Databáze Hot News - Rok - Úvod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  - 2018  2017  2016  2015  2014  2013 
Poslední aktualizace v 08.10.2016 14:19:38

30.9.2015

Bugtraq

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-09-30-2 Safari 9 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information 2015-09-30
security-alert hp com

APPLE-SA-2015-09-30-01 iOS 9.0.2 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

Apache James Server 2.3.2 security vulnerability fixed 2015-09-30
Eric Charles (eric apache org)

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30
dev rarlab com (1 replies)

RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30
Popovici, Alejo \(LATCO - Buenos Aires\) (apopovici DELOITTE com) (1 replies)

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30
Eugene Roshal (roshal rarlab com)

FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind 2015-09-29
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

TrojanDownloader:MSIL/Malkinocci.A 
TrojanDownloader:Win32/Banload.BEM 
TrojanSpy:Win32/Banker.AOY 
SoftwareBundler:Win32/Techsnab 

TROJ_GREENDISPENSER.A

Phishing

MARK WILLIAMS

30th September 2015

Caradvert- JoB Opening

Santander

30th September 2015

IMPORTANT CUSTOMER NOTICE

Amazon Support Inc

29th September 2015

ACCOUNT VERIFICATION PROCESSES
- HELP | AMAZON PAYMENTS

Golden Charter

29th September 2015

THE SIMPLE WAY TO SECURE PEACE
OF MIND.

Barclays Bank PLC.

29th September 2015

ONLINE ACCOUNT VERIFICATION

PayPal

29th September 2015

Your account has been Iimited
untiI we hear from you

Vulnerebility

 

SANS News

Tricks for DLL analysis

Threatpost

Dyreza Trojan Targeting IT Supply Chain Credentials

Apple Goes All-In on Privacy

Exploit

 

29.9.2015

Bugtraq

CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC 2015-09-29
Ralf Spenneberg \(OpenSource Security\) (funktionskonto spenneberg net)

Remote privesc and RCE in Kaseya Virtual System Administrator 2015-09-29
Pedro Ribeiro (pedrib gmail com)

Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) 2015-09-28
Benjamin Daniel Mussler (sec m

ESA-2015-151: RSAŽ OneStep Path Traversal Vulnerability 2015-09-29
Security Alert (Security_Alert emc com)

ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities 2015-09-29
Security Alert (Security_Alert emc com)

CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC 2015-09-29
Ralf Spenneberg \(OpenSource Security\) (funktionskonto spenneberg net) (1 replies)

Remote privesc and RCE in Kaseya Virtual System Administrator 2015-09-29
Pedro Ribeiro (pedrib gmail com)

Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) 2015-09-28
Benjamin Daniel Mussler (sec ml fl7 de)

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

l fl7 de)

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanSpy:MSIL/QVKeyLogger.A 
TrojanDownloader:MSIL/Suphun.A 
TrojanDownloader:Win32/Jalaro.A 

Win32/Hadra.A

Win32/TrojanClicker.Nex.A

Win32/TrojanClicker.Small.B

Infostealer.Centerpos

Phishing

Amazon Support Inc

29th September 2015

ACCOUNT VERIFICATION PROCESSES
- HELP | AMAZON PAYMENTS

Golden Charter

29th September 2015

THE SIMPLE WAY TO SECURE PEACE
OF MIND.

Barclays Bank PLC.

29th September 2015

ONLINE ACCOUNT VERIFICATION

PayPal

29th September 2015

Your account has been Iimited
untiI we hear from you

PayPal Support

29th September 2015

IMPORTANT MESSAGE FROM THE
SUPPORT YOUR ACCOUNT WILL BE
LIMITED.

Amazon Support Inc

28th September 2015

ACCOUNT VERIFICATION PROCESSES
- HELP | AMAZON PAYMENTS

Vulnerebility

 

SANS News

 

Threatpost

SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA

Dyreza Trojan Targeting IT Supply Chain Credentials

Exploit

ManageEngine EventLog Analyzer Remote Code Execution

Western Digital My Cloud 04.01.03-421, 04.01.04-422 - Command Injection

Kaseya Virtual System Administrator - Multiple Vulnerabilities

IconLover 5.42 - Local Buffer Overflow Exploit

Ubuntu Apport - Local Privilege Escalation

Mango Automation 2.6.0 - Multiple Vulnerabilities

PCMan FTP Server 2.0.7 - Directory Traversal Vulnerability

Watchguard XCS FixCorruptMail Local Privilege Escalation

28.9.2015

Bugtraq

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

My.WiFi USB Drive v1.0 iOS - File Include Vulnerability 2015-09-28
Vulnerability Lab (research vulnerability-lab com)

Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin 2015-09-26
ibemed gmail com

CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin 2015-09-26
ibemed gmail com

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin 2015-09-26
ibemed gmail com

Malware

TrojanDropper:Win32/Soloniti.A 
TrojanDropper:Win32/Morblish.A 
TrojanClicker:MSIL/FaceLiker 
Trojan:Win32/Greeodode.A 

Phishing

Amazon Support Inc

28th September 2015

ACCOUNT VERIFICATION PROCESSES
- HELP | AMAZON PAYMENTS

Lloyds Bank

27th September 2015

YOUR ACCOUNT HAS BEEN BLOCKED

Vulnerebility

 

SANS News

"Transport of London" Malicious E-Mail

Threatpost

JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second

Hotel Chain Hilton Worldwide Investigating Potential POS Breach

VeraCrypt Patched Against Two Critical TrueCrypt Flaws

Exploit

PCMan FTP Server 2.0.7 - Directory Traversal Vulnerability

BisonWare BisonFTP Server 3.5 - Directory Traversal Vulnerability

Mango Automation 2.6.0 - Multiple Vulnerabilities

Centreon 2.6.1 - Multiple Vulnerabilities

My.WiFi USB Drive 1.0 iOS - File Include Vulnerability

Photos in Wifi 1.0.1 iOS - Arbitrary File Upload Vulnerability

Git-1.9.5 ssh-agent.exe Buffer Overflow

Telegram 3.2 - Input Length Handling Crash PoC

27.9.2015

Bugtraq

 

Malware

Worm:Win32/Codbot 
TrojanDownloader:MSIL/Getete.A 

WORM_KASIDET.NM

BKDR_KASIDET.FD

Phishing

Lloyds Bank

27th September 2015

YOUR ACCOUNT HAS BEEN BLOCKED

Amazon

27th September 2015

Hi You Have [1] New Message

PayPal Support

26th September 2015

IMPORTANT MESSAGE FROM THE
SUPPORT YOUR ACCOUNT WILL BE
LIMITED.

æ‹?æ‹?è´ˇ

26th September 2015

å¿Ťå¿ŤåŠ å…¥å½Šè™¹èŽ¡åˆ’ï¼Œç™¾
åˆ†ç™¾æœŹé‡‘ä¿?éšœ

Online Survey

26th September 2015

Is your Online Banking Secure?

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

25.9.2015

Bugtraq

[SECURITY] [DSA 3368-1] cyrus-sasl2 security update 2015-09-25
Salvatore Bonaccorso (carnil debian org)

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine 2015-09-25
Portcullis Advisories (advisories portcullis-security com)

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine 2015-09-25
Portcullis Advisories (advisories portcullis-security com)

CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine 2015-09-25
Portcullis Advisories (advisories portcullis-security com)

Insecure application-coupling in Good Authentication Delegation [MZ-15-03] 2015-09-25
modzero (security modzero ch)

Malware

Trojan.Greendispenser

Trojan.Tinba.C!gm

WORM_KASIDET.SC

Phishing

Online Survey

26th September 2015

Is your Online Banking Secure?

Virgin Media

25th September 2015

Your latest Virgin Media Bill
cannot be processed

bigfoot.com

23rd September 2015

[ howiem@bigfoot.com ] Upgrade
Notice

å?品折扣

22nd September 2015

éŚ™æ¸¯äť£è´­ï¼Œä¸€æŠ˜é’œæƒ 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

FortiManager 5.2.2 - Persistent XSS Vulnerabilities

X2Engine 4.2 - CSRF Vulnerability

X2Engine 4.2 - Arbitrary File Upload

24.9.2015

Bugtraq

Insecure application-coupling in Good Authentication Delegation [MZ-15-03] 2015-09-25
modzero (security modzero ch)

FortiManager v5.2.2 Multiple XSS Vulnerabilities 2015-09-25
apparitionsec gmail com

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android 2015-09-24
Shazron (shazron apache org)

[SECURITY] [DSA 3367-1] wireshark security update 2015-09-24
Moritz Muehlenhoff (jmm debian org)

BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting 2015-09-23
appsec (appsec bmc com)

BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting 2015-09-23
appsec (appsec bmc com)

[SECURITY] [DSA 3366-1] rpcbind security update 2015-09-23
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Greendispenser

W32.Mydoom.E

Win32/Delf.SSE

Win32/Kverzdoor.A

Win32/Habaku.B

Phishing

Virgin Media

25th September 2015

Your latest Virgin Media Bill
cannot be processed

bigfoot.com

23rd September 2015

[ howiem@bigfoot.com ] Upgrade
Notice

å?品折扣

22nd September 2015

éŚ™æ¸¯äť£è´­ï¼Œä¸€æŠ˜é’œæƒ 

Vulnerebility

 

SANS News

Mozilla Foundation Security Advisory 2015-112

Threatpost

Naikon APT Group Tied to China’s PLA Unit 78020

Microsoft Revokes Trust for Certificates Leaked by D-Link

Curbing the For-Profit Cybercrime Food Chain

Exploit

Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)

FortiManager 5.2.2 - Persistent XSS Vulnerabilities

X2Engine 4.2 - CSRF Vulnerability

X2Engine 4.2 - Arbitrary File Upload

SMF (Simple Machine Forum) <= 2.0.10 - Remote Memory Exfiltration Exploit

WinRar 5.21 - SFX OLE Command Execution

FreshFTP 5.52 - .qfl Crash PoC

23.9.2015

Bugtraq

BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting 2015-09-23
appsec (appsec bmc com)

BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting 2015-09-23
appsec (appsec bmc com)

[SECURITY] [DSA 3366-1] rpcbind security update 2015-09-23
Salvatore Bonaccorso (carnil debian org)

Cisco AnyConnect elevation of privileges via DMG install script 2015-09-23
Securify B.V. (lists securify nl)

[SECURITY] [DSA 3365-1] iceweasel security update 2015-09-23
Moritz Muehlenhoff (jmm debian org)

ESA-2015-142: RSA ArcherŽ GRC Platform Multiple Vulnerabilities 2015-09-23
Security Alert (Security_Alert emc com)

Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability 2015-09-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability 2015-09-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities 2015-09-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

Infostealer.Bebloh

Trojan.Mentono

Win32 / Agent.RKC

Win32 / Filecoder.NDS

Phishing

bigfoot.com

23rd September 2015

[ howiem@bigfoot.com ] Upgrade
Notice

Vulnerebility

 

SANS News

Tracking Privileged Accounts in Windows Environments

Cisco IOS / IOS XE security advisories

Threatpost

5.6 Million Fingerprints Stolen In OPM Hack

Exploit

SMF (Simple Machine Forum) <= 2.0.10 - Remote Memory Exfiltration Exploit

w3tw0rk / Pitbul IRC Bot Remote Code Execution

refbase <= 0.9.6 - Multiple Vulnerabilities

Cisco AnyConnect 3.1.08009 - Privilege Escalation via DMG Install Script

22.9.2015

Bugtraq

UltraEdit v22.20 - Buffer Overflow Vulnerability 2015-09-23
Vulnerability Lab (research vulnerability-lab com)

WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability 2015-09-23
Vulnerability Lab (research vulnerability-lab com)

Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability 2015-09-23
Vulnerability Lab (research vulnerability-lab com)

Reflected Cross-Site Scripting (XSS) in iTop 2015-09-23
High-Tech Bridge Security Research (advisory htbridge ch)

Open-Xchange Security Advisory 2015-09-23 2015-09-23
Martin Heiland (martin heiland lists open-xchange com)

[slackware-security] mozilla-firefox (SSA:2015-265-01) 2015-09-23
Slackware Security Team (security slackware com)

Cisco AnyConnect elevation of privileges via DLL side loading 2015-09-22
Securify B.V. (lists securify nl)

Malware

Infostealer.Bebloh

Phishing

bigfoot.com

23rd September 2015

[ howiem@bigfoot.com ] Upgrade
Notice

å?品折扣

22nd September 2015

éŚ™æ¸¯äť£è´­ï¼Œä¸€æŠ˜é’œæƒ 

PayPal Service

22nd September 2015

Account status limited

Applec

22nd September 2015

Your Apple account has been
disabled !

Tesco Bank

22nd September 2015

Important account security
information

Vulnerebility

 

SANS News

Making our users unlearn what we taught them

Threatpost

Bypass Developed for Microsoft Memory Protection, Control Flow Guard

Federal CISOs Propose New Efforts to Shore Up Cybersecurity

Exploit

SAP Netweaver < 7.01 - XML External Entity Injection

Kaspersky Antivirus ThinApp Parser Stack Buffer Overflow

Cisco AnyConnect Secure Mobility Client 3.1.08009 - Privilege Escalation

MASM32 11R - Crash POC

OS X Regex Engine (TRE) - Integer Signedness and Overflow Issues

OS X Regex Engine (TRE) - Stack Buffer Overflow

Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow

Window Kernel - Bitmap Handling Use-After-Free (MS15-061) #2

Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)

Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)

Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)

Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)

Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)

Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)

Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)

Windows Kernel - Brush Object Use-After-Free Vulnerability (MS15-061)

Windows Kernel - WindowStation Use-After-Free (MS15-061)

Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)

Windows Kernel - Bitmap Handling Use-After-Free (MS15-061)

Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097)

Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)

Windows Kernel - Use-After-Free with Cursor Object (MS15-097)

Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)

Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)

Kaspersky Antivirus VB6 Parsing Integer Overflow

Kaspersky Antivirus ExeCryptor Parsing Memory Corruption

Kaspersky Antivirus PE Unpacking Integer Overflow

Kaspersky Antivirus DEX File Format Parsing Memory Corruption

Kaspersky Antivirus CHM Parsing Stack Buffer Overflow

Kaspersky Antivirus UPX Parsing Memory Corruption

Kaspersky Antivirus "Yoda's Protector" Unpacking Memory Corruption

22.9.2015

Bugtraq

UDID v1.0 iOS - Persistent Mail Encode Vulnerability 2015-09-22
Vulnerability Lab (research vulnerability-lab com)

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability 2015-09-22
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3364-1] linux security update 2015-09-21
Ben Hutchings (benh debian org)

APPLE-SA-2015-09-21-1 watchOS 2 2015-09-21
Apple Product Security (product-security-noreply lists apple com)

Jasig CAS server vulnerabilities 2015-09-21
Antoni Klajn (antoni d klajn pwr edu pl)

Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) 2015-09-21
securityresearch shaftek biz

CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth 2015-09-21
Antoine Neuenschwander (Antoine Neuenschwander csnc ch)

[SECURITY] [DSA 3363-1] owncloud-client security update 2015-09-20
Luciano Bello (luciano debian org)

Malware

Trojan.Tinba.C

Trojan.Ranscrypt.U!gm

Trojan.Ransomcrypt.U

Phishing

PayPal Service

22nd September 2015

Account status limited

Apple

22nd September 2015

Your Apple account has been
disabled !

Tesco Bank

22nd September 2015

Important account security
information

FROM MRS MICHELLE OBAMA

21st September 2015

FROM MRS,MICHELLE OBAMA LAST
NOTICE

Chase

21st September 2015

ALERT: SUSPICIOUS ACTIVITY

PayPal

21st September 2015

account under review.

