatpost

 

Exploint

WordPress Plugin Google Drive 2.2 - Remote Code Execution

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection

CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution

WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code...

Yahei PHP Prober 0.4.7 - Cross-Site Scripting

WolfCMS 0.8.3.1 - Open Redirection

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Cobub Razor 0.7.2 - Add New Superuser Account

WolfCMS 0.8.3.1 - Cross Site Request Forgery

PMS 0.42 - Local Stack-Based Overflow (ROP)

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)

H2 Database - 'Alias' Arbitrary Code Execution

CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure

WebKit - WebAssembly Parsing Does not Correctly Check Section Order

8.4.2018

Bugtraq

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 2

Threatpost

Mirai Variant Targets Financial Sector With IoT DDoS Attacks

Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Exploint

LineageOS 14.1 Blueborne - Remote Code Execution

Cobub Razor 0.7.2 - Cross Site Request Forgery

DotNetNuke DNNarticle Module 11 - Directory Traversal

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

6 .4.2018

Bugtraq

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Delta, Sears Breaches Blamed on Malware Attack Against a Third-Party Chat Service

Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Exploint

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass

GetSimple CMS 3.3.13 - Cross-Site Scripting

Z-Blog 1.5.1.1740 - Full Path Disclosure

Z-Blog 1.5.1.1740 - Cross-Site Scripting

YzmCMS 3.6 - Cross-Site Scripting

5 .4.2018

Bugtraq

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4164-1] apache2 security update 2018-04-03
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Agent.SWZ

W97M.Eplose

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102661

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102625

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102615

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102659

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102656

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102576

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102605

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102633

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102612

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102592

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102642

Oracle Java SE and JRockit CVE-2018-2633 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102557

FreeBSD CVE-2018-6917 Multiple Integer Overflow Vulnerabilities
2018-04-04
http://www.securityfocus.com/bid/103668

FreeBSD CVE-2018-6918 Denial of Service Vulnerability
2018-04-04
http://www.securityfocus.com/bid/103666

Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability
2018-04-04
http://www.securityfocus.com/bid/103653

Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability
2018-04-03
http://www.securityfocus.com/bid/103593

Google Android Qualcomm Component CVE-2017-11087 Information Disclosure Vulnerability
2018-04-02
http://www.securityfocus.com/bid/103669

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

Apple Xcode CVE-2018-4164 Multiple Security Vulnerabilities
2018-03-29
http://www.securityfocus.com/bid/103583

SANS News

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 1

Threatpost

Facebook Bolsters Privacy Measures With New Data Access Restrictions

Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Exploint

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

ProcessMaker - Plugin Upload (Metasploit)

Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting

4 .4.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4164-1] apache2 security update 2018-04-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4163-1] beep security update 2018-04-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

Malware

Trojan.Coinreg

Ransom.Precist

Linux.Hajime

Trojan.Cadbex

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability
2018-04-03
http://www.securityfocus.com/bid/103593

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

Apple Xcode CVE-2018-4164 Multiple Security Vulnerabilities
2018-03-29
http://www.securityfocus.com/bid/103583

SANS News

A Suspicious Use of certutil.exe

Threatpost

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Exploint

 

3 .4.2018

Bugtraq

[SECURITY] [DSA 4163-1] beep security update 2018-04-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4159-1] remctl security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4162-1] irssi security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4160-1] libevt security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[slackware-security] php (SSA:2018-090-01) 2018-04-01
Slackware Security Team (security slackware com)

Malware

Downloader.Malurl

Backdoor.Leenania

Phishing

 

Vulnerebility

 

SANS News

Phishing PDFs with multiple links - Detection

Java Deserialization Attack Against Windows

Threatpost

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program

Cloudflare Launches Publicly DNS-Over-HTTPS Service

Exploint

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)

Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion

Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change

OpenCMS 10.5.3 - Cross-Site Scripting

OpenCMS 10.5.3 - Cross-Site Request Forgery

DLink DIR-601 - Admin Password Disclosure

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

WampServer 3.1.2 - Cross-Site Request Forgery

WebLog Expert Enterprise 9.4 - Privilege Escalation

2 .4.2018

Bugtraq

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4159-1] remctl security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4162-1] irssi security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4160-1] libevt security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[slackware-security] php (SSA:2018-090-01) 2018-04-01
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

DLink DIR-601 - Admin Password Disclosure

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

WampServer 3.1.2 - Cross-Site Request Forgery

WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)

WebLog Expert Enterprise 9.4 - Privilege Escalation s

1 .4.2018

Bugtraq

[SECURITY] [DSA 4158-1] openssl1.0 security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-2 watchOS 4.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

SANS News

Phishing PDFs with multiple links

Threatpost

Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack

Exploint

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer...

Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)

Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)

D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass

Tenda W316R Wireless Router 5.07.50 - Remote DNS Change

osCommerce 2.3.4.1 - Remote Code Execution

Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change

WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection

Homematic CCU2 2.29.23 - Remote Command Execution

WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection

WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting

MiniCMS 1.10 - Cross-Site Request Forgery

Homematic CCU2 2.29.23 - Arbitrary File Write

Open-AuditIT Professional 2.1 - Cross-Site Request Forgery

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow

Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow

Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)

Systematic SitAware - NVG Denial of Service

SysGauge 4.5.18 - Local Denial of Service

31 .3.2018

Bugtraq

[SECURITY] [DSA 4158-1] openssl1.0 security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-2 watchOS 4.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center 2018-03-30
Williams, Ken (Ken Williams ca com)

[SECURITY] [DSA 4157-1] openssl security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-4 Xcode 9.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-3 tvOS 11.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

Malware

Heur.AdvML.M

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

Cisco IOS XE Software CVE-2018-0157 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103561

Cisco IOS XE Software CVE-2018-0170 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103560

Cisco IOS Software Integrated Services Module for VPN CVE-2018-0154 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103559

Cisco IOS XE Software CVE-2018-0152 Remote Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103558

Cisco IOS XE Software CVE-2018-0195 Authorization Bypass Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103557

Cisco IOS Login Enhancements Feature Multiple Denial of Service Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103556

Cisco IOS XE Software CVE-2018-0183 Local Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103555

Cisco IOS and IOS XE Software CVE-2018-0174 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103554

Cisco IOS XE Software CVE-2018-0164 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103553

Cisco IOS and IOS XE Software CVE-2018-0172 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103552

Cisco IOS XE Software Multiple Cross Site Scripting Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103551

Cisco IOS XE Software CVE-2018-0184 Local Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103550

Cisco IOS and IOS XE Software CVE-2018-0189 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103548

Cisco IOS XE Software Multiple Command Injection Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103547

SANS News

Version 7 of the CIS Controls Released

Threatpost

 

Exploint

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)

30 .3.2018

Bugtraq

[SECURITY] [DSA 4156-1] drupal7 security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

CA20180328-01: Security Notice for CA API Developer Portal 2018-03-29
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4155-1] thunderbird security update 2018-03-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27
Luciano Bello (luciano debian org)

Malware

Win32/Shyape.T

Win64/Emotet.AB

Phishing

 

Vulnerebility

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103523

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Novell NetIQ Identity Manager CVE-2018-1350 Information Disclosure Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103532

SANS News

One hash to rule them all: drupalgeddon2

Threatpost

 

Exploint

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

GitStack - Unsanitized Argument Remote Code Execution (Metasploit)

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)

29 .3.2018

Bugtraq

[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27
Luciano Bello (luciano debian org)

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Malware

Ransom.Zenis

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

GraphicsMagick CVE-2018-9018 Denial of Service Vulnerability
2018-03-25
http://www.securityfocus.com/bid/103526

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

SANS News

How are Your Vulnerabilities?

Threatpost

Alleged Mastermind Behind Carbanak Crime Gang Arrested

Exploint

Microsoft Windows Remote Assistance - XML External Entity Injection

TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting

TwonkyMedia Server 7.0.11-8.5 - Directory Traversal

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

28 .3.2018

Bugtraq

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4151-1] librelp security update 2018-03-26
Salvatore Bonaccorso (carnil debian org)

Malware

MSH.Gosopad

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

SANS News

Side-channel information leakage in mobile applications

Threatpost

Sanny Malware Updates Delivery Method

Facebook Woes Continue as FTC Opens Data Privacy Probe

Exploint

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

27 .3.2018

Bugtraq

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4151-1] librelp security update 2018-03-26
Salvatore Bonaccorso (carnil debian org)

Malware

MSH.Gosopad

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

SANS News

Side-channel information leakage in mobile applications

Threatpost

Sanny Malware Updates Delivery Method

Facebook Woes Continue as FTC Opens Data Privacy Probe

Exploint

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

26 .3.2018

Bugtraq

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links 2018-03-24
Securify B.V. (lists securify nl)

[slackware-security] mozilla-thunderbird (SSA:2018-082-01) 2018-03-24
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4150-1] icu security update 2018-03-23
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Ipafanli

Phishing

 

Vulnerebility

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

SANS News

Windows IRC Bot in the Wild

Threatpost

Facebook Woes Continue as FTC Opens Data Privacy Probe

FBI: Iranian Firm Stole Data In Massive Spear Phishing Campaign

Exploint

Acrolinx Server < 5.2.5 - Directory Traversal

Laravel Log Viewer < 0.13.0 - Local File Download

LabF nfsAxe 3.7 - Privilege Escalation

Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow

24 .3.2018

Bugtraq

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Malware

 

Phishing

 

Vulnerebility

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

memcached Remote Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/59567

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103181

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102518

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2018-1068 Local Privilege Escalation Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103459

Linux Kernel 'drivers/net/wireless/mac80211_hwsim.c' Local Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103397

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103177

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-03-23
http://www.securityfocus.com/bid/103174

Open vSwitch CVE-2016-2074 Multiple Buffer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/85700

SIMATIC WinCC OA UI CVE-2018-4844 Access Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103475

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103468

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103488

Beckhoff TwinCAT CVE-2018-7502 Multiple Local Privilege Escalation Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103487

Linux Kernel CVE-2018-8822 Multiple Memory Corruption Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103476

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

SANS News

"Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence."

Threatpost

Senate Gives Nod To Controversial Cross-Border Data Access Bill

A Closer Look at APT Group Sofacy’s Latest Targets

Exploint

 

23 .3.2018

Bugtraq

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22
Matthew Hart (mhart atlassian com)

Malware

Win64/CoinMiner

JS/CoinMiner

Phishing

 

Vulnerebility

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

memcached Remote Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/59567

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103181

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102518

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2018-1068 Local Privilege Escalation Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103459

Linux Kernel 'drivers/net/wireless/mac80211_hwsim.c' Local Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103397

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103177

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-03-23
http://www.securityfocus.com/bid/103174

Open vSwitch CVE-2016-2074 Multiple Buffer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/85700

SIMATIC WinCC OA UI CVE-2018-4844 Access Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103475

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103468

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103488

Beckhoff TwinCAT CVE-2018-7502 Multiple Local Privilege Escalation Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103487

Linux Kernel CVE-2018-8822 Multiple Memory Corruption Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103476

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

SANS News

Extending Hunting Capabilities in Your Network

Threatpost

A Closer Look at APT Group Sofacy’s Latest Targets

Drupal Forewarns ‘Highly Critical’ Bug to be Patched Next Week

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Exploint

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting

XenForo 2 - CSS Loader Denial of Service

TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control...

Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)

Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )

Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak

Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service

WM Recorder 16.8.1 - Denial of Service

Dell EMC NetWorker - Denial of Service

Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read

Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure

22 .3.2018

Bugtraq

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22
Matthew Hart (mhart atlassian com)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

[SECURITY] [DSA 4147-1] polarssl security update 2018-03-21
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20
Moritz Muehlenhoff (jmm debian org)

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Advisories (advisories compass-security com) (1 replies)

Malware

Trojan.Fakeinstall

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102101

Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102038

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102056

Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102084

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102117

Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/101954

Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102110

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102716

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/103468

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102376

SANS News

Automatic Hunting for Malicous Files Crossing your Network

Threatpost

Netflix Opens Public Bug Bounty Program with $15K Payout Cap

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Experts Call Facebook’s Latest Controversy a Social Media ‘Breach Of Trust’

Exploint

 

21 .3.2018

Bugtraq

[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20
Moritz Muehlenhoff (jmm debian org)

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Advisories (advisories compass-security com) (1 replies)

Unsubscribe - Re: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Gary Frank (garoo7 hotmail com)

ES2018-05 Kamailio heap overflow 2018-03-20
Sandro Gauci (sandro enablesecurity com) (1 replies)

Unsubscribe - Re: ES2018-05 Kamailio heap overflow 2018-03-20
Gary Frank (garoo7 hotmail com)

[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4897

Exp.CVE-2018-4898

Exp.CVE-2018-4920

Exp.CVE-2018-4899

Exp.CVE-2018-4919

Exp.CVE-2018-4900

Exp.CVE-2018-4902

Exp.CVE-2018-4901

Exp.CVE-2018-4915

Exp.CVE-2018-4905

Exp.CVE-2018-4913

Exp.CVE-2018-4907

Exp.CVE-2018-4910

Exp.CVE-2018-4909

Exp.CVE-2018-4914

Exp.CVE-2018-4889

Exp.CVE-2018-4890

Exp.CVE-2018-4892

Exp.CVE-2018-4895

Exp.CVE-2018-4896

Exp.CVE-2018-4887

Exp.CVE-2018-4882

Exp.CVE-2018-4883

Exp.CVE-2018-4885

Exp.CVE-2018-4879

Exp.CVE-2018-4903

Exp.CVE-2018-4904

Exp.CVE-2018-4906

Exp.CVE-2018-4912

Exp.CVE-2018-4908

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102101

Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102038

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102056

Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102084

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102117

Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/101954

Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102110

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102716

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/103468

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102376

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102371

Siemens SIMATIC/SINUMERIK/PROFINET IO CVE-2018-4843 Denial of Service Vulnerability
2018-03-20
http://www.securityfocus.com/bid/103465

Bouncy Castle BKS-V1 CVE-2018-5382 Security Weakness
2018-03-19
http://www.securityfocus.com/bid/103453

SANS News

Surge in blackmailing?

Administrator's Password Bad Practice 

Threatpost

Telegram Ordered to Hand Over Encryption Keys to Russian Authorities

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident

A Mirai Botnet Postscript: Lessons Learned

Exploint

Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write...

Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege...
Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Cisco node-jos < 0.11.0 - Re-sign Tokens

Vehicle Sales Management System - Multiple Vulnerabilities

Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Cisco node-jos < 0.11.0 - Re-sign Tokens

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)

 

19 .3.2018

Bugtraq

[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17
Salvatore Bonaccorso (carnil debian org)

[slackware-security] libvorbis (SSA:2018-076-01) 2018-03-18
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4143-1] firefox-esr security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] mozilla-firefox (SSA:2018-075-01) 2018-03-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4144-1] openjdk-8 security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4141-1] libvorbisidec security update 2018-03-16
Salvatore Bonaccorso (carnil debian org)

Malware

Backdoor.Teawhy

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege...

Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege...

Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation

18 .3.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

[Wireshark-announce] Wireshark 2.5.1 is now available

Wireshark and USB

Threatpost

 

Exploint

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution

MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow

SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution

Contec Smart Home 4.15 - Unauthorized Password Reset

Android DRM Services - Buffer Overflow

16 .3.2018

Bugtraq

[SECURITY] [DSA 4139-1] firefox-esr security update 2018-03-15
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-074-01) 2018-03-16
Slackware Security Team (security slackware com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-03-15
Secunia Research (remove-vuln secunia com)

[SECURITY] [DSA 4138-1] mbedtls security update 2018-03-15
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4137-1] libvirt security update 2018-03-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4136-1] curl security update 2018-03-14
Alessandro Ghedini (ghedo debian org)

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) 2018-03-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

Backdoor.Ohlotus

W32.Xiaobaminer

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-18232 Local Denial of Service Vulnerability
2018-03-16
http://www.securityfocus.com/bid/103423

MikroTik RouterOS CVE-2018-7445 Buffer Overflow Vulnerability
2018-03-15
http://www.securityfocus.com/bid/103427

ZOHO ManageEngine Event LogAnalyzer CVE-2018-8721 HTML Injection Vulnerability
2018-03-15
http://www.securityfocus.com/bid/103424

IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103422

cURL/libcURL CVE-2018-1000121 Denial of Service Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103415

cURL/libcURL CVE-2018-1000120 Buffer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103414

spice-gtk CVE-2017-12194 Integer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103413

SANS News

 

Threatpost

Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws

GandCrab Ransomware Crooks Take Agile Development Approach

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

Iran-Linked Group ‘TEMP.Zagros’ Updates Tactics, Techniques In Latest Campaign

Exploint

15 .3.2018

Bugtraq

[SECURITY] [DSA 4137-1] libvirt security update 2018-03-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4136-1] curl security update 2018-03-14
Alessandro Ghedini (ghedo debian org)

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) 2018-03-14
SEC Consult Vulnerability Lab (research sec-consult com)

FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution 2018-03-14
FreeBSD Security Advisories (security-advisories freebsd org)

[slackware-security] mozilla-firefox (SSA:2018-072-01) 2018-03-13
Slackware Security Team (security slackware com)

Malware

Downloader.Miner

Phishing

 

Vulnerebility

cURL/libcURL CVE-2018-1000121 Denial of Service Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103415

cURL/libcURL CVE-2018-1000120 Buffer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103414

spice-gtk CVE-2017-12194 Integer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103413

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-14
http://www.securityfocus.com/bid/103409

SAP HANA CVE-2018-2369 Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/102997

GE Medical Devices CVE-2017-14002 Authentication Bypass Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103405

GE Medical Devices CVE-2017-14008 Authentication Bypass Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103400

OSIsoft PI Data Archive Privilege Escalation and Denial of Service Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103399

OSIsoft PI Web API Privilege Escalation and Cross Site Scripting Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103396

Adobe Dreamweaver CC CVE-2018-4924 OS Command Injection Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103395

Omron CX-Supervisor Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103394

Adobe Connect CVE-2018-4921 Arbitrary File Upload Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103393

Adobe Connect CVE-2018-4923 OS Command Injection Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103391

OSIsoft PI Vision Cross Site Scripting and Information Disclosure Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103390

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103388

Samba CVE-2018-1050 Remote Denial of Service Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103387

Mozilla Firefox MFSA2018-06 Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103386

Adobe Flash Player CVE-2018-4919 Use After Free Remote Code Execution Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103385

SANS News

SPECTRE and Meltdown To patch or not to patch?..and HOW (Guest Diary)

Threatpost

Hyperbole Swirls Around AMD Processor Security Threat

Iran-Linked Group ‘TEMP.Zagros’ Updates Tactics, Techniques In Latest Campaign

Exploint

Spring Data REST < 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) - PATCH Request Remote Code...

WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting

14 .3.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution 2018-03-14
FreeBSD Security Advisories (security-advisories freebsd org)

[slackware-security] mozilla-firefox (SSA:2018-072-01) 2018-03-13
Slackware Security Team (security slackware com)

[slackware-security] samba (SSA:2018-072-02) 2018-03-13
Slackware Security Team (security slackware com)

[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites 2018-03-13
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 4135-1] samba security update 2018-03-13
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-0872

Exp.CVE-2018-0874

Exp.CVE-2018-0889

Exp.CVE-2018-0893

Exp.CVE-2018-0930

Exp.CVE-2018-0933

Exp.CVE-2018-0934

Exp.CVE-2018-0817

Exp.CVE-2018-0877

Exp.CVE-2018-0880

Ransom.DataKeeper

Phishing

 

Vulnerebility

SAP HANA CVE-2018-2369 Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/102997

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103388

Samba CVE-2018-1050 Remote Denial of Service Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103387

Mozilla Firefox MFSA2018-06 Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103386

Adobe Flash Player CVE-2018-4919 Use After Free Remote Code Execution Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103385

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-03-13
http://www.securityfocus.com/bid/103384

SANS News

Malspam pushing Sigma ransomware

Microsoft March 2018 Patch Tuesday

Threatpost

Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update

Samba Patches Two Critical Vulnerabilities in Server Software

China-Linked APT15 Used Myriad of New Tools To Hack UK Government Contractor

Exploint

 

13 .3.2018

Bugtraq

[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites 2018-03-13
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 4135-1] samba security update 2018-03-13
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail 2018-03-12
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4134-1] util-linux security update 2018-03-10
Salvatore Bonaccorso (carnil debian org)

Malware

Ransom.Rapid

Phishing

 

Vulnerebility

SAP HANA CVE-2018-2369 Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/102997

REDWOOD Business Process Automation CVE-2018-2400 Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103375

REDWOOD Business Process Automation CVE-2018-2401 XML External Entity Injection Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103374

SAP Business Objects Business Intelligence Platform CVE-2018-2397 Cross Site Scripting Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103373

SAP Process Monitoring Infrastructure CVE-2018-2399 Cross Site Scripting Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103372

REDWOOD Business Process Automation CVE-2018-2366 Directory Traversal Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103371

SAP NetWeaver Business Client CVE-2018-2398 Unspecified Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103370

SAP HANA CVE-2018-2402 Information Disclosure Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103369

Microsoft SharePoint Server CVE-2018-0910 Remote Privilege Escalation Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103280

Microsoft SharePoint Server CVE-2018-0909 Remote Privilege Escalation Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103279

Microsoft ChakraCore Scripting Engine CVE-2018-0936 Remote Memory Corruption Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103270

Microsoft ChakraCore Scripting Engine CVE-2018-0874 Remote Memory Corruption Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103269

Microsoft ChakraCore Scripting Engine CVE-2018-0873 Remote Memory Corruption Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103268

Microsoft ChakraCore Scripting Engine CVE-2018-0872 Remote Memory Corruption Vulnerability
2018-03-13
http://www.securityfocus.com/bid/103267

Cisco Secure Access Control System CVE-2018-0147 Deserialization Remote Code Execution Vulnerability
2018-03-12
http://www.securityfocus.com/bid/103328

Samba CVE-2018-1057 Remote Security Bypass Vulnerability
2018-03-12
http://www.securityfocus.com/bid/103382

Linux Kernel 'fs/ocfs2/aops.c' Local Denial of Service Vulnerability
2018-03-11
http://www.securityfocus.com/bid/103353

SANS News

How did it all start? Early Memcached DDoS Attack Precursors and Ransom Notes

Threatpost

CCleaner Attackers Intended To Deploy Keylogger In Third Stage

Exploint

Tuleap 9.17.99.189 - Blind SQL Injection

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution

MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution

Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)

DEWESoft X3 SP1 (64-bit) - Remote Command Execution

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution

SC 7.16 - Stack-Based Buffer Overflow

Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)

12 .3.2018

Bugtraq

[SECURITY] [DSA 4134-1] util-linux security update 2018-03-10
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] 2018-03-08
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

 

Vulnerebility

Cisco Secure Access Control System CVE-2018-0147 Deserialization Remote Code Execution Vulnerability
2018-03-12
http://www.securityfocus.com/bid/103328

Linux Kernel 'fs/ocfs2/aops.c' Local Denial of Service Vulnerability
2018-03-11
http://www.securityfocus.com/bid/103353

Zsh 'exec.c:hashcmd()' Function Local Denial of Service Vulnerability
2018-03-09
http://www.securityfocus.com/bid/103359

SANS News

Payload delivery via SMB

Threatpost

 

Exploint

Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)

DEWESoft X3 SP1 (64-bit) - Remote Command Execution

Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution

TextPattern 4.6.2 - 'qty' SQL Injection

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)

