Databze Hot News - Rok - vod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  - 2018  2017  2016  2015  2014  2013 
Posledn aktualizace v 08.10.2016 14:19:38

23.2.2016

Bugtraq

CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM) 2016-02-23
Alexandre Herzog (Alexandre Herzog csnc ch)

CSNC-2016-002 - Open Redirect in OpenAM 2016-02-23
Alexandre Herzog (Alexandre Herzog csnc ch)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-23
Vulnerability Lab (research vulnerability-lab com)

Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SYSS-2015-063] OpenCms - Cross Site Scripting 2016-02-22
rainer boie syss de

Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5346 Apache Tomcat Session fixation 2016-02-22
Mark Thomas (markt apache org)

Malware

Trojan.Cryptolocker.AG

Backdoor:Win32/Degrub.A 
TrojanSpy:MSIL/Zurten.A 
Ransom:Win32/Empercrypt.A 

Phishing

Service@Paypal.co.uk

22nd February 2016

PAYPAL NOTIFICATION: MESSAGE
FOR YOU

Important Notice

22nd February 2016

[SUPPORT INC] : YOUR PAYPAL
ACCOUNT HAS BEEN LIMITED!

Vulnerebility

Linux Kernel CVE-2015-7550 Null Pointer Deference Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79903

Linux Kernel 'fs/fuse/file.c' Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81688

Linux Kernel CVE-2013-4312 Multiple Local Denial of Service Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/82986

Linux Kernel CVE-2016-2069 TLB Flush Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81809

Libxml2 'parser.c' Buffer Overflow Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77621

Google Android Kernel CVE-2015-8543 Null Pointer Deference Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79698

Linux Kernel CVE-2015-8575 Local Information Disclosure Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79724

Linux Kernel Multiple Local Information Disclosure Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/79428

Libxml2 'xmlGROW()' Function Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79509

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/74241

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77312

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77528

Linux Kernel Crypto API CVE-2013-7421 Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/72322

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81329

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2016-02-23
http://www.securityfocus.com/bid/78215

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/75510

ModSecurity 'mod_headers' module Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/66550

Samba CVE-2015-5252 Symlink Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79733

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77524

Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/71078

Linux Kernel Crypto API CVE-2014-9644 Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/72320

Linux Kernel 'ipc_addid()' Function Local Memory Corruption Vulnerability
2016-02-23
http://www.securityfocus.com/bid/76977

Oracle MySQL Server CVE-2015-4895 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77136

Oracle MySQL Server CVE-2015-4905 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77143

Oracle MySQL Server CVE-2015-4913 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77153

Oracle MySQL Server CVE-2015-4864 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77187

Oracle MySQL Server CVE-2015-4870 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77208

Oracle MySQL Server CVE-2015-4904 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77219

Oracle MySQL Server CVE-2015-4890 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77231

Oracle MySQL Server CVE-2015-4910 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77234

SANS News

VMware VMSA-2016-0002

Threatpost

 

Exploit

 

22.2.2016

Bugtraq

[SYSS-2015-063] OpenCms - Cross Site Scripting 2016-02-22
rainer boie syss de

Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5346 Apache Tomcat Session fixation 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] [DSA 3486-1] chromium-browser security update 2016-02-21
Michael Gilbert (mgilbert debian org)

[security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access 2016-02-20
security-alert hpe com

[SECURITY] [DSA 3485-1] didiwiki security update 2016-02-20
Sebastien Delafond (seb debian org)

Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 2016-02-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

TrojanSpy:Win32/Bancos 

Phishing

SUPPORT

21st February 2016

Please Login to Update Your
Account informations

PayPal

21st February 2016

RE: NOTIFICATION ONLINE

Apple

21st February 2016

APPLE EXPIRATION YOUR ACCOUNT

Vulnerebility

RETIRED: Network Time Protocol CVE-2014-9298 Authentication Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83185

PhpCOIN Multiple Remote File Include Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/19706

Google Chrome Prior to 48.0.2564.109 Multiple Security Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/83125

Honeyd CVE-2006-4292 ARP Packet Processing Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/19614

Google Chrome CVE-2016-1629 Same Origin Policy Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83302

Libgraphite Multiple Security Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/82991

xdelta3 CVE-2014-9765 Local Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83109

CPIO CVE-2016-2037 Out of Bounds Write Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82293

