Databáze Hot News - Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  - 2018  2017  2016  2015  2014  2013 
Poslední aktualizace v 08.10.2016 14:19:38


2015


 

31.12.2015

 

Bugtraq

Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) 2015-12-31
irancrash gmail com

Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution 2015-12-31
Stefan Kanthak (stefan kanthak nexgo de)

FTPShell Client v5.24 Buffer Overflow 2015-12-30
apparitionsec gmail com

[oCERT 2015-012] Ganeti multiple issues 2015-12-30
Daniele Bianco (danbia ocert org)

WebKitGTK+ Security Advisory WSA-2015-0002 2015-12-28
Carlos Alberto Lopez Perez (clopez igalia com)

libtiff bmp file Heap Overflow (CVE-2015-8668) 2015-12-28
riusksk qq com

Malware

 

Phishing

Amazon

30th December 2015

Important: Revision to Your
Amazon.co.uk Account

Tesco

30th December 2015

[ACCOUNT-ALERT:857061877383318
34554-WOV]

PAY.SERVICE ✔

30th December 2015

You must confirm your
information

Microsoft

30th December 2015

[ACCOUNT-ALERT:867750623586575
68011-YRV]

Microsoft

30th December 2015

[ACCOUNT-ALERT:125474583663324
46085-DHP]

margaretabprwu

30th December 2015

FWD:COMMISSON CHECK PAYMENT ON
HOLD(REF#9NG6Q5ZC)

Barclays

30th December 2015

Your account has been revoked

Accounting

30th December 2015

Your credit card has been
successfully charged $995.98!

Vulnerebility

 

SANS News

Hunting for Juicy Information

Poetry attack?

Threatpost

 

Exploit

 

30.12.2015

Bugtraq

[oCERT 2015-012] Ganeti multiple issues 2015-12-30
Daniele Bianco (danbia ocert org)

Malware

Ransom:MSIL/Zuquitache.A 

Exp.CVE-2015-6142

Exp.CVE-2015-8651

Exp.CVE-2015-6127

Phishing

PAYPAI SERVICE

30th December 2015

Were investigating a paypaI
payment reversaI (Case ID
#PP-003-498-237-832)

Chase

29th December 2015

Thank you for your purchase!

markecyrv

29th December 2015

HOW WAS YOUR WEEKEND

Vulnerebility

 

SANS News

Actor using Rig EK to deliver Qbot - update

Threatpost

 

Exploit

Simple Ads Manager 2.9.4.116 - SQL Injection

FTPShell Client 5.24 - Buffer Overflow

DeleGate 9.9.13 - Local Root Vulnerability

29.12.2015

Bugtraq

WebKitGTK+ Security Advisory WSA-2015-0002 2015-12-28
Carlos Alberto Lopez Perez (clopez igalia com)

libtiff bmp file Heap Overflow (CVE-2015-8668) 2015-12-28
riusksk qq com

Malware

Trojan:BAT/Zuquitache 
Ransom:MSIL/Zuquitache.A 

PHP.Drivdrop

Phishing

Jeff Skoll

29th December 2015

Charity Donation

S e c u r i t y A L E R T

29th December 2015

E M E R G E N C Y A L E R T

MRS. ELLAIN ELLIOT

28th December 2015

Re:Reg Order No:UN/RBSPA/09888

Vulnerebility

 

SANS News

New Years Resolutions

Threatpost

 

Exploit

 

28.12.2015

Bugtraq

libtiff bmp file Heap Overflow (CVE-2015-8668) 2015-12-28
riusksk qq com

Malware

Linux.Sshscan

Exp.CVE-2015-8418

Exp.CVE-2015-7657

Exp.CVE-2015-7654

Exp.CVE-2015-7653

Exp.CVE-2015-7652

Phishing

Capital One 360

28th December 2015

Account Alert: Access
Suspended

Paypal

28th December 2015

ACCOUNT NOTIFICATION ✔

Carmen Thompson

28th December 2015

1 CHRISTMAS INSTASEXTMSG
WAITING

Barclays

28th December 2015

YOUR ACCOUNT HAS BEEN CLOSED

JAMES F. ENTWISTLE

28th December 2015

JAMES F. ENTWISTLE U.S
AMBASSADOR TO NIGERIA

....Get paid $25 for each emai

28th December 2015

Hello ....No skills required
to get started

Vulnerebility

 

SANS News

hashcat and oclHashcat are now open source

Threatpost

 

Exploit

 

27.12.2015

Bugtraq

libtiff: invalid write (CVE-2015-7554) 2015-12-26
Hans Jerry Illikainen (hji dyntopia com)

AccessDiver V4.301 Buffer Overflow 2015-12-26
apparitionsec gmail com

Malware

 

Phishing

michael swartz

27th December 2015

Executive Careers

NatWest

26th December 2015

Your account has been
deactivated

Chase

25th December 2015

Account Re-Activation

Account Support

25th December 2015

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Vulnerebility

Google Chrome Prior to 47.0.2526.106 Multiple Remote Code Execution Vulnerabilities
2015-12-26
http://www.securityfocus.com/bid/79348

libxml2 CVE-2015-7500 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79562

Mozilla Firefox Multiple Security Vulnerabilities
2015-12-26
http://www.securityfocus.com/bid/79279

Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79507

libxml2 CVE-2015-7498 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79548

Libxml2 CVE-2015-1819 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/75570

Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79508

Libxml2 'parser.c' Buffer Overflow Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77621

libxml2 CVE-2015-5312 XML Entity Expansion Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79536

Libxml2 'xmlGROW()' Function Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79509

libxml2 Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-26
http://www.securityfocus.com/bid/77681

Libxml2 'parser.c' Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77390

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-26
http://www.securityfocus.com/bid/74241

Foxit Reader Local Privilege Escalation Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77041

QEMU 'hw/net/pcnet.c' Remote Buffer Overflow Vulnerability
2015-12-26
http://www.securityfocus.com/bid/78230

QEMU 'hw/net/pcnet.c' Heap Based Buffer Overflow Vulnerability
2015-12-26
http://www.securityfocus.com/bid/78227

Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/74452

Linux Kernel CVE-2015-7872 Local Privilege Escalation Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77544

Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
2015-12-26
http://www.securityfocus.com/bid/78219

Linux kernel CVE-2013-7446 Use After Free Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77638

Red Hat Enterprise Linux 'USB Device Descriptor' Local Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77030

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77524

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/73225

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/78623

Xen 'hvm/irq.c' Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79644

Xen CVE-2015-8555 Information Disclosure Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2015-12-26
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2015-12-26
http://www.securityfocus.com/bid/77280

SANS News

Malfunctioning Malware

Threatpost

 

Exploit

EasyCafe Server <= 2.2.14 Remote File Read

25.12.2015

Bugtraq

 

Malware

 

Phishing

Account Team

25th December 2015

Re-Validate Your
E:howiem@loxinfo.co.th

PayPaI Inc

25th December 2015

NOTIFICATION: YOUR ACCOUNT HAS
BEEN LIMITED

Vulnerebility

Foxit Reader Local Privilege Escalation Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77041

QEMU 'hw/net/pcnet.c' Remote Buffer Overflow Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78230

QEMU 'hw/net/pcnet.c' Heap Based Buffer Overflow Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78227

Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/74452

Google Chrome Prior to 47.0.2526.106 Multiple Unspecified Security Vulnerabilities
2015-12-25
http://www.securityfocus.com/bid/79348

Linux Kernel CVE-2015-7872 Local Privilege Escalation Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77544

Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78219

Linux kernel CVE-2013-7446 Use After Free Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77638

Red Hat Enterprise Linux 'USB Device Descriptor' Local Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77030

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77524

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/73225

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78623

Xen 'hvm/irq.c' Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/79644

Xen CVE-2015-8555 Information Disclosure Vulnerability
2015-12-25
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2015-12-25
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77283

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/77063

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/74665

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2015-12-25
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78524

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2015-12-25
http://www.securityfocus.com/bid/78215

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/76960

Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
2015-12-25
http://www.securityfocus.com/bid/79626

Xen PV Backend Driver CVE-2015-8550 Remote Code Execution Vulnerability
2015-12-25
http://www.securityfocus.com/bid/79592

Xen Multiple Denial of Service Vulnerabilities
2015-12-25
http://www.securityfocus.com/bid/79546

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2015-12-25
http://www.securityfocus.com/bid/75525

SANS News

 

Threatpost

 

Exploit

Rips Scanner 0.5 - (code.php) Local File Inclusion

24.12.2015

Bugtraq

[SECURITY] [DSA 3430-1] libxml2 security update 2015-12-23
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege 2015-12-23
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2015-356-01) 2015-12-23
Slackware Security Team (security slackware com)

Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 2015-12-22
LpSolit gmail com

Malware

Downloader.Preft

Infostealer.Poshook

Phishing

support account

24th December 2015

YOUR ACCOUNT PAYPAL HAS BEEN
LIMITED !

Tesco plc.

23rd December 2015

** Win A Free Tesco Voucher
This Christmas

Vulnerebility

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77524

Xen CVE-2015-8555 Information Disclosure Vulnerability
2015-12-24
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2015-12-24
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77283

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77063

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/74665

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-24
http://www.securityfocus.com/bid/78524

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2015-12-24
http://www.securityfocus.com/bid/78215

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/76960

Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/79626

Xen PV Backend Driver CVE-2015-8550 Remote Code Execution Vulnerability
2015-12-24
http://www.securityfocus.com/bid/79592

Xen Multiple Denial of Service Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/79546

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/75525

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/76317

OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2015-12-24
http://www.securityfocus.com/bid/76497

OpenSSH Login Handling Security Bypass Weakness
2015-12-24
http://www.securityfocus.com/bid/75990

gdk-pixbuf Heap Buffer Overflow and Denial of Service Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/76953

Gnome GdkPixbuf 'pixops.c' Heap Based Buffer Overflow Vulnerability
2015-12-24
http://www.securityfocus.com/bid/76955

LibRaw CVE-2013-1438 Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
2015-12-24
http://www.securityfocus.com/bid/62060

Wireshark '/wiretap/pcapng.c' Remote Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/77101

ISC BIND CVE-2015-8000 Remote Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/79349

RETIRED: Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
2015-12-24
http://www.securityfocus.com/bid/78723

Cisco Web Security Appliance CVE-2015-6290 Denial of Service Vulnerability
2015-12-24
http://www.securityfocus.com/bid/76687

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2015-12-24
http://www.securityfocus.com/bid/75568

Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness
2015-12-24
http://www.securityfocus.com/bid/44484

SANS News

Unity Makes Strength

Threatpost

 

Exploit

Rips Scanner 0.5 - (code.php) Local File Inclusion

23.12.2015

Bugtraq

[slackware-security] blueman (SSA:2015-356-01) 2015-12-23
Slackware Security Team (security slackware com)

Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 2015-12-22
LpSolit gmail com

ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

Aeris Calandar v2.1 - Buffer Overflow Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Switch v4.68 - Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Lithium Forum - (previewImages) Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanSpy:Win32/Nivdort.CM 
TrojanDropper:Win32/Zelug.A 
Backdoor:Win32/Zelug.B 
TrojanDownloader:VBS/Reywals.A 
Backdoor:MSIL/Medirot.A 

Backdoor.Govrat

Phishing

Mia Zhang

23rd December 2015

FACTORY OF CONSTRUCTION
MATERIAL FROM CHINA

ANZ BANK

23rd December 2015

View Your Online Statement

Vulnerebility

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77524

Xen CVE-2015-8555 Information Disclosure Vulnerability
2015-12-23
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2015-12-23
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77283

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77063

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/74665

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-23
http://www.securityfocus.com/bid/78524

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2015-12-23
http://www.securityfocus.com/bid/78215

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/76960

Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/79626

Xen PV Backend Driver CVE-2015-8550 Remote Code Execution Vulnerability
2015-12-23
http://www.securityfocus.com/bid/79592

Xen Multiple Denial of Service Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/79546

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/75525

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/76317

OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2015-12-23
http://www.securityfocus.com/bid/76497

OpenSSH Login Handling Security Bypass Weakness
2015-12-23
http://www.securityfocus.com/bid/75990

gdk-pixbuf Heap Buffer Overflow and Denial of Service Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/76953

Gnome GdkPixbuf 'pixops.c' Heap Based Buffer Overflow Vulnerability
2015-12-23
http://www.securityfocus.com/bid/76955

LibRaw CVE-2013-1438 Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
2015-12-23
http://www.securityfocus.com/bid/62060

Wireshark '/wiretap/pcapng.c' Remote Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/77101

ISC BIND CVE-2015-8000 Remote Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/79349

RETIRED: Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
2015-12-23
http://www.securityfocus.com/bid/78723

Cisco Web Security Appliance CVE-2015-6290 Denial of Service Vulnerability
2015-12-23
http://www.securityfocus.com/bid/76687

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2015-12-23
http://www.securityfocus.com/bid/75568

Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness
2015-12-23
http://www.securityfocus.com/bid/44484

SANS News

Libraries and Dependencies - It Really is Turtles All The Way Down!

Threatpost

Juniper Backdoor Picture Getting Clearer

Yahoo to Warn Users of State-Sponsored Attacks

Exploit

Bigware Shop 2.3.01 - Multiple Local File Inclusion Vulnerabilities

Grawlix 1.0.3 - CSRF Vulnerability

Arastta 1.1.5 - SQL Injection Vulnerabilities

PhpSocial 2.0.0304_20222226 - CSRF Vulnerability

PHP 7.0.0 - Format String Vulnerability

22.12.2015

Bugtraq

ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

Aeris Calandar v2.1 - Buffer Overflow Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Switch v4.68 - Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Lithium Forum - (previewImages) Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)

[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality 2015-12-22
RedTeam Pentesting GmbH (release redteam-pentesting de)

Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. 2015-12-21
security-alert hpe com

Malware

TrojanDownloader:Win32/Ponmocup.A

Trojan.Sakurel.B

Trojan.Ransomcrypt.W

 Trojan.Emysair

Win32/Ramnit.BX

Win32/Redcontrole.U

Phishing

 

Vulnerebility

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2015-12-22
http://www.securityfocus.com/bid/77063

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2015-12-22
http://www.securityfocus.com/bid/74665

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/78524

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/78215

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2015-12-22
http://www.securityfocus.com/bid/76960

Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/79626

Xen PV Backend Driver CVE-2015-8550 Remote Code Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/79592

Xen Multiple Denial of Service Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/79546

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2015-12-22
http://www.securityfocus.com/bid/75525

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/76317

OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2015-12-22
http://www.securityfocus.com/bid/76497

OpenSSH Login Handling Security Bypass Weakness
2015-12-22
http://www.securityfocus.com/bid/75990

gdk-pixbuf Heap Buffer Overflow and Denial of Service Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/76953

Gnome GdkPixbuf 'pixops.c' Heap Based Buffer Overflow Vulnerability
2015-12-22
http://www.securityfocus.com/bid/76955

LibRaw CVE-2013-1438 Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/62060

Wireshark '/wiretap/pcapng.c' Remote Denial of Service Vulnerability
2015-12-22
http://www.securityfocus.com/bid/77101

ISC BIND CVE-2015-8000 Remote Denial of Service Vulnerability
2015-12-22
http://www.securityfocus.com/bid/79349

RETIRED: Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/78723

Cisco Web Security Appliance CVE-2015-6290 Denial of Service Vulnerability
2015-12-22
http://www.securityfocus.com/bid/76687

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2015-12-22
http://www.securityfocus.com/bid/75568

Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness
2015-12-22
http://www.securityfocus.com/bid/44484

GNU Wget CVE-2010-2252 Arbitrary File Overwrite Vulnerability
2015-12-22
http://www.securityfocus.com/bid/65722

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-12-22
http://www.securityfocus.com/bid/73684

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/74241

Libxml2 'parser.c' Buffer Overflow Vulnerability
2015-12-22
http://www.securityfocus.com/bid/77621