Vulnerebility

 

SANS News

 

Threatpost

South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues - See more at: https://threatpost.com/#sthash.dJZUKlne.dpuf

South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues

Apple watchOS2 Includes Host of Code-Execution Patches

Model Assesses Readiness to Accept Outside Vulnerability Reports

Exploit

Konica Minolta FTP Utility 1.0 - Directory Traversal Vulnerability

Kirby CMS <= 2.1.0 - CSRF Content Upload and PHP Script Execution

h5ai < 0.25.0 - Unrestricted File Upload

Air Drive Plus 2.4 - Arbitrary File Upload Vulnerability

Kirby CMS <= 2.1.0 - Authentication Bypass

MASM32 11R - Crash POC

21.9.2015

Bugtraq

Jasig CAS server vulnerabilities 2015-09-21
Antoni Klajn (antoni d klajn pwr edu pl)

Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) 2015-09-21
securityresearch shaftek biz

CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth 2015-09-21
Antoine Neuenschwander (Antoine Neuenschwander csnc ch)

[SECURITY] [DSA 3363-1] owncloud-client security update 2015-09-20
Luciano Bello (luciano debian org)

Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... 2015-09-19
Stefan Kanthak (stefan kanthak nexgo de)

SAP Netwaver - XML External Entity Injection 2015-09-21
Lukasz Miedzinski (lukasz miedzinski gmail com)

[SECURITY] [DSA 3362-1] qemu-kvm security update 2015-09-18
Salvatore Bonaccorso (carnil debian org)

Malware

Infostealer.Odlanor

Trojan.Glupteba

Trojan.Glupteba

Win32 / Agent.RKC

Phishing

Chase

21st September 2015

ALERT: SUSPICIOUS ACTIVITY

PayPal

21st September 2015

account under review.

Chase Update

21st September 2015

NEW UPDATE IS REQUIRED #5509

PayPaI Service

21st September 2015

Account status limited

Apple ID

21st September 2015

YOUR APPIE ID HAS BEEN
DISABLED FOR SECURITY REASONS
!

qq

21st September 2015

ATTENTION: DEAR CUSTOMER

Service PaypaI

20th September 2015

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Credit Union

20th September 2015

Navy Federal Credit Union :
Account Verification Alert!

Vulnerebility

 

SANS News

Detecting XCodeGhost Activity

Threatpost

Adobe Patches 23 Critical Vulnerabilities in Flash Player

XcodeGhost iOS Malware Contained

Exploit

ADH-Web Server IP-Cameras - Multiple Vulnerabilities

Konica Minolta FTP Utility 1.0 - Remote Command Execution

Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow

20.9.2015

Bugtraq

KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation 2015-09-17
KoreLogic Disclosures (disclosures korelogic com)

[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information 2015-09-17
security-alert hp com

Malware

OSX.Codgost

Phishing

Credit Union

20th September 2015

Navy Federal Credit Union :
Account Verification Alert!

VIRGIN MEDIA

20th September 2015

Your Virgin Media Profile
Update

Amazon

19th September 2015

ACCOUNT VEREFICATION

Microsoft

19th September 2015

Re-confirm Your cPanel

Amazon

19th September 2015

UNUSUAL ACTIVITY AMAZON
ACCOUNT

Vulnerebility

 

SANS News

Don't launch that file Adobe Reader!

Threatpost

 

Exploit

Thomson CableHome Gateway (DWG849) Cable Modem Gateway - Information Exposure

ADH-Web Server IP-Cameras - Multiple Vulnerabilities

Total Commander 8.52 - Buffer Overflow (Windows 10)

Total Commander 8.52 - Buffer Overflow

Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection

Wireshark 1.12.7 - Division by Zero Crash PoC

Microsoft Office 2007 - BIFFRecord Length Use-After-Free 

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion 

Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097) 

MS15-078 Microsoft Windows Font Driver Buffer Overflow

17.9.2015

Bugtraq

KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation 2015-09-17
KoreLogic Disclosures (disclosures korelogic com)

[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information 2015-09-17
security-alert hp com

APPLE-SA-2015-09-16-4 OS X Server 5.0.3 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) 2015-09-16
Amit Klein (aksecurity gmail com)

APPLE-SA-2015-09-16-3 iTunes 12.3 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

Malware

Win32 / NopleMento.A

Phishing

Amazon

17th September 2015

ACCOUNT VEREFICATION

National

17th September 2015

YOUR PAYMENT NOTIFICATION//

Eco Experts

16th September 2015

SWITCH TO SOLAR AND CUT YOUR
ENERGY BILLS BY 50% PER YEAR

Vulnerebility

 

SANS News

 

Threatpost

Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9

D-Link Accidentally Leaks Private Code-Signing Keys

Google Details Plans to Disable SSLv3 and RC4

Exploit

IKEView.exe R60 - .elg Local SEH Exploit

ZTE PC UI USB Modem Software - Buffer Overflow

ManageEngine OpManager Remote Code Execution

Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation  

Windows NtUserGetClipboardAccessToken Token Leak  

Windows Task Scheduler DeleteExpiredTaskAfter File Deletion Privilege Escalation  

Windows CreateObjectTask TileUserBroker Privilege Escalation  

Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation 

16.9.2015

Bugtraq

APPLE-SA-2015-09-16-3 iTunes 12.3 2015-09-16
Apple Product Security (product-security-noreply

KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation 2015-09-17
KoreLogic Disclosures (disclosures korelogic com)

[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information 2015-09-17
security-alert hp com

APPLE-SA-2015-09-16-4 OS X Server 5.0.3 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) 2015-09-16
Amit Klein (aksecurity gmail com)

APPLE-SA-2015-09-16-3 iTunes 12.3 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-09-16-2 Xcode 7.0 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-09-16-1 iOS 9 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution 2015-09-16
security-alert hp com

Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files 2015-09-16
gregory draperi (gregory draperi gmail com)

 lists apple com)

APPLE-SA-2015-09-16-2 Xcode 7.0 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-09-16-1 iOS 9 2015-09-16
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution 2015-09-16
security-alert hp com

Malware

TrojanDropper:MSIL/Mutra 
TrojanSpy:Win32/Rebhip.E 
Trojan:JS/Iframeinject.AE 

Exp.CVE-2015-2442

Exp.CVE-2015-2443

Exp.CVE-2015-2452

Phishing

Eco Experts

16th September 2015

SWITCH TO SOLAR AND CUT YOUR
ENERGY BILLS BY 50% PER YEAR

Christy Bryant

16th September 2015

Best deep throat

PayPaI Inc

15th September 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

USAA

15th September 2015

Your USAA Savings Account
Suspicious Activities

Vulnerebility

Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76094

Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76401

Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
2015-09-17
http://www.securityfocus.com/bid/76288

Adobe FlashPlayer and AIR APSB15-19 Type Confusion Multiple Remote Code Execution Vulnerabilities
2015-09-17
http://www.securityfocus.com/bid/76287

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76194

IBM WebSphere Application Server CVE-2015-1885 Remote Privilege Escalation Vulnerability
2015-09-17
http://www.securityfocus.com/bid/74219

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76249

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76092

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75157

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75154

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75890

Symantec Endpoint Protection Manager CVE-2015-1489 Remote Privilege Escalation Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76078

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/73237

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/73225

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/73231

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/73232

Symantec Endpoint Protection Manager CVE-2015-1486 Authentication Bypass Vulnerability
2015-09-17
http://www.securityfocus.com/bid/76074

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
2015-09-17
http://www.securityfocus.com/bid/73326

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-09-17
http://www.securityfocus.com/bid/71936

Apple Mac OS X Multiple Privilege Escalation Vulnerabilities
2015-09-17
http://www.securityfocus.com/bid/76421

Elasticsearch CVE-2015-5377 Remote Code Execution Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75938

Elasticsearch CVE-2015-5531 Directory Traversal Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75935

IBM WebSphere Application Server CVE-2015-1927 Remote Privilege Escalation Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75486

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-09-17
http://www.securityfocus.com/bid/75156

Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-09-17
http://www.securityfocus.com/bid/72165

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-09-17
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-0437 Remote Java SE Vulnerability
2015-09-17
http://www.securityfocus.com/bid/72146

GNU glibc 'send_dg()' Function Local Information Disclosure Weakness
2015-09-17
http://www.securityfocus.com/bid/72844

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-09-17
http://www.securityfocus.com/bid/74733

SANS News

A day in the life of a pentester, or is my job is too sexy for me?

Threatpost

Dutch Police Arrest Alleged CoinVault Ransomware Authors

Schneider Patches Plaintext Credentials Bug in Building Automation System

Dennis Fisher On Security, Journalism, and the Origins of Threatpost

Details Surface on Patched Bugzilla Privilege Escalation Flaw

Exploit

Android libstagefright - Integer Overflow Remote Code Execution

ManageEngine OpManager Remote Code Execution

ZeusCart 4.0 - CSRF Vulnerability

ZeusCart 4.0 - SQL Injection

ZTE PC UI USB Modem Software - Buffer Overflow

MS15-078 Microsoft Windows Font Driver Buffer Overflow

VBox Satellite Express 2.3.17.3 - Arbitrary Write

15.9.2015

Bugtraq

Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance 2015-09-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution 2015-09-16
security-alert hp com

Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files 2015-09-16
gregory draperi (gregory draperi gmail com)

Microsoft Exchange Information Disclosure 2015-09-16
apparitionsec gmail com

[SECURITY] [DSA 3360-1] icu security update 2015-09-15
Laszlo Boszormenyi (GCS) (gcs debian org)

Malware

TrojanSpy:Win32/Rebhip 
TrojanDownloader:Win32/Bladabindi 

Phishing

Christy Bryant

16th September 2015

Best deep throat

PayPaI Inc

15th September 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

USAA

15th September 2015

Your USAA Savings Account
Suspicious Activities

ebilling@bt.com

15th September 2015

Your latest BT bill is now
online

Vulnerebility

 

SANS News

Malicious spam with zip attachments containing .js files

Threatpost

WordPress Patches Serious Shortcodes Core Engine Vulnerability

First Let’s Encrypt Free Certificate Goes Live

Scan of IPv4 Space for ‘Implanted’ Cisco Routers Finds Fewer Than 100

Spam Campaign Continuing to Serve Up Malicious .js Files

Google Patches Latest Android Lockscreen Bypass

Exploit

Microsoft Office Excel 2007, 2010, 2013 - BIFFRecord Use-After-Free

Microsoft Office 2007 - BIFFRecord Length Use-After-Free

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion

Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097)

WordPress CP Reservation Calendar Plugin 1.1.6 - SQL Injection

FAROL - SQL Injection Vulnerability

14.9.2015

Bugtraq

[security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data 2015-09-15
security-alert hp com

Paypal Inc - Open Redirect Web Vulnerability 2015-09-15
Vulnerability Lab (research vulnerability-lab com)

Openfire 3.10.2 CSRF Vulnerabilities 2015-09-15
apparitionsec gmail com

IKEView.exe R60 Stack Buffer Overflow 2015-09-14
apparitionsec gmail com

[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass 2015-09-14
security-alert hp com

[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting 2015-09-14
Ahrens, Julien (Julien Ahrens secunet com)

[SECURITY] [DSA 3358-1] php5 security update 2015-09-13
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:AutoIt/Gedo 
TrojanDropper:MSIL/Mutra 
TrojanClicker:Win32/Frosparf.H 
TrojanDownloader:Win32/Frosparf.A 

Downloader.Domar

Phishing

Barclays PLC

14th September 2015

YOU HAVE 3 NEW DOCUMENTS
AVAILABLE

Amazon

14th September 2015

UNUSUAL ACTIVITY AMAZON
ACCOUNT

PayPal

13th September 2015

Please confirm your account
information .

Apple

13th September 2015

PLEASE LOGIN TO UPDATE YOUR
ACCOUNT ID INFORMATIONS.

Halifax Plc

13th September 2015

IMPORTANT UPDATES

Vulnerebility

 

SANS News

Risk... in the most obscure places

Threatpost

DARPA Protecting Software From Reverse Engineering Through Obfuscation

Attackers Replacing Firmware on Cisco Routers

Exploit

Android Shellcode Telnetd with Parameters

Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation

Windows NtUserGetClipboardAccessToken Token Leak

Windows Task Scheduler DeleteExpiredTaskAfter File Deletion Privilege Escalation

Windows CreateObjectTask TileUserBroker Privilege Escalation

Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials

Total Commander 8.52 - SEH-Overwrite BOF

Attackers Replacing Firmware on Cisco Routers

Attackers Replacing Firmware on Cisco Routers

MS15-100 Microsoft Windows Media Center MCL Vulnerability

WordPress CP Reservation Calendar Plugin 1.1.6 - SQL Injection

Openfire 3.10.2 - Unrestricted File Upload

Openfire 3.10.2 - Remote File Inclusion

Openfire 3.10.2 - Privilege Escalation

Openfire 3.10.2 - Multiple XSS Vulnerabilities

Openfire 3.10.2 - CSRF Vulnerabilities

Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution

ManageEngine OpManager 11.5 - Multiple Vulnerabilities

13.9.2015

Bugtraq

[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting 2015-09-14
Ahrens, Julien (Julien Ahrens secunet com)

[SECURITY] [DSA 3358-1] php5 security update 2015-09-13
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3359-1] virtualbox security update 2015-09-13
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3357-1] vzctl security update 2015-09-13
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3356-1] openldap security update 2015-09-12
Salvatore Bonaccorso (carnil debian org)

IKEView.exe Fox beta 1 Stack Buffer Overflow 2015-09-12
apparitionsec gmail com

Malware

Hacktool.Suceful

Phishing

Barclays PLC

14th September 2015

YOU HAVE 3 NEW DOCUMENTS
AVAILABLE

Amazon

14th September 2015

UNUSUAL ACTIVITY AMAZON
ACCOUNT

PayPal

13th September 2015

Please confirm your account
information .

Apple

13th September 2015

PLEASE LOGIN TO UPDATE YOUR
ACCOUNT ID INFORMATIONS.

Halifax Plc

13th September 2015

IMPORTANT UPDATES

PAYPAI SERVICE

13th September 2015

Your account has been Iimited
untiI we hear from you

Vulnerebility

 

SANS News

The Wordpress Plugins Playground

Threatpost

Installation of Tor Relay in Library Attracts DHS Attention

New Debian Releases Fix PHP, VirtualBox Bugs

Exploit

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution

ManageEngine OpManager 11.5 - Multiple Vulnerabilities

EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities

IKEView.exe Fox beta 1 - Stack Buffer Overflow

IKEView.exe R60 - Stack Buffer Overflow

12.9.2015

Bugtraq

[SECURITY] [DSA 3356-1] openldap security update 2015-09-12
Salvatore Bonaccorso (carnil debian org)

IKEView.exe Fox beta 1 Stack Buffer Overflow 2015-09-12
apparitionsec gmail com

[security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code 2015-09-11
security-alert hp com

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability 2015-09-11
Egidio Romano (research karmainsecurity com)

Magento Bug Bounty #19 - Persistent Filename Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 2015-09-10
LpSolit gmail com

Malware

 

Phishing

Apple

13th September 2015

PLEASE LOGIN TO UPDATE YOUR
ACCOUNT ID INFORMATIONS.

Halifax Plc

13th September 2015

IMPORTANT UPDATES

PAYPAI SERVICE

13th September 2015

Your account has been Iimited
untiI we hear from you

PayPal

12th September 2015

YOUR ACCOUNT HAS LIMITATION !
YOU CAN RESOLVE THIS NOW .