GNU glibc 'strftime()' Function Memory Corruption Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83277

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83275

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82244

Mozilla Firefox MFSA 2016-01 Multiple Memory Corruption Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/81953

Mozilla Firefox CVE-2016-1935 Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81952

Linux Kernel CVE-2015-5157 Local Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/76005

Linux Kernel CVE-2016-0728 Local Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81054

NTP 'ntp_io.c' Authentication Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72584

Multiple AMX Products CVE-2015-8362 Hardcoded Credentials Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81545

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/83265

Microsoft Internet Explorer CVE-2016-0069 Remote Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82665

NTP 'ntp_crypto.c' Information Disclosure Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72583

JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/80035

GNU glibc 'send_dg()' Function Local Information Disclosure Weakness
2016-02-22
http://www.securityfocus.com/bid/72844

GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
2016-02-22
http://www.securityfocus.com/bid/71216

GNU glibc CVE-2015-1781 Multiple Buffer Overflow Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/74255

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/71670

GNU glibc CVE-2014-8121 Infinite Loop Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/73038

GNU glibc 'swscanf' Local Heap Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72428

GNU glibc Locale Environment Handling Directory Traversal Vulnerability
2016-02-22
http://www.securityfocus.com/bid/68505

GNU glibc 'iconv()' Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/69472

GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/68983

SANS News

Reducing False Positives with Open Data Sources

Tip: Quick Analysis of Office Maldoc

Threatpost

 

Exploit

 BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities

InstantCoder 1.0 iOS - Multiple Vulnerabilities

Thru Managed File Transfer Portal 9.0.2 - SQL Injection

Core FTP Server 1.2 - Buffer Overflow PoC

Wireshark - dissect_oml_attrs Static Out-of-Bounds Read

Wireshark - add_ff_vht_compressed_beamforming_report Static Out-of-Bounds Read

Wireshark - dissect_ber_set Static Out-of-Bounds Read

21.2.2016

Bugtraq

Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 2016-02-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-02-18
security-alert hpe com

[SECURITY] [DSA 3483-1] cpio security update 2016-02-19
Salvatore Bonaccorso (carnil debian org)

ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Investors Application - Client Side Cross Site Scripting Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Chamilo LMS - Persistent Cross Site Scripting Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

[SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

Malware

Ransom:MSIL/Crydap.A Zabezpeen
Ransom:Win32/Locky.A Zabezpeen

Win32/Filecoder.Locky.A

Phishing

Hotmail

19th February 2016

Microsoft Password Reset

Turbo Tax Team

18th February 2016

YOUR TURBO TAX UPDATE

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Vulnerebility

 

SANS News

Locky: JavaScript Deobfuscation

Hunting for Executable Code in Windows Environments

Threatpost

Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

Exploit

SOLIDserver <=5.0.4 - Local File Inclusion Vulnerability

19.2.2016

Bugtraq

CVE-2015-7521: Apache Hive authorization bug disclosure (update) 2016-02-18
khorgath apache org (Sushanth Sowmyan)

[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) 2016-02-17
security-alert hpe com

[SECURITY] [DSA 3482-1] libreoffice security update 2016-02-17
Sebastien Delafond (seb debian org)

SSO Authentication Bypass and Website Takeover in DOKEOS 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in webSPELL 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in TestLink 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in WeBid 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCommerce 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in Osclass 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCmax 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

Malware

Win32/Filecoder.Locky.A

Android/Locker 

Android/Simplocker 

Android/Koler

Phishing

Turbo Tax Team

18th February 2016

YOUR TURBO TAX UPDATE

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Vulnerebility

 

SANS News

Hunting for Executable Code in Windows Environments

Threatpost

 

Exploit

Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability

Chamilo LMS - Persistent Cross Site Scripting Vulnerability

ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities

XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability

STIMS Buffer - Buffer Overflow SEH - DoS

STIMS Cutter - Buffer Overflow DoS

QuickHeal 16.00 - webssx.sys Driver DoS Vulnerability

Adobe Flash - SimpleButton Creation Type Confusion

Vesta Control Panel <= 0.9.8-15 - Persistent XSS Vulnerability

DirectAdmin 1.491 - CSRF Vulnerability

18.2.2016

Bugtraq

CVE-2015-7521: Apache Hive authorization bug disclosure (update) 2016-02-18
khorgath apaAche org (Sushanth Sowmyan)