SC 7.16 - Stack-Based Buffer Overflow

11 .3.2018

Bugtraq

[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Cyber Espionage Campaign ‘Slingshot’ Targets Victims Via Routers

Exploint

 

8 .3.2018

Bugtraq

[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] 2018-03-08
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4133-1] isc-dhcp security update 2018-03-07
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec 2018-03-07
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)

Malware

Win32/XeyoRat.C

Phishing

 

Vulnerebility

GraphicsMagick CVE-2017-18219 Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103258

Cisco Identity Services Engine CVE-2018-0221 Local Command Injection Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103347

Cisco StarOS for ASR 5000 Series Routers CVE-2018-0217 Local Command Injection Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103346

Cisco Secure Access Control Server XML External Entity Information Disclosure Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103345

Cisco StarOS for ASR 5000 Series Routers CVE-2018-0224 Local Command Injection Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103344

Cisco Secure Access Control Server XML External Entity Information Disclosure Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103343

Cisco Videoscape AnyRes Live CVE-2018-0220 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103342

Cisco Security Manager CVE-2018-0223 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103341

Cisco Registered Envelope Service CVE-2018-0208 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103337

Cisco Identity Services Engine CVE-2018-0216 Cross Site Request Forgery Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103336

Cisco Data Center Network Manager CVE-2018-0210 Cross Site Request Forgery Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103335

Cisco Identity Services Engine CVE-2018-0211 Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103334

Cisco Identity Services Engine CVE-2018-0212 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103333

Cisco Identity Services Engine CVE-2018-0213 Privilege Escalation Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103332

Cisco Identity Services Engine CVE-2018-0214 Local Command Injection Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103331

Cisco Prime Collaboration Provisioning Hardcoded Credentials Local Security Bypass Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103329

Cisco Secure Access Control System CVE-2018-0147 Deserialization Remote Code Execution Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103328

Cisco Prime Data Center Network Manager CVE-2018-0144 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103327

Cisco Unified Computing System (UCS) Director CVE-2018-0219 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103326

Cisco Identity Services Engine CVE-2018-0215 Cross Site Request Forgery Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103324

Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103316

Linux Kernel 'fs/ocfs2/cluster/nodemanager.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103278

Linux Kernel 'drivers/net/ethernet/hisilicon/hns/hns_enet.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103277

Multiple Belden Products Multiple Security Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103340

Multiple Schneider Electric Products CVE-2018-7239 DLL Loading Local Code Execution Vulnerability
2018-03-06
http://www.securityfocus.com/bid/103338

Eaton ELCSoft Programming Software CVE-2018-7511 Multiple Buffer Overflow Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103301

Google Chrome Prior to 65.0.3325.146 Multiple Security Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103297

EMC RSA Archer GRC Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103319

Multiple EMC Products CVE-2018-1182 Local Privilege Escalation Vulnerability
2018-03-05
http://www.securityfocus.com/bid/103317

Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103292

SANS News

Apache SOLR: the new target for cryptominers

Threatpost

Security Camera Found Riddled With Bugs

Vulnerability in Robots Can Lead To Costly Ransomware Attacks

Olympic Destroyer: A False Flag Confusion Bomb

Exploint

Bacula-Web < 8.0.0-rc2 - SQL Injection

WebLog Expert Enterprise 9.4 - Authentication Bypass

WebLog Expert Enterprise 9.4 - Denial of Service

Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of...

8 .3.2018

Bugtraq

[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] 2018-03-08
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4133-1] isc-dhcp security update 2018-03-07
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec 2018-03-07
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

GraphicsMagick CVE-2017-18219 Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103258

Cisco Prime Collaboration Provisioning Hardcoded Credentials Local Security Bypass Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103329

Cisco Secure Access Control System CVE-2018-0147 Deserialization Remote Code Execution Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103328

Cisco Prime Data Center Network Manager CVE-2018-0144 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103327

Cisco Unified Computing System (UCS) Director CVE-2018-0219 Cross Site Scripting Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103326

Cisco Identity Services Engine CVE-2018-0215 Cross Site Request Forgery Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103324

Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103316

Linux Kernel 'fs/ocfs2/cluster/nodemanager.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103278

Linux Kernel 'drivers/net/ethernet/hisilicon/hns/hns_enet.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103277

Eaton ELCSoft Programming Software CVE-2018-7511 Multiple Buffer Overflow Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103301

Google Chrome Prior to 65.0.3325.146 Multiple Security Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103297

EMC RSA Archer GRC Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103319

Multiple EMC Products CVE-2018-1182 Local Privilege Escalation Vulnerability
2018-03-05
http://www.securityfocus.com/bid/103317

Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103292

Google Android NVIDIA Components Multiple Privilege Escalation Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103286

Google Android Kernel Components CVE-2017-16529 Information Disclosure Vulnerability
2018-03-05
http://www.securityfocus.com/bid/103284

GraphicsMagick CVE-2017-18220 Multiple Denial of Service Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103276

Google Android Media framework Multiple Remote Code Execution Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103255

Google Android Qualcomm Component Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103254

Google Android System Component Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103253

SANS News

CRIMEB4NK IRC Bot

Threatpost

Lookout: Dark Caracal Points To APT Actors Moving To Mobile Targets

Exploint

antMan 0.9.0c - Authentication Bypass

Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection

7 .3.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec 2018-03-07
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)

DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Oldishell

VBS.Tendnob

Trojan.Udpos

Downloader.Powload

Backdoor.Mogefla

Trojan.Shminer

Trojan.Minjen

Win32/XeyoRat.A

Win32/XeyoRat.B

Phishing

 

Vulnerebility

GraphicsMagick CVE-2017-18219 Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103258

Linux Kernel 'fs/ocfs2/cluster/nodemanager.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103278

Linux Kernel 'drivers/net/ethernet/hisilicon/hns/hns_enet.c' Local Denial of Service Vulnerability
2018-03-07
http://www.securityfocus.com/bid/103277

Eaton ELCSoft Programming Software CVE-2018-7511 Multiple Buffer Overflow Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103301

Google Chrome Prior to 65.0.3325.146 Multiple Security Vulnerabilities
2018-03-06
http://www.securityfocus.com/bid/103297

Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103292

Google Android NVIDIA Components Multiple Privilege Escalation Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103286

Google Android Kernel Components CVE-2017-16529 Information Disclosure Vulnerability
2018-03-05
http://www.securityfocus.com/bid/103284

GraphicsMagick CVE-2017-18220 Multiple Denial of Service Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103276

Google Android Media framework Multiple Remote Code Execution Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103255

Google Android Qualcomm Component Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103254

Google Android System Component Multiple Security Vulnerabilities
2018-03-05
http://www.securityfocus.com/bid/103253

Red Hat '389-ds-base' CVE-2018-1054 Remote Denial of Service Vulnerability
2018-03-05
http://www.securityfocus.com/bid/103228

SANS News

Ransomware news: GlobeImposter gets a facelift, GandCrab is still out there

Threatpost

POS Malware Found at 160 Applebee’s Restaurant Locations

IoT Security Disconnect: As Attacks Spike, Device Patching Still Lags

Exploint

Bravo Tejari Web Portal - Cross-Site Request Forgery

Memcached - 'memcrashed' Denial of Service

antMan 0.9.0c - Authentication Bypass

Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection

Bravo Tejari Web Portal - Cross-Site Request Forgery

6 .3.2018

Bugtraq

DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

The joys of changing Privacy Laws

Threatpost

IoT Security Disconnect: As Attacks Spike, Device Patching Still Lags

Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months

Exploint

Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read

Chrome V8 JIT - 'GetSpecializationContext' Type Confusion

Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype...

Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement...

Softros Network Time System Server 2.3.4 - Denial of Service

Memcached - 'memcrashed' Denial of Service

Bravo Tejari Web Portal - Cross-Site Request Forgery

5 .3.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

The Crypto Miners Fight For CPU Cycles

Malicious Bash Script with Multiple Features

Threatpost

 

Exploint

NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)

ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection

Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation

Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow

Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit

ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions Suricata < 4.0.4 - IDS Detection Bypass

4 .3.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-02
http://www.securityfocus.com/bid/102376

GNU libcdio 'iso-info.c' Denial of Service Vulnerability
2018-03-02
http://www.securityfocus.com/bid/103200

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-03-01
http://www.securityfocus.com/bid/103204

Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
2018-03-01
http://www.securityfocus.com/bid/103201

Delta Industrial Automation DOPSoft CVE-2018-5476 Stack Based Buffer Overflow Vulnerability
2018-03-01
http://www.securityfocus.com/bid/103195

Xen 'xen/arch/x86/domain.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103175

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-02-28
http://www.securityfocus.com/bid/103174

SANS News

Reminder: Beware of the "Cloud"

Threatpost

Equifax Adds 2.4 Million More People to List of Those Impacted By 2017 Breach

Bug in HP Remote Management Tool Leaves Servers Open to Attack

Exploint

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution

uWSGI < 2.0.17 - Directory Traversal

D-Link DIR-600M Wireless - Cross-Site Scripting

DualDesk 20 - 'Proxy.exe' Denial of Service SEGGER embOS/IP FTP Server 3.22 - Denial of Service

2 .3.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Delta Industrial Automation DOPSoft CVE-2018-5476 Stack Based Buffer Overflow Vulnerability
2018-03-01
http://www.securityfocus.com/bid/103195

Xen 'xen/arch/x86/domain.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103175

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-02-28
http://www.securityfocus.com/bid/103174

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103177

ISC BIND CVE-2018-5734 Remote Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103189

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103188

ISC DHCP CVE-2018-5732 Remote Buffer Overflow Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103187

SANS News

Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?

Common Patterns Used in Phishing Campaigns Files

Threatpost

Sophisticated RedDrop Malware Targets Android Phones

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Exploint

D-Link DIR-600M Wireless - Cross-Site Scripting

IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)

IrfanView 4.44 Email Plugin - Buffer Overflow (SEH)

SEGGER embOS/IP FTP Server 3.22 - Denial of Service

1 .3.2018

Bugtraq

[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28
cyber-psrt microfocus com

Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28
Secunia Research (remove-vuln secunia com)

SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com

SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

Malware

 

Phishing

 

Vulnerebility

Xen 'xen/arch/x86/domain.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103175

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-02-28
http://www.securityfocus.com/bid/103174

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103177

ISC BIND CVE-2018-5734 Remote Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103189

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103188

ISC DHCP CVE-2018-5732 Remote Buffer Overflow Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103187

Citrix NetScaler ADC and NetScaler Gateway CVE-2018-5314 Authentication Bypass Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103186

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-02-27
http://www.securityfocus.com/bid/103192

SANS News

Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?

Threatpost

Massive Malspam Campaign Targets Unpatched Systems

Exploint

Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)

Routers2 2.24 - Cross-Site Scripting

Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption

Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)

28 .2.2018

Bugtraq

SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com

SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

Malware

Win32/Talkhib.A

Phishing

 

Vulnerebility

Xen 'xen/arch/x86/domain.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103175

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-02-28
http://www.securityfocus.com/bid/103174

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-02-28
http://www.securityfocus.com/bid/103177

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability
2018-02-27
http://www.securityfocus.com/bid/103181

Emerson ControlWave Micro Process Automation Controller Stack Based Buffer Overflow Vulnerability
2018-02-27
http://www.securityfocus.com/bid/103180

Delta Electronics WPLSoft Multiple Security Vulnerabilities
2018-02-27
http://www.securityfocus.com/bid/103179

Duo Network Gateway CVE-2018-7340 Authentication Bypass Vulnerability
2018-02-27
http://www.securityfocus.com/bid/103178

Multiple SAML Libraries Multiple Authentication Bypass Vulnerabilities
2018-02-27
http://www.securityfocus.com/bid/103172

SANS News

How did this Memcache thing happen?