Vulnerebility

 

SANS News

Some password advice

Threatpost

 

Exploit

Microsoft Internet Explorer 11 - Stack Underflow Crash PoC

Windows Media Center - Command Execution (MS15-100)

Monsta FTP 1.6.2 - Multiple Vulnerabilities

11.9.2015

Bugtraq

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 2015-09-10
Onur Yilmaz (onur netsparker com)

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability 2015-09-11
Egidio Romano (research karmainsecurity com)

Magento Bug Bounty #19 - Persistent Filename Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability 2015-09-11
Vulnerability Lab (research vulnerability-lab com)

Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 2015-09-10
LpSolit gmail com

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14 2015-09-10
dkl mozilla com

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 2015-09-10
Onur Yilmaz (onur netsparker com)

[SECURITY] [DSA 3355-1] libvdpau security update 2015-09-10
Alessandro Ghedini (ghedo debian org)

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station 2015-09-09
Securify B.V. (lists securify nl)

Synology Video Station command injection and multiple SQL injection vulnerabilities 2015-09-09
Securify B.V. (lists securify nl)

[SECURITY] [DSA 3355-1] libvdpau security update 2015-09-10
Alessandro Ghedini (ghedo debian org)

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station 2015-09-09
Securify B.V. (lists securify nl)

Synology Video Station command injection and multiple SQL injection vulnerabilities 2015-09-09
Securify B.V. (lists securify nl)

[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information 2015-09-09
security-alert hp com

[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) 2015-09-09
security-alert hp com

Malware

TrojanDownloader:Win32/Blinsload.A 
PWS:Win32/Pumba.C 

Trojan.Volgmer.B

MSIL / Spy.Agent.AHL

Win32 / NopleMento.A

Python / Mamba.E

Phishing

alert@barclays.co.uk

11th September 2015

NEW MESSAGE

USAA

10th September 2015

Account suspension notice

APPLE

10th September 2015

ACCOUNT STATUS HAS BEEN
CHANGED , INVOICE NUMBER
#965221

Vulnerebility

 

SANS News

Feeding DShield with OSSEC Logs

Threatpost

Just Like Old Days: IOT Security Pits Regulators Against Market

Gary McGraw on Scalable Software Security and Medical Device Securityf

Series of Buffer Overflows Plague Many Yokogawa ICS Products

Exploit

OS X x64 - tcp bind shellcode, NULL byte free (144 bytes)

OS X Install.framework suid root Runner Binary Privilege Escalation

OS X Install.framework Arbitrary mkdir, unlink and chown to admin Group

OS X Install.framework suid Helper Privilege Escalation

Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow

OpenLDAP 2.4.42 - ber_get_next Denial of Service

10.9.2015

Bugtraq

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 2015-09-10
Onur Yilmaz (onur netsparker com)

[SECURITY] [DSA 3355-1] libvdpau security update 2015-09-10
Alessandro Ghedini (ghedo debian org)

Multiple Cross-Site Scripting vulnerabilities in Synology Download Station 2015-09-09
Securify B.V. (lists securify nl)

Synology Video Station command injection and multiple SQL injection vulnerabilities 2015-09-09
Securify B.V. (lists securify nl)

[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information 2015-09-09
security-alert hp com

[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS) 2015-09-09
security-alert hp com

[ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-015] SAP NetWeaver AS ABAPâ?? Hardcoded Credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE in Add Repository 2015-09-09
ERPScan inc (erpscan online gmail com)

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-09-09
Security Alert (Security_Alert emc com)

ESA-2015-140: RSAŽ Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities 2015-09-09
Security Alert (Security_Alert emc com)

[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) 2015-09-08
security-alert hp com

Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe 2015-09-08
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3354-1] spice security update 2015-09-08
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:MSIL/Muxtart.A 

Win32 / Spy.Agent.ORM

Win32 / Wemosis.H

Win32 / Dridex.S

Win32 / Dridex.P

Phishing

APPLE

10th September 2015

ACCOUNT STATUS HAS BEEN
CHANGED , INVOICE NUMBER
#965221

Vulnerebility

 

SANS News

A look through the spam filters - examining waves of Upatre malspam

Threatpost

FTC, Experts Push Startups to Think About Security From the Beginning

NY Health Provider Excellus Discloses Data Breach Dating to 2013

Pair of Drupal Modules Patch Access Bypass Flaws

Exploit

Android Stagefright - Remote Code Execution

Qlikview <= 11.20 SR11 - Blind XXE Injection Vulnerability

Auto-Exchanger 5.1.0 - CSRF Vulnerability

9.9.2015

Bugtraq

[ERPSCAN-15-016] SAP NetWeaver â?? Hardcoded credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-015] SAP NetWeaver AS ABAPâ?? Hardcoded Credentials 2015-09-09
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-014] SAP Mobile Platform 3 â?? XXE in Add Repository 2015-09-09
ERPScan inc (erpscan online gmail com)

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-09-09
Security Alert (Security_Alert emc com)

ESA-2015-140: RSAŽ Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities 2015-09-09
Security Alert (Security_Alert emc com)

[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS) 2015-09-08
security-alert hp com

Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe 2015-09-08
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3354-1] spice security update 2015-09-08
Salvatore Bonaccorso (carnil debian org)

Re: Oracle Hyperion password disclosure... 2015-09-08
jeff kayser jibeconsulting com

Malware

MonitoringTool:Win32/TektonIt 
HackTool:Win32/Broduplo 
TrojanDownloader:Win32/Dabaker.A 
TrojanDownloader:Java/OpenConnection.QE 

Phishing

Tesco Bank

8th September 2015

Locked out due to recent
changes

Vulnerebility

 

SANS News

Adobe Updates Shockwave Player

September 2015 Microsoft Patch Tuesday

Threatpost

Android Stagefright Exploit Code Released to Public

Musical Chairs Campaign Found Deploying New Gh0st RAT Variant

Jessy Irwin on Password Security, Opsec and User Education

Security of iMessage System Comes to the Fore Again

Turla APT Group Abusing Satellite Internet Links

TLS Implementations Vulnerable to RSA Key Leaks

Microsoft Patches Graphics Component Flaw Under Attack

Exploit

Qlikview <= 11.20 SR11 - Blind XXE Injection Vulnerability

PHP SplDoublyLinkedList unserialize() Use-After-Free

PHP GMP unserialize() Use-After-Free

PHP SplObjectStorage unserialize() Use-After-Free

PHP Session Deserializer Use-After-Free

DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities

Linux/x86 - execve("/bin/cat", ["/bin/cat", "/etc/passwd"], NULL)

8.9.2015

Bugtraq

[CVE-2015-3623] Qlikview blind XXE Security Vulnerability 2015-09-08
alex_haynes outlook com

NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. 2015-09-07
Elliott Lewis (elliott lewis uk gmail com)

[SECURITY] [DSA 3353-1] openslp-dfsg security update 2015-09-05
Alessandro Ghedini (ghedo debian org)

JSPMySQL Administrador CSRF & XSS Vulnerabilities 2015-09-05
apparitionsec gmail com

Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Malware

Backdoor:Win32/Shesmi.A 
TrojanDownloader:Win32/Puflug.B 
TrojanDropper:Win32/PSah.A 

Win32/Spy.Agent.ORM

Win32/Wemosis.H

Phishing

Amazon

7th September 2015

Amazon account status has been
changed

Vulnerebility

 

SANS News

September 2015 Microsoft Patch Tuesday

A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers

Threatpost

Adobe Patches Two Shockwave Player Vulnerabilities

eBay Fixes XSS Flaw in Subdomain

Government Releases Policy on Vulnerability Discovery and Disclosure

Exploit

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

IBM AIX High Availability Cluster Multiprocessing (HACMP) Local Privilege Escalation 0day

Advantech WebAccess 8.0, 3.4.3 ActiveX - Multiple Vulnerabilities

VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow

7.9.2015

Bugtraq

NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. 2015-09-07
Elliott Lewis (elliott lewis uk gmail com)

[SECURITY] [DSA 3353-1] openslp-dfsg security update 2015-09-05
Alessandro Ghedini (ghedo debian org)

JSPMySQL Administrador CSRF & XSS Vulnerabilities 2015-09-05
apparitionsec gmail com

Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation 2015-09-04
Stefan Kanthak (stefan kanthak nexgo de)

Oracle Hyperion password disclosure... 2015-09-04
Jeff Kayser (jeff kayser jibeconsulting com)

Malware

TrojanSpy:Win32/Banker.AOT 
TrojanSpy:Win32/Banker.AOS 
TrojanSpy:Win32/Banker.AOP 

Phishing

Nobel Trust Ltd.

3rd September 2015

International Escrow Agent

Vulnerebility

 

SANS News

Security Awareness and Collaboration

Hunting for IOC's with ioc-parser

Threatpost

 

Exploit

Endian Firewall Proxy Password Change Command Injection

NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation

JSPMySQL Administrador - Multiple Vulnerabilities

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities

FireEye Appliance Unauthorized File Disclosure

Elastix < 2.5 , PHP Code Injection Exploit

AutoCAD DWG and DXF To PDF Converter 2.2 - Buffer Overflow

Disconnect.me Mac OS X Client <= 2.0 - Local Privilege Escalation

ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC

5.9.2015

Bugtraq

Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability 2015-09-04
David Coomber (davidcoomber infosec gmail com)

Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation 2015-09-04
Stefan Kanthak (stefan kanthak nexgo de)

Oracle Hyperion password disclosure... 2015-09-04
Jeff Kayser (jeff kayser jibeconsulting com)

[SECURITY] [DSA 3352-1] screen security update 2015-09-04
Laszlo Boszormenyi (gcs debian org)

Malware

BKDR_CARBANAK.C

BKDR_CARBANAK.B

VBA / TrojanDownloader.Agent.AAV

VBA / TrojanDownloader.Agent.AAL

VBA / TrojanDownloader.Agent.AAK

Win32 / Dridex.S

VBA / TrojanDownloader.Agent.AAZ

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data - See more at: https://threatpost.com/attacker-compromised-mozilla-bug-system-stole-private-vulnerability-data/114552/#sthash.0WvwhP3t.dpuf

Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data - See more at: https://threatpost.com/attacker-compromised-mozilla-bug-system-stole-private-vulnerability-data/114552/#sthash.0WvwhP3t.dpuf

Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data

Exploit

 

4.9.2015

Bugtraq

[SECURITY] [DSA 3352-1] screen security update 2015-09-04
Laszlo Boszormenyi (gcs debian org)

[slackware-security] seamonkey (SSA:2015-246-01) 2015-09-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3351-1] chromium-browser security update 2015-09-03
Michael Gilbert (mgilbert debian org)

[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow 2015-09-03
Julien Ahrens (info rcesecurity com)

ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability 2015-09-03
Security Alert (Security_Alert emc com)

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities 2015-09-03
Vulnerability Lab (research vulnerability-lab com)

Checkmarx CxQL Sandbox bypass (CVE-2014-8778) 2015-09-03
hdau deloitte fr

[SYSS-2015-016] Avaya one-XŽ Agent - Hard-coded Cryptographic Key 2015-09-03
sven freund syss de

[slackware-security] bind (SSA:2015-245-01) 2015-09-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3350-1] bind9 security update 2015-09-02
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-15:23.bind 2015-09-02
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3348-1] qemu security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3349-1] qemu-kvm security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

Malware

W32.Conpilf@mm

Trojan.Carberp.D

BKDR_EMDIVI.ZJCH-A

TSPY_SHIZ.MJSU

Phishing

 

Vulnerebility

 

SANS News

Port Scanners: The Good and The Bad

Threatpost

Citovat Wassenaar, HP vytáhne z Mobile Pwn2Own

Federálové Change Policy vyžadovat rozkaz k použití Stingrays

Exploit

 

3.9.2015

Bugtraq

[SECURITY] [DSA 3348-1] qemu security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3349-1] qemu-kvm security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability 2015-09-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3347-1] pdns security update 2015-09-02
SÊbastien Delafond (seb debian org)

ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability 2015-09-02
Security Alert (Security_Alert emc com)

Malware

TrojanDownloader:Win32/Contaskitar.B 
TrojanDownloader:Win32/Retkwark.A 
TrojanDownloader:Win32/Qulkonwi.D 
TrojanDownloader:Win32/Lophistdol.A 
Backdoor:Win32/NetWiredRC.D 

TrojanSpy:Win32/Banker.AOO 
Backdoor:Win32/Farfli.BJ 
TrojanDownloader:Win32/Upatre.BY 
TrojanDownloader:Win32/Upatre.BX 
TrojanDownloader:Win32/Scadmacs.A 
SoftwareBundler:Win32/Owsair 
SoftwareBundler:Win32/LoadArcher.A 
SoftwareBundler:Win32/LoadArcher 
TrojanDownloader:Win32/Upatre.CB 

Phishing

Service 2015

2nd September 2015

PLEASE LOGIN TO UPDATE YOUR
ACCOUNT INFORMATIONS

Administrator OnlineÂŽ

2nd September 2015

✔VIEW MAIL!!

Yvonne Perry

2nd September 2015

ONENIGHTSEX NOTICE IS PENDING

Tesco Bank

1st September 2015

Tesco Account suspended due to
TOS violations

Mohamed Abdel

1st September 2015

URGENT !!!

email update

1st September 2015

INFO

Mona Yates

1st September 2015

YOU'VE 1 F#CK REQUEST

Vulnerebility

 

SANS News

Querying the DShield API from RTIR

Threatpost

New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe

New Android Ransomware Communicates over XMPP

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Exploit

SphereFTP Server 2.0 - Crash PoC

Mainframe/System Z Bind Shell

2.9.2015

Bugtraq

[SECURITY] [DSA 3347-1] pdns security update 2015-09-02
SÊbastien Delafond (seb debian org)

ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability 2015-09-02
Security Alert (Security_Alert emc com)

Cross-Site Request Forgery in Cerb 2015-09-02
High-Tech Bridge Security Research (advisory htbridge ch)

[slackware-security] gdk-pixbuf2 (SSA:2015-244-01) 2015-09-01
Slackware Security Team (security slackware com)

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection 2015-09-02
David Black (dblack atlassian com)

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation 2015-09-01
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation 2015-09-01
KoreLogic Disclosures (disclosures korelogic com)

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities 2015-09-01
CORE Advisories Team (advisories coresecurity com)

Malware

 

Phishing

Tesco Bank

1st September 2015

Tesco Account suspended due to
TOS violations

Mohamed Abdel

1st September 2015

URGENT !!!

email update

1st September 2015

INFO

Mona Yates

1st September 2015

YOU'VE 1 F#CK REQUEST

IT玡理中心

1st September 2015

ã€ç½‘çťœè¿è¥éƒ¨ã€‘å…³äºŽEMI
S邮件æœ?务å?‡çº§çš„通知ï¼
ï¼ˆè¯ˇå?Šæ—śæŸ¥çœ‹ï¼‰

Wells Fargo Bank

1st September 2015

WELLS FARGO NOTIFICATION-
MESSAGE ID : 9876123

Vulnerebility

 

SANS News

What's the situation this week for Neutrino and Angler EK?

Threatpost

Encryption, Lock Mechanism Vulnerabilities Plague AppLock

Google Patches Critical Vulnerabilities in Chrome 45

Victims of June OPM Hack Still Haven’t Been Notified

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Exploit

Bedita 3.5.1 - XSS Vulnerabilities

Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities

Mpxplay Multimedia Commander 2.00a - .m3u Stack-Based Buffer Overflow

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC

Mpxplay Multimedia Commander 2.00a - .m3u Stack-Based Buffer Overflow

SphereFTP Server 2.0 - Crash PoC

OS X x64 /bin/sh Shellcode, NULL Byte Free, 34 bytes

Cerb 7.0.3 - CSRF Vulnerability

GPON Home Router FTP G-93RG1 - CSRF Command Execution Vulnerability

Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass

1.9.2015

Bugtraq

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities 2015-09-01
CORE Advisories Team (advisories coresecurity com)

[security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code 2015-09-01
security-alert hp com

[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information 2015-08-31
security-alert hp com

[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information 2015-08-31
security-alert hp com

Malware

Worm:VBS/Tibni.A

Phishing

Mohamed Abdel

1st September 2015

URGENT !!!

email update

1st September 2015

INFO

Mona Yates

1st September 2015

YOU'VE 1 F#CK REQUEST

IT玡理中心

1st September 2015

ã€ç½‘çťœè¿è¥éƒ¨ã€‘å…³äºŽEMI
S邮件æœ?务å?‡çº§çš„通知ï¼
ï¼ˆè¯ˇå?Šæ—śæŸ¥çœ‹ï¼‰

Wells Fargo Bank

1st September 2015

WELLS FARGO NOTIFICATION-
MESSAGE ID : 9876123

PayPol Services

31st August 2015

CASE ID : 1389795465 | PLEASE
CHECK YOUR PAYPOL ACCOUNT
INFORMATION

PayPal - Customer

31st August 2015

IMPORTANT UPDATE REQUIRED IN
YOUR PAYPAL ACCOUNT ✔

Natwest

29th August 2015

Natwest Notice

Vulnerebility

 

SANS News

Gift card from Marriott?