[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) 2016-02-17
security-alert hpe com

[SECURITY] [DSA 3482-1] libreoffice security update 2016-02-17
Sebastien Delafond (seb debian org)

SSO Authentication Bypass and Website Takeover in DOKEOS 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in webSPELL 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in TestLink 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in WeBid 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCommerce 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in Osclass 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCmax 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

Malware

Ransom:Win32/Locky.A 
TrojanDropper:Win32/Pawxnic.A 

Backdoor.Cloworm

Win32/Spit.8192.E

Phishing

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Virgin Media

16th February 2016

YOUR LATEST VIRGIN MEDIA BILL
CANNOT BE PROCESSED

Vulnerebility

 

SANS News

Angler exploit kit generated by "admedia" gates

Threatpost

 

Exploit

JMX2 Email Tester - (save_email.php) Web Shell Upload

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

17.2.2016

Bugtraq

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

Malware

Infostealer.Banprox.B

Backdoor.Redsip.B

Phishing

PayPal

17th February 2016

[Paypal] : Verification
required

Virgin Media

16th February 2016

YOUR LATEST VIRGIN MEDIA BILL
CANNOT BE PROCESSED

Tesco.com.

16th February 2016

Tesco Online Notification.

Vulnerebility

 

SANS News

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo

Threatpost

 

Exploit

JMX2 Email Tester - (save_email.php) Web Shell Upload

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

ManageEngine OPutils 8.0 - Multiple Vulnerabilities

ManageEngine Network Configuration Management Build 11000 - Privilege Escalation

WordPress ALO EasyMail Newsletter Plugin 2.6.01 - CSRF Vulnerability

phpMyBackupPro 2.5 - Remote Command Execution / CSRF

CyberCop Scanner Smbgrind 5.5 - Buffer Overflow

glibc - getaddrinfo Stack-Based Buffer Overflow

16.2.2016

Bugtraq

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

CSRF and XsS In Manage Engine oputils 2016-02-15
kingkaustubh me com

Privilege escalation Vulnerability in ManageEngine oputils 2016-02-15
kingkaustubh me com

Missing Function Level Access control Vulnerability in OPutils 2016-02-15
kingkaustubh me com

[SECURITY] [DSA 3478-1] libgcrypt11 security update 2016-02-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3479-1] graphite2 security update 2016-02-15
Moritz Muehlenhoff (jmm debian org)

CyberCop Scanner Smbgrind v5.5 Buffer Overflow 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 Remote Command Execution / CSRF 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 Arbitrary File Upload 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 XSS 2016-02-16
hyp3rlinx lycos com

BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware 2016-02-15
Blue Frost Security Research Lab (research bluefrostsecurity de)

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

Malware

Backdoor:Win64/Swoorp.A 

Backdoor.Contopee

Infostealer.Banprox.B

Phishing

Tesco.com.

16th February 2016

Tesco Online Notification.

Amazon

15th February 2016

IMPORTANT UPDATES FROM AMAZON

Tesco Bank

15th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

Santander UK

15th February 2016

SANTANDER ALERTS SERVICE
UPDATE

Vulnerebility

 

SANS News

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo

Exploiting (pretty) blind SQL injections

Threatpost

 

Exploit

 

15.2.2016

Bugtraq

BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware 2016-02-15
Blue Frost Security Research Lab (research bluefrostsecurity de)

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

[SECURITY] [DSA 3477-1] iceweasel security update 2016-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3475-1] postgresql-9.1 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution 2016-02-12
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 3476-1] postgresql-9.4 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

[ERPSCAN-15-032] SAP PCo agent ?? DoS vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

Malware

Ransom:Win32/DMALocker.A 
Backdoor:Win32/Qakbot.T 
Win32/Qakbot 

Phishing

Santander UK

15th February 2016

SANTANDER ALERTS SERVICE
UPDATE

Paypal Support

14th February 2016

REMINDER: YOUR ACCOUNT WILL BE
LIMITED UNTIL WE HEAR FROM YOU

PayPaI Inc

14th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

SUPPORT

14th February 2016

Warning! You must update all
your informations 14/02/2016

Vulnerebility

 