Threatpost

WordPress Users Warned of Malware Masquerading as ionCube Files

Remote Code Execution Bug Patched in Adobe Acrobat Reader DC

Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database

Exploint

GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)

Concrete5 < 8.3.0 - Username / Comments Enumeration

CMS Made Simple 2.1.6 - Remote Code Execution

School Management Script 3.0.4 - Authentication Bypass

Joomla! Component K2 2.8.0 - Arbitrary File Download

MyBB My Arcade Plugin 1.3 - Cross-Site Scripting

Schools Alert Management Script 2.0.2 - Authentication Bypass

Sony Playstation 4 4.55 FW - Local Kernel

Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service

Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption

Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service

Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service

Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service

27 .2.2018

Bugtraq

SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26
Sandro Gauci (sandro enablesecurity com)

CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con

[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel 'mm/oom_kill.c' Local Denial of Service Vulnerability
2018-02-27
http://www.securityfocus.com/bid/103161

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102376

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102371

Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities
2018-02-26
http://www.securityfocus.com/bid/103115

Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities
2018-02-26
http://www.securityfocus.com/bid/103117

Linux Kernel 'fs/f2fs/extent_cache.c' Local Denial of Service Vulnerability
2018-02-26
http://www.securityfocus.com/bid/103147

Wireshark DOCSIS Dissector CVE-2018-7337 Denial of Service Vulnerability
2018-02-23
http://www.securityfocus.com/bid/103164

SANS News

Malspam pushing Formbook info stealer

Threatpost

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Exploint

Sony Playstation 4 4.55 FW - Local Kernel

Chrome V8 - 'TranslatedState::MaterializeCapturedObjectAt' Type Confusion

Chrome V8 - 'PropertyArray' Integer Overflow

transmission - Integer Overflows Parsing Torrent Files

26 .2.2018

Bugtraq

CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con

[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com

Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)

[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102376

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-02-26
http://www.securityfocus.com/bid/102371

Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities
2018-02-26
http://www.securityfocus.com/bid/103115

Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities
2018-02-26
http://www.securityfocus.com/bid/103117

Linux Kernel 'fs/f2fs/extent_cache.c' Local Denial of Service Vulnerability
2018-02-26
http://www.securityfocus.com/bid/103147

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-02-23
http://www.securityfocus.com/bid/103144

Apple iOS/tvOS/macOS CVE-2017-7154 Local Security Bypass Vulnerability
2018-02-23
http://www.securityfocus.com/bid/103134

SANS News

Retrieving malware over Tor on Windows

Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes

Threatpost

 

Exploint

AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit)

CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit)

Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)

25 .2.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Blackhole Advertising Sites with Pi-hole

Threatpost

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

FBI Warns of Spike in W-2 Phishing Campaigns

Exploint

 

23.2.2018

Bugtraq

[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com

Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)

[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)

[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)

DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)

Malware

 

Phishing

 

Vulnerebility

Apple iOS/tvOS/macOS CVE-2017-7154 Local Security Bypass Vulnerability
2018-02-23
http://www.securityfocus.com/bid/103134

Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
2018-02-21
http://www.securityfocus.com/bid/103080

Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability
2018-02-21
http://www.securityfocus.com/bid/103133

Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability
2018-02-21
http://www.securityfocus.com/bid/103132

Cisco Data Center Analytics Framework CVE-2018-0145 Cross Site Scripting Vulnerability
2018-02-21
http://www.securityfocus.com/bid/103131

Multiple Asterisk Products CVE-2018-7286 Denial of Service Vulnerability
2018-02-21
http://www.securityfocus.com/bid/103129

SANS News

CIS Controls Version 7

Threatpost

Cryptojacking Attack Found on Los Angeles Times Website

Exploint

Groupon Clone Script 3.0.2 - Cross-Site Scripting

Alibaba Clone Script 1.0.2 - Cross-Site Scripting

Learning and Examination Management System - Cross-Site Scripting

Armadito Antivirus 0.12.7.2 - Detection Bypass

22.2.2018

Bugtraq

[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)

[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)

DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)

Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com

Malware

 

Phishing

 

Vulnerebility

Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
2018-02-21
http://www.securityfocus.com/bid/103080

Juniper Junos J-Web Interface CVE-2018-0001 Remote Code Execution Vulnerability
2018-02-21
http://www.securityfocus.com/bid/103092

Apple iOS/WatchOS/macOS/tvOS CVE-2018-4124 Denial of Service Vulnerability
2018-02-20
http://www.securityfocus.com/bid/103066

ABB netCADOPS Web Application CVE-2018-5477 Information Disclosure Vulnerability
2018-02-20
http://www.securityfocus.com/bid/103089

Linux Kernel 'drivers/block/floppy.c' Local Security Bypass Vulnerability
2018-02-20
http://www.securityfocus.com/bid/103088

Yab Quarx CVE-2018-7274 Multiple HTML Injection Vulnerabilities
2018-02-20
http://www.securityfocus.com/bid/103081

Google Chrome CVE-2018-6056 Remote Security Vulnerability
2018-02-19
http://www.securityfocus.com/bid/103003

Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102938

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102765

Atlassian FishEye and Crucible CVE-2017-18093 Cross Site Scripting Vulnerability
2018-02-19
http://www.securityfocus.com/bid/103095

SANS News

Passwords Part 2 - Passwords off the Wire using LLMNR

Threatpost

uTorrent Users Warned of Remote Code Execution Vulnerability

New BEC Spam Campaign Targets Fortune 500 Businesses

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

Exploint

Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)

Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH)

EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow

Wavpack 5.1.0 - Denial of Service

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection

Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload

Joomla! Component CheckList 1.1.1 - SQL Injection

Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection

Joomla! Component Ek Rishta 2.9 - SQL Injection

Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection

NoMachine x64 < 6.0.80 - 'nxfuse' Privilege Escalation

NoMachine x86 < 6.0.80 - 'nxfuse' Privilege Escalation

21.2.2018

Bugtraq

Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com

Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)

Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com

Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

8-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4119-1] libav security update 2018-02-19
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
2018-02-21
http://www.securityfocus.com/bid/103080

Apple iOS/WatchOS/macOS/tvOS CVE-2018-4124 Denial of Service Vulnerability
2018-02-20
http://www.securityfocus.com/bid/103066

Yab Quarx CVE-2018-7274 Multiple HTML Injection Vulnerabilities
2018-02-20
http://www.securityfocus.com/bid/103081

Google Chrome CVE-2018-6056 Remote Security Vulnerability
2018-02-19
http://www.securityfocus.com/bid/103003

Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102938

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102765

SANS News

Should We Call it Quits for Passwords? Or, "Password Spraying for the Win!"

Threatpost

Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

Exploint

utorrent - JSON-RPC Remote Code Execution / Information Disclosure

20.2.2018

Bugtraq

Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4119-1] libav security update 2018-02-19
Moritz Muehlenhoff (jmm debian org)

Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18
displaymyname gmail com

[SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17
Salvatore Bonaccorso (carnil debian org)

Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17
displaymyname gmail com

Malware

Win32/Tomyjery.A

Win32/TrojanDownloader.Agent.DVC

Phishing

 

Vulnerebility

Apple iOS/WatchOS/macOS/tvOS CVE-2018-4124 Denial of Service Vulnerability
2018-02-20
http://www.securityfocus.com/bid/103066

Google Chrome CVE-2018-6056 Remote Security Vulnerability
2018-02-19
http://www.securityfocus.com/bid/103003

Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102938

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102765

GNU Binutils CVE-2018-7208 Remote Denial of Service Vulnerability
2018-02-17
http://www.securityfocus.com/bid/103077

SANS News

Analyzing MSI files

Statically Unpacking a Brazilian Banker Malware

Threatpost

 

Exploint

utorrent - JSON-RPC Remote Code Execution / Information Disclosure

Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege...

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation

Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous...

Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege

Microsoft Internet Explorer 11 - 'Js::RegexHelper::RegexReplace' Use-After-Free

Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure

MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit)

19.2.2018

Bugtraq

Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18
displaymyname gmail com

[SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17
Salvatore Bonaccorso (carnil debian org)

Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17
displaymyname gmail com

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102938

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-02-19
http://www.securityfocus.com/bid/102765

Dell EMC Isilon OneFS Multiple Security Vulnerabilities
2018-02-16
http://www.securityfocus.com/bid/103033

General Electric D60 Line Distance Relay Multiple Buffer Overflow Vulnerabilities
2018-02-15
http://www.securityfocus.com/bid/103054

SANS News

Finding VBA signatures in .docm files

Threatpost

 

Exploint

Aastra 6755i SIP SP4 - Denial of Service

October CMS < 1.0.431 - Cross-Site Scripting

Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) +...

17.2.2018

Bugtraq

[slackware-security] irssi (SSA:2018-046-01) 2018-02-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4115-1] quagga security update 2018-02-15
Salvatore Bonaccorso (carnil debian org)

Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malware Delivered via Windows Installer Files

Threatpost

Apple Rushes Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

Exploint

Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting

PSNews Website 1.0.0 - 'Keywords' SQL Injection

PHIMS - Hospital Management Information System - 'Password' SQL Injection

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

JBoss Remoting 6.14.18 - Denial of Service

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass

16.2.2018

Bugtraq

[slackware-security] irssi (SSA:2018-046-01) 2018-02-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4115-1] quagga security update 2018-02-15
Salvatore Bonaccorso (carnil debian org)

Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)

Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)

[SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4113-1] libvorbis security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4112-1] xen security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

PayPal

15th February 2018

Your account Has Been locked !

Vulnerebility

Dell EMC Isilon OneFS Multiple Security Vulnerabilities
2018-02-16
http://www.securityfocus.com/bid/103033

Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability
2018-02-15
http://www.securityfocus.com/bid/103028

Jenkins CVE-2018-6356 Directory Traversal Vulnerability
2018-02-14
http://www.securityfocus.com/bid/103037

Microsoft Windows StructuredQuery CVE-2018-0825 Remote Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102920

Microsoft Windows Named Pipe File System CVE-2018-0823 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102919

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102376

Microsoft Internet Explorer Scripting Engine CVE-2018-0866 Remote Memory Corruption Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103032

Schneider Electric IGSS SCADA Software CVE-2017-9967 Local Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103022

SAP Internet Graphics Server CVE-2018-2395 Unspecified Memory Corruption Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103019

SAP HANA Extended Application Services CVE-2018-2374 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103018

SAP ERP CVE-2018-2381 Remote Authorization Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103010

Trixbox CVE-2017-14536 Multiple Cross Site Scripting Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/103009

Trixbox CVE-2017-14537 Multiple Directory Traversal Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/103007

SAP ABAP File Interface CVE-2018-2367 Directory Traversal Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103006

SAP NetWeaver CVE-2018-2371 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103005

Google Chrome CVE-2018-6056 Remote Security Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103003

SAP Customer Relationship Management (CRM) WebClient UI Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103002

SAP Customer Relationship Management CVE-2018-2380 Directory Traversal Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103001

SAP NetWeaver System Landscape Directory CVE-2018-2368 Authentication Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103000

SAP NetWeaver CVE-2018-2365 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102999

SAP BI Launchpad CVE-2018-2370 SSRF Security Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102998

SAP HANA CVE-2018-2369 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102997

Adobe Acrobat and Reader APSB18-02 Out of Bounds Read Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102996

Adobe Acrobat and Reader Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102995

Adobe Acrobat and Reader APSB18-02 Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102994

Adobe Acrobat and Reader CVE-2018-4872 Remote Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102993

Adobe Acrobat and Reader APSB18-02 Multiple Heap Buffer Overflow Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102992

SANS News

 

Threatpost

Intel Expands Bug Bounty Program Post-Spectre and Meltdown

Reported Critical Vulnerabilities In Microsoft Software On the Rise

Exploint

EPIC MyChart - SQL Injection

ABRT - raceabrt Privilege Escalation(Metasploit)