Multiple FireEye Products 'JAR Analysis' Remote Code Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/78809

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2015-12-22
http://www.securityfocus.com/bid/71761

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-22
http://www.securityfocus.com/bid/70103

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2015-12-22
http://www.securityfocus.com/bid/71762

SANS News

The other Juniper vulnerability - CVE-2015-7756

First Exploit Attempts For Juniper Backdoor Against Honeypot

Threatpost

 

Exploit

Wireshark infer_pkt_encap - Heap-Based Out-of-Bounds Read

Wireshark AirPDcapDecryptWPABroadcastKey - Heap-Based Out-of-Bounds Read

21.12.2015

Bugtraq

ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability 2015-12-21
Security Alert (Security_Alert emc com)

giflib: heap overflow in giffix (CVE-2015-7555) 2015-12-21
Hans Jerry Illikainen (hji dyntopia com)

Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)

Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)

KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)

Malware

TrojanSpy:Win32/Nivdort.CT 
TrojanSpy:Win32/Nivdort.CS 
TrojanSpy:Win32/Nivdort.CR 
TrojanSpy:Win32/Nivdort.CP 
TrojanSpy:Win32/Nivdort.CH 
TrojanDownloader:JS/Swabfex 

Phishing

USAA Online Banking

21st December 2015

YOUR ACCOUNT WILL BE SHUT
DOWN; LAST WARNING

App.support

21st December 2015

Your account will expire soon

Service Inc

20th December 2015

CHECK YOUR ACCOUNT

PayPal

20th December 2015

[Important] : Update Your
Account Information

Vulnerebility

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77192

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2015-12-21
http://www.securityfocus.com/bid/78416

Xen CVE-2015-8338 Denial of Service Vulnerability
2015-12-21
http://www.securityfocus.com/bid/78920

Antirez Redis 'lua_struct.c' Integer Overflow Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77507

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77160

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-21
http://www.securityfocus.com/bid/77238

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/75895

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74119

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-12-21
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-0491 Remote Security Vulnerability
2015-12-21
http://www.securityfocus.com/bid/74094

SANS News

Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756)

Critical Security Controls: Getting to know the unknown

Threatpost

 

Exploit

Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion

Ovidentia Widgets 1.0.61 - Remote Command Execution Exploit

Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow

Base64 Decoder 1.1.2 - SEH OverWrite PoC

19.12.2015

Bugtraq

[SECURITY] [DSA 3428-1] tomcat8 security update 2015-12-18
Moritz Muehlenhoff (jmm debian org)

KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)

[slackware-security] grub (SSA:2015-351-01) 2015-12-18
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-351-02) 2015-12-18
Slackware Security Team (security slackware com)

Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege 2015-12-18
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3426-1] linux security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability 2015-12-17
Security Alert (Security_Alert emc com)

[oCERT 2015-011] PyAMF input sanitization errors (XXE) 2015-12-17
Daniele Bianco (danbia ocert org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

Malware

 

Phishing

SERVICE PPL

19th December 2015

Account Notification !

NOTICE

19th December 2015

PLEASE UPDATE YOUR INFORMATION

Wells Fargo

19th December 2015

New message from Wellsfargo
online

HSBC UK

18th December 2015

Your HSBC Bank Account
Notification.

HSBC UK

18th December 2015

Your HSBC Bank Account
Notification

Vulnerebility

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2015-12-19
http://www.securityfocus.com/bid/75568

Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness
2015-12-19
http://www.securityfocus.com/bid/44484

GNU Wget CVE-2010-2252 Arbitrary File Overwrite Vulnerability
2015-12-19
http://www.securityfocus.com/bid/65722

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-12-19
http://www.securityfocus.com/bid/73684

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/74241

Libxml2 'parser.c' Buffer Overflow Vulnerability
2015-12-19
http://www.securityfocus.com/bid/77621

Multiple FireEye Products 'JAR Analysis' Remote Code Execution Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78809

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/71761

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-19
http://www.securityfocus.com/bid/70103

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2015-12-19
http://www.securityfocus.com/bid/71762

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2015-12-19
http://www.securityfocus.com/bid/71757

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/66690

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-19
http://www.securityfocus.com/bid/53354

LibreOffice Multiple Remote Code Execution and Information Disclosure Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/77486

Cisco IOS XE Software CVE-2015-6359 Denial of Service Vulnerability
2015-12-19
http://www.securityfocus.com/bid/79200

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2015-12-19
http://www.securityfocus.com/bid/77081

Microsoft Windows CVE-2015-6128 DLL Loading Remote Code Execution Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78612

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-12-19
http://www.securityfocus.com/bid/77116

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-12-19
http://www.securityfocus.com/bid/71939

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-12-19
http://www.securityfocus.com/bid/71942

OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
2015-12-19
http://www.securityfocus.com/bid/71937

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78626

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2015-12-19
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-19
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-19
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78209

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-19
http://www.securityfocus.com/bid/78619

SANS News

VMWare Security Advisory

Threatpost

 

Exploit

Google Chrome - Renderer Process to Browser Process Privilege Escalation

18.12.2015

Bugtraq

[slackware-security] grub (SSA:2015-351-01) 2015-12-18
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-351-02) 2015-12-18
Slackware Security Team (security slackware com)

Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege 2015-12-18
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3426-1] linux security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability 2015-12-17
Security Alert (Security_Alert emc com)

[oCERT 2015-011] PyAMF input sanitization errors (XXE) 2015-12-17
Daniele Bianco (danbia ocert org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

CVE-2015-5348 - Apache Camel medium disclosure vulnerability 2015-12-17
Claus Ibsen (claus ibsen gmail com)

[SECURITY] [DSA 3337-2] gdk-pixbuf security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-firefox (SSA:2015-349-03) 2015-12-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3424-1] subversion security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)

Malware

JS-Nemucod

Backdoor:Python/Atalag.A 
TrojanSpy:Python/Basonil.A 
TrojanSpy:MSIL/Ohona.A 

Phishing

HSBC UK

18th December 2015

Your HSBC Bank Account
Notification.

HSBC UK

18th December 2015

Your HSBC Bank Account
Notification

USAA

17th December 2015

IMPORTANT INFORMATION: PLEASE
UPDATE NOW

USAA

17th December 2015

VERY IMPORTANT NOTIFICATION:
UPDATE NOW

Upgrade X

17th December 2015

UPDATE

Vulnerebility

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2015-12-18
http://www.securityfocus.com/bid/75568

Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness
2015-12-18
http://www.securityfocus.com/bid/44484

GNU Wget CVE-2010-2252 Arbitrary File Overwrite Vulnerability
2015-12-18
http://www.securityfocus.com/bid/65722

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-12-18
http://www.securityfocus.com/bid/73684

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/74241

Libxml2 'parser.c' Buffer Overflow Vulnerability
2015-12-18
http://www.securityfocus.com/bid/77621

Multiple FireEye Products 'JAR Analysis' Remote Code Execution Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78809

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/71761

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-18
http://www.securityfocus.com/bid/70103

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2015-12-18
http://www.securityfocus.com/bid/71762

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2015-12-18
http://www.securityfocus.com/bid/71757

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/66690

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-18
http://www.securityfocus.com/bid/53354

LibreOffice Multiple Remote Code Execution and Information Disclosure Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/77486

Cisco IOS XE Software CVE-2015-6359 Denial of Service Vulnerability
2015-12-18
http://www.securityfocus.com/bid/79200

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2015-12-18
http://www.securityfocus.com/bid/77081

Microsoft Windows CVE-2015-6128 DLL Loading Remote Code Execution Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78612

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-12-18
http://www.securityfocus.com/bid/77116

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-12-18
http://www.securityfocus.com/bid/71939

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-12-18
http://www.securityfocus.com/bid/71942

OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
2015-12-18
http://www.securityfocus.com/bid/71937

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78626

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2015-12-18
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-18
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-18
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78209

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-18
http://www.securityfocus.com/bid/78619

SANS News

ScreenOS vulnerability affects Juniper firewalls

TeslaCrypt ransomware sent using malicious spam

Threatpost

 

Exploit

Joomla 1.5 - 3.4.5 - Object Injection RCE X-Forwarded-For Header

Ovidentia maillist Module 4.0 - Remote File Inclusion Exploit

PFSense <= 2.2.5 - Directory Traversal

Windows Kernel win32k!OffsetChildren - Null Pointer Dereference

win32k Desktop and Clipboard - Null Pointer Derefence

win32k Clipboard Bitmap - Use-After-Free Vulnerability

Adobe Flash TextField.antiAliasType Setter - Use-After-Free

Adobe Flash TextField.gridFitType Setter - Use-After-Free

Adobe Flash MovieClip.lineStyle - Use-After-Frees

Adobe Flash GradientFill - Use-After-Frees

Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash

Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash

17.12.2015

Bugtraq

ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability 2015-12-17
Security Alert (Security_Alert emc com)

[oCERT 2015-011] PyAMF input sanitization errors (XXE) 2015-12-17
Daniele Bianco (danbia ocert org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3425-1] tryton-server security update 2015-12-17
Luciano Bello (luciano debian org)

CVE-2015-5348 - Apache Camel medium disclosure vulnerability 2015-12-17
Claus Ibsen (claus ibsen gmail com)

[SECURITY] [DSA 3337-2] gdk-pixbuf security update 2015-12-17
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-firefox (SSA:2015-349-03) 2015-12-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3424-1] subversion security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification 2015-12-16
security-alert hpe com

[SECURITY] [DSA 3423-1] cacti security update 2015-12-16
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3421-1] grub2 security update 2015-12-16
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3422-1] iceweasel security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)

Shutdown UX DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)

Shockwave Flash Object DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)

[security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) 2015-12-16
security-alert hpe com

Event Viewer Snapin multiple DLL side loading vulnerabilities 2015-12-16
Securify B.V. (lists securify nl)

libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) 2015-12-16
Hans Jerry Illikainen (hji dyntopia com)

FreeBSD Security Advisory FreeBSD-SA-15:27.bind 2015-12-16
FreeBSD Security Advisories (security-advisories freebsd org)

SQL Injection in orion.extfeedbackform Bitrix Module 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)

RCE in Zen Cart via Arbitrary File Inclusion 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)

libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) 2015-12-16
Hans Jerry Illikainen (hji dyntopia com)

[slackware-security] openssl (SSA:2015-349-04) 2015-12-16
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2015-349-01) 2015-12-16
Slackware Security Team (security slackware com)

Malware

SMS/FraudBilling.A

TrojanDownloader:PowerShell/Wedinga.A 

Backdoor.Avubot

Linux.Kerlisen

Trojan.Sakurel.B

Phishing

_NoReply

16th December 2015

YOUR ACCOUNT IS BLACKLISTED!

PayPal

16th December 2015

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED

NatWest

16th December 2015

Online Service Secure
Notification

Info Service Dpt

15th December 2015

ACCOUNT TERMINATION

PayPal

15th December 2015

Limited Account Update Please

SERVICE PPL

15th December 2015

Your Account Will Be Suspended
.

MSN Incoporation

15th December 2015

YOUR ACCOUNT IS AT RISK�

Vulnerebility

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-12-17
http://www.securityfocus.com/bid/73684

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/74241

Libxml2 'parser.c' Buffer Overflow Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77621

Multiple FireEye Products 'JAR Analysis' Remote Code Execution Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78809

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/71761

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-17
http://www.securityfocus.com/bid/70103

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2015-12-17
http://www.securityfocus.com/bid/71762

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2015-12-17
http://www.securityfocus.com/bid/71757

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/66690

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-17
http://www.securityfocus.com/bid/53354

LibreOffice Multiple Remote Code Execution and Information Disclosure Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/77486

Cisco IOS XE Software CVE-2015-6359 Denial of Service Vulnerability
2015-12-17
http://www.securityfocus.com/bid/79200

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77081

Microsoft Windows CVE-2015-6128 DLL Loading Remote Code Execution Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78612

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77116

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-12-17
http://www.securityfocus.com/bid/71939

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-12-17
http://www.securityfocus.com/bid/71942

OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
2015-12-17
http://www.securityfocus.com/bid/71937

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78626

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2015-12-17
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78209

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-17
http://www.securityfocus.com/bid/78619

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-17
http://www.securityfocus.com/bid/77192

SANS News

When Hunting BeEF, Yara rules (Part 2)

Threatpost

Critical Flaws Found in Network Management Systems

Exploit

Easy File Sharing Web Server 7.2 - GET HTTP Request SEH Buffer Overflow

Easy File Sharing Web Server 7.2 - HEAD HTTP Request SEH Buffer Overflow

Zen Cart 1.5.4 - Local File Inclusion

Gentoo Local Priv Escalation in QEMU

16.12.2015

Bugtraq

[SECURITY] [DSA 3422-1] iceweasel security update 2015-12-16
Moritz Muehlenhoff (jmm debian org)

Shutdown UX DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)

Shockwave Flash Object DLL side loading vulnerability 2015-12-16
Securify B.V. (lists securify nl)

[security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) 2015-12-16
security-alert hpe com

Event Viewer Snapin multiple DLL side loading vulnerabilities 2015-12-16
Securify B.V. (lists securify nl)

libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) 2015-12-16
Hans Jerry Illikainen (hji dyntopia com)

FreeBSD Security Advisory FreeBSD-SA-15:27.bind 2015-12-16
FreeBSD Security Advisories (security-advisories freebsd org)

SQL Injection in orion.extfeedbackform Bitrix Module 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)

RCE in Zen Cart via Arbitrary File Inclusion 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)

libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) 2015-12-16
Hans Jerry Illikainen (hji dyntopia com)

[slackware-security] openssl (SSA:2015-349-04) 2015-12-16
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2015-349-01) 2015-12-16
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-349-02) 2015-12-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3420-1] bind9 security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3419-1] cups-filters security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:MSIL/Banload.AL 
TrojanDownloader:Win32/Banload.BFX 
TrojanSpy:Win32/Ursnif.HP 
Backdoor:Python/Covnoo.A 
Backdoor:Win32/Blackhole.AE 
Backdoor:Win32/Jadow.A 
Trojan:Win32/Varpes.C!plock 
Trojan:Win32/Varpes.A!plock 
Trojan:Win32/Varpes.D!plock 
Trojan:Win32/Varpes.I!plock 

Phishing

Info Service Dpt

15th December 2015

ACCOUNT TERMINATION

PayPal

15th December 2015

Limited Account Update Please

SERVICE PPL

15th December 2015

Your Account Will Be Suspended
.