SANS News

More Multi-Architecture IoT Malware

Threatpost

 

Exploit

Tiny Tiny RSS - Blind SQL Injection

Windows Kerberos Security Feature Bypass (MS16-014)

Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow Exploit

Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040)

Alternate Pic View 2.150 - .pgm Crash PoC

Ntpd <= ntp-4.2.6p5 - ctl_putdata() Buffer Overflow

Network Scanner Version 4.0.0.0 - SEH Crash POC

13.2.2016

Bugtraq

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

[SECURITY] [DSA 3477-1] iceweasel security update 2016-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3475-1] postgresql-9.1 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution 2016-02-12
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 3476-1] postgresql-9.4 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

[ERPSCAN-15-032] SAP PCo agent ?? DoS vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-031] SAP MII ?? Encryption Downgrade vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3474-1] libgcrypt20 security update 2016-02-12
Salvatore Bonaccorso (carnil debian org)

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

Paypal Support

14th February 2016

REMINDER: YOUR ACCOUNT WILL BE
LIMITED UNTIL WE HEAR FROM YOU

PayPaI Inc

14th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

SUPPORT

14th February 2016

Warning! You must update all
your informations 14/02/2016

PayPaI Inc

13th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Desiree Benson

13th February 2016

DIRTY TALK AND HOOK UP

Vulnerebility

 

SANS News

VMware VMSA-2015-0007.3 has been Re-released

Threatpost

 

Exploit

 

12.2.2016

Bugtraq

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) 2016-02-12
Berend-Jan Wever (berendjanwever gmail com)

[slackware-security] mozilla-firefox (SSA:2016-042-01) 2016-02-11
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3473-1] nginx security update 2016-02-11
Salvatore Bonaccorso (carnil debian org)

Re: [oss-security] HTTPS Only (Open Source, Python) 2016-02-11
P J P (ppandit redhat com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-11
Securify B.V. (lists securify nl)

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)

MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor:Win32/Qakbot.T 
Win32/Qakbot 

Win32/Gremo.3302

Phishing

THE CO-OPERATIVE PLC

12th February 2016

Fix The Error On Your Account.

Apple Online Support

10th February 2016

Apple Account Locked.

Amazon

9th February 2016

Important updates from Amazon

NatWest

9th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

11.2.2016

Bugtraq

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)

MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)

ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org

dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com

Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

Malware

 

Phishing

 

Vulnerebility

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75895

Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77340

Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
2016-02-11
http://www.securityfocus.com/bid/78219

Linux kernel CVE-2013-7446 Use After Free Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77638

PHP 'xsltprocessor.c' Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76733

PHP 'valuePop()' Function Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76738

PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/76649

PHP 'php_var_unserialize()' Function Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76734

PHP CVE-2015-4642 OS Command Injection Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75290

PHP CVE-2015-4598 Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/75244

PHP CVE-2015-6831 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/76737

PHP NULL Character CVE-2015-4025 Incomplete Fix Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/74904

PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/74903

PHP 'process_nested_data()' Function Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/73431

PHP CVE-2015-0273 Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/72701

PHP CVE-2015-3411 Null Character Security Bypass Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75255

PHP NULL Character CVE-2015-3412 Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/75250

PHP PHAR CVE-2015-2783 Remote Memory Corruption Vulnerability
2016-02-11
http://www.securityfocus.com/bid/74239

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75158

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77304

Oracle Java SE CVE-2016-0448 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81123

Oracle Java SE CVE-2016-0402 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81096

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-02-11
http://www.securityfocus.com/bid/79684

Oracle Java SE and JRockit CVE-2016-0466 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81118

QEMU 'ui/vnc.c' Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/78708

QEMU 'eepro100.c' Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77985

QEMU CVE-2015-8558 Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/80694

QEMU 'hw/pci/msix.c' Null Pointer Dereference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/80761

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81329

SANS News

Critical Cisco ASA IKEv2/v2 Vulnerability. Active Scanning Detected

Tomcat IR with XOR.DDoS

Threatpost

Vitaly Kamluk on the Adwind RAT

Exploit

File Replication Pro <= 7.2.0 - Multiple Vulnerabilities

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnerability

Deepin Linux 15 - lastore-daemon Privilege Escalation

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

10.2.2016

Bugtraq

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)

ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org

dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com

Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com

[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Bayrob.BM

MSIL/Filecoder.CryptoJoker.A

Phishing

Apple Online Support

10th February 2016

Apple Account Locked.