Joomla! Component Gallery WD 1.3.6 - SQL Injection

Joomla! Component Form Maker 3.6.12 - SQL Injection

Joomla! Component File Download Tracker 3.0 - SQL Injection

Joomla! Component Fastball 2.5 - 'season' SQL Injection

Joomla! Component DT Register 3.2.7 - 'id' SQL Injection

Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection

Joomla! Component Aist 2.0 - 'id' SQL Injection

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

JBoss Remoting 6.14.18 - Denial of Service

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass

15.2.2018

Bugtraq

[SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4113-1] libvorbis security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4112-1] xen security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)

NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14
apparitionsec gmail com

Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13
cyber-psrt microfocus com

CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)

Malware

 

Phishing

 

Vulnerebility

Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability
2018-02-15
http://www.securityfocus.com/bid/103028

Dell EMC Isilon OneFS Multiple Security Vulnerabilities
2018-02-14
http://www.securityfocus.com/bid/103033

Microsoft Windows StructuredQuery CVE-2018-0825 Remote Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102920

Microsoft Windows Named Pipe File System CVE-2018-0823 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102919

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102376

Microsoft Internet Explorer Scripting Engine CVE-2018-0866 Remote Memory Corruption Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103032

Schneider Electric IGSS SCADA Software CVE-2017-9967 Local Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103022

SAP Internet Graphics Server CVE-2018-2395 Unspecified Memory Corruption Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103019

SAP HANA Extended Application Services CVE-2018-2374 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103018

SAP ERP CVE-2018-2381 Remote Authorization Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103010

Trixbox CVE-2017-14536 Multiple Cross Site Scripting Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/103009

Trixbox CVE-2017-14537 Multiple Directory Traversal Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/103007

SAP ABAP File Interface CVE-2018-2367 Directory Traversal Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103006

SAP NetWeaver CVE-2018-2371 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103005

Google Chrome CVE-2018-6056 Remote Security Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103003

SAP Customer Relationship Management (CRM) WebClient UI Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103002

SAP Customer Relationship Management CVE-2018-2380 Directory Traversal Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103001

SAP NetWeaver System Landscape Directory CVE-2018-2368 Authentication Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/103000

SAP NetWeaver CVE-2018-2365 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102999

SAP BI Launchpad CVE-2018-2370 SSRF Security Bypass Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102998

SAP HANA CVE-2018-2369 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102997

Adobe Acrobat and Reader APSB18-02 Out of Bounds Read Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102996

Adobe Acrobat and Reader Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102995

Adobe Acrobat and Reader APSB18-02 Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102994

Adobe Acrobat and Reader CVE-2018-4872 Remote Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102993

Adobe Acrobat and Reader APSB18-02 Multiple Heap Buffer Overflow Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102992

Adobe Experience Manager CVE-2018-4875 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102991

SANS News

 

Threatpost

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems

Researchers Find New Twists In ‘Olympic Destroyer’ Malware

Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Exploint

Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow

Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace

Pdfium - Pattern Shading Integer Overflows

Microsoft Edge Chakra JIT - 'LdThis' Type Confusion

Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion

Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions

Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass

Microsoft Edge Chakra JIT - Memory Corruption

Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly...

GNU binutils 2.26.1 - Integer Overflow (PoC)

Dell EMC Isilon OneFS - Multiple Vulnerabilities

userSpice 4.3 - Cross-Site Scripting

SOA School Management - 'access_login' SQL Injection

Social Oauth Login PHP - Authentication Bypass

GNU binutils 2.26.1 - Integer Overflow (POC)

14.2.2018

Bugtraq

Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13
cyber-psrt microfocus com

CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4111-2] libreoffice security update 2018-02-12
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12
security-alert hpe com

CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12
apparitionsec gmail com

[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-0841

Exp.CVE-2018-0742

Exp.CVE-2018-0756

Exp.CVE-2018-0842

Exp.CVE-2018-0834

Exp.CVE-2018-0835

Exp.CVE-2018-0837

Exp.CVE-2018-0838

Exp.CVE-2018-0840

Exp.CVE-2018-0858

Exp.CVE-2018-0860

Phishing

iTunes - Order Confirmation

13th February 2018

Confirmation Purchase Order
Bigo Live, 1550 Diamond
#7152022

Vulnerebility

Microsoft Windows StructuredQuery CVE-2018-0825 Remote Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102920

Microsoft Windows Named Pipe File System CVE-2018-0823 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102919

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102376

Adobe Acrobat and Reader APSB18-02 Out of Bounds Read Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102996

Adobe Acrobat and Reader Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102995

Adobe Acrobat and Reader APSB18-02 Multiple Remote Code Execution Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102994

Adobe Acrobat and Reader CVE-2018-4872 Remote Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102993

Adobe Acrobat and Reader APSB18-02 Multiple Heap Buffer Overflow Vulnerabilities
2018-02-13
http://www.securityfocus.com/bid/102992

Adobe Experience Manager CVE-2018-4875 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102991

Adobe Experience Manager CVE-2018-4876 Cross Site Scripting Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102990

Microsoft SharePoint Server CVE-2018-0869 Remote Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102963

Microsoft SharePoint Server CVE-2018-0864 Remote Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102962

Microsoft Excel CVE-2018-0841 Remote Code Execution Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102957

Microsoft Windows CVE-2018-0760 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102953

Microsoft Windows CVE-2018-0761 Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102952

Microsoft Windows Kernel CVE-2018-0843 Local Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102951

Microsoft Windows Kernel CVE-2018-0830 Local Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102949

Microsoft Windows Kernel CVE-2018-0829 Local Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102948

Microsoft Windows Kernel CVE-2018-0757 Local Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102947

Microsoft Windows CVE-2018-0842 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102946

Microsoft Windows Kernel CVE-2018-0820 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102945

Microsoft Windows CVE-2018-0826 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102944

Microsoft Windows Kernel CVE-2018-0831 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102943

Microsoft Windows CVE-2018-0822 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102942

Microsoft Windows Kernel CVE-2018-0756 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102941

Microsoft Windows CVE-2018-0821 Local Privilege Escalation Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102939

Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-13
http://www.securityfocus.com/bid/102938

SANS News

February 2018 Microsoft (and Adobe) Patch Tuesday

Threatpost

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update

Venerable Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Exploint

NAT32 2.2 Build 22284 - Cross-Site Request Forgery

NAT32 2.2 Build 22284 - Remote Command Execution

13.2.2018

Bugtraq

CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4111-2] libreoffice security update 2018-02-12
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12
security-alert hpe com

CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12
apparitionsec gmail com

[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4109-1] ruby-omniauth security update 2018-02-10
Luciano Bello (luciano debian org)

Malware

Trojan.Olydestroy

OSX.Coinminer

W97M.Jelous

Downloader.Jelous

Phishing

 

Vulnerebility

Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
2018-02-12
http://www.securityfocus.com/bid/102910

phpMyAdmin Cross Site Request Forgery Vulnerability
2018-02-09
http://www.securityfocus.com/bid/102271

Microsoft Internet Information Services CVE-2014-8985 Security Bypass Vulnerability
2018-02-09
http://www.securityfocus.com/bid/70937

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-02-08
http://www.securityfocus.com/bid/102371

GraphicsMagick CVE-2018-6799 Denial of Service Vulnerability
2018-02-08
http://www.securityfocus.com/bid/102981

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102930

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102893

Cisco Firepower System Software CVE-2018-0138 Remote Security Bypass Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102978

Cisco IOS XR Software CVE-2018-0132 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102975

Cisco Virtualized Packet Core-Distributed Instance CVE-2018-0117 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102970

Multiple Cisco Wireless VPN Routers CVE-2018-0127 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102969

Cisco Policy Suite CVE-2018-0116 Authentication Bypass Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102968

Cisco IOS and IOS XE Software CVE-2018-0123 Local Arbitrary File Overwrite Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102967

Cisco UCS Central Software CVE-2018-0113 Remote Command Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102966

Cisco Unified Communications Manager CVE-2018-0198 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102965

Cisco Unified Communications Manager CVE-2018-0135 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102964

Cisco Spark CVE-2018-0119 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102961

Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102960

Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102959

SANS News

 

Threatpost

‘Olympic Destroyer’ Malware Behind Winter Olympics Cyberattack, Researchers Say

Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Exploint

LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure

glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)

glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)

Juju-run Agent - Privilege Escalation (Metasploit)

Advantech WebAccess 8.3.0 - Remote Code Execution

CloudMe Sync < 1.11.0 - Buffer Overflow

News Website Script 2.0.4 - 'search' SQL Injection

TypeSetter CMS 5.1 - Cross-Site Request Forgery

TypeSetter CMS 5.1 - 'Host' Header Injection

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

12.2.2018

Bugtraq

[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4109-1] ruby-omniauth security update 2018-02-10
Luciano Bello (luciano debian org)

KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4110-1] exim4 security update 2018-02-10
Salvatore Bonaccorso (carnil debian org)

Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09
Stefan Kanthak (stefan kanthak nexgo de)

KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)

Malware

 

Phishing

Apple

11th February 2018

[APPLE LOCKED #CASE 800000947]
VERIFICATION REQUEST

Support Account

8th February 2018

[REMINDER] : YOUR APPLE ID WAS
JUST MAKE PURCHASES VIA ITUNES
STORES

Vulnerebility

 

SANS News

Analyzing compressed shellcode

Threatpost

 

Exploint

 

11.2.2018

Bugtraq

[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)

Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09
David Black (dblack atlassian com)

[SECURITY] [DSA 4105-2] mpv security update 2018-02-09
Luciaon Bello (luciano debian org)

SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07

Malware

Win64/Vools.B

Python/Filecoder.BA

Win32/Agent.WBI

Win32/ZinoCrypt.A

Win32/Filecoder.Sigma.A

Win32/Filecoder.GandCrab.A

Win64/Gadoopt.AA

Phishing

Support Account

8th February 2018

[REMINDER] : YOUR APPLE ID WAS
JUST MAKE PURCHASES VIA ITUNES
STORES

Bank of America

7th February 2018

Security Validation Alert

Vulnerebility

phpMyAdmin Cross Site Request Forgery Vulnerability
2018-02-09
http://www.securityfocus.com/bid/102271

Microsoft Internet Information Services CVE-2014-8985 Security Bypass Vulnerability
2018-02-09
http://www.securityfocus.com/bid/70937

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-02-08
http://www.securityfocus.com/bid/102371

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102930

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102893

Cisco Virtualized Packet Core-Distributed Instance CVE-2018-0117 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102970

Multiple Cisco Wireless VPN Routers CVE-2018-0127 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102969

Cisco Policy Suite CVE-2018-0116 Authentication Bypass Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102968

Cisco IOS and IOS XE Software CVE-2018-0123 Local Arbitrary File Overwrite Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102967

Cisco UCS Central Software CVE-2018-0113 Remote Command Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102966

Cisco Unified Communications Manager CVE-2018-0198 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102965

Cisco Unified Communications Manager CVE-2018-0135 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102964

Cisco Spark CVE-2018-0119 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102961

Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102960

Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102959

Cisco Unified Communications Manager CVE-2018-0120 SQL Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102958

Cisco Prime Network CVE-2018-0137 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102955

Cisco Policy Suite CVE-2018-0134 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102954

Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
2018-02-06
http://www.securityfocus.com/bid/102918

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102890

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/95813

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/94242

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93150

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92984

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92557

SANS News

An autograph from the Dridex gang

Increase in port 2580 probe sources

Threatpost

Cisco Confirms Critical Firewall Software Bug Is Under Attack

Exploint

JBoss 4.2.x/4.3.x - Information Disclosure

Multi Language Olx Clone Script - Cross-Site Scripting

Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting

Select Your College Script 2.0.2 - Authentication Bypass

Bitcoin MLM Software 1.0.2 - Cross-Site Scripting

Lawyer Search Script 1.0.2 - Cross-Site Scripting

Schools Alert Management Script 2.0.2 - Arbitrary File Upload

Facebook Clone Script 1.0.5 - Cross-Site Scripting

macOS Kernel - Use-After-Free Due to Lack of Locking in...