Vulnerebility

Multiple FireEye Products 'JAR Analysis' Remote Code Execution Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78809

Network Time Protocol CVE-2014-9295 Multiple Stack Based Buffer Overflow Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/71761

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-16
http://www.securityfocus.com/bid/70103

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2015-12-16
http://www.securityfocus.com/bid/71762

NTP 'ntp_config.c' Insufficient Entropy Security Weakness
2015-12-16
http://www.securityfocus.com/bid/71757

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/66690

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-16
http://www.securityfocus.com/bid/53354

LibreOffice Multiple Remote Code Execution and Information Disclosure Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/77486

Cisco IOS XE Software CVE-2015-6359 Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/79200

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77081

Microsoft Windows CVE-2015-6128 DLL Loading Remote Code Execution Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78612

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77116

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-12-16
http://www.securityfocus.com/bid/71939

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-12-16
http://www.securityfocus.com/bid/71942

OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/71937

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78626

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78209

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78619

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77192

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2015-12-16
http://www.securityfocus.com/bid/78416

Xen CVE-2015-8338 Denial of Service Vulnerability
2015-12-16
http://www.securityfocus.com/bid/78920

Antirez Redis 'lua_struct.c' Integer Overflow Vulnerability
2015-12-16
http://www.securityfocus.com/bid/77507

SANS News

Playing With Sandboxes Like a Boss

Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos

Threatpost

 

Exploit

Wireshark - iseries_parse_packet Heap-Based Buffer Overflow

Wireshark - dissect_tds7_colmetadata_token Stack-Based Buffer Overflow

Wireshark - wmem_alloc Assertion Failure

Wireshark - dissect_zcl_pwr_prof_pwrprofstatersp Static Out-of-Bounds Read

Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read

Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack-Based Buffer Overflow

Wireshark - memcpy (get_value / dissect_btatt) SIGSEGV

Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV

Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow

Wireshark - ascend_seek Static Out-of-Bounds Read

Wireshark - addresses_equal (dissect_rsvp_common) Use-After-Free

Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack-Based Buffer Overflow

Wireshark - find_signature Stack-Based Out-of-Bounds Read

Wireshark - AirPDcapPacketProcess Stack-Based Buffer Overflow

Wireshark - getRate Stack-Based Out-of-Bounds Read

FireEye Wormable Remote Code Execution in MIP JAR Analysis

Ovidentia newsletter Module 2.2 - (admin.php) Remote File Inclusion Exploit

Joomla 1.5 - 3.4.5 - Object Injection Remote Command Execution

15.12.2015

Bugtraq

[SECURITY] [DSA 3419-1] cups-filters security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) 2015-12-14
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3418-1] chromium-browser security update 2015-12-15
Michael Gilbert (mgilbert debian org)

[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) 2015-12-14
security-alert hpe com

Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] 2015-12-15
Hector Marco-Gisbert (hecmargi upv es)

phpback v1.1 XSS vulnerability 2015-12-15
apparitionsec gmail com

ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS 2015-12-14
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3417-1] bouncycastle security update 2015-12-14
Luciano Bello (luciano debian org)

[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability 2015-12-14
ERPScan inc (erpscan online gmail com)

ECommerceMajor SQL Injection Vulnerability 2015-12-13
Rahul Pratap Singh (techno rps gmail com)

Malware

TrojanDownloader:MSIL/Genmaldow.C 
TrojanDownloader:MSIL/Genmaldow.D 
HackTool:MSIL/Noancooe.B 
PWS:Win32/QQpass.GU 

Infostealer.Zanjif

Phishing

Service

15th December 2015

[PR] Case ID :
PP2996-65543-54343 12/12/2015
7:44

OFAMERICA BANK.

15th December 2015

DEAR ESTEEMED CUSTOMER,

Vodafone

14th December 2015

YOU HAVE RECEIVED A NEW
MESSAGE

PayPal Service

14th December 2015

LOGIN TO YOUR ACCOUNT CONFIRM
THE INFORMATION

PayPal

14th December 2015

Receipt for your payment to
actmodz@gmail.com

Vulnerebility

Microsoft Windows CVE-2015-6128 DLL Loading Remote Code Execution Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78612

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77116

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-12-15
http://www.securityfocus.com/bid/71939

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-12-15
http://www.securityfocus.com/bid/71942

OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
2015-12-15
http://www.securityfocus.com/bid/71937

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78626

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-15
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2015-12-15
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78209

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78619

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77192

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2015-12-15
http://www.securityfocus.com/bid/78416

Xen CVE-2015-8338 Denial of Service Vulnerability
2015-12-15
http://www.securityfocus.com/bid/78920

Antirez Redis 'lua_struct.c' Integer Overflow Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77507

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77160

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-15
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-15
http://www.securityfocus.com/bid/77238

SANS News

AD Security's Unofficial Guide to Mimikatz & Command Reference

Color My Logs: Providing Context for Your Logs Using Our Data

Threatpost

 

Exploit

Joomla 1.5 - 3.4.5 - Object Injection Remote Command Execution

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer...

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer...

Microsoft Office / COM Object DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)

Legend Perl IRC Bot Remote Code Execution

Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution

ECommerceMajor - (productdtl.php, prodid param) SQL Injection Vulnerability

WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation

Polycom VVX-Series Business Media Phones - Path Traversal Vulnerability

Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal

Adobe Flash Type Confusion in IExternalizable.readExternal When Performing Local Serialization

Adobe Flash Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter

 14.12.2015

Bugtraq

ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS 2015-12-14
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3417-1] bouncycastle security update 2015-12-14
Luciano Bello (luciano debian org)

[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability 2015-12-14
ERPScan inc (erpscan online gmail com)

ECommerceMajor SQL Injection Vulnerability 2015-12-13
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3416-1] libphp-phpmailer security update 2015-12-13
Luciano Bello (luciano debian org)

COM+ Services DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)

Malware

TrojanDropper:MSIL/Nunscant.A 

Backdoor.Zelug

Phishing

HSBC

13th December 2015

HSBC Bank Account
Notification.

National

13th December 2015

NatWest Bank Secure
Notification.

Vulnerebility

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78209

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2015-12-14
http://www.securityfocus.com/bid/78734

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78619

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77192

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2015-12-14
http://www.securityfocus.com/bid/78416

Xen CVE-2015-8338 Denial of Service Vulnerability
2015-12-14
http://www.securityfocus.com/bid/78920

Antirez Redis 'lua_struct.c' Integer Overflow Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77507

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77160

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-14
http://www.securityfocus.com/bid/77238

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-14
http://www.securityfocus.com/bid/77164

SANS News

Color My Logs: Providing Context for Your Logs Using Our Data

Threatpost

 

Exploit

Windows XP-10 - Null-Free WinExec Shellcode (Python)

Siemens Simatic S7 1200 CPU Command Module (MSF)

ECommerceMajor - (productdtl.php, prodid param) SQL Injection Vulnerability

WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation

13.12.2015

Bugtraq

COM+ Services DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)

Windows Authentication UI DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)

XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 2015-12-12
Aravind (altoarun gmail com)

[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2015-12-12
security-alert hpe com

APPLE-SA-2015-12-11-1 iTunes 12.3.2 2015-12-11
Apple Product Security (product-security-noreply lists apple com)

ORGIN STUDIOS Cms Multiple Vulnerability 2015-12-11
iedb team gmail com

Malware

 

Phishing

PaypaI Service

13th December 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

Paypal support

13th December 2015

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED....

Bank of America

12th December 2015

Bank of America Customer
Service - Sign-in to Online
Banking Locked

Vulnerebility

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-13
http://www.securityfocus.com/bid/77238

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77192

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-13
http://www.securityfocus.com/bid/66690

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-13
http://www.securityfocus.com/bid/70103

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-13
http://www.securityfocus.com/bid/53354

Linux Kernel SCTP Implementation CVE-2015-5283 Local Denial of Service Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77058

Linux Kernel CVE-2015-7872 Local Privilege Escalation Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77544

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77209

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-12-13
http://www.securityfocus.com/bid/74733

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-13
http://www.securityfocus.com/bid/78524

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77528

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77524

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77194

Netgear G54/N150 WNR1000v3 Router CVE-2015-8263 Security Bypass Vulnerability
2015-12-13
http://www.securityfocus.com/bid/78873

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-13
http://www.securityfocus.com/bid/77164

SANS News

Use The Privilege

Threatpost

 

Exploit

 

12.12.2015

Bugtraq

[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2015-12-12
security-alert hpe com

APPLE-SA-2015-12-11-1 iTunes 12.3.2 2015-12-11
Apple Product Security (product-security-noreply lists apple com)

ORGIN STUDIOS Cms Multiple Vulnerability 2015-12-11
iedb team gmail com

Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege 2015-12-08
Stefan Kanthak (stefan kanthak nexgo de)

WordPress <=v4.4 Username Exists Information Disclosure 2015-12-10
John SECURELI.com (john secureli com)

BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)

Malware

 

Phishing

CIBC Online Banking

11th December 2015

LOGIN ALERT FOR OPERA ON
WINDOWS. #621630051

Vulnerebility

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-12
http://www.securityfocus.com/bid/77238

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77192

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
2015-12-12
http://www.securityfocus.com/bid/66690

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2015-12-12
http://www.securityfocus.com/bid/70103

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
2015-12-12
http://www.securityfocus.com/bid/53354

Linux Kernel SCTP Implementation CVE-2015-5283 Local Denial of Service Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77058

Linux Kernel CVE-2015-7872 Local Privilege Escalation Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77544

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77209

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-12-12
http://www.securityfocus.com/bid/74733

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2015-12-12
http://www.securityfocus.com/bid/78524

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77528

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77524

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77194

Netgear G54/N150 WNR1000v3 Router CVE-2015-8263 Security Bypass Vulnerability
2015-12-12
http://www.securityfocus.com/bid/78873

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-12
http://www.securityfocus.com/bid/77164

SANS News

What Signs Are You Missing?

Threatpost

 

Exploit

 

11.12.2015

Bugtraq

Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege 2015-12-08
Stefan Kanthak (stefan kanthak nexgo de)

WordPress <=v4.4 Username Exists Information Disclosure 2015-12-10
John SECURELI.com (john secureli com)

BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)

SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10
SEC Consult Vulnerability Lab (research sec-consult com)

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-12-08-6 Xcode 7.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability 2015-12-08
Secunia Research (remove-vuln secunia com)

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3414-1] xen security update 2015-12-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution 2015-12-09
security-alert hpe com

APPLE-SA-2015-12-08-2 tvOS 9.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

TrojanDownloader:Win32/Banload.BFW 

Phishing

Support Service

11th December 2015

NOTICE : WE HAVE MAKE SOME
CHANGES ON OUR PAYPAL USERS
AGREEMENT.

Microsoft

10th December 2015

Update

Support Service

10th December 2015

NOTICE : WE HAVE MAKE SOME
CHANGES ON OUR PAYPAL USERS
AGREEMENT.

Microsoft

10th December 2015

NatWest Credit Card Online
Services - Balance Statement

Vulnerebility

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77528

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77524

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77194

Netgear G54/N150 WNR1000v3 Router CVE-2015-8263 Security Bypass Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78873

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77164

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78622

libpng CVE-2015-8126 Multiple Heap Based Buffer Overflow Vulnerabilities
2015-12-11
http://www.securityfocus.com/bid/77568

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77304

Microsoft Windows CVE-2015-6127 Information Disclosure Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78516

libpng CVE-2015-8472 Incomplete Fix Heap Based Buffer Overflow Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78624

Git CVE-2015-7545 Remote Command Execution Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78711

Adobe FlashPlayer and AIR CVE-2015-8407 Stack Buffer Overflow Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78717

Adobe Flash Player and AIR Multiple Unspecified Security Bypass Vulnerabilities
2015-12-11
http://www.securityfocus.com/bid/78713

Adobe FlashPlayer and AIR APSB15-32 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2015-12-11
http://www.securityfocus.com/bid/78712

Adobe Flash Player and AIR CVE-2015-8445 Unspecified Integer Overflow Vulnerability
2015-12-11
http://www.securityfocus.com/bid/78716 Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77165

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2015-12-11
http://www.securityfocus.com/bid/77415

SANS News

Everything old is new again - Blackhole exploit kit since November 2015

Threatpost

Banking Malware Moving Over Facebook Hosted in Cloud

Exploit

 

10.12.2015

Bugtraq

BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)

SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10
SEC Consult Vulnerability Lab (research sec-consult com)

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-12-08-6 Xcode 7.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability 2015-12-08
Secunia Research (remove-vuln secunia com)

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3414-1] xen security update 2015-12-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution 2015-12-09
security-alert hpe com

APPLE-SA-2015-12-08-2 tvOS 9.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference 2015-12-09
CORE Advisories Team (advisories coresecurity com)

[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information 2015-12-09
security-alert hpe com

APPLE-SA-2015-12-08-5 Safari 9.0.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-12-08-1 iOS 9.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information 2015-12-09
security-alert hpe com

Path Traversal via CSRF in bitrix.xscan Bitrix Module 2015-12-09
High-Tech Bridge Security Research (advisory htbridge ch)

APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) 2015-12-08
securityresearch shaftek biz

[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 2015-12-09
Vogt, Thomas (Thomas Vogt secunet com)

XSS vulnerability in Intellect Core banking software - Polaris 2015-12-09
msahu controlcase com

PHP File Inclusion in bitrix.mpbuilder Bitrix Module 2015-12-09
High-Tech Bridge Security Research (advisory htbridge ch)

WordPress Users Ultra Plugin [Blind SQL injection] - Update 2015-12-08
Panagiotis Vagenas (pan vagenas gmail com)

Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege 2015-12-09
Stefan Kanthak (stefan kanthak nexgo de)

MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow 2015-12-08
submit cxsec org

[SECURITY] [DSA 3415-1] chromium-browser security update 2015-12-10
Michael Gilbert (mgilbert debian org)

Malware

EXP.CVE-2015-6124

Phishing

Support Service

10th December 2015

NOTICE : WE HAVE MAKE SOME
CHANGES ON OUR PAYPAL USERS
AGREEMENT.

Microsoft

10th December 2015

NatWest Credit Card Online
Services - Balance Statement

Vulnerebility

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77415

Google Chrome CVE-2015-1302 Information Disclosure Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77537

Mozilla Network Security Services Memory Corruption and Heap Buffer Overflow Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77416

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/78416

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2015-12-10
http://www.securityfocus.com/bid/78209

Oracle MySQL Server CVE-2015-4815 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77222

Oracle MySQL Server CVE-2015-4826 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77237

Oracle MySQL Server CVE-2015-4913 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77153

Adobe ColdFusion APSB15-29 Multiple Unspecified Cross Site Scripting Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77625

Adobe Flash Player and AIR APSB15-32 Multiple Use After Free Remote Code Execution Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/78715

Adobe Premiere Clip CVE-2015-8051 Unspecified Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77624

Adobe Flash Player and AIR APSB15-32 Multiple Unspecified Memory Corruption Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/78710

Oracle MySQL Server CVE-2015-4870 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77208

Oracle MySQL Server CVE-2015-4792 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77171

Oracle MySQL Server CVE-2015-4802 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77165

Oracle MySQL Server CVE-2015-4858 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77145

Oracle MySQL Server CVE-2015-4836 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77190

Oracle MySQL Server CVE-2015-4807 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77205

Oracle MySQL Server CVE-2015-4861 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77137

Oracle MySQL Server CVE-2015-4830 Remote Security Vulnerability
2015-12-10
http://www.securityfocus.com/bid/77228

Cisco Unified Communications Manager CVE-2015-6410 Security Bypass Vulnerability
2015-12-10
http://www.securityfocus.com/bid/78741

Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
2015-12-10
http://www.securityfocus.com/bid/78723

X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
2015-12-10
http://www.securityfocus.com/bid/49124

Apple Mac OS X and iOS Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/76343

PHP PHAR Multiple Denial of Service Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/76959

OpenLDAP CVE-2015-6908 Denial of Service Vulnerability
2015-12-10
http://www.securityfocus.com/bid/76714

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/52379

LibreSSL 'OBJ_obj2txt()' Function Buffer Overflow and Information Disclosure Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77112

Apple Mac OS X/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/78719

Apple iOS APPLE-SA-2015-10-21-1 Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77268
2015-12-10
http://www.securityfocus.com/bid/78719

Apple iOS APPLE-SA-2015-10-21-1 Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77268

Apple iOS and Mac OS X Multiple Security Vulnerabilities
2015-12-10
http://www.securityfocus.com/bid/77263

SANS News

New Burp Feature - ClickBandit

Uninstalling Problem Applications using Powershell

Threatpost

 

Exploit

iy10 Dizin Scripti - Multiple Vulnerabilities

Gökhan Balbal Script 2.0 - CSRF Vulnerability

Skybox Platform <=7.0.611 - Multiple Vulnerabilities

Rar CmdExtract::UnstoreFile Integer Truncation Memory Corruption

Avast OOB Write Decrypting PEncrypt Packed Executables

Avast JetDb::IsExploited4x - Performs Unbounded Search on Input

Avast Heap Overflow Unpacking MoleBox Archives

Avast Integer Overflow Verifying numFonts in TTC Header

9.12.2015

Bugtraq

Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Malware

W97M.Rovoshell

Downloader.Hinired

Phishing

 