Amazon

9th February 2016

Important updates from Amazon

NatWest

9th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

SKY

9th February 2016

Second Notice from Sky -
Update immediately your
account or it will be deleted!

service@e.paypal.com

9th February 2016

WE'RE INVESTIGATING YOUR
ACCOUNT ACTIVITY PAYPAL.

Vulnerebility

 

SANS News

Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor

Adobe Patch Tuesday - February 2016

Threatpost

 

Exploit

D-Link DCS-930L Authenticated Remote Command Execution

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnerability

Yeager CMS 1.2.1 - Multiple Vulnerabilities

Deepin Linux 15 - lastore-daemon Privilege Escalation

Microsoft Windows WebDAV BSoD PoC (MS-016)

PotPlayer 1.6.5x - .mp3 Crash PoC

9.2.2016

Bugtraq

Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com

[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3470-1] qemu-kvm security update 2016-02-08
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3469-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3471-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)

WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #4 - (name) Persistent Validation Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #5 - Persistent Filename Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

service@e.paypal.com

9th February 2016

WE'RE INVESTIGATING YOUR
ACCOUNT ACTIVITY PAYPAL.

Tesco Bank

8th February 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Mary Alonzo

8th February 2016

Automated confirmation from
Western Union Speedpay

Vulnerebility

 

SANS News

Microsoft February 2016 Patch Tuesday

Out-of Order Java Update

Threatpost

 

Exploit

Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption

Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2

Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption

dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability

WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure

WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation

WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload

WordPress Booking Calendar Contact Form Plugin <= 1.0.23 - Multiple Vulnerabilities

8.2.2016

Bugtraq

WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #4 - (name) Persistent Validation Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #5 - Persistent Filename Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) 2016-02-08
Ralf Spenneberg (info os-t de)

Symphony CMS multiple vulnerabilities 2016-02-08
Filippo Cavallarin (filippo cavallarin wearesegment com)

WordPress User Meta Manager Plugin [Information Disclosure] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-02-07
Stefan Kanthak (stefan kanthak nexgo de)

CFP: SIN 2016 - 9th International Conference on Security of Information and Networks 2016-02-07
Hossain Shahriar (hshahria kennesaw edu)

[SECURITY] [DSA 3468-1] polarssl security update 2016-02-06
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3467-1] tiff security update 2016-02-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Tesco Bank

8th February 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Mary Alonzo

8th February 2016

Automated confirmation from
Western Union Speedpay

Felicia Haines

8th February 2016

31,842.29 a day with ZERO work
(details inside)

Vulnerebility

 

SANS News

More Malicious JavaScript Obfuscation

Threatpost

 

Exploit

 

6.2.2016

Bugtraq

 

Malware

 

Phishing

CHARLENE FIGUEROA

6th February 2016

Make me sweat

NatWest

6th February 2016

Your account has been closed

Security-Team

6th February 2016

PLEASE CHECK YOUR ACCOUNT !

Apple Support é

6th February 2016

YOUR ACCOUNT WILL BE CLOSED

National

6th February 2016

FedEx International #3829

Vulnerebility

 

SANS News

DDOS is down, but still a concern for ISPs

Threatpost

 

Exploit

 

5.2.2016

Bugtraq

CVE-2015-3252: Apache CloudStack VNC authentication issue 2016-02-05
John Kinsella (jlk thrashyour com)

CVE-2015-3251: Apache CloudStack VM Credential Exposure 2016-02-05
John Kinsella (jlk thrashyour com)

[SECURITY] [DSA 3466-1] krb5 security update 2016-02-04
Salvatore Bonaccorso (carnil debian org)

WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04
Slackware Security Team (security slackware com)

AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04
Asterisk Security Team (security asterisk org)

[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04
Pedro Ribeiro (pedrib gmail com)

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03
David Coomber (davidcoomber infosec gmail com)

Malware

JS/TrojanDownloader.Agent.OFN

Win32/Dridex.AA

Phishing

CUSTOMER INFORMATION

4th February 2016

Customer Information

PayPal Secure

4th February 2016

Temporarily unable to load
your account

Amazon Security Team

4th February 2016

Account verification

Chase Support

4th February 2016

NEW MESSAGE REGARDING YOUR
CHASE ACCOUNT (REF
#CHS-852-992-)