9.2.2018

Bugtraq

[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)

Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09
David Black (dblack atlassian com)

[SECURITY] [DSA 4105-2] mpv security update 2018-02-09
Luciaon Bello (luciano debian org)

SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07
security-alert hpe com

[SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

Malware

MSIL.Vermrat

Exp.CVE-2018-4877

Linux.Duckbot

Trojan.Dragonrat

Phishing

 

Vulnerebility

phpMyAdmin Cross Site Request Forgery Vulnerability
2018-02-09
http://www.securityfocus.com/bid/102271

Microsoft Internet Information Services CVE-2014-8985 Security Bypass Vulnerability
2018-02-09
http://www.securityfocus.com/bid/70937

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-02-08
http://www.securityfocus.com/bid/102371

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102930

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102893

Cisco Virtualized Packet Core-Distributed Instance CVE-2018-0117 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102970

Multiple Cisco Wireless VPN Routers CVE-2018-0127 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102969

Cisco Policy Suite CVE-2018-0116 Authentication Bypass Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102968

Cisco IOS and IOS XE Software CVE-2018-0123 Local Arbitrary File Overwrite Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102967

Cisco UCS Central Software CVE-2018-0113 Remote Command Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102966

Cisco Unified Communications Manager CVE-2018-0198 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102965

Cisco Unified Communications Manager CVE-2018-0135 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102964

Cisco Spark CVE-2018-0119 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102961

Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102960

Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102959

Cisco Unified Communications Manager CVE-2018-0120 SQL Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102958

SANS News

An autograph from the Dridex gang

Threatpost

 

Exploint

HPE iLO 4 < 2.53 - Add New Administrator User

Marked2 - Local File Disclosure

macOS Kernel - Use-After-Free Due to Lack of Locking in...

8.2.2018

Bugtraq

[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07
security-alert hpe com

[SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4105-1] mpv security update 2018-02-07
Luciano Bello (luciano debian org)

Malware

 

Phishing

Support Account

8th February 2018

[REMINDER] : YOUR APPLE ID WAS
JUST MAKE PURCHASES VIA ITUNES
STORES

Bank of America

7th February 2018

Security Validation Alert

Vulnerebility

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-02-08
http://www.securityfocus.com/bid/102371

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102930

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102893

Cisco Spark CVE-2018-0119 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102961

Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102960

Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102959

Cisco Unified Communications Manager CVE-2018-0120 SQL Injection Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102958

Cisco Prime Network CVE-2018-0137 Denial of Service Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102955

Cisco Policy Suite CVE-2018-0134 Information Disclosure Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102954

Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
2018-02-06
http://www.securityfocus.com/bid/102918

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102890

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/95813

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/94242

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93150

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92984

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92628

OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92117

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91081

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91319

RETIRED: Siemens TeleControl Server Basic Multiple Security Vulnerabilities
2018-02-05
http://www.securityfocus.com/bid/102904

SANS News

GandCrab Ransomware: Now Coming From Malspam

SQL injection and division by zero exceptions

Threatpost

Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server

Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims

Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers

Exploint

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code...

HPE iLO4 < 2.53 - Add New Administrator User

Geovision Inc. IP Camera & Video - Remote Command Execution

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack...

Entrepreneur Dating Script 2.0.2 - Authentication Bypass

Online Test Script 2.0.7 - 'cid' SQL Injection

Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting

Naukri Clone Script - Persistent Cross-Site Scripting

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation

Android - 'getpidcon' Permission Bypass in KeyStore Service

Cisco ASA - Crash PoC

7.2.2018

Bugtraq

SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4105-1] mpv security update 2018-02-07
Luciano Bello (luciano debian org)

[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4878

MSH.Bluwimps

Trojan.ChaoPZ

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102930

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-07
http://www.securityfocus.com/bid/102893

Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
2018-02-06
http://www.securityfocus.com/bid/102918

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102890

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/95813

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/94242

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93171

SANS News

3 examples of malspam pushing Loki-Bot malware

Threatpost

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims

Cisco Issues New Patches for Critical Firewall Software Vulnerability

Exploint

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code...

Geovision Inc. IP Camera & Video - Remote Command Execution

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack...

Entrepreneur Dating Script 2.0.2 - Authentication Bypass

Online Test Script 2.0.7 - 'cid' SQL Injection

Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting

Naukri Clone Script - Persistent Cross-Site Scripting

Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting

Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting

Android - 'getpidcon' Permission Bypass in KeyStore Service

Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption

Cisco ASA - Crash PoC

6.2.2018

Bugtraq

[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)

[slackware-security] php (SSA:2018-034-01) 2018-02-04
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
2018-02-06
http://www.securityfocus.com/bid/102918

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102890

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-02-06
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/95813

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/94242

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93150

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92984

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92628

OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92117

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91081

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91319

RETIRED: Siemens TeleControl Server Basic Multiple Security Vulnerabilities
2018-02-05
http://www.securityfocus.com/bid/102904

Siemens TeleControl Server Basic CVE-2018-4835 Authentication Bypass Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102894

Siemens TeleControl Server Basic CVE-2018-4836 Privilege Escalation Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102897

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102819

Citrix NetScaler VPX CVE-2018-6186 Privilege Escalation Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102915

GNU C Library CVE-2018-6485 Multiple Integer Overflow Vulnerabilities
2018-02-01
http://www.securityfocus.com/bid/102912

Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
2018-02-01
http://www.securityfocus.com/bid/102910

CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102909

Gemalto Sentinel License Manager Multiple Security Vulnerabilities
2018-02-01
http://www.securityfocus.com/bid/102906

Fuji Electric V-Server VPR CVE-2018-5442 Stack Based Buffer Overflow Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102903

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102893

IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102863

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102845

SANS News

Analyzing an HTA file: Update

Threatpost

Cisco Issues New Patches for Critical Firewall Software Vulnerability

Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs

New Monero Crypto Mining Botnet Leverages Android Debugging Tool

Exploint

Netis WF2419 Router - Cross-Site Scripting

Student Profile Management System Script 2.0.6 - Authentication Bypass

Joomla! Component JSP Tickets 1.1 - SQL Injection

Joomla! Component jLike 1.0 - Information Leak

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection

Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

5.2.2018

Bugtraq

[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)

[slackware-security] php (SSA:2018-034-01) 2018-02-04
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01
cyber-psrt microfocus com A

SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)

Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-23
http://www.securityfocus.com/bid/102890

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/95813

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/94242

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/93150

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92984

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92628

OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92117

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91081

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2018-02-05
http://www.securityfocus.com/bid/91319

RETIRED: Siemens TeleControl Server Basic Multiple Security Vulnerabilities
2018-02-05
http://www.securityfocus.com/bid/102904

Siemens TeleControl Server Basic CVE-2018-4835 Authentication Bypass Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102894

Siemens TeleControl Server Basic CVE-2018-4836 Privilege Escalation Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102897

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-02-05
http://www.securityfocus.com/bid/102819

Citrix NetScaler VPX CVE-2018-6186 Privilege Escalation Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102915

SANS News

 

Threatpost

 

Exploint

Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution...

Online Voting System - Authentication Bypass

NixCMS 1.0 - 'category_id' SQL Injection

Matrimonial Website Script 2.1.6 - 'uid' SQL Injection

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation

Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)

Claymore Dual GPU Miner 10.5 - Format String

WordPress Core - 'load-scripts.php' Denial of Service

Wonder CMS 2.3.1 - 'Host' Header Injection

Wonder CMS 2.3.1 - Unrestricted File Upload

4.2.2018

Bugtraq

 

Malware

 

Phishing

Account PayPaI

4th February 2018

Account Status : Update Your
PayPal Profile Information

Vulnerebility

 

SANS News

Analyzing an HTA file

Threatpost

JenX Botnet Has Grand Theft Auto Hook

New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices

Exploint

 

2.2.2018

Bugtraq

[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01
cyber-psrt microfocus com

SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)

Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)

KonaKart Path Traversal Vulnerability 2018-02-01
ajcraggs gmail com

Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31
cfpmontreal2018 recon cx

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)

Malware

 

Phishing

 

Vulnerebility

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-23
http://www.securityfocus.com/bid/102890

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102893

IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102863

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102845

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-01-31
http://www.securityfocus.com/bid/101552

IBM Content Navigator CVE-2017-1192 XML External Entity Injection Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102864

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Atlassian Activity Streams CVE-2017-9513 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102869

FreePBX CVE-2018-6393 SQL Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102854

FFmpeg 'libavfilter/vf_transpose.c' Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102848

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

SANS News

Adobe Flash 0-Day Used Against South Korean Targets

Simple but Effective Malicious XLS Sheet

Threatpost

Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk

Crypto Miners May Be the ‘New Payload of Choice’ for Attackers

Massive Smominru Cryptocurrency Botnet Rakes In Millions

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Exploint

Microsoft Windows Subsystem for Linux - Local Privilege Escalation

FiberHome AN5506 - Unauthenticated Remote DNS Change

Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal

Joomla! Component JMS Music 1.1.1 - SQL Injection

Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload

Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection

Event Manager 1.0 - SQL Injection

Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection

IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting

Advance Loan Management System - 'id' SQL Injection

Real Estate Custom Script - 'route' SQL Injection

Fancy Clone Script - 'search_browse_product' SQL Injection

Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection

BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)

WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free

WebKit - 'detachWrapper' Use-After-Free

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

1.2.2018

Bugtraq

SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)

Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)

KonaKart Path Traversal Vulnerability 2018-02-01
ajcraggs gmail com

Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31
cfpmontreal2018 recon cx

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)

Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)

Malware

Backdoor.Kuyama

Ransom.GandCrab

Trojan.Trensil.B
Win32/Agent.SMB
Win64/Gadoopt.AA

 

Phishing

eBay

1st February 2018

Help us protect your account -
#4569845212 (lindacj1@aol.com)

Apple

31st January 2018

IMPORTANT: ACTIVATE YOUR
ACCOUNT NOW

App Store

28th January 2018

APPLE PURCHASE SUCCESSFULLY
PAYMENT CONFIRMATION SPOTIFY
PREMIUM

Vulnerebility

IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability
2018-02-23
http://www.securityfocus.com/bid/102890

IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability
2018-02-01
http://www.securityfocus.com/bid/102863

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102845

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-01-31
http://www.securityfocus.com/bid/101552

IBM Content Navigator CVE-2017-1192 XML External Entity Injection Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102864

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Atlassian Activity Streams CVE-2017-9513 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102869

FreePBX CVE-2018-6393 SQL Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102854

FFmpeg 'libavfilter/vf_transpose.c' Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102848

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

libming 'util/decompile.c' Denial of Service Vulnerability
2018-01-27
http://www.securityfocus.com/bid/102856

Jenkins Active Choices Plugin HTML Injection Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101538

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101544

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

IBM Rational DOORS CVE-2017-1532 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102888

SANS News

Adaptive Phishing Kit

Threatpost

 

Exploint

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation

31.1.2018

Bugtraq

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)

Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102845

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-01-31
http://www.securityfocus.com/bid/101552

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

Jenkins Active Choices Plugin HTML Injection Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101538

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101544

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

VMware AirWatch Console CVE-2017-4951 Cross Site Request Forgery Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102849

w3m 'form.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102846

GNU Binutils CVE-2018-6323 Integer Overflow Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102821

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Desigo Automation Controllers CVE-2018-4834 Authentication Bypass Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102850

Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security Weaknesses
2018-01-25
http://www.securityfocus.com/bid/102837

libming 'util/outputscript.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102828

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102819

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

SANS News

Using FLIR in Incident Response?