Encryption of "data at rest" in servers

How to hack

Threatpost

 

Exploit

Bedita 3.5.1 - XSS Vulnerabilities

Mpxplay Multimedia Commander 2.00a - .m3u Stack-Based Buffer Overflow

31.8.2015

Bugtraq

[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information 2015-08-31
security-alert hp com

[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information 2015-08-31
security-alert hp com

Dogma India dogmaindia CMS - Auth Bypass Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

Jenkins 1.626 - Cross Site Request Forgery / Code Execution 2015-08-28
smash devilteam pl

LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information 2015-08-28
security-alert hp com

[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access 2015-08-28
security-alert hp com

[SECURITY] [DSA 3346-1] drupal7 security update 2015-08-31
Alessandro Ghedini (ghedo debian org)

[security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information 2015-08-28
security-alert hp com

[SECURITY] [DSA 3345-1] iceweasel security update 2015-08-29
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-firefox (SSA:2015-241-01) 2015-08-29
Slackware Security Team (security slackware com)

Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host 2015-08-30
kev r yahoo com

[SECURITY] [DSA 3344-1] php5 security update 2015-08-27
Sebastien Delafond (seb debian org)

Malware

TrojanDownloader:Win32/ExtenBro.A 
BrowserModifier:Win32/Diplugem 
DDoS:Win32/Nitol.J 
TrojanDownloader:Win32/Olutall.B 
TrojanDownloader:AutoIt/Fadef 
SoftwareBundler:Win32/FakeDiX 

Phishing

 

Vulnerebility

 

SANS News

Detecting file changes on Microsoft systems with FCIV

Threatpost

CoreBot Malware Steals Credentials-For Now

CERT Warns of Slew of Bugs in Belkin N600 Routers

NSF Awards $6M Grants for Internet of Things Security

CoreBot Malware Steals Credentials-For Now

Exploit

PhpWiki 1.5.4 - Multiple Vulnerabilities

Edimax PS-1206MF - Web Admin Auth Bypass

Ganglia Web Frontend < 3.5.1 - PHP Code Execution

Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection Vulnerability

Apple OS X Entitlements Rootpipe Privilege Escalation

Microsoft Office 2007 - msxml5.dll Crash PoC

Viber 4.2.0 - Non-Printable Characters Handling Denial of Service Vulnerability

30.8.2015

Bugtraq

 

Malware

Trojan.Cryptolocker.AA

BrowserModifier:Win32/Diplugem 
TrojanDownloader:Win32/ExtenBro.A 
DDoS:Win32/Nitol.J 
TrojanDownloader:Win32/Olutall.B 
TrojanDownloader:AutoIt/Fadef 
SoftwareBundler:Win32/FakeDiX 

Win32 / Dridex.M

VBA / TrojanDropper.Agent.CT

Phishing

Natwest

29th August 2015

Natwest Notice

Vulnerebility

 

SANS News

Automating Metrics using RTIR REST API

Threatpost

Appeals Court Vacates Lower Court’s Decision on National Security Letters

Exploit

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure

Sysax Multi Server 6.40 SSH Component Denial of Service

28.8.2015

Bugtraq

[SECURITY] [DSA 3344-1] php5 security update 2015-08-27
Sebastien Delafond (seb debian org)

[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information 2015-08-27
security-alert hp com

UAC Bypass Vulnerability on "Windows 7" in Windows Script Host 2015-08-27
vozzie gmail com (1 replies)

Malware

TrojanDownloader:Win32/Banload.BDQ 
TrojanSpy:Win32/Bancos.ANS 
TrojanDownloader:Win32/Banload.BDN 
TrojanDownloader:Win32/Banload.BDL 

Generic.e!71CDC3201116

PWS:Win32/Fareit.AF 
TrojanDownloader:Win32/Zegost.H 
Exploit:Win32/CVE-2015-2426 
TrojanDownloader:MSIL/Winpud.A 

Trojan.Kotver

Phishing

Barclays PLC.

27th August 2015

Barclays Important
Notification.

Silvia Ribas.

27th August 2015

FW: DOCUMENTO - 4221.2419

Vulnerebility

 

SANS News

Test File: PDF With Embedded DOC Dropping EICAR

Threatpost

Adobe Hotfix Patches XXE Vulnerability in ColdFusion

Scanner Finds Malicious Android Apps at Scale

Google to Pause Flash Ads in Chrome Starting Next Week

FBI: Social Engineering, Hacks Lead to Millions Lost to Wire Fraud

Exploit

WordPress Responsive Thumbnail Slider Plugin 1.0 - Arbitrary File Upload

Jenkins 1.626 - Cross Site Request Forgery / Code Execution

Wolf CMS Arbitrary File Upload To Command Execution

Photo Transfer (2) 1.0 iOS - Denial of Service Vulnerability

27.8.2015

Bugtraq

UAC Bypass Vulnerability on "Windows 7" in Windows Script Host 2015-08-27
vozzie gmail com

[security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code 2015-08-26
security-alert hp com

[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information 2015-08-26
security-alert hp com

CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins 2015-08-26
grajalerts noreply gmail com

[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information 2015-08-26
security-alert hp com

Malware

TrojanDownloader:Win32/Gratem.A

Backdoor.Trojan.LH2

BrowserModifier:Win32/IstartSurf!lnk 
BrowserModifier:Win32/DeltaHomes!lnk 
BrowserModifier:Win32/OurSurfing!lnk 

Exploit/Stagefright.E

Exploit/Stagefright.M

Exploit/Certifigate.B

Phishing

Silvia Ribas.

27th August 2015

FW: DOCUMENTO - 4221.2419

PayPal

27th August 2015

Update Your PayPal Account!

Vulnerebility

 

SANS News

PDF + maldoc1 = maldoc2

Threatpost

Target Says SEC Won’t Pursue Enforcement Action as a Result of Data Breach

Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden

Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products

Exploit

Magento eCommerce - Remote Code Execution

VLC Media Player 2.2.1 - m3u8/m3u Crash PoC

FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution

FENIX 0.92 - Buffer Overflow

BSIGN 0.4.5 - Buffer Overflow

ZSNES 1.51 - Buffer Overflow

Xion Audio Player 1.5 build 155 Stack Based Buffer Overflow

QEMU Programmable Interrupt Timer Controller Heap Overflow

26.8.2015

Bugtraq

[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities 2015-08-24
security-alert hp com

Malware

Backdoor.Uwarrat

OSX / Ventir.A

Win32 / Saynob.2406.A

OSX / Spy.Hapus.A

PDF / TrojanDropper.Agent.C

VBA / TrojanDownloader.Agent.AAC

VBA / TrojanDownloader.Agent.ZX

VBA / TrojanDownloader.Agent.ZS

Win32 / Filecoder.NEA

Win32 / Dridex.M

Phishing

Natwest

26th August 2015

1 IMPORTANT MESSAGE

PayPal

26th August 2015

Update Your Information! ✉
26/08/2015 09:20:31

Vulnerebility

 

SANS News

Actor that tried Neutrino exploit kit now back to Angler

Threatpost

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

Researchers Uncover New Italian RAT uWarrior

Exploit

ZSNES 1.51 - Buffer Overflow

VLC Media Player 2.2.1 - m3u8/m3u Crash PoC

25.8.2015

Bugtraq

[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities 2015-08-24
security-alert hp com

[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification 2015-08-24
security-alert hp com

[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification 2015-08-24
security-alert hp com

[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5 2015-08-24
erlijn vangenuchten syss de

Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation 2015-08-24
ajs swordshield com

Cross site request forgery vulnerability in Linksys WAG120N 2015-08-23
DonVallejo . (j v vallejo gmail com)

[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials 2015-08-24
matthias deeg syss de

Malware

Win32/Upatre 

Infostealer.Canfili

Phishing

service@paypal.co.uk

24th August 2015

ACTION REQUIRED -YOUR BANK HAS
NOTIFIED US OF UNAUTHORISED
MONEY TRANSFERS FROM YOUR BANK
ACCOUNT

Vulnerebility

 

SANS News

Dropbox Phishing via Compromised Wordpress Site

Threatpost

Charlie Miller to Leave Twitter Security Team

AutoIt Used in Targeted Attacks to Move RATs

Github Mitigates DDoS Attack

Exploit

Microsoft Office 2007 OneTableDocumentStream Invalid Object

Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow

Firefox PDF.js Privileged Javascript Injection

Pligg CMS 2.0.2 - CSRF Add Admin Exploit

WordPress GeoPlaces3 Theme - Arbitrary File Upload Vulnerbility

Mock SMTP Server 1.0 Remote Crash PoC

GOM Audio 2.0.8 - (.gas) Crash POC

Keeper IP Camera 3.2.2.10 - Authentication Bypass 

24.8.2015

Bugtraq

Cross site request forgery vulnerability in Linksys WAG120N 2015-08-23
DonVallejo . (j v vallejo gmail com)

[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials 2015-08-24
matthias deeg syss de

Logstash vulnerability CVE-2015-5619 2015-08-21
Suyog Rao (suyog elastic co)

Malware

 

Phishing

SUPPORT

24th August 2015

We Advise You To Update Your
Account Right Now ✔

Microsoft

24th August 2015

Update Your Account Amazon

sales

23rd August 2015

YOUR PAYMENT TO SKYPE, RECEIPT
NR. 02695125143

Chase Bank

23rd August 2015

[ Chase Bank ] Important
Notification

USAA

23rd August 2015

Important Account Update

Vulnerebility

 

SANS News

Are You Protecting your "Backdoor" ?

Threatpost

White House Support for CISA Worries Privacy Advocates - See more at: https://threatpost.com/#sthash.N0mq2Ham.dpuf

White House Support for CISA Worries Privacy Advocates

AlienSpy RAT Resurfaces as JSocket

Vulnerabilities Identified in Dolphin, Mercury Android Browsers

Exploit

Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow

Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow

24.8.2015

Bugtraq

Logstash vulnerability CVE-2015-5619 2015-08-21
Suyog Rao (suyog elastic co)

[security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-08-21
security-alert hp com

Re: [SECURITY] [DSA 3325-2] apache2 regression update 2015-08-21
franzskinn gmail com

APPLE-SA-2015-08-20-1 QuickTime 7.7.8 2015-08-20
Apple Product Security (product-security-noreply lists apple com)

Re: Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability 2015-08-20
anonymous yahoo com

[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege 2015-08-20
security-alert hp com

[SECURITY] [DSA 3342-1] vlc security update 2015-08-20
Alessandro Ghedini (ghedo debian org)

[oCERT-2015-009] VLC arbitrary pointer dereference 2015-08-20
Andrea Barisani (lcars ocert org)

UBNT Bug Bounty #3 - Persistent Filename Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

WebSolutions India Design CMS - SQL Injection Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

ChiefPDF Software v2.x - Buffer Overflow Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor.Duuzer

Phishing

Chase Bank

23rd August 2015

[ Chase Bank ] Important
Notification

USAA

23rd August 2015

Important Account Update

Lloyds Bank

22nd August 2015

YOUR ACCOUNT HAS BEEN FROZEN

Lloyds

22nd August 2015

LLOYDS BANK UPDATE

Vulnerebility

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-08-22
http://www.securityfocus.com/bid/73684

Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76094

Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76401

Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
2015-08-22
http://www.securityfocus.com/bid/76288

Adobe FlashPlayer and AIR APSB15-19 Type Confusion Multiple Remote Code Execution Vulnerabilities
2015-08-22
http://www.securityfocus.com/bid/76287

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76194

IBM WebSphere Application Server CVE-2015-1885 Remote Privilege Escalation Vulnerability
2015-08-22
http://www.securityfocus.com/bid/74219

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76249

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76092

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75157

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75154

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75890

Symantec Endpoint Protection Manager CVE-2015-1489 Remote Privilege Escalation Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76078

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/73237

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/73225

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/73231

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2015-08-22
http://www.securityfocus.com/bid/73232

Symantec Endpoint Protection Manager CVE-2015-1486 Authentication Bypass Vulnerability
2015-08-22
http://www.securityfocus.com/bid/76074

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
2015-08-22
http://www.securityfocus.com/bid/73326

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-08-22
http://www.securityfocus.com/bid/71936

Apple Mac OS X Multiple Privilege Escalation Vulnerabilities
2015-08-22
http://www.securityfocus.com/bid/76421

Elasticsearch CVE-2015-5377 Remote Code Execution Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75938

Elasticsearch CVE-2015-5531 Directory Traversal Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75935

IBM WebSphere Application Server CVE-2015-1927 Remote Privilege Escalation Vulnerability
2015-08-22
http://www.securityfocus.com/bid/75486

Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-08-22
http://www.securityfocus.com/bid/72165

Oracle Java SE CVE-2015-0437 Remote Java SE Vulnerability
2015-08-22
http://www.securityfocus.com/bid/72146

Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability
2015-08-22
http://www.securityfocus.com/bid/72136

Oracle Java SE CVE-2015-0408 Remote Java SE Vulnerability
2015-08-22
http://www.securityfocus.com/bid/72140

Oracle Java SE CVE-2015-0395 Remote Java SE Vulnerability
2015-08-22
http://www.securityfocus.com/bid/72142

SANS News

 

Threatpost

 

Exploit

Microsoft Office 2007 wwlib.dll fcPlcfFldMom Uninitialized Heap Usage

Microsoft Office 2007 wwlib.dll Type Confusion

Microsoft Office 2007 OGL.dll DpOutputSpanStretch::OutputSpan Out of Bounds Write

Microsoft Office 2007 MSO.dll Arbitrary Free

Microsoft Office 2007 MSO.dll Use-After-Free

Windows win32k.sys TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write

Windows win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access

Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table

Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table

Windows win32k.sys TTF Font Processing win32k!scl_ApplyTranslation Pool-Based Buffer Overflow

Windows win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Windows ATMFD.DLL Write to Uninitialized Address Due to Malformed CFF Table

Windows ATMFD.DLL CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access

Windows ATMFD.DLL CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access

Windows ATMFD.DLL CharString Stream Out-of-Bounds Reads

Microsoft Office 2007 MSPTLS Heap Index Integer Underflow

21.8.2015

Bugtraq

[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege 2015-08-20
security-alert hp com

[SECURITY] [DSA 3342-1] vlc security update 2015-08-20
Alessandro Ghedini (ghedo debian org)

[oCERT-2015-009] VLC arbitrary pointer dereference 2015-08-20
Andrea Barisani (lcars ocert org)

UBNT Bug Bounty #3 - Persistent Filename Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

WebSolutions India Design CMS - SQL Injection Vulnerability 2015-08-20
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor.Duuzer

Win32/Backzat.Z

Win32/TrojanDownloader.Small.ACX

Win32/PSW.OnLineGames.AQLO

OSX/Ventir.A

Win32/Saynob.2406.A

OSX/Spy.Hapus.A

Phishing

Microsoft

21st August 2015

Opportunity Job

HM Revenue & Customs

21st August 2015

PERIODIC YEAR-END FISCAL
INFORMATION

@aol.com

20th August 2015

UPDATE

Amazon Support

20th August 2015

ACCOUNT VEREFICATION

Amazon Support

19th August 2015

ACCOUNT VEREFICATION

Vulnerebility

Multiple Zend Products CVE-2015-5161 XML External Entity Injection Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76177

Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
2015-08-21
http://www.securityfocus.com/bid/74260

Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76274

Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
2015-08-21
http://www.securityfocus.com/bid/71725

Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76273

Apache Subversion 'deadprops.c' Security Bypass Vulnerability
2015-08-21
http://www.securityfocus.com/bid/74259

Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
2015-08-21
http://www.securityfocus.com/bid/71726

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75890

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75867

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76194

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-08-21
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-2628 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75796

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75895

Oracle Java SE CVE-2015-2621 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75874

Oracle Java SE CVE-2015-2613 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75871

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-08-21
http://www.securityfocus.com/bid/74733

Oracle Java SE CVE-2015-2590 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75818

Oracle Java SE CVE-2015-4732 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75823

Oracle Java SE CVE-2015-4748 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75854

Oracle Java SE CVE-2015-2632 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75861

Oracle Java SE CVE-2015-4733 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75832

Oracle Java SE CVE-2015-4731 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75812

Oracle Java SE CVE-2015-4760 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75784

WordPress WP OAuth Server Plugin Multiple Predictable Random Number Generator Weaknesses
2015-08-21
http://www.securityfocus.com/bid/76363

Linux Kernel CVE-2015-3212 Local Security Bypass Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76082

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-08-21
http://www.securityfocus.com/bid/76092

ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
2015-08-21
http://www.securityfocus.com/bid/71590

Huawei Mate 7 Smartphone Multiple Local Privilege Escalation Vulnerabilities
2015-08-21
http://www.securityfocus.com/bid/74742

Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75849

Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
2015-08-21
http://www.securityfocus.com/bid/75837