Vulnerebility

 

SANS News

A trip through the spam filters: more malspam with zip attachments containing .js files

Threatpost

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Exploit

 

4.2.2016

Bugtraq

WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04
Slackware Security Team (security slackware com)

AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04
Asterisk Security Team (security asterisk org)

[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04
Pedro Ribeiro (pedrib gmail com)

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03
David Coomber (davidcoomber infosec gmail com)

Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Security Advisories 2016-02-03
Portcullis Advisories (advisories portcullis-security com)

Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Malware

JS/TrojanDownloader.Agent.OFN

Phishing

VISA

3rd February 2016

Australia Carnival Cruise job
Vacancy (Apply Now)

Tesco Bank

3rd February 2016

PROBLEM WITH YOUR SAVINGS AND
CURRENT

PayPal

2nd February 2016

Important - We noticed unusual
activity in your PayPal Debit
MasterCard - 61922794

Virgin Media

2nd February 2016

Verify your account

Vulnerebility

 

SANS News

Fake Adobe Flash Update OS X Malware

Threatpost

eBay Vulnerability Exposes Users to Phishing, Data Theft

Exploit

FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow

GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities

DLink DVGN5402SP - Multiple Vulnerabilities

WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection

WordPress User Meta Manager Plugin 3.4.6 - Privilege Escalation

NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities

UliCMS <= v9.8.1 - SQL Injection

OpenDocMan 1.3.4 - CSRF Vulnerability

ATutor 2.2 - Multiple XSS Vulnerabilities

Symphony CMS 2.6.3 Multiple SQL Injection Vulnerabilities

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

Jive Forums <= 5.5.25 - Directory Traversal Vulnerability

Viprinet Multichannel VPN Router 300 - Stored XSS Vulnerabilities

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

3.2.2016

Bugtraq

Security Advisories 2016-02-03
Portcullis Advisories (advisories portcullis-security com)

Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Mezzanine CMS 4.1.0 XSS 2016-02-03
hyp3rlinx lycos com

Mezzanine CMS 4.1.0 Arbitrary File Upload 2016-02-03
hyp3rlinx lycos com

ASUS RT-N56U Persistent XSS 2016-02-02
graphx sigaint org

TimeClock - Multiple SQL Injections 2016-02-02
marcelabx gmail com

[SECURITY] [DSA 3465-1] openjdk-6 security update 2016-02-02
Moritz Muehlenhoff (jmm debian org)

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02
Onur Yilmaz (onur netsparker com)

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)

WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

Win32/Bundpil.DF

Win32/Pastraw.G

Win32/Bruter.C

Win32/Trontoz.C

Win32/Alinaos.E

Win32/Ennumi.A

MSIL/Duawlor.A

Phishing

Tesco Bank

3rd February 2016

PROBLEM WITH YOUR SAVINGS AND
CURRENT

PayPal

2nd February 2016

Important - We noticed unusual
activity in your PayPal Debit
MasterCard - 61922794

Virgin Media

2nd February 2016

Verify your account

USAA

1st February 2016

Confirmation - urgent account
safeguard update

USAA

1st February 2016

Your USAA Checking/Savings
Account Suspicious Activity

Tesco Bank

1st February 2016

Your account has been
suspended

Vulnerebility

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77181

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74733

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77154

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77645

IBM Cognos Business Intelligence Server CVE-2015-1969 Unspecified Cross Site Scripting Vulnerability
2016-02-02
http://www.securityfocus.com/bid/76472

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74665

Libxml2 'parser.c' Buffer Overflow Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77621

libxml2 Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/77681

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77148

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/74241

IBM SDK CVE-2015-1914 Sandbox Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74645

Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79507

Libxml2 'xmlGROW()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79509

libxml2 CVE-2015-7500 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79562

libxml2 CVE-2015-7498 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79548

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74475

Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/72557

Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79508

libxml2 CVE-2015-5312 XML Entity Expansion Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79536

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/75510

Mozilla Firefox MFSA 2016-01 Multiple Memory Corruption Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/81953

SANS News

EMET 5.5 Released

Automating Vulnerability Scans

Threatpost

 