Vulnerebility

Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
2015-12-09
http://www.securityfocus.com/bid/78723

X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
2015-12-09
http://www.securityfocus.com/bid/49124

Apple Mac OS X and iOS Multiple Security Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/76343

PHP PHAR Multiple Denial of Service Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/76959

OpenLDAP CVE-2015-6908 Denial of Service Vulnerability
2015-12-09
http://www.securityfocus.com/bid/76714

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/52379

LibreSSL 'OBJ_obj2txt()' Function Buffer Overflow and Information Disclosure Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/77112

Apple Mac OS X/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/78719

Apple iOS APPLE-SA-2015-10-21-1 Multiple Security Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/77268

Apple iOS and Mac OS X Multiple Security Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/77263

Adobe ColdFusion APSB15-29 Multiple Unspecified Cross Site Scripting Vulnerabilities
2015-12-09
http://www.securityfocus.com/bid/77625

Adobe Premiere Clip CVE-2015-8051 Unspecified Security Vulnerability
2015-12-09
http://www.securityfocus.com/bid/77624

Cisco FirePOWER Management Center Software CVE-2015-6411 Information Disclosure Vulnerability
2015-12-09
http://www.securityfocus.com/bid/78740

Multiple Cisco IP Phones CVE-2015-6403 Local Arbitrary File Upload Vulnerability
2015-12-09
http://www.securityfocus.com/bid/78739

Cisco Prime Collaboration Assurance CVE-2015-6389 Insecure Default Password Vulnerability
2015-12-09
http://www.securityfocus.com/bid/78738

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/75161

IBM WebSphere Application Server CVE-2015-7450 Remote Code Execution Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77653

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-12-08
http://www.securityfocus.com/bid/75156

HP LoadRunner Virtual Table Server CVE-2015-6857 Local Code Execution Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77946

Cisco IOS XE 3S Software CVE-2015-6383 Local Security Bypass Vulnerability
2015-12-08
http://www.securityfocus.com/bid/78521

Unitronics VisiLogic ActiveX Control Multiple Remote Code Execution Vulnerabilities
2015-12-08
http://www.securityfocus.com/bid/77571

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77194

Cisco Networking Services CVE-2015-6375 Information Disclosure Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77676

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77192

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/74119

Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
2015-12-08
http://www.securityfocus.com/bid/74083

SANS News

Enforcing USB Storage Policy with PowerShell

Threatpost

Internet Root Name Servers Survive Unusual DDoS Attack

Exploit

Microsoft Windows Media Center Library Parsing RCE Vulnerability aka "self-executing" MCL File

Microsoft Windows Media Center Link File Incorrectly Resolved Reference

WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities

WIMAX MT711x - Multiple Vulnerabilities

Wordpress Plugin WP Easy Poll 1.1.3 - XSS and CSRF

IE 11.0.9600.18097 COmWindowProxy::SwitchMarkup NULL PTR

MacOS X 10.11 FTS Deep Structure of the File System Buffer Overflow

8.12.2015

Bugtraq

Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

iScripts Multicart Cms Multiple Vulnerability 2015-12-07
iedb team gmail com

WebBoutiques Cms Cross-Site Scripting Vulnerability 2015-12-07
iedb team gmail com

Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Malware

TrojanSpy:Win32/Nivdort.BZ 
TrojanSpy:Win32/Nivdort.CI 
TrojanSpy:Win32/Nivdort.CJ 
TrojanSpy:Win32/Nivdort.CK 
TrojanSpy:Win32/Nivdort.CO 
TrojanDownloader:JS/Swabfex.A 
TrojanDownloader:MSIL/Bladabindi.J 
TrojanDropper:Win32/Sulunch 

Win32/Ramnit.O

VBA/TrojanDownloader.Agent

VBA/TrojanDownloader.Agent.L

VBA/TrojanDownloader.Agent.EM

VBA/TrojanDownloader.Agent.VX

VBA/TrojanDownloader.Agent.WF

VBA/TrojanDownloader.Agent.WJ

VBA/TrojanDownloader.Agent.WR

VBA/TrojanDownloader.Agent.XZ

VBA/TrojanDownloader.Agent.YA

VBA/TrojanDownloader.Agent.YI

VBA/TrojanDownloader.Agent.YJ

VBA/TrojanDownloader.Agent.YK

VBA/TrojanDownloader.Agent.YL

VBA/TrojanDownloader.Agent.YP

VBA/TrojanDownloader.Agent.YW

VBA/TrojanDownloader.Agent.YX

VBA/TrojanDownloader.Agent.ZC

VBA/TrojanDownloader.Agent.ZH

VBA/TrojanDownloader.Agent.ADX

Phishing

Argos

8th December 2015

WIN £1500 TO SPEND AT ARGOS!

Google

7th December 2015

Problem with your Google
Account

Google

7th December 2015

Google ID: Profile Inaccurate

Chase Bank

7th December 2015

CHASE BANK ONLINE NOTICE

Natwest

6th December 2015

YOUR NATWEST DEBIT CARD REFUND
NOTICE

Vulnerebility

Magento 'bridgeName' Paramater Cross Site Scripting Vulnerability
2015-12-07
http://www.securityfocus.com/bid/70950

Linux Kernel SCTP Implementation CVE-2015-5283 Local Denial of Service Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77058

Oracle Java SE CVE-2015-0486 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/74145

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/74141

IBM WebSphere Portal CVE-2015-4993 Unspecified Cross Site Scripting Vulnerability
2015-12-07
http://www.securityfocus.com/bid/78609

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/74119

IBM SDK CVE-2015-1914 Sandbox Security Bypass Vulnerability
2015-12-07
http://www.securityfocus.com/bid/74645

Oracle Java SE CVE-2015-0480 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/74104

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2015-12-07
http://www.securityfocus.com/bid/77238

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77192

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77200

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77162

Mozilla Firefox Multiple Security Vulnerabilities
2015-12-07
http://www.securityfocus.com/bid/77411

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2015-12-07
http://www.securityfocus.com/bid/77415

SANS News

Apple Patches Everything

Adobe Flash Update

December 2015 Microsoft Patch Tuesday

Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support

Continuous Monitoring for Random Strings

Threatpost

Bitcoin Extortionist Copycats on the Rise, Experts Say

Microsoft, Law Enforcement Collaborate in Dorkbot Takedown

Exploit

phpFileManager 0.9.8 Remote Code Execution

Atlassian HipChat for Jira Plugin Velocity Template Injection

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit

OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability

OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities

OpenMRS 2.3 (1.11.4) - Local File Disclosure Vulnerability

PHP Utility Belt - Remote Code Execution

WordPress Polls Widget Plugin 1.0.7 - SQL Injection Vulnerability

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions

iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions

7.12.2015

Bugtraq

Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

iScripts Multicart Cms Multiple Vulnerability 2015-12-07
iedb team gmail com

WebBoutiques Cms Cross-Site Scripting Vulnerability 2015-12-07
iedb team gmail com

Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)

Command Injection in cool-video-gallery v1.9 Wordpress plugin 2015-12-07
Larry Cashdollar (larry0 me com)

[SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) 2015-12-07
disclosure syss de

[SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932) 2015-12-07
disclosure syss de

Edimax BR-6478AC & Others Multiple Vulnerabilites 2015-12-07
mwinstead3790 gmail com

FreeBSD Security Advisory FreeBSD-SA-15:26.openssl 2015-12-05
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

TrojanDropper:MSIL/Redwer.A 
Win32/Varpes 
BrowserModifier:Win32/Pokki 

Trojan.Chikdos.B

Trojan.Ratopak

Win32/Ramnit.O

Phishing

Google

7th December 2015

Problem with your Google
Account

Google

7th December 2015

Google ID: Profile Inaccurate

Chase Bank

7th December 2015

CHASE BANK ONLINE NOTICE

Natwest

6th December 2015

YOUR NATWEST DEBIT CARD REFUND
NOTICE

Discover Customer Service

6th December 2015

Discover: Account Notice For
Issue #32031

Account-Service

6th December 2015

YOUR ACCOUNT WILL BE LIMITED !

Thomas Jones

6th December 2015

TO JO@AOL.COM,AWESOME. HERE
ARE NEW DEALS WITH 70% OFF

Vulnerebility

 

SANS News

Offensive Countermeasures against stolen passswords

Continuous Monitoring for Random Strings

Threatpost

 

Exploit

Cyclope Employee Surveillance <= v8.6.1- Insecure File Permissions

6.12.2015

Bugtraq

[SECURITY] [DSA 3413-1] openssl security update 2015-12-04
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution 2015-12-03
security-alert hpe com

[SECURITY] [DSA 3412-1] redis security update 2015-12-03
Salvatore Bonaccorso (carnil debian org)

ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability 2015-12-03
Security Alert (Security_Alert emc com)

[slackware-security] mozilla-thunderbird (SSA:2015-337-02) 2015-12-03
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-337-01) 2015-12-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3411-1] cups-filters security update 2015-12-02
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

PayPal

5th December 2015

PAYPAL - YOUR ACCOUNT HAS
UNRESOLVED ISSUES. VERIFY YOUR
IDENTITY NOW!

PayPal

5th December 2015

PAYPAL - ACCOUNT UNRESOLVED
ISSUES. VERIFY YOUR IDENTITY
NOW!

BT

5th December 2015

BT CHANGING STATUS - PLEASE
UPGRADE YOUR ACCOUNT NOW!

Apple

5th December 2015

Important - Validate your
Apple account

Google

5th December 2015

YOU HAVE A NEW DOCUMENT FROM
THE BANK!

PayPal

4th December 2015

Your account has been limited
!

Vulnerebility

 

SANS News

Are you looking to setup your own Malware Sandbox?

Threatpost

OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches

Let’s Encrypt Initiative Enters Public Beta

Exploit

Cyclope Employee Surveillance <= v8.6.1- Insecure File Permissions

4.12.2015

Bugtraq

[SECURITY] [DSA 3413-1] openssl security update 2015-12-04
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution 2015-12-03
security-alert hpe com

[SECURITY] [DSA 3412-1] redis security update 2015-12-03
Salvatore Bonaccorso (carnil debian org)

ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability 2015-12-03
Security Alert (Security_Alert emc com)

[slackware-security] mozilla-thunderbird (SSA:2015-337-02) 2015-12-03
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-337-01) 2015-12-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3411-1] cups-filters security update 2015-12-02
Moritz Muehlenhoff (jmm debian org)

Ellucian Banner Student Vulnerability Disclosure 2015-12-02
sean dillon risksense com

WordPress Users Ultra Plugin [Persistence XSS] 2015-12-02
pan vagenas gmail com

WordPress Users Ultra Plugin [Blind SQL injection] 2015-12-02
pan vagenas gmail com

Malware

Trojan.Chikdos.B

Trojan.Browrat

JS/TrojanDownloader.Nemucod

VBA/TrojanDownloader.Agent.AEA

Win32/Ramnit.BV

TrojanSpy:MSIL/Banker.P 

Phishing

PayPal

4th December 2015

Your account has been limited
!

PayPal Inc

4th December 2015

WARNING! YOU MUST UPDATE ALL
YOUR INFORMATIONS

PayPal Inc

4th December 2015

[ PAYPAL ] : VIEW YOUR RECENT
ACTIVITY . #PP =
62218296612210384

Service Inc

4th December 2015

[PAYPAL:PLEASE CHECK YOUR
ACCOUNT]

Service

4th December 2015

PAYPAL UPDATE NOW

Vulnerebility

 

SANS News

Automating Phishing Analysis using BRO

Threatpost

 

Exploit

Wordpress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities

Wordpress Plugin Sell Download v1.0.16 - Local File Disclosure

Wordpress Plugin TheCartPress v1.4.7 - Multiple Vulnerabilities

3.12.2015

Bugtraq

ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability 2015-12-03
Security Alert (Security_Alert emc com)

[slackware-security] mozilla-thunderbird (SSA:2015-337-02) 2015-12-03
Slackware Security Team (security slackware com)

[slackware-security] libpng (SSA:2015-337-01) 2015-12-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3411-1] cups-filters security update 2015-12-02
Moritz Muehlenhoff (jmm debian org)

Ellucian Banner Student Vulnerability Disclosure 2015-12-02
sean dillon risksense com

WordPress Users Ultra Plugin [Persistence XSS] 2015-12-02
pan vagenas gmail com

WordPress Users Ultra Plugin [Blind SQL injection] 2015-12-02
pan vagenas gmail com

Gnome Nautilus [Denial of Service] 2015-12-02
pan vagenas gmail com

SQLi Vulnerability in ATuter management system 2015-12-02
sirus shahini gmail com

Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Reflected XSS in Ultimate Member WordPress Plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Malware

TrojanSpy:MSIL/Banker.P 
TrojanDownloader:Win32/Banload.BFM 
TrojanDownloader:VBS/Banload.AS 
TrojanDownloader:MSIL/Banload.AK 

JS.Teslader

JS.Enigmaper

Phishing

 

Vulnerebility

 

SANS News

New variant of CryptoWall - Is it right to call it 4.0?

Threatpost

 

Exploit

Gnome Nautilus 3.16 - Denial of Service

Acunetix WVS 10 - Local Privilege escalation

Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability

Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload

Advantech Switch Bash Environment Variable Code Injection (Shellshock)

WordPress Users Ultra Plugin 1.5.50 - Blind SQL injection

WordPress Users Ultra Plugin 1.5.50 - Persistent XSS

WordPress Gwolle Guestbook Plugin 1.5.3 - Remote File Inclusion

Malwarebytes Antivirus 2.2.0 - DoS PoC

2.12.2015

Bugtraq

WordPress Users Ultra Plugin [Persistence XSS] 2015-12-02
pan vagenas gmail com

WordPress Users Ultra Plugin [Blind SQL injection] 2015-12-02
pan vagenas gmail com

Gnome Nautilus [Denial of Service] 2015-12-02
pan vagenas gmail com

SQLi Vulnerability in ATuter management system 2015-12-02
sirus shahini gmail com

Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Reflected XSS in Ultimate Member WordPress Plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Remote File Inclusion in Gwolle Guestbook WordPress Plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Reflected XSS in Role Scoper WordPress Plugin 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

Reflected Cross-Site Scripting (XSS) in SourceBans 2015-12-02
High-Tech Bridge Security Research (advisory htbridge ch)

[SECURITY] [DSA 3409-1] putty security update 2015-12-01
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3410-1] icedove security update 2015-12-01
Moritz Muehlenhoff (jmm debian org)

Zenphoto 1.4.10 Local File Inclusion 2015-12-02
apparitionsec gmail com

Zenphoto 1.4.10 XSS Vulnerability 2015-12-01
apparitionsec gmail com

[SECURITY] [DSA 3408-1] gnutls26 security update 2015-12-01
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan:Win32/Startpage.XW 
TrojanDropper:Win32/Binuflix.A 
PWS:MSIL/Stimilina.N 
Backdoor:MSIL/Omaneat.A 

Backdoor.Boksdrop

VBA/TrojanDownloader.Agent.AIK

VBA/TrojanDownloader.Agent.AHU

MSIL/Agent.QVI

VBA/TrojanDownloader.Agent.AEA

Phishing

 

Vulnerebility

 

SANS News

Nessus and Powershell is like Chocolate and Peanut Butter!