SANS News

A recent decline in traffic associated with Operation Windigo

Threatpost

Uptick in Neutrino Exploit Kit Traffic Doesn’t Mean Angler Reign Over

Details Surface on Patched Sandbox Violation Vulnerability in iOS

Facebook Updates Information-Sharing Platform

Exploit

WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS

Valhala Honeypot 1.8 - Stack-Based Buffer Overflow

Win2003 x64 - Token Stealing shellcode - 59 bytes

20.8.2015

Bugtraq

[security bulletin] HPSBUX03400 SSRT102211 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-08-19
security-alert hp com

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability 2015-08-19
Christofer Dutz (cdutz apache org)

Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532) 2015-08-19
andrew panfilov tel

Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information 2015-08-19
Asher995 gmail com (2 replies)

Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information 2015-08-19
paul szabo sydney edu au

RE: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information 2015-08-19
Chillman, Paul, Vodafone UK (Paul Chillman vodafone com)

[SYSS-2015-041] XSS in OpenText Secure MFT 2015-08-19
adrian vollmer syss de

Malware

 

Phishing

Amazon Support

20th August 2015

ACCOUNT VEREFICATION

Amazon Support

19th August 2015

ACCOUNT VEREFICATION

PayPal Inc

19th August 2015

[PAYPAL VERIFICATION] ✉ LAST
REMINDER YOU MUST UPDATE YOUR
ACCOUNT INFORMATION ✔

Vulnerebility

Linux Kernel CVE-2015-3212 Local Security Bypass Vulnerability
2015-08-20
http://www.securityfocus.com/bid/76082

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-08-20
http://www.securityfocus.com/bid/76092

ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
2015-08-20
http://www.securityfocus.com/bid/71590

Huawei Mate 7 Smartphone Multiple Local Privilege Escalation Vulnerabilities
2015-08-20
http://www.securityfocus.com/bid/74742

Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75849

Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75837

Oracle MySQL Server CVE-2015-4737 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75802

Oracle MySQL Server CVE-2015-2643 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75830

Oracle MySQL Server CVE-2015-2648 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75822

Oracle MySQL Server CVE-2015-0433 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74089

Oracle MySQL Server CVE-2015-0505 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74112

Oracle MySQL Server CVE-2015-0441 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74103

Oracle MySQL Server CVE-2015-4757 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75759

Oracle MySQL Server CVE-2015-0432 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72217

Oracle MySQL Server CVE-2015-0499 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74115

Oracle MySQL Server CVE-2015-2582 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75751

Oracle MySQL Server CVE-2014-6568 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72210

Oracle MySQL Server CVE-2015-0411 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72191

Oracle MySQL Server CVE-2015-0381 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72214

Oracle MySQL Server CVE-2015-2571 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74095

Oracle MySQL Server CVE-2015-0391 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72205

Oracle MySQL Server CVE-2015-2568 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74073

Oracle MySQL Server CVE-2015-2573 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74078

Oracle MySQL Server CVE-2015-0374 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72227

Oracle MySQL Server CVE-2015-0382 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/72200

Oracle MySQL Server CVE-2015-0501 Remote Security Vulnerability
2015-08-20
http://www.securityfocus.com/bid/74070

Drupal Acquia Cloud Site Factory Connector Module Open Redirection Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75280

Drupal LABjs Module Open Redirection Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75279

Drupal Shibboleth authentication Module Cross Site Scripting Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75410

Drupal HybridAuth Social Login Module Access Bypass Vulnerability
2015-08-20
http://www.securityfocus.com/bid/75412

SANS News

Actor using Angler exploit kit switched to Neutrino

Threatpost

Exploit

Aruba Mobility Controller 6.4.2.8 - Multiple vulnerabilities

Vifi Radio v1 - CSRF Vulnerability

up.time 7.5.0 Superadmin Privilege Escalation Exploit

up.time 7.5.0 XSS And CSRF Add Admin Exploit

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

up.time 7.5.0 Upload And Execute File Exploit

19.8.2015

Bugtraq

[SYSS-2015-041] XSS in OpenText Secure MFT 2015-08-19
adrian vollmer syss de

Trend Micro Deep Discovery XSS 2015-08-19
apparitionsec gmail com

Trend Micro Deep Discovery Authentication Bypass 2015-08-19
apparitionsec gmail com

Re: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED] 2015-08-18
aabbccdd05407 gmail com

CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation 2015-08-18
Gregory Pickett (gpickett71 yahoo com)

FreeBSD Security Advisory FreeBSD-SA-15:20.expat 2015-08-18
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3338-1] python-django security update 2015-08-18
Alessandro Ghedini (ghedo debian org)

Malware

TrojanDownloader:Win32/Upatre.BR 
TrojanDownloader:MSIL/Torwofun.B 
PWS:Win32/QQpass.GR 
PWS:MSIL/Facepass.A 
SoftwareBundler:Win32/Bestof 
PWS:O97M/Wipha.A

Phishing

admin email

19th August 2015

UPGRADE EMAIL ACCOUNT!

Lisa

18th August 2015

NEW ORDER

285$

18th August 2015

THE OPPORTUNITY TO EARN UP TO
$ 500 PER DAY [VKGPM]

Tesco Bank

18th August 2015

Tesco Account suspended due to
TOS violations

Tracy Allen

18th August 2015

A NEW CHEAT MATCH IS PENDING

Natwest

18th August 2015

Violation Terms

Mail Administrator

18th August 2015

EXCEEDED LIMIT

Arlene Horton

18th August 2015

STRANGER HAS SENT YOU A
QUICKIE REQUEST

Unlimited

18th August 2015

FRESH TOOLS / ONLINE LIVE
SUPPORT, VISIT US:
HTTP://ASHOKTOOLS.NET

Apple

18th August 2015

YOUR APPLE ID WAS USED TO SIGN
IN TO ICLOUD ON AN MACBOOK
PRO.

Vulnerebility

Oracle MySQL Server CVE-2015-0381 Remote Security Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72214

Oracle MySQL Server CVE-2015-0411 Remote Security Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72191

Oracle MySQL Server CVE-2015-0391 Remote Security Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72205

Oracle MySQL Server CVE-2015-0382 Remote Security Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72200

Adobe Flash Player and AIR CVE-2015-5560 Unspecified Integer Overflow Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76289

Adobe FlashPlayer and AIR APSB15-19 Type Confusion Multiple Remote Code Execution Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/76287

Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/76288

Adobe Flash Player and AIR APSB15-19 Multiple Memroy Corruption Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/76291

Oracle MySQL Server CVE-2014-6568 Remote Security Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72210

Adobe Flash Player and AIR CVE-2015-5124 Unspecified Memory Corruption Vulnerability
2015-08-19
http://www.securityfocus.com/bid/75959

Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/75087

Adobe FlashPlayer and AIR APSB15-19 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/76282

Adobe Flash Player ActionScript 3 BitmapData Use After Free Remote Memory Corruption Vulnerability
2015-08-19
http://www.securityfocus.com/bid/75710

Adobe Flash Player CVE-2015-5122 Use After Free Remote Memory Corruption Vulnerability
2015-08-19
http://www.securityfocus.com/bid/75712

OpenSSH Login Handling Security Bypass Weakness
2015-08-19
http://www.securityfocus.com/bid/75990

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2015-08-19
http://www.securityfocus.com/bid/75525

Net-SNMP snmptrapd CVE-2014-3565 Remote Denial of Service Vulnerability
2015-08-19
http://www.securityfocus.com/bid/69477

Fortinet FortiOS SSL-VPN Man in The Middle Security Bypass Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76065

Linux Kernel 'get_bitmap_file()' Function Local Information Disclosure Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76066

GNU glibc 'getaddrinfo.c' Remote Code Execution Vulnerability
2015-08-19
http://www.securityfocus.com/bid/72710

Linux Kernel Multiple Remote Denial of Service Vulnerability
2015-08-19
http://www.securityfocus.com/bid/75510

Mozilla Firefox CVE-2015-4492 Use After Free Memory Corruption Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76297

Mozilla Firefox Out of Bounds Multiple Memory Corruption Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/76294

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76249

Icecast Remote Denial of Service Vulnerability
2015-08-19
http://www.securityfocus.com/bid/73965

libgadu CVE-2014-3775 Memory Corruption Vulnerability
2015-08-19
http://www.securityfocus.com/bid/67471

Pidgin 'gg_http_watch_fd()' Function Buffer Overflow Vulnerability
2015-08-19
http://www.securityfocus.com/bid/65188

libgadu SSL Certificate Validation CVE-2013-4488 Security Bypass Vulnerability
2015-08-19
http://www.securityfocus.com/bid/63473

SQLite Versions Prior to 3.8.9 Multiple Security Vulnerabilities
2015-08-19
http://www.securityfocus.com/bid/74228

Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
2015-08-19
http://www.securityfocus.com/bid/76273

SANS News

Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE

Threatpost

Exploit

Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash

Flash Broker-Based Sandbox Escape via Unexpected Directory Lock

Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object

Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash Player Integer Overflow in Function.apply

Flash AVSS.setSubscribedTags Use After Free Memory Corruption

Flash Uninitialized Stack Variable MPD Parsing Memory Corruption

Flash Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory

Flash AS2 Use After Free in TextField.filters

Flash AS2 Use After Free While Setting TextField.filters

Flash Use-After-Free in Display List Handling

Flash Use-After-Free in NetConnection.connect

Adobe Flash Use-After-Free When Setting Variable

Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap

Flash Use-After-Free with MovieClip.scrollRect in AS2

Adobe Flash Use-After-Free When Setting Value

Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated SWF File

Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated SWF File (2)

Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated TTF File Embedded in SWF

Adobe Flash Use-After-Free in XML.childNodes

Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow

FTP Commander 8.02 - SEH Overwrite

OS X 10.10.5 - XNU Local Privilege Escalation

18.8.2015

Bugtraq

Re: [SECURITY] [DSA 3336-1] nss security update 2015-08-17
miguelmellolopes gmail com

EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) 2015-08-17
andrew panfilov tel

[SECURITY] [DSA 3336-1] nss security update 2015-08-17
Salvatore Bonaccorso (carnil debian org)

sysadmin privilege in EMC Documentum Content Server 2015-08-17
andrew panfilov tel

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition 2015-08-17
Securify B.V. (lists securify nl)

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal 2015-08-17
Securify B.V. (lists securify nl)

[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE 2015-08-17
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow 2015-08-17
ERPScan inc (erpscan online gmail com)

ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability 2015-08-17
Security Alert (Security_Alert emc com)

ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities 2015-08-17
Security Alert (Security_Alert emc com)

Malware

Trojan.Cryptolocker.Z

Trojan.Cryptolocker.Y

Trojan.Sofacy.C

PWS:O97M/Wipha.A 
PWS:Win32/Wipha.A 
TrojanDownloader:Win32/Tembatch.B 
Exploit:VBS/CVE-2014-6332 
Exploit:SWF/CVE-2014-6332 

Linux.Pinscan

Phishing

Barclays

18th August 2015

YOUR DEBIT CARD HAS BEEN
BLOCKED

TalkTalk

17th August 2015

The payment for your latest
TalkTalk Bill could not be
processed

NEWF#CKFRIEND

17th August 2015

want to f#ck right now

6367$

17th August 2015

No need to stay awake all
night long to earn money.
Launch the robot.

Vulnerebility

Linux Kernel 'get_bitmap_file()' Function Local Information Disclosure Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76066

GNU glibc 'getaddrinfo.c' Remote Code Execution Vulnerability
2015-08-18
http://www.securityfocus.com/bid/72710

Linux Kernel Multiple Remote Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/75510

Mozilla Firefox CVE-2015-4492 Use After Free Memory Corruption Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76297

Mozilla Firefox Out of Bounds Multiple Memory Corruption Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/76294

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76249

Icecast Remote Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/73965

libgadu CVE-2014-3775 Memory Corruption Vulnerability
2015-08-18
http://www.securityfocus.com/bid/67471

Pidgin 'gg_http_watch_fd()' Function Buffer Overflow Vulnerability
2015-08-18
http://www.securityfocus.com/bid/65188

libgadu SSL Certificate Validation CVE-2013-4488 Security Bypass Vulnerability
2015-08-18
http://www.securityfocus.com/bid/63473

SQLite Versions Prior to 3.8.9 Multiple Security Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/74228

Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76273

Apache Subversion 'deadprops.c' Security Bypass Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74259

Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/74260

IBM Domino Remote Cross Site Scripting Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74908

Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-08-18
http://www.securityfocus.com/bid/72169

Linux Kernel 'x86/entry/entry_64.S' Local Privilege Escalation Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76004

Linux Kernel CVE-2015-3212 Local Security Bypass Vulnerability
2015-08-18
http://www.securityfocus.com/bid/76082

Linux Kernel CVE-2014-9731 Local Information Disclosure Vulnerability
2015-08-18
http://www.securityfocus.com/bid/75001

Linux Kernel KVM 'kvm_apic_has_events()' Function Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/75142

Linux Kernel '/arch/x86/net/bpf_jit_comp.c' CVE-2015-4700 Local Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/75356

Linux Kernel UDF File System Multiple Local Denial of Service Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/74964

Linux Kernel 'ozwpan' Driver Multiple Heap Buffer Overflow Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/74672

Linux Kernel 'vhost/scsi.c' Local Memory Corruption Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74664

Linux Kernel 'ozwpan' Driver Multiple Denial of Service Vulnerabilities
2015-08-18
http://www.securityfocus.com/bid/74668

Linux Kernel 'fs/udf/inode.c' Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74963

Linux Kernel CVE-2015-3636 Local Privilege Escalation Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74450

Linux Kernel 'fs/fhandle.c' Local Race Condition Vulnerability
2015-08-18
http://www.securityfocus.com/bid/72357

Linux Kernel 'sk_dst_get()' Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/72435

Linux Kernel CVE-2015-2922 Denial of Service Vulnerability
2015-08-18
http://www.securityfocus.com/bid/74315

SANS News

Tool Tip: Kansa Stafford released, PowerShell for DFIR

Threatpost

Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched

Exploit

Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched - See more at: https://threatpost.com/#sthash.fuC1gXrv.dpuf

Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched

Uber to Quadruple Security Staff by 2016

Werkzeug Debug Shell Command Execution

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution

VideoCharge Studio Buffer Overflow (SEH)

FTP Commander 8.02 - SEH Overwrite

Cisco Unified Communications Manager - Multiple Vulnerabilities

vBulletin < 4.2.2 - Memcache Remote Code Execution

Nuts CMS Remote PHP Code Injection / Execution

Magento CE < 1.9.0.1 Post Auth RCE

PHPfileNavigator 2.3.3 - XSS Vulnerabilities

PHPfileNavigator 2.3.3 - CSRF Vulnerability

Sagemcom F@ST 3864 V2 - Get Admin Password

17.8.2015

Bugtraq

Poor security in SOHO routers, again. Changing configuration parameters with a click. 2015-08-17
DonVallejo . (j v vallejo gmail com)

Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2015-08-16
arash yazdanfare gmail com

Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE 2015-08-16
13669185678 139 com

Malware

PWS:Win32/Rugond.A 
TrojanDropper:Win32/Notdinoti.B 
TrojanDropper:Win32/Strakupa.A 
TrojanSpy:Win32/Gucotut.A 
TrojanDownloader:Win32/Lentrigy.A 
TrojanDownloader:MSIL/Runtk.A 
Backdoor:Win32/Venik.K 

Phishing

FindMeAndF#ckMe

17th August 2015

I WANT TO BE IN YOUR BED

PayPal

17th August 2015

ACCOUNT VERIFICATION REQUIRED

ROCKSTAR SERVER

15th August 2015

GENUINE MING TOOLS CONTACT
ROCKSTAR

Vulnerebility

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-08-17
http://www.securityfocus.com/bid/75161

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/75157

cURL/libcURL 'fix_hostname()' Function Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/74300

Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability
2015-08-17
http://www.securityfocus.com/bid/65997

Todd Miller Sudo CVE-2014-9680 Local Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/72649

GNU Troff pdfroff Insecure Temporary File Creation and Arbitrary File Access Vulnerabilities
2015-08-17
http://www.securityfocus.com/bid/36381

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71150

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71153

Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/58203

Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/62741

Python 'ZipExtFile._read2()' Method Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/65179

Python 'sock_recvfrom_into()' Function Buffer Overflow Vulnerability
2015-08-17
http://www.securityfocus.com/bid/65379

BSD mailx CVE-2014-7844 Local Arbitrary Command Execution Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71701

Perl CVE-2013-7422 Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/75704

Python CVE-2014-9365 TLS Certificate Validation Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71639

cURL/libcURL CVE-2015-3145 Out of Bounds Read Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/74303

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2015-08-17
http://www.securityfocus.com/bid/70988

cURL/libcURL CVE-2015-3148 Remote Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/74301

cURL/libcURL CVE-2015-3153 Information Disclosure Vulnerability
2015-08-17
http://www.securityfocus.com/bid/74408

cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/69742

cURL/libcURL CVE-2014-8150 Remote Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71964

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/58207

tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
2015-08-17
http://www.securityfocus.com/bid/71468

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/69748

cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/74299

PostgreSQL CVE-2014-8161 Information Disclosure Vulnerability
2015-08-17
http://www.securityfocus.com/bid/72538

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-08-17
http://www.securityfocus.com/bid/75156

PostgreSQL CVE-2015-0244 Security Bypass Vulnerability
2015-08-17
http://www.securityfocus.com/bid/72543

PostgreSQL 'to_char()' Function Buffer Overflow Vulnerability
2015-08-17
http://www.securityfocus.com/bid/72540

SANS News

Are you a "Hunter"?