Exploit

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

Jive Forums <= 5.5.25 - Directory Traversal Vulnerability

Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability

Manage Engine Network Configuration Manager Build 11000 - CSRF

eClinicalWorks (CCMR) - Multiple Vulnerabilities

Toshiba Viewer v2 p3console - Local Denial of Service

pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free

2.2.2016

Bugtraq

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02
Onur Yilmaz (onur netsparker com)

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)

WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01
Carlos Alberto Lopez Perez (clopez igalia com)

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3461-1] freetype security update 2016-01-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3462-1] radicale security update 2016-01-30
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3463-1] prosody security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3464-1] rails security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31
jerold v00d00sec com

Malware

Ransom:Win32/Pottieq.A 

PDF/Fraud.AY

Phishing

USAA

1st February 2016

Confirmation - urgent account
safeguard update

USAA

1st February 2016

Your USAA Checking/Savings
Account Suspicious Activity

Tesco Bank

1st February 2016

Your account has been
suspended

Virgin Media

31st January 2016

Verify your account

YVETTE MCKINNEY

31st January 2016

Theres nothing we cant try in
bed

Vulnerebility

 

SANS News

Targeted IPv6 Scans Using pool.ntp.org .

Threatpost

 

Exploit

Toshiba Viewer v2 p3console - Local Denial of Service

Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution

WPS Office < 2016 - .ppt Heap Memory Corruption

WPS Office < 2016 - .doc OneTableDocumentStream Memory Corruption

WPS Office < 2016 - .ppt drawingContainer Memory Corruption

WPS Office < 2016 - .xls Heap Memory Corruption

1.2.2016

Bugtraq

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3461-1] freetype security update 2016-01-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3462-1] radicale security update 2016-01-30
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3463-1] prosody security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3464-1] rails security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31
jerold v00d00sec com

Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-01-30
Stefan Kanthak (stefan kanthak nexgo de)

WP-Comment-Rating XSS Vulnerability 2016-01-30
Rahul Pratap Singh (techno rps gmail com)

OpenXchange | Information Disclosure 2016-01-30
t schughart prosec-networks com

VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-01-30
t schughart prosec-networks com

[SECURITY] [DSA 3460-1] privoxy security update 2016-01-30
Sebastien Delafond (seb debian org)

CVE-2015-5344 - Apache Camel medium disclosure vulnerability 2016-01-30
Claus Ibsen (claus ibsen gmail com)

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

Trojan:O97M/Madeba.A!det 

RANSOM_CRYPTRITU.A

RANSOM_MEMEKAP.A

BKDR_BLACKEN.B

Phishing

Tesco Bank

1st February 2016

Your account has been
suspended

Virgin Media

31st January 2016

Verify your account

YVETTE MCKINNEY

31st January 2016

Theres nothing we cant try in
bed

SOPHIA FISHER

31st January 2016

l like you, handsome

daniel wouters

31st January 2016

DEMANDE SPONTANE D EMPLOIS
LIVREUR CHAUFFEUR MAGASINIER
AUTRE...

Tesco Bank

31st January 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Vulnerebility

 

SANS News

Windows 10 and System Protection for DATA Default is OFF

Threatpost

Data Theft Hole Identified in LG G3 Smartphones

Exploit

iScripts EasyCreate 3.0 - Multiple Vulnerabilities

iScripts EasyCreate 3.0 - Remote Code Execution Exploit

Hippo CMS 10.1 - Multiple Vulnerabilities

x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version v2

Linux x86 Download & Execute Shellcode

x86_64 Linux Polymorphic Execve-Stack - 47 bytes

31.1.2016

 Bugtraq

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access 2016-01-29
security-alert hpe com

Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network 2016-01-29
kingkaustubh me com

[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification 2016-01-29
security-alert hpe com

ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation 2016-01-29
graphx sigaint org

Malware

Win32/Botnachala.B

Win32/Delf.NDF

Phishing

 

Vulnerebility

 

SANS News

All CVE Details at Your Fingertips

Threatpost

 

Exploit

ProjectSend r582 - Multiple Vulnerabilities

x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version

29.1.2016

Bugtraq

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-01-29
Vulnerability Lab (research vulnerability-lab com)

ProjectSend multiple vulnerabilities 2016-01-29
Filippo Cavallarin (filippo cavallarin wearesegment com)