The Perils of Vendor Bloatware

Threatpost

 

Exploit

Advantech Switch Bash Environment Variable Code Injection (Shellshock)

Acunetix WVS 10 - Local Privilege escalation

1.12.2015

Bugtraq

Zenphoto 1.4.10 XSS Vulnerability 2015-12-01
apparitionsec gmail com

[SECURITY] [DSA 3408-1] gnutls26 security update 2015-12-01
Salvatore Bonaccorso (carnil debian org)

Huawei Wimax routers vulnerable to multiple threats 2015-11-30
Pierre Kim (pierre kim sec gmail com)

[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7) 2015-11-30
Security Explorations (contact security-explorations com)

LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection 2015-11-30
advisories (advisories lsexperts de)

Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Belkin N150 Wireless Home Router Multiple Vulnerabilities 2015-11-30
Rahul Pratap Singh (techno rps gmail com)

Malware

HackTool:Win32/Kapahyku.A 
TrojanDropper:Win32/Nivdort.A 
TrojanSpy:Win32/Nivdort.CE 

Trojan.Otlard

JS.Nemucod

Phishing

Lloyds Bank

1st December 2015

LloydsBank.RestrictionCode
532176

PayPal Inc

1st December 2015

[ PAYPAL ] : VIEW YOUR RECENT
ACTIVITY . #PP =
62218296612210384

Email Administrator

1st December 2015

Webmail Account Security!

Admin

1st December 2015

RESTORE

paypal

30th November 2015

UPDATE YOUR ACCOUNT
INFORMATION

Vulnerebility

 

SANS News

Tracking SSL Certificates

Threatpost

Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates

China APT Gang Targets Hong Kong Media via Dropbox

Exploit

Kodi 15 - Arbitrary File Aaccess (Web Interface)

Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities

Zenphoto 1.4.10 - Local File Inclusion

ntop-ng <= 2.0.151021 - Privilege Escalation

HumHub 0.11.2 and 0.20.0-beta.2 - SQL Injection

RHEL 7.0/7.1 - abrt/sosreport Local Root

Centos 7.1/Fedora 22 - abrt Local Root

30.11.2015

Bugtraq

LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection 2015-11-30
advisories (advisories lsexperts de)

Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Belkin N150 Wireless Home Router Multiple Vulnerabilities 2015-11-30
Rahul Pratap Singh (techno rps gmail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-29
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-29
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report. 2015-11-29
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
lem nikolas gmail com

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
aiscorp gives greetz com

Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation 2015-11-30
Nicholas Lemonias. (lem nikolas googlemail com)

[FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) 2015-11-27
Manuel Mancera (mmancera a2secure com)

[SECURITY] [DSA 3407-1] dpkg security update 2015-11-26
Salvatore Bonaccorso (carnil debian org)

Malware

Backdoor.Surge

Trojan.Melongad

Phishing

Support

29th November 2015

FWD: PLEASE VERIFY YOUR
ACCOUNT APPLE ID FOR SECURITY
REASONS !

PayPal

29th November 2015

ACCOUNT NOTIFICATIONS

IMMO USA

29th November 2015

ORLANDO , LA VILLE DU FUTUR ,
THE CITY OF THE FUTURE

Pay.service

28th November 2015

Please verify your account

Support

28th November 2015

FWD: PLEASE VERIFY YOUR
ACCOUNT APPLE ID FOR SECURITY
REASONS !

auto-confirm@amazon.com

28th November 2015

YOUR AMAZON.COM ORDER OF "PS4
SLIM BLACK+CONSOLE 2"

Keshan S. Watson

28th November 2015

PayPal Alert

Vulnerebility

 

SANS News

SHA1 Phase Out Overview

Threatpost

 

Exploit

Easy File Sharing Web Server 7.2 - Remote SEH Buffer Overflow (DEP Bypass with ROP)

HumHub 0.11.2 and 0.20.0-beta.2 - SQL Injection

27.11.2015

Bugtraq

[FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS) 2015-11-27
Manuel Mancera (mmancera a2secure com)

[SECURITY] [DSA 3407-1] dpkg security update 2015-11-26
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3405-1] smokeping security update 2015-11-25
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3406-1] nspr security update 2015-11-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3404-1] python-django security update 2015-11-25
Salvatore Bonaccorso (carnil debian org)

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability 2015-11-25
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor.Surge

VBA/TrojanDownloader.Agent.AJD

VBA/TrojanDownloader.Agent.AJH

Win32/Chinoxy.J

Backdoor.Surge

Trojan.Melongad

Phishing

NATWEST

26th November 2015

Restricted account access -
NatWest plc.

Amazon

26th November 2015

Please confirm your account
information .

Vulnerebility

 

SANS News

Known ?Good? DNS, An Observation

Threatpost

 

Exploit

 

26.11.2015

Bugtraq

[SECURITY] [DSA 3407-1] dpkg security update 2015-11-26
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3405-1] smokeping security update 2015-11-25
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3406-1] nspr security update 2015-11-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3404-1] python-django security update 2015-11-25
Salvatore Bonaccorso (carnil debian org)

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability 2015-11-25
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution 2015-11-25
security-alert hpe com

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution 2015-11-25
security-alert hpe com

[slackware-security] pcre (SSA:2015-328-01) 2015-11-25
Slackware Security Team (security slackware com)

Malware

TrojanSpy:Win32/Nivdort.CD 
TrojanSpy:Win32/Nivdort.CC 

Trojan.Phonywall

Phishing

Amazon

26th November 2015

Please confirm your account
information .

Virgin Media

26th November 2015

YOUR LATEST VIRGIN MEDIA BILL
CANNOT BE PROCESSED

Chase(SM)online.active.card@co

26th November 2015

NEW MESSAGE FROM CHASE(SM)

Chase Online

26th November 2015

SECURITY UPDATE

SUPPORT

26th November 2015

Were constantly working to
make your account safer

Microsoft Team

26th November 2015

Account Re-Validate

email update

25th November 2015

SETUP

Sonya Owens

25th November 2015

WET PUSSY REQUEST

Vulnerebility

 

SANS News

Malicious spam - Subject: RE: Bill

Known ?Good? DNS, An Observation

Threatpost

Lenovo Patches Vulnerabilities in System Update Service

Exploit

Linux x86_64 Polymorphic execve Shellcode - 31 bytes

25.11.2015

Bugtraq

[SECURITY] [DSA 3404-1] python-django security update 2015-11-25
Salvatore Bonaccorso (carnil debian org)

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability 2015-11-25
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution 2015-11-25
security-alert hpe com

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution 2015-11-25
security-alert hpe com

[slackware-security] pcre (SSA:2015-328-01) 2015-11-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3403-1] libcommons-collections3-java security update 2015-11-24
Moritz Muehlenhoff (jmm debian org)

ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability 2015-11-24
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3402-1] symfony security update 2015-11-24
Salvatore Bonaccorso (carnil debian org)

Steam Weak File Permissions Privilege Escalation 2015-11-23
ajs swordshield com

CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 2015-11-23
Christofer Dutz (cdutz apache org)

Malware

Worm:Win32/Conficker.B!inf 
Trojan:HTML/Pdfphish.A 

PHP.Filesman

VBA/TrojanDownloader.Agent.AJD

Phishing

Sonya Owens

25th November 2015

WET PUSSY REQUEST

Google Team

24th November 2015

GOOGLE ID: PROFILE INACCURATE

email update

25th November 2015

SETUP

Sonya Owens

25th November 2015

WET PUSSY REQUEST

Google Team

24th November 2015

GOOGLE ID: PROFILE INACCURATE

QuickBooks Online Payroll

23rd November 2015

Security Alert: About Your
Account

QuickBooks Payroll Services

23rd November 2015

SECURITY ALERT: ACCOUNT REVIEW

Vulnerebility

 

SANS News

 

Threatpost

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

Exploit

SAP Sybase Adaptive Server Enterprise XML External Entity Information Disclosure Vulnerability

WP-Client 3.8.7 - Stored XSS Vulnerability

24.11.2015

Bugtraq

[SECURITY] [DSA 3402-1] symfony security update 2015-11-24
Salvatore Bonaccorso (carnil debian org)

Steam Weak File Permissions Privilege Escalation 2015-11-23
ajs swordshield com

Malware

BrowserModifier:Win32/Smudplu 

Trojan.Encryptoraas

Exp.CVE-2015-2483

Exp.CVE-2015-2499

Exp.CVE-2015-2501

Exp.CVE-2015-7633

Exp.CVE-2015-7631

Exp.CVE-2015-7629

Exp.CVE-2015-7632

Phishing

QuickBooks Online Payroll

23rd November 2015

Security Alert: About Your
Account

QuickBooks Payroll Services

23rd November 2015

SECURITY ALERT: ACCOUNT REVIEW

Vulnerebility

 

SANS News

BizCN gate actor sends CryptoWall 4.0

Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA

Threatpost

Backdoor In A Backdoor Identified in 600,000 Arris Modems

Stealthy GlassRAT Spies on Commercial Targets

Exploit

Windows ndis.sys IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)

Windows Cursor Object Potential Memory Leak (MS15-115)

Windows Race Condition DestroySMWP Use-After-Free (MS15-115)

Windows Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)

Joomla Content History SQLi Remote Code Execution

vBulletin 5.x - Remote Code Execution Exploit

NVIDIA Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation

23.11.2015

Bugtraq

Steam Weak File Permissions Privilege Escalation 2015-11-23
ajs swordshield com

CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 2015-11-23
Christofer Dutz (cdutz apache org)

[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE 2015-11-23
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-019] SAP Afaria - Stored XSS 2015-11-23
ERPScan inc (erpscan online gmail com)

[FD] Celoxis <= 9.5 - Cross Site Scripting (XSS) 2015-11-23
Manuel Mancera (mmancera a2secure com)

[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import 2015-11-23
ERPScan inc (erpscan online gmail com)

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation 2015-11-22
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-22
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation 2015-11-22
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-23
Nicholas Lemonias. (lem nikolas googlemail com)

Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation 2015-11-23
Nicholas Lemonias. (lem nikolas googlemail com)

Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android 2015-11-20
Shazron (shazron apache org)

Malware

Trojan:Win32/Gatak 
TrojanDropper:MSIL/Fatext.A 

Trojan.Cryptolocker.AB

Unix.Ransomcrypt.B

Phishing

paypal

23rd November 2015

YOUR ACCOUNT WILL BE CLOSED

Pay'Pal@Services.com

23rd November 2015

PAYPAL -ACCOUNT NEED TO
CONFIRMATION
(PP-963-230-780-300) ✔

Mail System Administrator

22nd November 2015

INCOMING MESSAGES FOR
J@AOL.COM IS BLOCKED

service@intl.paypal

22nd November 2015

NOTE : TEAM PAYPAL YOU HAVE A
PROBLEM WITH YOUR PAYPAL
ACCOUNT ! ✉

Vulnerebility

 

SANS News

OpenDNS Research Used to Predict Threat

Automatic MIME attachments triage

Threatpost

Starwood Hotel Chain Hit By Point of Sale Malware

Exploit

vBulletin 5.x - Remote Code Execution Exploit

Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Vulnerability

Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption Vulnerability

Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption Vulnerability 2

Audacious 3.7 - ID3 Local Crash PoC

22.11.2015

Bugtraq

Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android 2015-11-20
Shazron (shazron apache org)

Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions 2015-11-20
Shazron (shazron apache org)

[SECURITY] [DSA 3400-1] lxc security update 2015-11-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) 2015-11-19
security-alert hpe com

NEW VMSA-2015-0008 - VMware product updates address information disclosure issue 2015-11-19
VMware Security Response Center (security vmware com)

Malware

 

Phishing

PayPal

22nd November 2015

Update Your PayPal Account !

PayPal

22nd November 2015

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED.

National

20th November 2015

RE: ILLUMINATI CONSPIRACIES -
NATIONAL LOTTERY FIXTURES

rolando moreno palos

20th November 2015

No prescription pharmacy -
cheap generic medications

Vulnerebility

 

SANS News

Nmap 7.00 is out!

Maldoc Social Engineering Trick

Threatpost

German Government Audits TrueCrypt

VMware Patches Pesky XXE Bug in Flex BlazeDS

Exploit

 

20.11.2015

Bugtraq

[SECURITY] [DSA 3400-1] lxc security update 2015-11-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) 2015-11-19
security-alert hpe com

Malware

TrojanDownloader:MSIL/Genmaldow.A 
TrojanDownloader:MSIL/Pstinb.E 
TrojanDownloader:MSIL/Pstinb.J 

Phishing

rolando moreno palos

20th November 2015

No prescription pharmacy -
cheap generic medications

Dr.

19th November 2015

J - TRUST ME THIS WILL CURE
YOUR DIABETES!

Royal Bank

19th November 2015

**Online Banking (Wire
Transfer
)*************************Paym
ent Alert From Royal Bank Of

Vulnerebility

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77192

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4881 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77159

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/77148

Adobe LiveCycle Data Services CVE-2015-3269 XML External Entity Information Disclosure Vulnerability
2015-11-19
http://www.securityfocus.com/bid/76394

Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74083

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/75895

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/75867

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74072

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-11-19
http://www.securityfocus.com/bid/73684

Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities
2015-11-19
http://www.securityfocus.com/bid/75973

IBM HTTP Server CVE-2015-4947 Stack Buffer Overflow Vulnerability
2015-11-19
http://www.securityfocus.com/bid/76658

Apache HTTP Server CVE-2015-3183 Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/75963

IBM SDK CVE-2015-1914 Sandbox Security Bypass Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74645

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74119

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-0491 Remote Security Vulnerability
2015-11-19
http://www.securityfocus.com/bid/74094

SANS News

SIEM is not a product, its a process...

When Hunting BeEF, Yara rules.

Threatpost

 

Exploit

F5 iControl iCall::Script Root Command Execution

Chkrootkit Local Privilege Escalation

ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities

ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities

Cambium ePMP 1000 - Multiple Vulnerabilities

Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting Vulnerabilities.

19.11.2015

Bugtraq

[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS) 2015-11-19
security-alert hpe com

NEW VMSA-2015-0008 - VMware product updates address information disclosure issue 2015-11-19
VMware Security Response Center (security vmware com)

CVE-2015-8131: Kibana CSRF vulnerability 2015-11-18
Kevin Kluge (kevin elastic co)

IBM i Access Buffer Overflow Code DOS CVE-2015-7422 2015-11-18
apparitionsec gmail com

IBM i Access Buffer Overflow Code Exec CVE-2015-2023 2015-11-18
apparitionsec gmail com

[security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) 2015-11-18
security-alert hpe com

[SECURITY] [DSA 3399-1] libpng security update 2015-11-18
Salvatore Bonaccorso (carnil debian org)

RCE and SQL injection via CSRF in Horde Groupware 2015-11-18
High-Tech Bridge Security Research (advisory htbridge ch)

Malware

Trojan.Corentry

Backdoor.Poldat

PHP.Anuna

Infostealer.Donpos

Exp.CVE-2015-6096

Exp.CVE-2015-6071

Exp.CVE-2015-6064

Exp.CVE-2015-6075

Trojan.Corentry

VBA/TrojanDownloader.Agent.AIU

VBA/TrojanDownloader.Agent.AIQ

VBA/TrojanDownloader.Agent.AIP

Win32/Gudra.A

Win32/Kitkiot.A

Phishing

Royal Bank

19th November 2015

**Online Banking (Wire
Transfer
)*************************Paym
ent Alert From Royal Bank Of

Chase

18th November 2015

Unverified Attempt Access
Chase Online

Natwest Bank

18th November 2015

Important Information Update
From Natwest Online.

VISA

18th November 2015

APPLY HERE. 1. 100 % SAFE AND
SECURE WAY TO GET A JOB

Vulnerebility

 

SANS News

Actors using exploit kits - How they change tactics

Threatpost

VirusTotal Adds Sandbox Execution for OS X Apps

FBI Warns Public Officials of Doxing Threat

Exploit

IBM i Access 7.1 - Buffer Overflow Code Execution

F5 iControl iCall::Script Root Command Execution

Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting Vulnerabilities.