Tool Tip: Kansa Stafford released, PowerShell for DFIR

Threatpost

Apple Patches Critical OS X DYLD Flaw in Monster Update - See more at: https://threatpost.com/#sthash.1zChwKF7.dpuf

Apple Patches Critical OS X DYLD Flaw in Monster Update - See more at: https://threatpost.com/#sthash.1zChwKF7.dpuf

AT&T Facilitated NSA Surveillance Efforts, Reports

Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Exploit

Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064)

Sagemcom F@ST 3864 V2 - Get Admin Password

MASM321 11 Quick Editor (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH bypass)

XMPlay 3.8.1.12 - .pls Local Crash PoC

16.8.2015

Bugtraq

 

Malware

Win32 / VB.RZA

Win32 / Regil.BC

Win32 / Regil.AZ

Win32 / Regil.BB

Win32 / Sumatrix

Win32 / PSW.Furitron.A

Win32 / PSW.Fantast.22

Phishing

ROCKSTAR SERVER

15th August 2015

GENUINE MING TOOLS CONTACT
ROCKSTAR

PayPal

15th August 2015

Your Account has limitation

Apple Inc.

15th August 2015

PLEASE UPDATE YOUR APPLE
ACCOUNT INFORMATION !

Vulnerebility

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-08-16
http://www.securityfocus.com/bid/75161

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/75157

cURL/libcURL 'fix_hostname()' Function Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/74300

Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability
2015-08-16
http://www.securityfocus.com/bid/65997

Todd Miller Sudo CVE-2014-9680 Local Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/72649

GNU Troff pdfroff Insecure Temporary File Creation and Arbitrary File Access Vulnerabilities
2015-08-16
http://www.securityfocus.com/bid/36381

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71150

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71153

Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/58203

Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/62741

Python 'ZipExtFile._read2()' Method Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/65179

Python 'sock_recvfrom_into()' Function Buffer Overflow Vulnerability
2015-08-16
http://www.securityfocus.com/bid/65379

BSD mailx CVE-2014-7844 Local Arbitrary Command Execution Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71701

Perl CVE-2013-7422 Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/75704

Python CVE-2014-9365 TLS Certificate Validation Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71639

cURL/libcURL CVE-2015-3145 Out of Bounds Read Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/74303

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2015-08-16
http://www.securityfocus.com/bid/70988

cURL/libcURL CVE-2015-3148 Remote Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/74301

cURL/libcURL CVE-2015-3153 Information Disclosure Vulnerability
2015-08-16
http://www.securityfocus.com/bid/74408

cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/69742

cURL/libcURL CVE-2014-8150 Remote Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71964

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/58207

tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
2015-08-16
http://www.securityfocus.com/bid/71468

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/69748

cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/74299

PostgreSQL CVE-2014-8161 Information Disclosure Vulnerability
2015-08-16
http://www.securityfocus.com/bid/72538

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-08-16
http://www.securityfocus.com/bid/75156

PostgreSQL CVE-2015-0244 Security Bypass Vulnerability
2015-08-16
http://www.securityfocus.com/bid/72543

PostgreSQL 'to_char()' Function Buffer Overflow Vulnerability
2015-08-16
http://www.securityfocus.com/bid/72540

SANS News

 

Threatpost

Apple Patches Critical OS X DYLD Flaw in Monster Update

Exploit

 

15.8.2015

Bugtraq

 

Malware

Trojan.Sofacy.C

Trojan.Cryptolocker.X

Phishing

Apple Inc.

15th August 2015

PLEASE UPDATE YOUR APPLE
ACCOUNT INFORMATION !

webmaster

14th August 2015

EMail from Easy Biz (EARN $500
to $1,000 In Just 1-3 Hours a
Day!)

Ashley Johnston

14th August 2015

1 Waiting Super QuickCheat
Alert

Vulnerebility

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-08-15
http://www.securityfocus.com/bid/75161

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/75157

cURL/libcURL 'fix_hostname()' Function Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/74300

Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability
2015-08-15
http://www.securityfocus.com/bid/65997

Todd Miller Sudo CVE-2014-9680 Local Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/72649

GNU Troff pdfroff Insecure Temporary File Creation and Arbitrary File Access Vulnerabilities
2015-08-15
http://www.securityfocus.com/bid/36381

tcpdump 'olsr_print()' Function Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71150

tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71153

Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/58203

Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/62741

Python 'ZipExtFile._read2()' Method Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/65179

Python 'sock_recvfrom_into()' Function Buffer Overflow Vulnerability
2015-08-15
http://www.securityfocus.com/bid/65379

BSD mailx CVE-2014-7844 Local Arbitrary Command Execution Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71701

Perl CVE-2013-7422 Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/75704

Python CVE-2014-9365 TLS Certificate Validation Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71639

cURL/libcURL CVE-2015-3145 Out of Bounds Read Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/74303

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2015-08-15
http://www.securityfocus.com/bid/70988

cURL/libcURL CVE-2015-3148 Remote Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/74301

cURL/libcURL CVE-2015-3153 Information Disclosure Vulnerability
2015-08-15
http://www.securityfocus.com/bid/74408

cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/69742

cURL/libcURL CVE-2014-8150 Remote Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71964

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/58207

tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
2015-08-15
http://www.securityfocus.com/bid/71468

cURL/libcURL CVE-2014-3613 Remote Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/69748

cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/74299

PostgreSQL CVE-2014-8161 Information Disclosure Vulnerability
2015-08-15
http://www.securityfocus.com/bid/72538

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-08-15
http://www.securityfocus.com/bid/75156

PostgreSQL CVE-2015-0244 Security Bypass Vulnerability
2015-08-15
http://www.securityfocus.com/bid/72543

PostgreSQL 'to_char()' Function Buffer Overflow Vulnerability
2015-08-15
http://www.securityfocus.com/bid/72540

SANS News

 

Threatpost

OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars

Apple Patches Critical OS X DYLD Flaw in Monster Update

Exploit

Gkplugins Picasaweb - Download File

TOTOLINK Routers - Backdoor and RCE Exploit PoC

Joomla com_memorix component - SQL Injection vulnerability

Microsoft HTML Help Compiler 4.74.8702.0 - SEH Based Overflow

Firefox < 39.03 - pdf.js Same Origin Policy Exploit

Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote DoS

Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote DoS

Ubuntu 14.04 NetKit FTP Client - Crash/DoS PoC

14.8.2015

Bugtraq

Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local) 2015-08-13
Christopher Hudel (christopher hudel com)

APPLE-SA-2015-08-13-4 OS X Server v4.1.5 2015-08-13
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 2015-08-13
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-08-13-3 iOS 8.4.1 2015-08-13
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 2015-08-13
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution 2015-08-12
security-alert hp com

Malware

Exploit/Stagefright.F

Exploit/Stagefright.G

Exploit/Stagefright.H

Exploit/Stagefright.J

Phishing

Amazon

13th August 2015

AMAZON

WebTeam

13th August 2015

INFO

JAMES F. ENTWISTLE

13th August 2015

JAMES F. ENTWISTLE U.S
AMBASSADOR TO NIGERIA

PayPal

13th August 2015

[PayPal Support] Your Account
Has Been Limited ! Please
Confirm Your Account
 

Vulnerebility

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2015-08-14
http://www.securityfocus.com/bid/76092

WordPress Prior to 4.2.4 Multiple Security Vulnerabilities
2015-08-14
http://www.securityfocus.com/bid/76160

WordPress Prior to 4.2.3 Multiple Security Vulnerabilities
2015-08-14
http://www.securityfocus.com/bid/76011

Mozilla Firefox CVE-2015-4492 Use After Free Memory Corruption Vulnerability
2015-08-14
http://www.securityfocus.com/bid/76297

Mozilla Firefox Out of Bounds Multiple Memory Corruption Vulnerabilities
2015-08-14
http://www.securityfocus.com/bid/76294

SANS News

Adwind: another payload for botnet-based malspam

More patches! This time from Apple to Safari, OS X and OS X server

Microsoft patch tuesday problem with Symantec Cloud Endpoint protection?

Threatpost

Exploit

 

13.8.2015

Bugtraq

phpipam-1.1.010 XSS Vulnerability 2015-08-12
apparitionsec gmail com

PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users 2015-08-12
apparitionsec gmail com

phpipam-1.1.010 XSS Vulnerability 2015-08-12
apparitionsec gmail com

Malware

BrowserModifier:Win32/SupTab 

Linux.Pinscan

Exploit/CVE-2015-1538

Exploit/CVE-2015-1539

Exploit/CVE-2015-3827

Exploit/CVE-2015-3826

Exploit/CVE-2015-3824

Exploit/CVE-2015-3829

Phishing

iLOTTO INTERNET LOTTERY

13th August 2015

GET BACK FOR CLAIMS/TICKETS
NO. ILOTTO/2015/ATM

iLOTTO INTERNET LOTTERY

13th August 2015

WON PRIZE TICKETS NO.
ILOTTO/2015/ATM

iLOTTO INTERNET LOTTERY

12th August 2015

GET BACK FOR CLAIMS/TICKETS
NO. ILOTTO/2015/ATM

Alexandra Smith

12th August 2015

ONENIGHTSEX NOTICE IS PENDING

Vulnerebility

WordPress Prior to 4.2.4 Multiple Security Vulnerabilities
2015-08-13
http://www.securityfocus.com/bid/76160

WordPress Prior to 4.2.3 Multiple Security Vulnerabilities
2015-08-13
http://www.securityfocus.com/bid/76011

Mozilla Firefox CVE-2015-4492 Use After Free Memory Corruption Vulnerability
2015-08-13
http://www.securityfocus.com/bid/76297

Mozilla Firefox Out of Bounds Multiple Memory Corruption Vulnerabilities
2015-08-13
http://www.securityfocus.com/bid/76294

SANS News

Yes Virginia, Stored XSS's Do Exist!

Threatpost

Exploit

Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability (MS15-079)

Windows 8.1 DCOM DCE/RPC Local NTLM Reflection Privilege Escalation (MS15-076)

Linux x86 - /bin/sh ROL/ROR Encoded Shellcode

12.8.2015

Bugtraq

[slackware-security] mozilla-firefox (SSA:2015-219-01) 2015-08-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3330-1] activemq security update 2015-08-07
Moritz Muehlenhoff (jmm debian org)

QNAP crypto keys logged on unencrypted disk partition in world accessible files 2015-08-07
Andreas Steinmetz (ast domdv de)

[slackware-security] mozilla-nss (SSA:2015-219-02) 2015-08-08
Slackware Security Team (security slackware com)

Device Inspector v1.5 iOS - Command Inject Vulnerabilities 2015-08-07
Vulnerability Lab (research vulnerability-lab com)

Ferrari - PHP CGI Argument Injection (RCE) Vulnerability 2015-08-07
Vulnerability Lab (research vulnerability-lab com)

Malware

Linux.Pinscan.B

Linux.Pinscan

Trojan.Tapaoux.C

Win32 / Bhottle.B

Win32 / Dridex.R

Win32 / TaojinStar.I

Win32 / Rasith.A

VBA / TrojanDownloader.Agent.ZH

VBA / TrojanDownloader.Agent.ZC

VBA / TrojanDownloader.Agent.YX

VBA / TrojanDownloader.Agent.YW

Win32 / VB.RZA

Win32 / Regil.BC

Win32 / Regil.AZ

Win32 / Regil.BB

Phishing

noreply@intipaypal

12th August 2015

UPDATE REQUIRED !!

PayPal

12th August 2015

IMPORTANT MESSAGE FROM PAYPAL
TEAM .

Mail Delivery Service

11th August 2015

DELIVERY STATUS NOTIFICATION

Wells Fargo

11th August 2015

NOTICE : SIGN-IN TO ONLINE
BANKING LOCKED

MS linda

11th August 2015

BEAT EGG MACHINE-æŹ§æ´²-5

linda lin

11th August 2015

BEAT EGG MACHINE-æŹ§æ´²-4

USAA

11th August 2015

YOUR USAA ONLINE CONFIRMATION
ALERT

Vulnerebility

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-08-11
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-08-11
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-08-11
http://www.securityfocus.com/bid/74111

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-08-11
http://www.securityfocus.com/bid/71936

FreeType Versions Prior to 2.5.4 Multiple Remote Vulnerabilities
2015-08-11
http://www.securityfocus.com/bid/72986

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/73231

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/73225

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/73232

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75156

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/74475

IBM WebSphere Application Server CVE-2015-1920 Remote Code Execution Vulnerability
2015-08-11
http://www.securityfocus.com/bid/74439

Froxlor 'class.Database.php' Information Disclosure Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76097

Remind 'var.c' Buffer Overflow Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76099

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75919

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75157

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75161

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75154

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-08-11
http://www.securityfocus.com/bid/74733

PHP 'cgi_main.c' Out of Bounds Read Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/71833

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75158

Google Stagefright Media Playback Engine Multiple Remote Code Execution Vulnerabilities
2015-08-11
http://www.securityfocus.com/bid/76052

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76249

XMLTooling-C CVE-2015-0851 Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76134

Linux Kernel 'x86/entry/entry_64.S' Local Privilege Escalation Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76004

Mozilla Firefox OS Graphics Buffer Management Memory Corruption Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76253

Mozilla Firefox OS Same Origin Policy Security Bypass Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76255

Mozilla Firefox OS USB Mass Storage handling Local Security Bypass Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76254

Linux Kernel '/arch/x86/net/bpf_jit_comp.c' CVE-2015-4700 Local Denial of Service Vulnerability
2015-08-11
http://www.securityfocus.com/bid/75356

Linux Kernel 'path_openat()' Function Use After Free Memory Corruption Vulnerability
2015-08-11
http://www.securityfocus.com/bid/76142

SANS News

Windows Service Accounts - Why They're Evil and Why Pentesters Love them!

More patch tuesday: adobe released security update for adobe flash player

August 2015 Microsoft Patch Tuesday

Threatpost

Exploit

Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability (MS15-079)

11.8.2015

Bugtraq

[slackware-security] mozilla-firefox (SSA:2015-219-01) 2015-08-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3330-1] activemq security update 2015-08-07
Moritz Muehlenhoff (jmm debian org)

QNAP crypto keys logged on unencrypted disk partition in world accessible files 2015-08-07
Andreas Steinmetz (ast domdv de)

[slackware-security] mozilla-nss (SSA:2015-219-02) 2015-08-08
Slackware Security Team (security slackware com)

Device Inspector v1.5 iOS - Command Inject Vulnerabilities 2015-08-07
Vulnerability Lab (research vulnerability-lab com)

Ferrari - PHP CGI Argument Injection (RCE) Vulnerability 2015-08-07
Vulnerability Lab (research vulnerability-lab com)

Thomson Reuters FATCA - Arbitrary File Upload 2015-08-07
jakub palaczynski ingservicespolska pl

[SECURITY] [DSA 3329-1] linux security update 2015-08-07
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan:Win32/Hucnak.D!plock 
Trojan:Win32/Hucnak.C!plock 
Trojan:Win32/Hucnak.B!plock 
Trojan:Win32/Hucnak.A!plock 

Trojan.Tapaoux.C

Phishing

United Arab

11th August 2015

You Have (1) New Message

USAA.Web.Services

11th August 2015

Your Account Computer/Device
Preference System Update

Barclays Online

10th August 2015

Important Customer Message

PayPal Inc

10th August 2015

DEAR PAYPAL USER , UPDATE OF
YOUR ACCOUNT INFORMATIONS

PayPal Inc

10th August 2015

Your Account will be Limited
✔

Account Notification

9th August 2015

DEAR MEMBER YOUR ACCOUNT HAS
BEEN LIMITED ✔

Vulnerebility

 

SANS News

.COM.COM Used For Malicious Typo Squatting

Threatpost

 

Exploit

 

10.8.2015

Bugtraq

 

Malware

TrojanDownloader:Win32/Zeagle.G 
TrojanDownloader:Win32/Upatre.BW 

Trojan.Aniralia

Phishing

Account Notification

9th August 2015

DEAR MEMBER YOUR ACCOUNT HAS
BEEN LIMITED ✔

@aol.com

8th August 2015

EMAIL UPDATE

Apple Inc

8th August 2015

ACCOUNT TEMPORARILY SUSPENDED
- YOUR APPLE ID REQUIRES
VERIFICATION

NatWest

8th August 2015

ACCOUNT LOCKED

Vulnerebility

 

SANS News

What Was Old is New Again: Honeypots!