Cisco ASA WebVPN Vulnerability

Threatpost

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Exploint

 

30.1.2018

Bugtraq

[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4099-1] ffmpeg security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26
security-alert hpe com

[slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26
Slackware Security Team (security slackware com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29
Secunia Research (remove-vuln secunia com)

[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29
matthias deeg syss de

Malware

Trojan.Evrial

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

Jenkins Active Choices Plugin HTML Injection Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101538

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101544

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

GNU Binutils CVE-2018-6323 Integer Overflow Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102821

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security Weaknesses
2018-01-25
http://www.securityfocus.com/bid/102837

libming 'util/outputscript.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102828

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102819

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Artifex MuJS CVE-2018-6191 Integer Overflow Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102840

Artifex MuJS CVE-2018-5759 Denial of Service Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102833

Artifex MuPDF CVE-2018-6187 Heap Based Buffer Overflow Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102823

SANS News

Cisco ASA WebVPN Vulnerability

Threatpost

Cisco Patches Critical VPN Vulnerability

Exploint

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding

HPE iMC 7.3 - RMI Java Deserialization

Advantech WebAccess < 8.3 - SQL Injection

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection

Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal

29.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

SANS News

Comment your Packet Captures - Extra!

Threatpost

 

Exploint

Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80...

Linux/x86 - Egghunter Shellcode (12 Bytes)

KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery

Netis WF2419 Router - Cross-Site Request Forgery

Buddy Zone 2.9.9 - SQL Injection

Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection

Hot Scripts Clone - 'subctid' SQL Injection

TSiteBuilder 1.0 - SQL Injection

Task Rabbit Clone 1.0 - 'id' SQL Injection

28.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

Exploint

 

27.1.2018

Bugtraq

[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

Malware

Win32/Aibolit.AA

W97M.Remkos

Downloader.Remkos

Backdoor.Remkos

TROJ_DIGMINEIN.A

TROJ_CVE20175753.POD

OSX64_CVE20175753.POC

ELF64_CVE20175753.POD

ELF64_CVE20175753.POC

TROJ_CVE20175753.POE
TROJ_CVE20175753.POF
TROJ_CVE20175753.POI
TROJ64_CVE20175753.POD

TROJ_CVE20175753.POG

TROJ_CVE20175753.POH

TROJ64_CVE20175753.POE

TROJ64_CVE20175754.POC
TROJ_CVE20175753.DAM

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102378

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Google Chrome Multiple Security Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/102797

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

SANS News

Investigating Microsoft BITS Activity

Threatpost

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

Exploint

 

26.1.2018

Bugtraq

[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102378

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Google Chrome Multiple Security Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/102797

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Mozilla Firefox MFSA2018-02 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102786

SANS News

Ransomware as a Service

Threatpost

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug

App Flaws Allow Snoops to Spy On Tinder Users, Researchers Say

Exploint

 

25.1.2018

Bugtraq

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24
Apple Product Security (product-security-noreply lists apple com)

DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23
DefenseCode (defensecode defensecode com)

SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com

[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)

Malware

Trojan.Sneark

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Mozilla Firefox MFSA2018-02 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102786

Apple macOS APPLE-SA-2018-1-23-2 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102785

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102783

Apple iOS/WatchOS/tvOS/macOS Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102782

Advantech WebAccess/SCADA ICSA-18-023-01 Directory Traversal and SQL Injection Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102781

WebKit CVE-2018-4089 Memory Corruption Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102778

WebKit Multiple Memory Corruption Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102775

Apple iOS/tvOS/watchOS Memory Corruption Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102774

Apple iOS/WatchOS/macOS CVE-2018-4100 Denial of Service Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102772

Mozilla Firefox ESR CVE-2018-5096 Use After Free Denial of Service Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102771

Blizzard Update Agent Arbitrary Code Execution Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102770

Cisco Policy Suite CVE-2018-0089 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102758

Symantec Reporter CVE-2017-15531 Authentication Bypass Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102751

Fortinet FortiOS CVE-2017-14190 HTML Injection Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102779

IBM Business Process Manager CVE-2017-1769 Cross Site Request Forgery Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102777

SANS News

RTF files for Hancitor utilize exploit for CVE-2017-11882

Threatpost

Satori Author Linked to New Mirai Variant Masuta

App Flaws Allow Snoops to Spy On Tinder Users, Researchers Say

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Exploint

 

24.1.2018

Bugtraq

SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com

[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)

CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Malware

Backdoor.Neggpy

Backdoor.Calderat
Win32/Agent.XRR
Win32/Spy.Agent.OUD
Win32/Filecoder.BTCWare.A
Win32/TrojanDownloader.Chindo.D
Win32/Spy.Agent.PIR

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Cisco Policy Suite CVE-2018-0089 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102758

Moodle CVE-2018-1045 Cross Site Scripting Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102755

Moodle CVE-2018-1044 Unauthorized Access Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102754

Moodle CVE-2018-1042 Server Side Request Forgery Security Bypass Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102752

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

QEMU CVE-2017-18043 Local Denial of Service Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102759

Microsoft Office CVE-2018-0862 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102749

Microsoft Office CVE-2018-0849 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102748

Microsoft Office CVE-2018-0848 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102747

Microsoft Office CVE-2018-0845 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102746

SANS News

HTTPS on every port?

Threatpost

Hacker Infects Gas Pumps with Code to Cheat Customers

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Exploint

NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download

CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection

HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation

RAVPower 2.000.056 - Memory Disclosure

MixPad 5.00 - Buffer Overflow

23.1.2018

Bugtraq

CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org

CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org

CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21
apparitionsec gmail com

Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21
Vulnerability Lab (research vulnerability-lab com)

CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19
Jason Lowe (jlowe apache org)

Malware

 

Phishing

 

Vulnerebility

Moodle CVE-2018-1045 Cross Site Scripting Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102755

Moodle CVE-2018-1044 Unauthorized Access Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102754

Moodle CVE-2018-1042 Server Side Request Forgery Security Bypass Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102752

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0862 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102749

Microsoft Office CVE-2018-0849 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102748

Microsoft Office CVE-2018-0848 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102747

Microsoft Office CVE-2018-0845 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102746

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

SANS News

Retrieving malware over Tor

Threatpost

Hacker Infects Gas Pumps with Code to Cheat Customers

Exploint

 

22.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Followup to IPv6 brute force and IPv6 blocking

An RTF phish

Threatpost

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law

New Dridex Variant Emerges With An FTP Twist

Apple Preps ChaiOS iMessage Bug Fix for Next Week

Exploint

 

19.1.2018

Bugtraq

[SECURITY] [DSA 4092-1] awstats security update 2018-01-19
Sebastien Delafond (seb debian org)

[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com

Malware

Win32/Farfli.BGG

Phishing

 

Vulnerebility

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/89760

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/78215

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2018-01-18
http://www.securityfocus.com/bid/98050

Oracle WebLogic Server CVE-2017-10352 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102442

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102103

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3735 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100515

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100954

SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
2018-01-18
http://www.securityfocus.com/bid/58796

PHP CVE-2016-5385 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91821

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/75919

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/97702

Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
2018-01-17
http://www.securityfocus.com/bid/95072

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Cisco Email Security and Content Security Management Local Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102729

Cisco NX-OS Software CVE-2018-0102 Denial of Service Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102728

SANS News

 

Threatpost

Sprawling Mobile Espionage Campaign Targets Android Devices

Google Awards Record $112,500 Bounty for Android Exploit Chain

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Exploint

 

18.1.2018

Bugtraq

[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com

[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17
security-alert hpe com

[slackware-security] bind (SSA:2018-017-01) 2018-01-17
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17
security-alert hpe com

[SECURITY] [DSA 4090-1] wordpress security update 2018-01-17
Sebastien Delafond (seb debian org)

Malware

Trojan.KillDiskmens

Phishing

 

Vulnerebility

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/89760

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/78215

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2018-01-18
http://www.securityfocus.com/bid/98050

Oracle WebLogic Server CVE-2017-10352 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102442

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102103

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3735 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100515

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100954

SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
2018-01-18
http://www.securityfocus.com/bid/58796

PHP CVE-2016-5385 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91821

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/75919

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/97702

Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
2018-01-17
http://www.securityfocus.com/bid/95072

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Cisco Email Security and Content Security Management Local Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102729

Cisco NX-OS Software CVE-2018-0102 Denial of Service Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102728

Cisco Prime Infrastructure CVE-2018-0096 Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102727

Cisco Unified Communications Manager CVE-2018-0105 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102725

Cisco Prime Infrastructure CVE-2018-0097 Open Redirection Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102724

Cisco WebEx Meetings Server CVE-2018-0111 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102723

SANS News

Comment your Packet Captures!

Threatpost

Oracle Ships 237 Fixes in Latest Critical Patch Update

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Google Chrome Once Again Target of Malicious Extensions

Exploint

 

17.1.2018

Bugtraq

[SECURITY] [DSA 4089-1] bind9 security update 2018-01-16
Salvatore Bonaccorso (carnil debian org)

ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16
tim kretschmann pallas com

[SECURITY] [DSA 4088-1] gdk-pixbuf security update 2018-01-15
Moritz Muehlenhoff (jmm debian org)

MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)

Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15
RedTeam Pentesting GmbH (release redteam-pentesting de)

Broken TLS certificate pinning in VTech DigiGo Kid Connect app 2018-01-13
Summer of Pwnage (lists securify nl)

Authentication bypass in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

Arbitrary file read in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

[SECURITY] [DSA 4087-1] transmission security update 2018-01-14
Moritz Muehlenhoff (jmm debian org)

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack 2018-01-13
Summer of Pwnage (lists securify nl)

Broken TLS certificate validation in VTech DigiGo browser 2018-01-13
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 4086-1] libxml2 security update 2018-01-13
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server allows deleting of arbitrary files and folders 2018-01-13
Summer of Pwnage (lists securify nl)

Adminer <= v4.3.1 Server Side Request Forgery 2018-01-14
apparitionsec gmail com

Code execution in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege 2018-01-12
security-alert hpe com

[SECURITY] [DSA 4085-1] xmltooling security update 2018-01-12
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass 2018-01-12
security-alert hpe com

Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4084-1] gifsicle security update 2018-01-12
Sebastien Delafond (seb debian org)

MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Magento Commerce - SSRF & XSPA Web Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Magento Connect T1 - (Claim) Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability 2018-01-12
Vulnerability Lab (submit vulnerability-lab com)

Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Flash Operator Panel v2.31.03 - Command Execution Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

Malware

Trojan.PowStage

Exp.CVE-2017-5754

Backdoor.Spoofrand
Win32/Spy.Agent.OTL
Win32/Agent.ZEA

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/101304

Linux Kernel CVE-2017-1000405 Local Race Condition Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102032

Oracle Financial Services Analytical Applications Infrastructure Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102677

Oracle Financial Services Profitability Management CVE-2018-2670 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102676

Oracle Financial Services Profitability Management CVE-2018-2679 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102675

Oracle MySQL Connectors CVE-2018-2585 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102674

Oracle Financial Services Price Creation and Discovery CVE-2018-2722 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102673

Oracle Financial Services Market Risk Measurement and Management Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102672

Oracle Communications Order and Service Management CVE-2018-2567 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102671

Oracle Java Advanced Management Console CVE-2018-2675 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102670

Oracle Communications Unified Inventory Management CVE-2018-2571 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102669

Oracle Financial Services Price Creation and Discovery CVE-2018-2721 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102668

Oracle Financial Services Market Risk Measurement and Management Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102667

Oracle Financial Services Market Risk CVE-2018-2714 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102666

Oracle Communications Unified Inventory Management CVE-2018-2570 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102665

Oracle Financial Services Market Risk CVE-2018-2726 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102664

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102661

Oracle Financial Services Loan Loss Forecasting and Provisioning Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102660

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102659

Oracle Financial Services Loan Loss Forecasting and Provisioning Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102658

Oracle Financial Services Liquidity Risk Management CVE-2018-2682 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102657

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102656

Oracle Financial Services Liquidity Risk Management CVE-2018-2720 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102655

SANS News

Are you watching for brute force attacks on IPv6?