Horde Groupware 5.2.10 - CSRF Vulnerability

WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload

SuperScan 4.1 - Scan Hostname/IP Field Buffer Overflow

SuperScan 4.1 - Tools Hostname/IP/URL Field Buffer Overflow

SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow

Sam Spade 1.14 - Decode URL Buffer Overflow Crash PoC

Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow

18.11.2015

Bugtraq

RCE and SQL injection via CSRF in Horde Groupware 2015-11-18
High-Tech Bridge Security Research (advisory htbridge ch)

Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability 2015-11-18
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF) 2015-11-17
security-alert hpe com

WordPress Users Ultra Plugin [Unrestricted File Upload] 2015-11-17
pan vagenas gmail com

ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability 2015-11-17
Security Alert (Security_Alert emc com)

Open-Xchange Security Advisory 2015-11-17 2015-11-17
Martin Heiland (martin heiland lists open-xchange com)

Malware

TrojanDownloader:MSIL/Banload.AJ 
Rogue:MSIL/Rustliver 
TrojanProxy:Win32/Bunitu.N 
PWS:HTML/Phish.GK 
TrojanDownloader:Win32/Banload.BFP 
TrojanDownloader:Win32/Banload.BFN 
Trojan:Win32/Zlader.A 
TrojanDropper:JS/Zlader.B 
Trojan:Win32/Anaki.A 

Phishing

VISA

18th November 2015

APPLY HERE. 1. 100 % SAFE AND
SECURE WAY TO GET A JOB

Cindy Mclaughlin

17th November 2015

A THREESOME REQUEST

USAA Member Service © 2015

17th November 2015

Unsuccessful Login Attempts

iTunes Store

17th November 2015

YOUR ACCOUNT WILL EXPIRE IN 48
HOURS.

Vulnerebility

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75867

Oracle Java SE CVE-2015-4732 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75823

Adobe Acrobat and Reader APSB15-24 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2015-11-18
http://www.securityfocus.com/bid/77068

Oracle Java SE CVE-2015-4729 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75892

Oracle Java SE CVE-2015-2621 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75874

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75890

Oracle Java SE CVE-2015-2619 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75881

Oracle Java SE CVE-2015-4748 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75854

Oracle Java SE CVE-2015-2637 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75883

Oracle Java SE CVE-2015-2632 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75861

Oracle Java SE CVE-2015-2664 Local Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75857

Oracle Java SE CVE-2015-4736 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75850

Oracle Java SE CVE-2015-4731 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75812

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75895

Oracle Java SE CVE-2015-4760 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75784

IBM SDK Java Security Components CVE-2015-1931 Local Information Disclosure Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75985

Oracle Java SE CVE-2015-4733 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75832

Oracle Java SE CVE-2015-2613 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75871

Oracle Java SE CVE-2015-2638 Remote Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/75833

Adobe Flash Player and AIR APSB15-25 Multiple Unspecified Memory Corruption Vulnerabilities
2015-11-18
http://www.securityfocus.com/bid/77065

Adobe Flash Player and AIR CVE-2015-7662 Security Bypass Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77535

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77063

Adobe Flash Player CVE-2015-7648 Unspecified Remote Code Execution Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77116

Adobe Flash Player and AIR CVE-2015-7659 Remote Code Execution Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77534

Adobe Flash Player CVE-2015-7647 Unspecified Remote Code Execution Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77115

Adobe Flash Player and AIR CVE-2015-5569 Unspecified Security Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77060

Adobe Flash Player and AIR APSB15-25 Multiple Use After Free Remote Code Execution Vulnerabilities
2015-11-18
http://www.securityfocus.com/bid/77061

Adobe Flash Player CVE-2015-7645 Unspecified Remote Code Execution Vulnerability
2015-11-18
http://www.securityfocus.com/bid/77081

SANS News

Help Wanted: Please help test our experimental PFSense Client

Threatpost

Patched Libpng Vulnerabilities Have Limited Scope

Attackers Embracing Steganography to Hide Communication

Microsoft Cracks Down on Toolbars, Unsigned DLLs with Edge Update

Exploit

WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload

17.11.2015

Bugtraq

WordPress Users Ultra Plugin [Unrestricted File Upload] 2015-11-17
pan vagenas gmail com

ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability 2015-11-17
Security Alert (Security_Alert emc com)

Open-Xchange Security Advisory 2015-11-17 2015-11-17
Martin Heiland (martin heiland lists open-xchange com)

Free WMA MP3 Converter - Buffer Overflow Exploit (SEH) 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

Murgent CMS - SQL Injection Vulnerability 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

Magento Bug Bounty #22 - (Profile) Persistent Vulnerability 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

Port Scan v2.0 iOS - Command Inject Vulnerability 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

LAN Scan HD v1.20 iOS - Command Inject Vulnerability 2015-11-17
Vulnerability Lab (research vulnerability-lab com)

Malware

VBA/TrojanDownloader.Agent.AIM

EK_ExploitKit

Phishing

USAA Member Service © 2015

17th November 2015

Unsuccessful Login Attempts

iTunes Store

17th November 2015

YOUR ACCOUNT WILL EXPIRE IN 48
HOURS.

BTMail Administrator

17th November 2015

Account Suspention (Nov. 2015)

Health Coverage UK

16th November 2015

Y

SunTrust Bank

16th November 2015

Important Notice For SunTrust
Account Holder.

Vulnerebility

 

SANS News

Automatic MIME attachments triage

Threatpost

Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks

Google to Warn Recipients of Unencrypted Gmail Messages

Exploit

D-Link DIR-815, DIR-850L - SSDP Command Injection

D-Link DIR-890L/R - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-825 (vC) - Multiple Vulnerabilities

D-Link DIR-818W - Multiple Vulnerabilities

D-Link DIR-817LW - Multiple Vulnerabilities

D-Link DIR-815 - Multiple Vulnerabilities

D-Link DIR-645 - Multiple UPNP Vulnerabilities

D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-601 - Command Injection Vulnerability

D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities

D-Link DGL5500 - HNAP Buffer Overflow Vulnerability

ClipperCMS 1.3.0 - Code Execution Vulnerability

XCart 5.2.6 - Code Execution Vulnerability

Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload

Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload

VLC Web Interface 2.2.1 - Metadata Title XSS Vulnerability

D-link Wireless Router DIR-816L – CSRF Vulnerability

AlegroCart 1.2.8 - Multiple SQL Injection Vulnerabilities

AlegroCart 1.2.8 - LFI/RFI Vulnerability

ClipperCMS 1.3.0 - Multiple SQL Injection Vulnerabilities

foobar2000 1.3.9 - (.asx) Local Crash PoC

Sam Spade 1.14 - Browse URL Buffer Overflow PoC

foobar2000 1.3.9 - (.pls; .m3u; .m3u8) Local Crash PoC

foobar2000 1.3.9 - (.asx) Local Crash PoC

Windows Kernel win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based...

Windows Kernel win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer...

Kaspersky Antivirus - Certificate Handling Path Traversal

16.11.2015

Bugtraq

[SECURITY] [DSA 3398-1] strongswan security update 2015-11-16
Yves-Alexis Perez (corsac debian org)

CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability 2015-11-16
Matthew Flanagan (mattimustang gmail com)

SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value 2015-11-13
martin sturm syss de

Malware

Trojan:Win32/Varpes.J!plock 
TrojanSpy:Win32/Nivdort.BV 
TrojanSpy:Win32/Nivdort.BW 
TrojanSpy:Win32/Nivdort.BX 
TrojanDownloader:Win32/Banload.BFK 

Phishing

SunTrust Bank

16th November 2015

Important Notice For SunTrust
Account Holder.

Online

16th November 2015

BANK OF AMERICA: FINAL
NOTIFICATION UPDATE

PaypaI Service

15th November 2015

Reminder: Your Paypal account
will be Iimited until we hear
from you

Vulnerebility

 

SANS News

Scanning tricks with scapy

Threatpost

 

Exploit

D-link Wireless Router DIR-816L – CSRF Vulnerability

CF Image Host 1.65 - CSRF Vulnerability

CF Image Host 1.65 - PHP Command Injection

TECO SG2 FBD Client 3.51 - .gfb SEH Overwrite Buffer Overflow Vulnerability

TECO TP3-PCLINK 2.1 - .tpc File Handling Buffer Overflow Vulnerability

TECO AP-PCLINK 1.094 - .tpc File Handling Buffer Overflow Vulnerability

x64 Linux egghunter in 24 bytes

TECO SG2 LAD Client 3.51 - .gen SEH Overwrite Buffer Overflow Exploit

TECO JN5 L510-DriveLink 1.482 - .lf5 SEH Overwrite Buffer Overflow Exploit

Sam Spade 1.14 - Browse URL Buffer Overflow PoC

15.11.2015

Bugtraq

OpenBSD package 'net-snmp' information disclosure 2015-11-12
Pierre Kim (pierre kim sec gmail com)

SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value 2015-11-13
martin sturm syss de

[security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information 2015-11-13
security-alert hpe com

Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality 2015-11-13
samhuntley84 gmail com

Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. 2015-11-13
samhuntley84 gmail com

Dlink DIR-601 Command injection in ping functionality 2015-11-13
samhuntley84 gmail com

Dlink DIR-645 UPNP Buffer Overflow 2015-11-13
samhuntley84 gmail com

Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities 2015-11-13
samhuntley84 gmail com

Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities 2015-11-13
samhuntley84 gmail com

Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities 2015-11-13
samhuntley84 gmail com

Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality 2015-11-13
samhuntley84 gmail com

Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities. 2015-11-13
samhuntley84 gmail com

Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists 2015-11-13
samhuntley84 gmail com

Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities. 2015-11-13
samhuntley84 gmail com

Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L 2015-11-13
samhuntley84 gmail com

Dlink DIR-866L Buffer overflows in HNAP and send email functionalities 2015-11-13
samhuntley84 gmail com

CF Image Host XSS 2015-11-14
apparitionsec gmail com

CF Image Host CSRF 2015-11-14
apparitionsec gmail com

CF Image Host PHP Command Injection 2015-11-14
apparitionsec gmail com

PHP Address Book SQL Injection Vulnerability 2015-11-14
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3208-2] freexl regression update 2015-11-14
Salvatore Bonaccorso (carnil debian org)

/tmp race condition in IBM Installation Manager V1.8.1 install script 2015-11-14
larry0 me com

D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability 2015-11-14
bhadresh patel helpag com

[slackware-security] seamonkey (SSA:2015-318-01) 2015-11-15
Slackware Security Team (security slackware com)

Malware

Trojan.Cryptodefense.B

Phishing

 

Vulnerebility

 

SANS News

Analyze of a malicious Word document with an embedded payload

Threatpost

Researchers Discover Two New Strains of POS Malware

CSRF Flaw Patched in Popular Spring Social Core Library

Exploit

b374k Web Shell - CSRF Command Injection

13.11.2015

Bugtraq

OpenBSD package 'net-snmp' information disclosure 2015-11-12
Pierre Kim (pierre kim sec gmail com)

[SECURITY] [DSA 3395-2] krb5 security update 2015-11-12
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability 2015-11-11
Secunia Research (remove-vuln secunia com)

Malware

TrojanDownloader:MSIL/Dowjamal.A 
SoftwareBundler:Win32/Xiazai 
TrojanSpy:MSIL/Aconstel.A 
TrojanDropper:MSIL/Fatext.A 
PWS:Win32/Fareit.AG 
Backdoor:Win32/Wencho.A 

Exp.CVE-2015-6078

Phishing

HSBC Bank

13th November 2015

INTERNET BANKING: HSBC ACCOUNT
ACCESS NOTIFICATION

Natwest Bank

13th November 2015

YOU HAVE 1 NEW SECURE MESSAGE

Vulnerebility

 

SANS News

Google Reconnaissance, Sprinter-style

Threatpost

Tor: FBI Paid CMU $1 Million to De-Anonymize Users

Exploit Writing and Mitigation Going Hand in Hand

Exploit

b374k Web Shell - CSRF Command Injection

R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities

TACK 1.07 - Local Stack-Based Buffer Overflow

TUDU 0.82 - Local Stack-Based Buffer Overflow

Sam Spade 1.14 - S-Lang Command Field SEH Overflow

12.11.2015

Bugtraq

Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability 2015-11-11
Secunia Research (remove-vuln secunia com)

[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) 2015-11-10
security-alert hpe com

Malware

Backdoor:Win32/Wencho.A 
PWS:MSIL/Stimilina.M 
TrojanDownloader:MSIL/Genmaldow 

Infostealer.Predet

Infostealer.Hawket

VBA/TrojanDownloader.Agent.AFW

Phishing

Security Center Pay Pal

12th November 2015

Your Pay Pal account need
verification

PayPal

12th November 2015

Verify your account today to
avoid any interruption

Smith

11th November 2015

RE: INTERESTED?

Vulnerebility

 

SANS News

Cisco Cloud Web Security DNS Hijack

Oracle WebLogic Server: CVE-2015-4852 patched

Microsoft Patch Tuesday followup: KB3097877 re-issued!

Threatpost

 

Exploit

 

11.11.2015

Bugtraq

Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability 2015-11-11
Secunia Research (remove-vuln secunia com)

[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) 2015-11-10
security-alert hpe com

[SECURITY] [DSA 3397-1] wpa security update 2015-11-10
Salvatore Bonaccorso (carnil debian org)

Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 2015-11-11
apparitionsec gmail com

[SECURITY] [DSA 3396-1] linux security update 2015-11-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3386-2] unzip regression update 2015-11-09
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:Win32/Banload.BFH 
TrojanDownloader:Win32/Banload.BFI 
TrojanDropper:Win32/Bancos.N 
SoftwareBundler:Win32/Dowadmin 

Unix.Ransomcrypt

Phishing

National

11th November 2015

New online banking
authentication

PayPal

11th November 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT !

PayPal

11th November 2015

Update your account
information !

Vulnerebility

 

SANS News

November 2015 Microsoft Patch Tuesday

Adobe Flash Player Update

Threatpost

Critical Java Bug Extends to Oracle, IBM Middleware

Adobe Flash Update Includes Patches for 17 Vulnerabilities

Exploit

WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection

FBZX 2.10 - Local Stack-Based Buffer Overflow

Google AdWords API PHP client library <= 6.2.0 - Arbitrary PHP Code Execution

eBay Magento CE <= 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / DoS)

Google AdWords <= 6.2.0 API client libraries - XML eXternal Entity Injection (XXE)

10.11.2015

Bugtraq

[SECURITY] [DSA 3396-1] linux security update 2015-11-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3386-2] unzip regression update 2015-11-09
Salvatore Bonaccorso (carnil debian org)

TestLink 1.9.14 CSRF Vulnerability 2015-11-08
Aravind (altoarun gmail com)

TestLink 1.9.14 Persistent XSS 2015-11-08
Aravind (altoarun gmail com)

[SECURITY] [DSA 3395-1] krb5 security update 2015-11-06
Salvatore Bonaccorso (carnil debian org)

[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities 2015-11-06
Timothy Bish (tabish121 gmail com)

[slackware-security] mozilla-firefox (SSA:2015-310-01) 2015-11-06
Slackware Security Team (security slackware com)

Malware

TrojanSpy:Win32/Nivdort.BU
Trojan:JS/Kovter.A

Backdoor.Remexi.B

Backdoor.Remexi

EK_ExploitKit

Phishing

AOL

10th November 2015

Essential Maintenance for
sunmtnsft@aol.com

Microsoft

9th November 2015

Fw: new message Date: Fri, 6
Nov 2015 20:29:22 -0800
Message-ID: MIME-Version: 1.0
Content-Type:

Vulnerebility

 

SANS News

Protecting Users and Enterprises from the Mobile Malware Threat

November 2015 Microsoft Patch Tuesday

Threatpost

Comodo Issues Eight Forbidden Certificates

Exploit

Wordpress Ajax Load More PHP Upload Vulnerability

Huawei HG630a and HG630a-50 - Default SSH Admin Password on ADSL Modems

Jenkins 1.633 - Unauthenticated Credential Recovery

YESWIKI 0.2 - Path Traversal Vulnerability

9.11.2015

Bugtraq

TestLink 1.9.14 CSRF Vulnerability 2015-11-08
Aravind (altoarun gmail com)

TestLink 1.9.14 Persistent XSS 2015-11-08
Aravind (altoarun gmail com)

[SECURITY] [DSA 3395-1] krb5 security update 2015-11-06
Salvatore Bonaccorso (carnil debian org)

[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities 2015-11-06
Timothy Bish (tabish121 gmail com)

[slackware-security] mozilla-firefox (SSA:2015-310-01) 2015-11-06
Slackware Security Team (security slackware com)

[slackware-security] mozilla-nss (SSA:2015-310-02) 2015-11-06
Slackware Security Team (security slackware com)

Malware

Trojan:Win32/Peals.D!plock
Trojan:Win32/Deefy!plock
Worm:Win32/Vitchit.A
Worm:Win32/Mothyfil.B
PWS:MSIL/Stimilini.T

Phishing

Wells Fargo Online

8th November 2015

Account Verification Required.