Threatpost

Exploit

WordPress Video Gallery 2.7 SQL Injection

Havij Pro - Crash POC

WordPress WPTF Image Gallery 1.03 - Aribtrary File Download

WordPress Recent Backups Plugin 0.7 - Arbitrary File Download

WordPress Simple Image Manipulator Plugin 1.0 - Arbitrary File Download

WordPress Video Gallery 2.7 SQL Injection

WDS CMS - SQL Injection

WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download

Havij Pro - Crash POC ,Linux x86 Egg Hunter Shellcode (19 bytes)

8.8.2015

Bugtraq

Thomson Reuters FATCA - Arbitrary File Upload 2015-08-07
jakub palaczynski ingservicespolska pl

[SECURITY] [DSA 3329-1] linux security update 2015-08-07
Salvatore Bonaccorso (carnil debian org)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de) (2 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Reindl Harald (h reindl thelounge net)

RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Steve Friedl (steve unixwiz net) (1 replies)

RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Frank Waarsenburg (fwaarsenburg ram-it nl) (1 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Jakob Holderbaum (hi jakob io) (1 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Teddy A PURWADI (teddyap access net id)

Malware

Trojan.Cozer.B

Java/AlienSpy.A

Win32/FakeTC

VBA/TrojanDownloader.Agent.YP

VBA/TrojanDownloader.Agent.YL

VBA/TrojanDownloader.Agent.YK

VBA/TrojanDownloader.Agent.YJ

VBA/TrojanDownloader.Agent.YI

Win32/Bhottle.B

Phishing

NatWest

7th August 2015

ACCOUNT LOCKED

MBNA Limited

6th August 2015

YOUR ACCOUNT HAVE BEEN
ACCESSED FROM AN UNAUTHORIZED
COMPUTER

Account Support

6th August 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

TD Bank via Me

6th August 2015

YOUR ACCOUNT IS TEMPORARILY
LOCKED

Vulnerebility

 

SANS News

Critical Firefox Update Today

Threatpost

Exploit

PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

PHP News Script 4.0.0 - SQL Injection

Microweber 1.0.3 - Stored XSS And CSRF Add Admin Exploit

Microweber 1.0.3 File Upload Filter Bypass Remote PHP Code Execution

WordPress Job Manager Plugin 0.7.22 - Persistent XSS

Heroes of Might and Magic III .h3m Map file Buffer Overflow

Linux x86 Memory Sinkhole Privilege Escalation PoC

Windows NDProxy Privilege Escalation XP SP3 x86 and 2003 SP2 x86 (MS14-002)

Dell Netvault Backup 10.0.1.24 - Denial of Service

7.8.2015

Bugtraq

Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de) (2 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Reindl Harald (h reindl thelounge net)

RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Steve Friedl (steve unixwiz net) (1 replies)

RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Frank Waarsenburg (fwaarsenburg ram-it nl) (1 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Jakob Holderbaum (hi jakob io)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)

Malware

TrojanDownloader:Win32/Tembatch.A 
TrojanDownloader:MSIL/Beldex.A 
TrojanDownloader:MSIL/Golomak.A 
TrojanDropper:Win32/Dexel.A 
TrojanSpy:MSIL/Golroted.D 

Trojan.Patchbrowse

Phishing

MBNA Limited

6th August 2015

YOUR ACCOUNT HAVE BEEN
ACCESSED FROM AN UNAUTHORIZED
COMPUTER

Account Support

6th August 2015

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

Vulnerebility

 

SANS News

Sigcheck and virustotal-search

Threatpost

Exploit

 

6.8.2015

Bugtraq

[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information 2015-08-05
security-alert hp com

Re: [FD] Mozilla extensions: a security nightmare 2015-08-05
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)

Re: [FD] Mozilla extensions: a security nightmare 2015-08-05
Ansgar Wiechers (bugtraq planetcobalt net)

SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network 2015-08-05
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 3328-2] wordpress regression update 2015-08-04
Thijs Kinkhorst (thijs debian org)

Malware

TrojanDropper:Win32/Dexel.A 
TrojanSpy:MSIL/Golroted.D 
TrojanDownloader:MSIL/Bladabindi.I 
Adware:Win32/Peapoon 
TrojanDownloader:Win32/Paxer.A 
TrojanDownloader:Win32/Upatre.BS 
TrojanDownloader:Win32/Syten.A 
Worm:Win32/Gamarue.AU 

OSX.Sudoprint

Infostealer.Atimpo

Phishing

TD Bank via Me

6th August 2015

YOUR ACCOUNT IS TEMPORARILY
LOCKED

@aol.com

5th August 2015

EMAIL UPDATE

Vulnerebility

 

SANS News

Nuclear EK traffic patterns in August 2015

Threatpost

Exploit

Linux Privilege Escalation Due to Nested NMIs Interrupting espfix64

ISC BIND9 TKEY Remote DoS PoC

5.8.2015

Bugtraq

[SECURITY] [DSA 3328-2] wordpress regression update 2015-08-04
Thijs Kinkhorst (thijs debian org)

Mozilla extensions: a security nightmare 2015-08-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3328-1] wordpress security update 2015-08-04
Thijs Kinkhorst (thijs debian org)

[SECURITY] [DSA 3327-1] squid3 security update 2015-08-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3326-1] ghostscript security update 2015-08-02
Salvatore Bonaccorso (carnil debian org)

Malware

Adware:Win32/Peapoon 
TrojanDownloader:Win32/Paxer.A 
TrojanDownloader:Win32/Upatre.BS 
TrojanDownloader:Win32/Syten.A 
Worm:Win32/Gamarue.AU 
TrojanDownloader:Win32/Mavradoi.C 
TrojanDropper:Win32/Banload.BAX 
TrojanSpy:Win32/Banker.VCW 
TrojanDownloader:Win32/Banload.BCV 
TrojanDownloader:Win32/Banload.ZEQ 

Exp.CVE-2015-0339

Exp.CVE-2015-0338

Exp.CVE-2015-1755

Exp.CVE-2015-1752

Exp.CVE-2015-1750

Exp.CVE-2015-1744

Exp.CVE-2015-1736

Exp.CVE-2015-1732

Exp.CVE-2015-1635

Phishing

Pamela Hicks

4th August 2015

THE MOST PLEASURABLE BLOWJOB
EVER

Chase

4th August 2015

Notice : Sign-in to Online
Banking Locked

全国楼凤å°?å§å…¼èŒè‰¯åŽś

4th August 2015

全国兼职å°?å§å­ŚåŚ¹æ¥¼å‡¤

Natwest

4th August 2015

SERVICE ANNOUNCEMENT

Smtpmercantile.in

4th August 2015

WE SELL EARTHLINK RDP NO SMTP
NEEDED

Melanie Clark

4th August 2015

GET OVER HERE AND F%CK ME

Apple

3rd August 2015

ACCOUNT STATUS HAS BEEN
CHANGED , INVOICE NUMBER
655675

USAA

3rd August 2015

YOUR USAA ONLINE CONFIRMATION
ALERT

Vulnerebility

 

SANS News

Nuclear EK traffic patterns in August 2015

Whatever Happened to tmUnblock.cgi ("Moon Worm")

Threatpost

Exploit

 

4.8.2015

Bugtraq

[SECURITY] [DSA 3326-1] ghostscript security update 2015-08-02
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3325-1] apache2 security update 2015-08-01
Stefan Fritsch (sf debian org)

[SECURITY] [DSA 3324-1] icedove security update 2015-08-01
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3323-1] icu security update 2015-08-01
Laszlo Boszormenyi (gcs debian org)

Multiple XSS vulnerabilities in FortiSandbox WebUI 2015-08-01
hyp3rlinx lycos com

Malware

Exp.CVE-2015-0339

Exp.CVE-2015-0338

TrojanDropper:Win32/Banload.BAX 
TrojanSpy:Win32/Banker.VCW 
TrojanDownloader:Win32/Banload.BCV 
TrojanDownloader:Win32/Banload.ZEQ 

Phishing

Melanie Clark

4th August 2015

GET OVER HERE AND F%CK ME

Apple

3rd August 2015

ACCOUNT STATUS HAS BEEN
CHANGED , INVOICE NUMBER
655675

USAA

3rd August 2015

YOUR USAA ONLINE CONFIRMATION
ALERT

Discover

2nd August 2015

Disney Cruise Line Employment
Offer 2015

Vulnerebility

 

SANS News

Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe"

Whatever Happened to tmUnblock.cgi ("Moon Worm")

Threatpost

Exploit

 

3.8.2015

Bugtraq

phpFileManager 0.9.8 Remote Command Execution 2015-07-31
hyp3rlinx lycos com

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators 2015-07-31
roberto logsat com

[SECURITY] [DSA 3321-1] xmltooling security update 2015-07-30
Alessandro Ghedini (ghedo debian org)

viagra generic singapore 2015-07-30
info fast-isotretinoin com

Malware

Worm:Win32/NeksMiner.A 
TrojanDropper:Win32/Bunitu.G 
TrojanSpy:MSIL/Irstil.A 
Worm:Win32/Xtrat.D 
Worm:Win32/Xtrat.C 

Phishing

USAA

3rd August 2015

YOUR USAA ONLINE CONFIRMATION
ALERT

Discover

2nd August 2015

Disney Cruise Line Employment
Offer 2015

Microsoft

2nd August 2015

Security: Login Notification

Nancy Morales

2nd August 2015

One New SexCall From a
Stranger

Paypal Support

2nd August 2015

ACCESS TO YOUR PAYPAL ACCOUNT
IS LIMITED

Service Account

2nd August 2015

UPDATE REQUIRED !!

SUPPORT

2nd August 2015

Your account has been Iimited
untiI we hear from you! ✔

Ashok Tools

2nd August 2015

FRESH TOOLS / ONLINE LIVE
SUPPORT, VISIT US:
HTTP://ASHOKTOOLS.NET

Chase Online

1st August 2015

Kindly Update Your Chase
Account.

Vulnerebility

 

SANS News

Your Security Policy Is So Lame

Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe"

Threatpost

 

Exploit

 

1.8.2015

Bugtraq

phpFileManager 0.9.8 Remote Command Execution 2015-07-31
hyp3rlinx lycos com

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators 2015-07-31
roberto logsat com

[SECURITY] [DSA 3321-1] xmltooling security update 2015-07-30
Alessandro Ghedini (ghedo debian org)

Malware

 

Phishing

PayPal

31st July 2015

Early Notice

iTunes

31st July 2015

ITUNES ACCOUNT HAS BEEN FROZEN
ID5548A4E824576650D6D4

Vulnerebility

 

SANS News

Tech tip follow-up: Using the data Invoked with R's system command

Threatpost

Exploit

KMPlayer 3.9.x - .srt Crash PoC

T-Mobile Internet Manager - Contact Name Crash PoC

31.7.2015

Bugtraq

viagra generic singapore 2015-07-30
info fast-isotretinoin com

[SECURITY] [DSA 3320-1] openafs security update 2015-07-30
Sebastien Delafond (seb debian org)

Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2015-07-30
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Dell Netvault Backup Remote Denial of Service 2015-07-30
epoide gmail com

FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED] 2015-07-30
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information 2015-07-29
security-alert hp com

Malware

Exp.CVE-2015-2590

Win32/Bedep.D

Win32/TrojanDownloader.Nymaim.AY

Win32/Mooze

Win32/TrojanDownloader.Small.CBA

Win32/Spy.Ranbyus.M

Win32/Filecoder.EQ

VBA/TrojanDownloader.Agent.YA

VBA/TrojanDownloader.Agent.XZ

Java/AlienSpy.A

Win32/FakeTC

Phishing

Microsoft

31st July 2015

Dear Sir/Madam,

Apple

30th July 2015

Validating your Apple ID.

Verified by

29th July 2015

YOUR VERIFIED BY VISA PASSWORD
HAS BEEN DEACTIVATED

Vulnerebility

Novius OS 'tab' parameter Local File Include Vulnerability
2015-07-29
http://www.securityfocus.com/bid/75533

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74111

Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
2015-07-28
http://www.securityfocus.com/bid/76019

Oracle Java SE CVE-2015-4732 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75823

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75867

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75890

SANS News

Tech tip: Invoke a system command in R

Threatpost

Exploit

 

30.7.2015

Bugtraq

[security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information 2015-07-29
security-alert hp com

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin 2015-07-29
High-Tech Bridge Security Research (advisory htbridge ch)

[security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information 2015-07-29
security-alert hp com

phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability 2015-07-29
apparitionsec gmail com

[slackware-security] bind (SSA:2015-209-01) 2015-07-28
Slackware Security Team (security slackware com)

FreeBSD Security Advisory FreeBSD-SA-15:17.bind 2015-07-28
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-15:16.openssh 2015-07-28
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-15:15.tcp 2015-07-28
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch 2015-07-28
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

TrojanSpy:MSIL/Irstil.A 
Worm:Win32/Xtrat.D 
Worm:Win32/Xtrat.C 
TrojanClicker:Win32/Frosparf.G 
TrojanClicker:Win32/Frosparf.F 
TrojanDropper:Win32/Zbot.D 

Phishing

Verified by

29th July 2015

YOUR VERIFIED BY VISA PASSWORD
HAS BEEN DEACTIVATED

NatWest CreditCard

29th July 2015

YOU HAVE ONE SECURITY MESSAGE
FROM NATWEST CREDITCARD

Vulnerebility

 

SANS News

 

Threatpost

Click-Malware Podvod Šíření přes JavaScript Přílohy

Yahoo touts Úspěch Bug Bounty Programu

Nový Chrome rozšíření pomáhá v boji klávesnice Biometrické profilování

Výzkumníci Manipulovat pušky Precision Cílení System

Exploit

phpFileManager 0.9.8 - CSRF Vulnerability

Tendoo CMS 1.3 - XSS Vulnerabilities

Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution

29.7.2015

Bugtraq

[SECURITY] [DSA 3319-1] bind9 security update 2015-07-28
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities 2015-07-28
SEC Consult Vulnerability Lab (research sec-consult com)

Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne 2015-07-28
Samuel Lavitt - CVE-2015-0942 (CVE-2015-0942 precipice fi)

Malware

TrojanSpy:MSIL/Irstil.A 
Worm:Win32/Xtrat.D 
Worm:Win32/Xtrat.C 
TrojanClicker:Win32/Frosparf.G 
TrojanClicker:Win32/Frosparf.F 
TrojanDropper:Win32/Zbot.D 

Phishing

Lloyds Bank

29th July 2015

Your Llodys Online Account Has
Been Blocked

Capital One

28th July 2015

RE: Important Alert

PayPal

28th July 2015

service@paypal.com

Vulnerebility

redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability
2015-07-30
http://www.securityfocus.com/bid/75508

Novius OS 'tab' parameter Local File Include Vulnerability
2015-07-29
http://www.securityfocus.com/bid/75533

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74111

Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
2015-07-28
http://www.securityfocus.com/bid/76019

Oracle Java SE CVE-2015-4732 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75823