Decrypting malicious PDFs with the key

Threatpost

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute

Apps Exposing Children to Porn Ads Booted From Google Play

Exploint

 

12.1.2018

Bugtraq

CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

TROJ_DIGMINEIN.A

Exp.CVE-2018-0775

Exp.CVE-2018-0776

Exp.CVE-2018-0777

Exp.CVE-2018-4871

Exp.CVE-2018-0762

Exp.CVE-2018-0758

Exp.CVE-2018-0769

Exp.CVE-2018-0773

Exp.CVE-2018-0774

Phishing

 

Vulnerebility

Moxa MXview CVE-2017-14030 Local Privilege Escalation Vulnerability
2018-01-11
http://www.securityfocus.com/bid/102494

Wecon LEVI Studio HMI Editor CVE-2017-13999 Multiple Buffer Overflow Vulnerabilities
2018-01-11
http://www.securityfocus.com/bid/102493

Juniper Junos CVE-2018-0009 Security Bypass Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102491

Multiple VMware Products CVE-2017-4950 Integer Overflow Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102490

Multiple VMware Products CVE-2017-4949 Remote Code Execution Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102489

RubyGems 'rails_admin' CVE-2017-12098 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102486

RubyGems 'delayed_job_web' CVE-2017-12097 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102484

SANS News

 

Threatpost

House Votes to Reauthorize Controversial Spy Provision, Section 702

Exploint

Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read

macOS - 'process_policy' Stack Leak Through Uninitialized Field

Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege...

Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation

Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation

Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass

Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon

phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)

LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)

D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

Parity Browser < 1.6.10 - Bypass Same Origin Policy

Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode...

11.1.2018

Bugtraq

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)

Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com

Malware

Exp.CVE-2017-5754

ANDROIDOS_STEALERC32

Phishing

 

Vulnerebility

Cisco Unified Communications Manager CVE-2018-0118 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102478

Multiple F5 BIG-IP Products CVE-2017-6133 Remote Denial of Service Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102467

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

CPP-Ethereum Multiple Security Vulnerabilities
2018-01-09
http://www.securityfocus.com/bid/102475

Rockwell Automation MicroLogix 1400 Controllers CVE-2017-16740 Stack Buffer Overflow Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102474

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0807 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102461

Microsoft Word CVE-2018-0806 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102460

Microsoft Word CVE-2018-0805 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102459

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

Symantec ProxySG and ASG CVE-2016-9099 Open Redirection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102455

Symantec ProxySG and ASG CVE-2016-9100 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102454

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

Symantec ProxySG CVE-2016-10256 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102451

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Symantec ProxySG and ASG CVE-2016-10257 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102447

Microsoft Access CVE-2018-0799 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102411

Microsoft Word CVE-2018-0797 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102406

Microsoft SharePoint Server CVE-2018-0789 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102394

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102383

Microsoft Word CVE-2018-0792 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102381

SANS News

Mining or Nothing!

Threatpost

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’

Exploint

D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode...

Parity Browser < 1.6.10 - Bypass Same Origin Policy

Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer...

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)

HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)

DiskBoss Enterprise 8.8.16 - Buffer Overflow

Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting

WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege...

WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery

WordPress Plugin Events Calendar - 'event_id' SQL Injection

Muviko 1.1 - SQL Injection

Jungo Windriver 12.5.1 - Privilege Escalation

Multiple CPUs - Information Leak Using Speculative Execution

10.1.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)

Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com

[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-09
security-alert hpe com

[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)

CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)

[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Small.NNX

Win32/Filecoder.Crypt888.B

Win32/Sayunojok.A

Win32/Lecna.AP

Exp.CVE-2018-0797

Backdoor.Spoofrand

Phishing

 

Vulnerebility

Multiple F5 BIG-IP Products CVE-2017-6133 Remote Denial of Service Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102467

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0807 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102461

Microsoft Word CVE-2018-0806 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102460

Microsoft Word CVE-2018-0805 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102459

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

Symantec ProxySG and ASG CVE-2016-9099 Open Redirection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102455

Symantec ProxySG and ASG CVE-2016-9100 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102454

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

Symantec ProxySG CVE-2016-10256 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102451

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Symantec ProxySG and ASG CVE-2016-10257 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102447

Microsoft Access CVE-2018-0799 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102411

Microsoft Word CVE-2018-0797 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102406

Microsoft SharePoint Server CVE-2018-0789 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102394

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102383

Microsoft Word CVE-2018-0792 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102381

Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102380

Microsoft ASP.NET Core CVE-2018-0785 Cross Site Request Forgery Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102379

Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102377

SANS News

GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer

Microsoft January 2018 Patch Tuesday

Threatpost

 

Exploint

Commvault Communications Service (cvd) - Command Injection (Metasploit)

DiskBoss Enterprise 8.8.16 - Buffer Overflow

Muviko 1.1 - SQL Injection

Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure

Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

9.1.2018

Bugtraq

[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)

CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)

[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

[slackware-security] irssi (SSA:2018-008-01) 2018-01-09
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4081-1] php5 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

Response to Meltdown and Spectre 2018-01-08
Gordon Tetlow (gordon tetlows org)

APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

Malware

Win32/Hikit.K

Win64/Heriplor.A

Phishing

MR. KEVIN BEN

9th January 2018

RE:Good News 05/01/2018

Aρρle-ID

7th January 2018

INVOICE: This email confirms
your purchase of the following
subscription

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102380

Microsoft ASP.NET Core CVE-2018-0785 Cross Site Request Forgery Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102379

Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102377

Microsoft Office CVE-2018-0801 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102348

Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102347

Xen 'Hypervisor' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102169

Xen 'arch/x86/mm/paging.c' Denial of Service vulnerability
2018-01-08
http://www.securityfocus.com/bid/102175

Xen '/mm/hap/hap.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102167

Xen 'mm/shadow/multi.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102172

Malwarebytes Premium CVE-2018-5279 Local Denial of Service Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102453

Cisco Node-jose Library CVE-2018-0114 Remote Security Bypass Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102445

Dell SonicWall SonicOS NSA CVE-2018-5281 Multiple HTML Injection Vulnerabilities
2018-01-08
http://www.securityfocus.com/bid/102443

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102438

ImageMagick CVE-2017-18022 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102437

IBM Security Key Lifecycle Manager CVE-2017-1666 XML External Entity Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102434

Xen CVE-2018-5244 Memory Corruption Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102433

SANS News

Microsoft January 2018 Patch Tuesday

A Story About PeopleSoft: How to Make $250k Without Leaving Home.

What is going on with port 3333?

Threatpost

Apple Releases Spectre Patches for Safari, macOS and iOS

New Rules Announced for Border Inspection of Electronic Devices

Anti-Virus Updates Required Ahead of Microsoft’s Meltdown, Spectre Patches

Exploint

Commvault Communications Service (cvd) - Command Injection (Metasploit)

Android - Inter-Process munmap due to Race Condition in ashmem

Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138,...

Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76,...

Microsoft Edge Chakra JIT - Escape Analysis Bug

Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read

Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert...

Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call...

Microsoft Windows - Local XPS Print Spooler Sandbox Escape

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)

BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

Vanilla < 2.1.5 - Cross-Site Request Forgery

8.1.2018

Bugtraq

Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty 2018-01-06
Vulnerability Lab (research vulnerability-lab com)

SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4079-1] poppler security update 2018-01-07
Moritz Muehlenhoff (jmm debian org)

CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com

CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com

Social Media Widget by Acurax [CSRF] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com) (1 replies)

CMS Tree Page View [CSRF, Privilege Escalation] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com)

Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) 2018-01-06
apparitionsec gmail com

iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

Malware

Python.Zealot

Phishing

Aρρle-ID

7th January 2018

INVOICE: This email confirms
your purchase of the following
subscription

HSBC Bank plc

6th January 2018

YOUR ONLINE ACCESS HAS BEEN
SUSPENDED

Vulnerebility

Xen 'Hypervisor' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102169

Xen 'arch/x86/mm/paging.c' Denial of Service vulnerability
2018-01-08
http://www.securityfocus.com/bid/102175

Xen '/mm/hap/hap.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102167

Xen 'mm/shadow/multi.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102172

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102438

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102378

IBM Security Key Lifecycle Manager CVE-2017-1666 XML External Entity Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102434

Xen CVE-2018-5244 Memory Corruption Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102433

ImageMagick CVE-2018-5248 Heap Buffer Overflow Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102431

IBM Security Key Lifecycle Manage CVE-2017-1668 Unspecified Open Redirect Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102430

IBM Security Key Lifecycle Manager CVE-2017-1670 Unspecified SQL Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102429

Google Android Runtime CVE-2017-13176 Privilege Escalation Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102422

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Multiple Pivotal Cloud Foundry products CVE-2018-1190 Cross Site Scripting Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102427

Delta Electronics Delta Industrial Automation Screen Editor Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102426

Advantech WebAccess ICSA-18-004-02 Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102424

ImageMagick CVE-2017-1000476 Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102428

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

SANS News

Meltdown and Spectre: clearing up the confusion

Fake anti-virus pages popping up like weeds

Threatpost

Experts Weigh In On Spectre Patch Challenges

Exploint

DiskBoss Enterprise 8.5.12 - Denial of Service

Sync Breeze Enterprise 10.1.16 - Denial of Service

Disk Pulse Enterprise 10.1.18 - Denial of Service

VX Search Enterprise 10.1.12 - Denial of Service

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution

SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities

Photos in Wifi 1.0.1 - Path Traversal

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

FiberHome LM53Q1 - Multiple Vulnerabilities

BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

7.1.2018

Bugtraq

 

Malware

Win32/Juasek.C

Win32/Juasek.D

Phishing

HSBC Bank plc

6th January 2018

YOUR ONLINE ACCESS HAS BEEN
SUSPENDED

service@intl.paypal.com

6th January 2018

Re : Someone has your password
- [ Saturday, January 6, 2018
(GMT7) ]

Order Confirmation AppIe

4th January 2018

Re: [Invoice] Thank you for
your purchase at Apple Store
Order from Dec 26, 2017.

Vulnerebility

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102378

Google Android Runtime CVE-2017-13176 Privilege Escalation Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102422

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Multiple Pivotal Cloud Foundry products CVE-2018-1190 Cross Site Scripting Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102427

Delta Electronics Delta Industrial Automation Screen Editor Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102426

Advantech WebAccess ICSA-18-004-02 Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102424

ImageMagick CVE-2017-1000476 Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102428

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

Microsoft Edge Scripting Engine CVE-2018-0774 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102399

Microsoft Edge Scripting Engine CVE-2018-0773 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102398

Microsoft Edge Scripting Engine CVE-2018-0770 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102397

Microsoft Edge Scripting Engine CVE-2018-0769 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102396

Microsoft Edge Scripting Engine CVE-2018-0768 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102395

Microsoft Edge CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102393

Microsoft Edge CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102392

Microsoft Edge CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102389

Microsoft Edge CVE-2018-0766 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102388

Microsoft Edge CVE-2018-0803 Remote Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102384

SANS News

SSH Scans by Clients Types

VMware Security Advisory for V4H and V4PA desktop agent privilege escalation vulnerability -

Threatpost

Google Play Removes 22 Malicious ‘LightsOut’ Apps From Marketplace

Exploint

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC...

Cisco IOS - Remote Code Execution

Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit)

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

Gespage 7.4.8 - SQL Injection

GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow

5.1.2018

Bugtraq

iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability 2018-01-04
Vulnerability Lab (research vulnerability-lab com)

Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4078-1] linux security update 2018-01-04
Yves-Alexis Perez (corsac debian org)

Re "Intel responds to security research findings" 2018-01-03
Ed Maste (emaste freebsd org)

Malware

Exp.CVE-2017-5753

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

Microsoft Edge Scripting Engine CVE-2018-0774 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102399

Microsoft Edge Scripting Engine CVE-2018-0773 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102398

Microsoft Edge Scripting Engine CVE-2018-0770 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102397

Microsoft Edge Scripting Engine CVE-2018-0769 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102396

Microsoft Edge Scripting Engine CVE-2018-0768 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102395

Microsoft Edge CVE-2018-0767 Scripting Engine Information Disclosure Vulner