National

8th November 2015

Required Information

PayPal Team

8th November 2015

NOREPLY : YOUR ACCOUNT HAS
BEEN LIMITED ✔

service@paypal.intl.com

8th November 2015

We need your help resolving an
issue with your account

Vulnerebility

 

SANS News

DNS Reconnaissance using nmap

ICYMI: Widespread Unserialize Vulnerability in Java

Threatpost

High-Risk SAP HANA Vulnerabilities Patched

ProtonMail Back Online Following Six-Day DDoS Attack

Exploit

Arris TG1682G Modem - Stored XSS Vulnerability

Wordpress Ajax Load More PHP Upload Vulnerability

TestLink 1.9.14 - CSRF Vulnerability

POP Peeper 4.0.1 - SEH Over-Write

FreeType 2.6.1 TrueType tt_sbit_decoder_load_bit_aligned Heap-Based Out-of-Bounds Read

7.11.2015

Bugtraq

[SECURITY] [DSA 3395-1] krb5 security update 2015-11-06
Salvatore Bonaccorso (carnil debian org)

[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities 2015-11-06
Timothy Bish (tabish121 gmail com)

[slackware-security] mozilla-firefox (SSA:2015-310-01) 2015-11-06
Slackware Security Team (security slackware com)

[slackware-security] mozilla-nss (SSA:2015-310-02) 2015-11-06
Slackware Security Team (security slackware com)

Malware

Win32/Brolux.A

Win32/Kovter.C

Phishing

PayPal Team

8th November 2015

NOREPLY : YOUR ACCOUNT HAS
BEEN LIMITED ✔

service@paypal.intl.com

8th November 2015

We need your help resolving an
issue with your account

service@paypal.intl.com

7th November 2015

WE NEED YOUR HELP RESOLVING AN
ISSUE WITH YOUR ACCOUNT

Amazon

7th November 2015

additional information on the
amazon site.

PayPal

7th November 2015

Unusual Sign-In Activities

Vulnerebility

 

SANS News

Ransomware & Entropy: Your Turn -> Solution

DNS Reconnaissance using nmap

Threatpost

Microsoft Considers Earlier SHA-1 Deprecation Deadline

Advantech Clears Hard-Coded SSH Keys from EKI Switches

Exploit

Cryptocat Arbitrary Script Injection Vulnerability

QNap QVR Client 5.1.0.11290 - Crash PoC

6.11.2015

Bugtraq

CVE-2015-5378 2015-11-06
Suyog Rao (suyog elastic co)

CVE-2015-5619 2015-11-06
Suyog Rao (suyog elastic co)

NXFilter v3.0.3 Persistent / Reflected XSS 2015-11-06
apparitionsec gmail com

NXFilter v3.0.3 CSRF 2015-11-06
apparitionsec gmail com

Elasticsearch vulnerability CVE-2015-4165 2015-11-06
Kevin Kluge (kevin elastic co)

[SECURITY] [DSA 3394-1] libreoffice security update 2015-11-05
Moritz Muehlenhoff (jmm debian org)

Elasticsearch vulnerability CVE-2015-5377 2015-11-05
Kevin Kluge (kevin elastic co)

SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products 2015-11-05
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information 2015-11-04
security-alert hpe com

[SECURITY] [DSA 3393-1] iceweasel security update 2015-11-04
Moritz Muehlenhoff (jmm debian org)

Malware

Backdoor:Win32/Bayrob.B
TrojanClicker:Win32/Clikug.F
Win32/Sarento
TrojanSpy:MSIL/Yakbeex.D
Trojan:Win32/Patched.AO
TrojanDownloader:MSIL/Pstinb.F

Phishing

PayPal

6th November 2015

UPDATE YOUR ACCOUNT - PAYPAL

Dr. Watsons

5th November 2015

IVY-LEAGUE DOCTOR JAILED FOR
REVEALING DIABETES CURING
SECRET

PayPal Service

5th November 2015

YOUR PAYPAL ACCOUNT HAS BEEN
SUSPENDED ✔

PayPal

5th November 2015

UNUSUAL ACTIVITY IN YOUR
ACCOUNT

PayPal !

5th November 2015

YOUR ACCOUNT HAS BEEN LIMITED
✔

PayPal Team

5th November 2015

NOREPLY : YOUR ACCOUNT HAS
BEEN LIMITED ✔

Vulnerebility

 

SANS News

Tracking HTTP POST data with ELK

Threatpost

Mozilla Embraces Private Browsing with Tracking Protection in Firefox 42

Updated Cryptowall Encrypts File Names, Mocks Victims

Exploit

Cryptocat Arbitrary Script Injection Vulnerability

Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution

NXFilter 3.0.3 - CSRF Vulnerabilities

NXFilter 3.0.3 - Multiple XSS Vulnerabilities

5.11.2015

Bugtraq

[SECURITY] [DSA 3393-1] iceweasel security update 2015-11-04
Moritz Muehlenhoff (jmm debian org)

Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability 2015-11-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability 2015-11-04
Egidio Romano (research karmainsecurity com)

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] 2015-11-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3392-1] freeimage security update 2015-11-04
Sebastien Delafond (seb debian org)

Malware

TrojanDownloader:MSIL/Banload.AH
TrojanDownloader:MSIL/Banload.AD

Infostealer.Bancos.BF

Phishing

PayPal

5th November 2015

UNUSUAL ACTIVITY IN YOUR
ACCOUNT

PayPal !

5th November 2015

YOUR ACCOUNT HAS BEEN LIMITED
✔

PayPal Team

5th November 2015

NOREPLY : YOUR ACCOUNT HAS
BEEN LIMITED ✔

Paul Hindle

5th November 2015

Fw: new message

PayPal

5th November 2015

Notification - Account Review

Halifax

5th November 2015

Alert - Banking access
suspended

ROYAL BANK OF SCOTLAND®

5th November 2015

*******Online Banking (Wire
Transfer
)*************************Paym
ent Alert From Royal Bank Of

PayPal

5th November 2015

Your account status has
changed

Vulnerebility

 

SANS News

Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice

Threatpost

Shuanet Adware Rooting Android Devices Via Trojanized Apps - See more at: https://threatpost.com/#sthash.Ox1iuvx1.dpuf

Chinese Mobile Ad Library Backdoored to Spy on iOS Devices

New Tinba Variant Seen Targeting Russian, Japanese Banks

Exploit

Cryptocat Arbitrary Script Injection Vulnerability

vBulletin 5.1.x - PreAuth 0day Remote Code Execution Exploit

JSSE SKIP-TLS Exploit

OpenSSL Alternative Chains Certificate Forgery

4.11.2015

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] 2015-11-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3392-1] freeimage security update 2015-11-04
Sebastien Delafond (seb debian org)

[security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information 2015-11-03
security-alert hpe com

[security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege 2015-11-03
security-alert hpe com

[security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege 2015-11-03
security-alert hpe com

[SECURITY] [DSA 3391-1] php-horde security update 2015-11-03
Florian Weimer (fw deneb enyo de)

[security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure 2015-11-03
security-alert hpe com

[security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code 2015-11-02
security-alert hpe com

[SECURITY] [DSA 3355-2] libvdpau regression update 2015-11-02
Alessandro Ghedini (ghedo debian org)

Malware

Win32/Upatre
TrojanDropper:O97M/Farheyt.A
TrojanDownloader:Win32/Banload.BFB

Phishing

PayPaI Service

4th November 2015

UPDATE YOUR INFORMATION NOW

Royal Bank

4th November 2015

*******Online Banking (Wire
Transfer
)*************************Paym
ent Alert From Royal Bank Of

RBC Royal Bank

2nd November 2015

PLEASE RESTORE YOUR ACCOUNT

Vulnerebility

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77192

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4881 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77159

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77154

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77126

HP Vertica CVE-2015-6867 Remote Code Execution Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77405

Microsoft Windows Object Reference CVE-2015-2554 Local Privilege Escalation Vulnerability
2015-11-03
http://www.securityfocus.com/bid/76998

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77242

Xen CVE-2015-7835 Privilege Escalation Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77366

Oracle Java SE CVE-2015-4871 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77238

GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
2015-11-03
http://www.securityfocus.com/bid/72325

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77287

NTP CVE-2015-7702 Incomplete Fix Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77286

Network Time Protocol 'ntpq.c' Memory Corruption Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77288

NTP CVE-2015-7692 Incomplete Fix Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77285

Network Time Protocol CVE-2015-7703 Arbitrary File Overwrite Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77278

NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77274

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/77280

SANS News

Internet Wide Scanners Wanted

Application Aware and Critical Control 2

Threatpost

Google Project Zero Turns Over 11 Bugs in Galaxy S6 Edge

Updated XcodeGhost Adds iOS9 Support

PageFair Hack Serves Up Fake Flash Update to 500 Sites

Exploit

vBulletin 5 PreAuth Remote Code Execution

FreeType 2.6.1 TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads

3.11.2015

Bugtraq

[security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code 2015-11-02
security-alert hpe com

[SECURITY] [DSA 3355-2] libvdpau regression update 2015-11-02
Alessandro Ghedini (ghedo debian org)

[security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution 2015-11-02
security-alert hpe com

[SECURITY] [DSA 3390-1] xen security update 2015-11-02
Salvatore Bonaccorso (carnil debian org)

CVE-2015-7326 (XXE vulnerability in Milton Webdav) 2015-11-02
0ang3el gmail com

Accentis Content Resource Management System - XSS 2015-11-02
GalaxyCVEcollector gmail com

Accentis Content Resource Management System - SQL 2015-11-02
GalaxyCVEcollector gmail com

Malware

Win32/Keco.B

Win32/TrojanDownloader.Bredolab.CB

Win32/Grifwin.I

Linux.Spalooki

Linux.Groundhog

Phishing

RBC Royal Bank

2nd November 2015

PLEASE RESTORE YOUR ACCOUNT

PayPal service

2nd November 2015

IMPORTANT - WE NOTICED UNUSUAL
ACTIVITY IN YOUR PAYPAL
ACCOUNT.

Vulnerebility

QEMU PRDT Data Handling Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73316

QEMU Realtek rtl8139 Model CVE-2015-5165 Information Disclosure Vulnerability
2015-11-03
http://www.securityfocus.com/bid/76153

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-11-03
http://www.securityfocus.com/bid/74733

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75158

OpenSSL 'ssleay_rand_bytes()' Function Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75219

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-11-03
http://www.securityfocus.com/bid/73684

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73225

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73231

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73232

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73237

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/74475

OpenSSL 'tasn_dec.c' Remote Memory Corruption Vulnerability
2015-11-03
http://www.securityfocus.com/bid/73227

Apache Struts CVE-2015-1831 Security Bypass Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75940

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75161

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/74111

Linux Kernel 'x86/entry/entry_64.S' Local Privilege Escalation Vulnerability
2015-11-03
http://www.securityfocus.com/bid/76004

Linux Kernel Multiple Remote Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75510

Linux Kernel 'fs/pipe.c' Multiple Local Memory Corruption Vulnerabilities
2015-11-03
http://www.securityfocus.com/bid/74951

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2015-11-03
http://www.securityfocus.com/bid/76317

Libxml2 CVE-2015-1819 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75570

jabberd CVE-2015-2059 Out of Bounds Read Memory Corruption Vulnerability
2015-11-03
http://www.securityfocus.com/bid/72736

Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities
2015-11-03
http://www.securityfocus.com/bid/75973

Apache HTTP Server CVE-2015-3183 Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75963

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75154

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75156

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75157

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2015-11-03
http://www.securityfocus.com/bid/75895

GNU glibc 'getaddrinfo.c' Remote Code Execution Vulnerability
2015-11-03
http://www.securityfocus.com/bid/72710

SANS News

Enhancing pentesting recon with nmap

Threatpost

Latest EMET Bypass Targets WoW64 Windows Subsystem

Vulnerability Identified in Genomic Data Sharing Network

Exploit

Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash

Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption

Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash

Samsung Galaxy S6 - Samsung Gallery Bitmap Decoding Crash

Samsung libQjpeg Image Decoding Memory Corruption

Python 2.7 hotshot Module - pack_string Heap Buffer Overflow

Python 2.7 array.fromstring Method - Use After Free

Python 2.7 strop.replace() Method - Integer Overflow

Python 3.3 - 3.5 product_setstate() Function - Out-of-bounds Read

actiTIME 2015.2 - Multiple Vulnerabilities

Sam Spade 1.14 - (Crawl website) Buffer OverFlow

Sam Spade 1.14 - (Scan Addresses) Buffer Overflow Exploit

TCPing 2.1.0 - Buffer Overflow

2.11.2015

Bugtraq

CVE-2015-7326 (XXE vulnerability in Milton Webdav) 2015-11-02
0ang3el gmail com

Accentis Content Resource Management System - XSS 2015-11-02
GalaxyCVEcollector gmail com

Accentis Content Resource Management System - SQL 2015-11-02
GalaxyCVEcollector gmail com

Cross-Site Scripting | Zeuscart V4 2015-11-02
ITAS Team (itas team itas vn)

[SECURITY] [DSA 3389-1] elasticsearch end-of-life 2015-11-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3381-2] openjdk-7 security update 2015-11-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3388-1] ntp security update 2015-11-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3387-1] openafs security update 2015-11-01
Florian Weimer (fw deneb enyo de)

TCPing 2.1.0 Buffer Overflow 2015-11-01
apparitionsec gmail com

[SECURITY] [DSA 3386-1] unzip security update 2015-10-31
Laszlo Boszormenyi \(GCS\) (gcs debian org)

[SECURITY] [DSA 3385-1] mariadb-10.0 security update 2015-10-31
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2015-5876

Phishing

PayPal service

2nd November 2015

IMPORTANT - WE NOTICED UNUSUAL
ACTIVITY IN YOUR PAYPAL
ACCOUNT.

Security Apple

1st November 2015

YOUR APPLE ACCOUNT WAS USED .

AOL

1st November 2015

Aol Notification

Vulnerebility

 

SANS News

Ransomware & Entropy: Your Turn

Disaster Recovery Starts with a Plan

Threatpost

 

Exploit

 

30.10.2015

Bugtraq

[slackware-security] jasper (SSA:2015-302-02) 2015-10-29
Slackware Security Team (security slackware com)

PHP Server Monitor 3.1.1 Privilege Escalation 2015-10-30
apparitionsec gmail com

PHP Server Monitor 3.1.1 CSRF 2015-10-30
apparitionsec gmail com

[slackware-security] curl (SSA:2015-302-01) 2015-10-29
Slackware Security Team (security slackware com)

[slackware-security] ntp (SSA:2015-302-03) 2015-10-29
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3384-1] virtualbox security update 2015-10-29
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3383-1] wordpress security update 2015-10-29
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3332-2] wordpress regression update 2015-10-29
Salvatore Bonaccorso (carnil debian org)

Malware

Infostealer.Banload

Exp.CVE-2015-5876

Phishing

Brayden

30th October 2015

BUSINESS IS CRAZY

MRS. JODI REULAND

30th October 2015

Ofornelas-F R_E..E..___A-C
C-E_S_S_- T-O..__-L..O_C
A..L___S-L..U T S..!