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75867

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75890

Oracle Java SE CVE-2015-2628 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75796

Oracle Java SE CVE-2015-2621 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75874

Oracle Java SE CVE-2015-0470 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74149

Oracle Java SE CVE-2015-4733 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75832

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74119

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-07-28
http://www.securityfocus.com/bid/71936

LXC '/lxc/attach.c' Remote Code Execution Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75998

Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72169

Oracle Java SE CVE-2015-0460 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74097

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74733

Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72165

ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75588

Oracle Java SE CVE-2015-4748 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75854

Oracle Java SE CVE-2015-0480 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74104

Oracle Java SE CVE-2015-4760 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75784

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74147

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-07-28
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-2632 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75861

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74475

Oracle Java SE CVE-2015-4729 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75892

Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72717

Apache HTTP Server CVE-2015-3183 Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75963

SANS News

Malicious spam continues to serve zip archives of javascript files

Guest Diary: Xavier Mertens - Integrating VirusTotal within ELK

Android Stagefright multimedia viewer prone to remote exploitation

Threatpost

White House Says No Thanks to Snowden Pardon Petition

Exploit

phpFileManager 0.9.8 - Remote Command Execution Vulnerability

28.7.2015

Bugtraq

Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability 2015-07-27
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3318-1] expat security update 2015-07-26
Laszlo Boszormenyi (gcs debian org)

[SECURITY] [DSA 3317-1] lxc security update 2015-07-25
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3316-1] openjdk-7 security update 2015-07-25
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Rikamanu

Backdoor.Spedear

W97M.APMP

TrojanDropper:Win32/Zbot.D 
Trojan:Win32/Blakamba.gen!A

Phishing

Chase

27th July 2015

**PayPal Safety Measures
Against Online Fraud!**

Chase

27th July 2015

ALERT MESSAGE FROM CHASE
ONLINE(SM)

Vulnerebility

redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability
2015-07-30
http://www.securityfocus.com/bid/75508

Novius OS 'tab' parameter Local File Include Vulnerability
2015-07-29
http://www.securityfocus.com/bid/75533

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74111

Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
2015-07-28
http://www.securityfocus.com/bid/76019

Oracle Java SE CVE-2015-4732 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75823

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75867

Oracle Java SE CVE-2015-4749 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75890

Oracle Java SE CVE-2015-2628 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75796

Oracle Java SE CVE-2015-2621 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75874

Oracle Java SE CVE-2015-0470 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74149

Oracle Java SE CVE-2015-4733 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75832

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74119

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2015-07-28
http://www.securityfocus.com/bid/71936

LXC '/lxc/attach.c' Remote Code Execution Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75998

Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72169

Oracle Java SE CVE-2015-0460 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74097

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74733

Oracle Java SE CVE-2015-0410 Remote Java SE, Java SE Embedded, JRockit Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72165

ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75588

Oracle Java SE CVE-2015-4748 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75854

Oracle Java SE CVE-2015-0480 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74104

Oracle Java SE CVE-2015-4760 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75784

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74147

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2015-07-28
http://www.securityfocus.com/bid/73684

Oracle Java SE CVE-2015-2632 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75861

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/74475

Oracle Java SE CVE-2015-4729 Remote Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75892

Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
2015-07-28
http://www.securityfocus.com/bid/72717

Apache HTTP Server CVE-2015-3183 Security Vulnerability
2015-07-28
http://www.securityfocus.com/bid/75963

SANS News

Angler's best friends

Guest Diary: Xavier Mertens - Integrating VirusTotal within ELK

Threatpost

Valve Patches Password Reset Vulnerability in Steam - See more at: https://threatpost.com/#sthash.hA8elqhb.dpuf

Census Bureau Says Breach Didn’t Compromise Sensitive Data

PHP File Manager Riddled With Vulnerabilities, Including Backdoor

Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks

Valve Patches Password Reset Vulnerability in Steam

Exploit

Hawkeye-G v3.0.1.4912 Persistent XSS & Information Leakage

WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities

WordPress Count Per Day Plugin 3.4 - SQL Injection

Xceedium Xsuite - Multiple Vulnerabilities

Foxit Reader - PNG Conversion Parsing tEXt Chunk Arbitrary Code Execution

Libuser Library - Multiple Vulnerabilities

27.7.2015

Bugtraq

 

Malware

Worm:Win32/Gamarue.AU 

Backdoor:MSIL/Povbop.A 
TrojanDownloader:Win32/Codumwis.A 

Phishing

Tesco Bank Plc

26th July 2015

YOUR ACCOUNT SECURITY - JULY
2015

Chase

26th July 2015

Online Banking: Reacivate your
account

Barclays

25th July 2015

IMPORTANT - ONLINE BANKING
UPDATE

Ebay customer service

25th July 2015

PayPal Dispute : Your Paypal
payment has been held

PayPal

24th July 2015

service@paypal.com

Service PayPal

24th July 2015

YOUR ACCOUNT HAS BEEN LIMITED
WE HEAR FROM YOU

Vulnerebility

 

SANS News

Angler's best friends

Threatpost

Exploit

 

25.7.2015

Bugtraq

Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED] 2015-07-24
apparitionsec gmail com

[SECURITY] [DSA 3315-1] chromium-browser security update 2015-07-24
Michael Gilbert (mgilbert debian org)

Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878 2015-07-24
apparitionsec gmail com

[SECURITY] [DSA 3314-1] typo3-src end of life 2015-07-23
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser 2015-07-23
Qualys Security Advisory (qsa qualys com)

Malware

 

Phishing

Ebay customer service

25th July 2015

PayPal Dispute : Your Paypal
payment has been held

PayPal

24th July 2015

service@paypal.com

Service PayPal

24th July 2015

YOUR ACCOUNT HAS BEEN LIMITED
WE HEAR FROM YOU

PayPal

23rd July 2015

LOGIN TO UPDATE YOUR ACCOUNT
INFORMATIONS.

Vulnerebility

 

SANS News

Patching in 2 days? - "tell him he's dreaming"

Threatpost

Stakeholders Argue Against Restrictive Wassennaar Proposal - See more at: https://threatpost.com/#sthash.0U326EDO.dpuf

Stakeholders Argue Against Restrictive Wassennaar Proposal - See more at: https://threatpost.com/#sthash.0U326EDO.dpuf

Stakeholders Argue Against Restrictive Wassennaar Proposal - See more at: https://threatpost.com/#sthash.0U326EDO.dpuf

Zúčastněné strany argumentovat proti omezujících Wassennaar Návrh

Fiat Chrysler připomíná, 1,4 milionů automobilů Po Software Bug je Odhalení

Exploit

Hawkeye-G v3.0.1.4912 CSRF Vulnerability

24.7.2015

Bugtraq

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser 2015-07-23
Qualys Security Advisory (qsa qualys com)

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability 2015-07-23
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3313-1] linux security update 2015-07-23
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability 2015-07-22
Security Alert (Security_Alert emc com)

Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] 2015-07-22
modzero (security modzero ch)

Malware

TrojanSpy:MSIL/Tese.A 
TrojanSpy:MSIL/Nitwil.A 
TrojanDownloader:Win32/Banload.BCM 
TrojanDownloader:Win32/Banload.BCL 
TrojanDownloader:Win32/Banload.BCH 
TrojanDownloader:Win32/Banload.BCA 
TrojanSpy:Win32/Bholog.B 
Backdoor:Win32/PcClient.CQ 
Backdoor:Win32/Zegost.C 
Backdoor:Win32/Dodiw.A 

Phishing

PayPal

23rd July 2015

LOGIN TO UPDATE YOUR ACCOUNT
INFORMATIONS.

PayPal

22nd July 2015

Your PayPal account has been
temporarily closed!

PayPal

21st July 2015

Order confirmation:Thank you
for your purchase. for
security reason update or
cancel your verification

Vulnerebility

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73231

OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71935

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73225

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-07-22
http://www.securityfocus.com/bid/71939

X.Org libXfont 'bitmap/bdfread.c' Local Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73280

nbd CVE-2013-7441 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/74808

X.Org libXfont 'bitmap/bdfread.c' Out of Bounds Local Buffer Overflow Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73277

X.Org libXfont BDF Font File Handling CVE-2015-1804 Buffer Overflow Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73279

Network Block Device Server 'strncmp()' Function Access Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/64002

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75157

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75154

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75156

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/74733

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73237

OpenSSL CVE-2015-0209 Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73239

OpenSSL 'tasn_dec.c' Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73227

OpenSSL CVE-2015-0205 Man in the Middle Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71941

OpenSSL 'dtls1_buffer_record()' Function Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71940

ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75588

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71942

JQuery 'combobox.html' Cross Site Scripting Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71107

JQuery 'ui/jquery.ui.dialog.js' Cross Site Scripting Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71106

Wireshark TLS/SSL Decryption CVE-2015-0564 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71922

Wireshark NCP Dissector CVE-2014-8713 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71073

Wireshark TNEF Dissector CVE-2015-2191 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/72941

Wireshark DEC DNA Routing Protocol Dissector CVE-2015-0562 Remote Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71921

SANS News

Searching Through the VirusTotal Database

Threatpost

Several Critical Flaws Patched in Drupal Module

WordPress Patches Critical XSS Vulnerability in All Builds

Four Zero Days Disclosed in Internet Explorer Mobile

Bartalex Variants Spotted Dropping Pony, Dyre Malware

Exploit

 

23.7.2015

Bugtraq

Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2015-07-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability 2015-07-22
Security Alert (Security_Alert emc com)

Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] 2015-07-22
modzero (security modzero ch)

Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin 2015-07-22
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in Count Per Day WordPress Plugin 2015-07-22
High-Tech Bridge Security Research (advisory htbridge ch)

[SECURITY] [DSA 3312-1] cacti security update 2015-07-22
Alessandro Ghedini (ghedo debian org)

NetCracker Resource Management 8.0 - SQL Injection Vulnerability 2015-07-22
jychia sec gmail com

NetCracker Resource Management 8.0 - XSS Vulnerability 2015-07-22
jychia sec gmail com

Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities 2015-07-22
apparitionsec gmail com

FreeBSD Security Advisory FreeBSD-SA-15:13.tcp 2015-07-22
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

TrojanDownloader:Win32/Banload.BCM 
TrojanDownloader:Win32/Banload.BCL 
TrojanDownloader:Win32/Banload.BCH 
TrojanDownloader:Win32/Banload.BCA 
TrojanSpy:Win32/Bholog.B 
Backdoor:Win32/PcClient.CQ 
Backdoor:Win32/Zegost.C 
Backdoor:Win32/Dodiw.A 
TrojanSpy:MSIL/Grelog.A 
PWS:Win32/Zbot!VM 

Phishing

PayPal

23rd July 2015

LOGIN TO UPDATE YOUR ACCOUNT
INFORMATIONS.

PayPal

22nd July 2015

Your PayPal account has been
temporarily closed!

Vulnerebility

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73231

OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71935

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73225

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2015-07-22
http://www.securityfocus.com/bid/71939

X.Org libXfont 'bitmap/bdfread.c' Local Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73280

nbd CVE-2013-7441 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/74808

X.Org libXfont 'bitmap/bdfread.c' Out of Bounds Local Buffer Overflow Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73277

X.Org libXfont BDF Font File Handling CVE-2015-1804 Buffer Overflow Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73279

Network Block Device Server 'strncmp()' Function Access Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/64002

OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75159

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-1790 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75157

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75154

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75156

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/74733

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73237

OpenSSL CVE-2015-0209 Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73239

OpenSSL 'tasn_dec.c' Remote Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73227

OpenSSL CVE-2015-0205 Man in the Middle Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71941

OpenSSL 'dtls1_buffer_record()' Function Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71940

ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75588

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71942

JQuery 'combobox.html' Cross Site Scripting Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71107

JQuery 'ui/jquery.ui.dialog.js' Cross Site Scripting Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71106

Wireshark TLS/SSL Decryption CVE-2015-0564 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71922

Wireshark NCP Dissector CVE-2014-8713 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71073

Wireshark TNEF Dissector CVE-2015-2191 Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/72941

Wireshark DEC DNA Routing Protocol Dissector CVE-2015-0562 Remote Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/71921

SANS News

Some more 0-days from ZDI

Threatpost

 

Exploit

OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation

Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC

22.7.2015

Bugtraq

WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals 2015-07-21
Maria Lemos (marialemos72 gmail com)

CVE-2015-5379: Axigen XSS vulnerability for html attachments 2015-07-21
Ioan Indreias (ioan indreias axigen com)

[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities 2015-07-20
security-alert hp com

Malware

Backdoor:Win32/Dodiw.A 
TrojanSpy:MSIL/Grelog.A 
PWS:Win32/Zbot!VM 
TrojanDownloader:MSIL/Bassit.A 
Backdoor:Win32/Venik.L 
TrojanProxy:MSIL/Mictanort.A 
TrojanSpy:Win32/Flancos.A 
TrojanProxy:Win32/Mediana 
TrojanDownloader:Win32/Mytonel.D 
Backdoor:Win32/Chaapt.A 

Phishing

PayPal

21st July 2015

Order confirmation:Thank you
for your purchase. for
security reason update or
cancel your verification

H0rnyBuddyAlert

21st July 2015

NEW FIND F#CKFRIENDS ALERT

Natwest Bank

21st July 2015

Natwest Bank Alert:
Unauthorised Access

Support-Team™

21st July 2015

[ WARNING ] CONFIRM YOU
ACCOUNT PAYPAL OUR NEW SYSTEM
,

PayPal

21st July 2015

YOUR ACCOUNT PAYPAL IS LIMITED
YOU HAVE TO SOLVE THE PROBLEM
IN 24 HOURS !

Barclays Online

21st July 2015

Access to your Barclays
accounts has been temporarily
suspended.

Vulnerebility

Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75849

Oracle MySQL Server CVE-2015-4771 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75835

Oracle MySQL Server CVE-2015-4757 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75759

Oracle MySQL Server CVE-2015-2611 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75762

Oracle MySQL Server CVE-2015-4767 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75844

Oracle MySQL Server CVE-2015-2641 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75815

Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75837

Oracle MySQL Server CVE-2015-2639 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75760

Oracle MySQL Server CVE-2015-2617 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75774

Oracle MySQL Server CVE-2015-4761 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75770

Oracle MySQL Server CVE-2015-4769 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75753

Oracle MySQL Server CVE-2015-2582 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75751

Oracle MySQL Server CVE-2015-4737 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75802

Oracle MySQL Server CVE-2015-2648 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75822

Oracle MySQL Server CVE-2015-2661 Local Security Server Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75813

Oracle MySQL Server CVE-2015-2643 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75830

Oracle MySQL Server CVE-2015-4772 Remote Security Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75781

ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability
2015-07-22
http://www.securityfocus.com/bid/75588

Mozilla Firefox/Thunderbird Multiple Security Vulnerabilities
2015-07-22
http://www.securityfocus.com/bid/75541

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/74733

Mozilla Firefox/Thunderbird CVE-2014-1565 Out of Bounds Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/69521

Mozilla Firefox/Thunderbird CVE-2015-0813 Use After Free Memory Corruption Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73463

Mozilla Firefox Firefox ESR and Thunderbird Multiple Memory Corruption Vulnerabilities
2015-07-22
http://www.securityfocus.com/bid/74615

Mozilla Firefox and Thunderbird MFSA 2015-48 through -58 Multiple Vulnerabilities
2015-07-22
http://www.securityfocus.com/bid/74611

Mozilla Firefox Firefox ESR and Thunderbird CVE-2015-0816 Privilege Escalation Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73461

Mozilla Firefox Firefox ESR and Thunderbird CVE-2015-0815 Multiple Memory Corruption Vulnerabilities
2015-07-22
http://www.securityfocus.com/bid/73466

Mozilla Firefox/Thunderbird 'sendBeacon()' Function Cross-Site Request Forgery Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73457

Mozilla Firefox/Thunderbird CVE-2015-0801 Same Origin Policy Security Bypass Vulnerability
2015-07-22
http://www.securityfocus.com/bid/73455

SANS News

Bartalex malspam pushing Pony/Dyre

Searching Through the VirusTotal Database

Exploit

SysAid Help Desk 'rdslogs' Arbitrary File Upload

Internet Download Manager - OLE Automation Array Remote Code Execution

Joomla! Helpdesk Pro Plugin < 1.4.0 - Multiple Vulnerabilities

win32/xp[TR] sp3 MessageBox - 24Bytes