Yahoo.com

29th October 2015

PLEASE HELP ME.

Vulnerebility

 

SANS News

USB cleaning device for the masses

This Article is Brought to You By the Letter ノ

Threatpost

Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked

Exploit

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash PoC

PHP Server Monitor 3.1.1- Multiple CSRF Vulnerabilities

PHP Server Monitor 3.1.1- CSRF Privilege Escalation

eBay Magento <= 1.9.2.1 - PHP FPM XML eXternal Entity Injection

Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution

Pligg CMS 2.0.2 - Multiple SQL Injection Vulnerabilities

Pligg CMS 2.0.2 - Directory Traversal

Pligg CMS 2.0.2 - CSRF Code Execution

AIX 7.1 - lquerylv Local Privilege Escalation

Oxwall 1.7.4 - CSRF Vulnerability

29.10.2015

Bugtraq

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

Cross-Site Request Forgery on Oxwall 2015-10-29
High-Tech Bridge Security Research (advisory htbridge ch)

CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29
Portcullis Advisories (advisories portcullis-security com)

CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29
Portcullis Advisories (advisories portcullis-security com)

[SECURITY] [DSA 3382-1] phpmyadmin security update 2015-10-28
Thijs Kinkhorst (thijs debian org)

Malware

Backdoor:PHP/SimpleShell.A 

VBA/TrojanDownloader.Agent.ADX

Win32/TrojanDownloader.Nymaim.AY

EK_ExploitKit

Phishing

paypal

29th October 2015

Your Account Will Be Limited

Vulnerebility

 

SANS News

USB cleaning device for the masses

Threatpost

Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability

Exploit

Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection

NetUSB Kernel Stack Buffer Overflow

28.10.2015

Bugtraq

Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE 2015-10-28
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3381-1] openjdk-7 security update 2015-10-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3380-1] php5 security update 2015-10-27
Florian Weimer (fw deneb enyo de)

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

Malware

Rogue:VBS/Trapwot 
TrojanProxy:MSIL/Segyroxb.A 
Trojan:JS/Iframeinject.AG 

Trojan.Luminrat

Downloader.Chikdos

Trojan.Luminrat

Linux.HDRoot

Infostealer.Newpos

Phishing

PayPal

28th October 2015

✔ [PAYPAL]CONFIRM YOUR
ACCOUNT INFORMATION ! ✉

Vulnerebility

 

SANS News

Adobe Releases Surprise Shockwave Player Patch

Victim of its own success and (ab)used by malwares

Threatpost

Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellman

Exploit

Th3 MMA mma.php Backdoor Arbitrary File Upload

Samsung SecEmailUI Script Injection

JIRA and HipChat for JIRA Plugin Velocity Template Injection Vulnerability

Sagem FAST3304-V2 - Authentication Bypass

Samsung m2m1shot Kernel Driver Buffer Overflow

Samsung seiren Kernel Driver Buffer Overflow

Samsung fimg2d FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw

Samsung SecEmailComposer QUICK_REPLY_BACKGROUND Permissions Weakness

27.10.2015

Bugtraq

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) 2015-10-26
submit cxsec org

MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow 2015-10-26
submit cxsec org

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities 2015-10-26
Secunia Research (remove-vuln secunia com)

Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability 2015-10-26
Secunia Research (remove-vuln secunia com)

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp 2015-10-26
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

SoftwareBundler:Win32/Zubtui.A 
Backdoor:Win32/Xtrat.Q 
TrojanDownloader:Win32/Captorveen.B 
PWS:MSIL/Stimilini.S 
Trojan:Win32/Tulim.B!plock 
Trojan:Win32/Spallowz.A!plock 

W32.Belvira

W32.Wabot.B

Win32/Pagun.F

Win32/Tuwuky.A

Win32/Bingle.C

Win32/Delf.STD

Win32/Bipfam.D

Win32/Brrowho.H

Win32/Delsha.NAB

Win32/CrisisHT.B

Win32/BadJoke.CC

Win32/Veilev.E

Win32/Filecoder.FD

Win32/Zlader.L

Phishing

PayPaI

27th October 2015

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

MRS. LUCILA LAMME

27th October 2015

Re:Find Ofornelass NEW MESSAGE
sent by Mrs. Lucila Lamme

Vulnerebility

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2015-10-26
http://www.securityfocus.com/bid/76194

IBM WebSphere Application Server CVE-2015-1885 Remote Privilege Escalation Vulnerability
2015-10-26
http://www.securityfocus.com/bid/74219

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-10-26
http://www.securityfocus.com/bid/76249

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/76092

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75157

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75154

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75890

Symantec Endpoint Protection Manager CVE-2015-1489 Remote Privilege Escalation Vulnerability
2015-10-26
http://www.securityfocus.com/bid/76078

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73237

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73225

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73231

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73232

Symantec Endpoint Protection Manager CVE-2015-1486 Authentication Bypass Vulnerability
2015-10-26
http://www.securityfocus.com/bid/76074

Cisco Adaptive Security Appliance (ASA) Software CVE-2015-6325 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/77260

Python 'bufferobject.c' Integer Overflow Vulnerability
2015-10-26
http://www.securityfocus.com/bid/70089

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73326

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-10-26
http://www.securityfocus.com/bid/71936

Cisco Adaptive Security Appliance (ASA) Software CVE-2015-0578 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/72718

Apple Mac OS X Multiple Privilege Escalation Vulnerabilities
2015-10-26
http://www.securityfocus.com/bid/76421

Elasticsearch CVE-2015-5377 Remote Code Execution Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75938

Elasticsearch CVE-2015-5531 Directory Traversal Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75935

OpenSSL '/evp/encode.c' Remote Memory Corruption Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73228

IBM WebSphere Application Server CVE-2015-1927 Remote Privilege Escalation Vulnerability
2015-10-26
http://www.securityfocus.com/bid/75486

OpenSSL CVE-2015-0291 Denial of Service Vulnerability
2015-10-26
http://www.securityfocus.com/bid/73235

Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-10-26
http://www.securityfocus.com/bid/72165

Oracle Java SE CVE-2015-0437 Remote Java SE Vulnerability
2015-10-26
http://www.securityfocus.com/bid/72146

Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability
2015-10-26
http://www.securityfocus.com/bid/72136

FFmpeg CVE-2015-6761 Unspecified Memory Corruption Vulnerability
2015-10-26
http://www.securityfocus.com/bid/77073

Oracle Java SE CVE-2015-0408 Remote Java SE Vulnerability
2015-10-26
http://www.securityfocus.com/bid/72140

SANS News

Typo Squatting Charities for Fake Tech Support Schemes

The "Yes, but..." syndrome

Threatpost

Novel NTP Attacks Roll Back Time

Yahoo Hires Bob Lord as its CISO

New Campaign Shows Dridex Active, Targeting French

Exploit

Th3 MMA mma.php Backdoor Arbitrary File Upload

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation

Win10Pcap - Local Privilege Escalation Vulnerability

26.10.2015

Bugtraq

MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) 2015-10-26
submit cxsec org

MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow 2015-10-26
submit cxsec org

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities 2015-10-26
Secunia Research (remove-vuln secunia com)

Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability 2015-10-26
Secunia Research (remove-vuln secunia com)

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp 2015-10-26
FreeBSD Security Advisories (security-advisories freebsd org)

AlienVault OSSIM 4.3 CSRF 2015-10-26
mohammadreza mohajerani gmail com

AlienVault OSSIM 4.3 CSRF vulnerability report 2015-10-25
mohammadreza mohajerani gmail com

[SECURITY] [DSA 3379-1] miniupnpc security update 2015-10-25
Salvatore Bonaccorso (carnil debian org)

Fwd: Timing attack vulnerability in most Zeus server-sides 2015-10-25
rotem kerner (nullfield gmail com)

[SECURITY] [DSA 3377-1] mysql-5.5 security update 2015-10-24
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information 2015-10-23
security-alert hp com

[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information 2015-10-23
security-alert hp com

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution 2015-10-23
David Black (dblack atlassian com)

Malware

PWS:MSIL/Stimilina.G 
PWS:MSIL/Stimilina.H 
PWS:MSIL/Stimilina.I 
Win32/Upatre 

Phishing

Holly Bass

25th October 2015

A REQUEST FROM A VIRGIN

Chase(SM)spalerts4secure3@comc

25th October 2015

URGENT: CONFIRMATION OF ONLINE
BANKING INFORMATION

Apple

25th October 2015

Notification From Apple

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

Windows 10 - pcap Driver Local Privilege Escalation

Alreader 2.5 .fb2 - SEH Based Stack Overflow (ASLR and DEP bypass)

Safari User-Assisted Applescript Exec Attack

23.10.2015

Bugtraq

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution 2015-10-23
David Black (dblack atlassian com)

Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities 2015-10-22
SEC Consult Vulnerability Lab (research sec-consult com)

Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 2015-10-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-7 Xcode 7.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-5 iTunes 12.3.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

Malware

Adware:Win32/Doma 
TrojanClicker:Win32/Buoveco.A 
TrojanDownloader:Win32/Dowfeld.A

Trojan.Plugfakeav 

W32.Belvira

Phishing

PayPal

23rd October 2015

You submitted an order
amounting of 59.99 GBP to Asda
Stores Limited

WEB

22nd October 2015

MAINTENANCE MAIL-BOX YOUR
ACCOUNT DETECTED ACTIVITIES
AND WILL BE BLOCKED

PayPal_ID 42310

22nd October 2015

Your account is limited now
must be updated now | Case
(PP-35-TB-23-90-SN)

Chase

21st October 2015

An Important Notice From
Chase(SM)

APPLE INC.

21st October 2015

Thank You for Your Order
[Order iTunes Verification
required]

Vulnerebility

 

SANS News

OS X 10.11.1 (El Capitan) File System Deep Directory Buffer Overflow

Botnets spreading Dridex still active

Threatpost

Joomla Update Patches Critical SQL Injection Vulnerability

Exploit

Realtyna RPL Joomla Extension 8.9.2 - Multiple SQL Injection Vulnerabilities

Realtyna RPL Joomla Extension 8.9.2 - Persistent XSS And CSRF Vulnerabilities

Subrion 3.X.X - Multiple Vulnerabilities

Beckhoff CX9020 CPU Module - Remote Code Execution Exploit

22.10.2015

Bugtraq

TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 2015-10-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-7 Xcode 7.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-5 iTunes 12.3.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-3 Safari 9.0.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-2 watchOS 2.0.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-1 iOS 9.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21
ZoRLu Bugrahan (zorlu milw00rm com)

Malware

TrojanDownloader:Win32/Dowfeld.A 
TrojanDropper:Win32/Soloniti.A 
TrojanDownloader:BAT/Truvaeril.A 
TrojanSpy:Win32/Banker.APB 
Adware:Win32/Loones 
TrojanSpy:MSIL/Omaneat.C 
TrojanDownloader:Win32/Xeliam.A

Phishing

WEB

22nd October 2015

MAINTENANCE MAIL-BOX YOUR
ACCOUNT DETECTED ACTIVITIES
AND WILL BE BLOCKED

PayPal_ID 42310

22nd October 2015

Your account is limited now
must be updated now | Case
(PP-35-TB-23-90-SN)

Chase

21st October 2015

An Important Notice From
Chase(SM)

Vulnerebility

 

SANS News

Compromised Magento sites led to Neutrino exploit kit

Threatpost

Google Moving Gmail to Strict DMARC Implementation

Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes

Exploit

Beckhoff CX9020 CPU Module - Remote Code Execution Exploit

21.10.2015

Bugtraq

SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21
ZoRLu Bugrahan (zorlu milw00rm com)

[SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42) 2015-10-21
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 3376-1] chromium-browser security update 2015-10-21
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3375-1] wordpress security update 2015-10-19
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:Win32/Xeliam.A 

Bloodhound.RTF.5

Phishing

APPLE INC.

21st October 2015

Thank You for Your Order
[Order iTunes Verification
required]

MENS TOP SECRET GUIDE

20th October 2015

Satisfy Your Woman In Bed.
Stay Hard And Longer Minutes.

Vulnerebility

 

SANS News

Oracle Critical Patch Update for Q1 2015 (Includes Java Updates)

Odd DNS TXT Record. Anybody Seen This Before?

Threatpost

Microsoft Opens .NET Core, ASP.NET Bug Bounties

Let’s Encrypt Hits Another Free HTTPS Milestone

Academics Find Critical Flaws in Self-Encrypting Hardware Drives - See more at: https://threatpost.com/#sthash.7fFNlffq.dpuf

Academics Find Critical Flaws in Self-Encrypting Hardware Drives - See more at: https://threatpost.com/#sthash.7fFNlffq.dpuf

Exploit

Zpanel Remote Unauthenticated RCE

HandyPassword 4.9.3 - SEH Over-Write Exploit

20.10.2015

Bugtraq

[SECURITY] [DSA 3375-1] wordpress security update 2015-10-19
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3373-1] owncloud security update 2015-10-18
Salvatore Bonaccorso (carnil debian org)

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Events Made Easy WordPress plugin CSRF + Persistent XSS 2015-10-16
David Sopas (davidsopas gmail com)

Malware

DDoS:Win32/Flusihoc.A 
TrojanDownloader:Win32/Upatre.CO 
TrojanSpy:MSIL/Yakbeex.C 
TrojanDownloader:MSIL/Fleendow.A 
TrojanDownloader:Win32/Bamvleds.A  

JS.Fakeransom

Trojan.Ransomcrypt.V

Phishing

PayPal

20th October 2015

UPDATE YOUR INFORMATION

SGT MONICA L BROWN

20th October 2015

Let Discuss

Vulnerebility

 

SANS News

When encoding saves the day

Threatpost

Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data

Exploit

 

19.10.2015

Bugtraq

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3373-1] owncloud security update 2015-10-18
Salvatore Bonaccorso (carnil debian org)

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Malware

TrojanDownloader:MSIL/Dolia.A

JS.Fakeransom

Phishing

APPLE INC

19th October 2015

Your Account has been limited

Vulnerebility

 

SANS News

Ransomware & Entropy

Security Awareness for Security Professionals

Threatpost

 

Exploit

Wordpress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow

Nibbleblog File Upload Vulnerability

Belkin Router N150 1.00.08, 1.00.09 - Path Traversal Vulnerability

Adobe Flash IExternalizable.writeExternal - Type Confusion

16.10.2015

Bugtraq

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Events Made Easy WordPress plugin CSRF + Persistent XSS 2015-10-16
David Sopas (davidsopas gmail com)

Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) 2015-10-16
Qualys Security Advisory (qsa qualys com)

[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD 2015-10-15
ISecAuditors Security Advisories (advisories isecauditors com)

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 2015-10-15
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities 2015-10-15
security-alert hp com

[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-10-15
security-alert hp com

Freemake Video Downloader 3.7.1 - Code Execution Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanDownloader:Win32/Brucryp.C 
PWS:MSIL/Petun 
TrojanDownloader:Win32/Bagoox.A 
TrojanClicker:Win32/Bagoox.A 
DDoS:Win32/Nitol.K 
Backdoor:Win32/Slingup.A 
SoftwareBundler:Win32/InstallMonster 
TrojanDownloader:Win32/Strumapine.A

Trojan.Broluxa 

Phishing

PAYPal info

16th October 2015

Your Account PayPal Has Been
Limited