[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) 2016-01-28
security-alert hpe com

[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-28
security-alert hpe com

CVE-2015-7521: Apache Hive authorization bug disclosure 2016-01-28
khorgath apache org (Sushanth Sowmyan)

[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)

New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase 2016-01-28
Hacking Corporation Sàrl (releases hackingcorp ch)

[SECURITY] [DSA 3458-1] openjdk-7 security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3457-1] iceweasel security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

Log2Space Central v 6.2 Multiple XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

Malware

Adware-FakeLand

TrojanSpy:Win32/Nivdort.DI 
TrojanSpy:Win32/Nivdort.DG 
TrojanSpy:Win32/Nivdort.DF 
TrojanSpy:Win32/Nivdort.DE 
TrojanSpy:Win32/Nivdort.DD 
TrojanSpy:Win32/Nivdort.DC 
PWS:MSIL/Silog.A 

Phishing

email update

28th January 2016

SETTINGS

eBay

28th January 2016

donnadixon87 has sent a
message to you

AsianBeauties Team

28th January 2016

Rgwalker, Attractive Asian
Women Looking for Love Now

Vulnerebility

 

SANS News

Scripting Web Categorization

Threatpost

Oracle to Kill Java Browser Plugin

Exploit

Ramui Forum Script 9.0 - SQL Injection Exploit

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion

28.1.2016

Bugtraq

[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)

New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)

HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase 2016-01-28
Hacking Corporation Sàrl (releases hackingcorp ch)

[SECURITY] [DSA 3458-1] openjdk-7 security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3457-1] iceweasel security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)

Log2Space Central v 6.2 Multiple XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Netgear GS105Ev2 - Multiple Vulnerabilities 2016-01-27
benedikt westermann i-sec tuv com

los818 CMS 2016 Q1 - SQL Injection Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Kleefa v1.7 (IR) - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanDownloader:O97M/Skebpac.A 
TrojanDownloader:Win32/Farfli.D 
TrojanDownloader:Win32/Banload.BGD 
TrojanDownloader:Win32/Banload.BGC 

MSIL/PSW.Steam.PR

MSIL/PSW.Steam.PQ

Phishing

AsianBeauties Team

28th January 2016

Rgwalker, Attractive Asian
Women Looking for Love Now

NatWest

27th January 2016

YOUR ACCOUNT HAS BEEN CLOSED

WILMA PEARSON

27th January 2016

Plz f@ck me, handsome

Vulnerebility

 

SANS News

Dridex malspam example from January 2016

Threatpost

Java Serialization Bug Crops Up At PayPal

Exploit

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

OS X Kernel - IOAccelMemoryInfoUserClient Use-After-Free

OS X Kernel - no-more-senders Use-After-Free

OS X - IOBluetoothHCIPacketLogUserClient Memory Corruption

OS X - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution

OS X Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free

iOS/OS X - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

iOS/OS X - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution

iOS Kernel - AppleOscarGyro Use-After-Free

iOS Kernel - AppleOscarAccelerometer Use-After-Free

iOS Kernel - AppleOscarCompass Use-After-Free

iOS Kernel - AppleOscarCMA Use-After-Free

iOS Kernel - IOHIDEventService Use-After-Free

iOS Kernel - IOReportHub Use-After-Free

OS X and iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double Free

OS X and iOS Kernel - iokit Registry Iterator Manipulation Double Free

OSX - io_service_close Use-After-Free

OS X - gst_configure Kernel Buffer Overflow

OS X - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference

OS X Kernel - Hypervisor Driver Use-After-Free

OS X - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference

OS X and iOS Unsandboxable Kernel Use-After-Free in Mach Vouchers

iOS and OS X - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

iOS and OS X Kernel - Double-Delete IOHIDEventQueue::start Code Execution

OS X - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Dereference

OS X - IOHDIXControllerUserClient::convertClientBuffer Integer Overflow

Ramui Forum Script 9.0 - SQL Injection Exploit

Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion

VLC Media Player 2.2.1 - .mp4 Heap Memory Corruption

Netgear WNR1000v4 - Authentication Bypass

27.1.2016

Bugtraq

los818 CMS 2016 Q1 - SQL Injection Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Kleefa v1.7 (IR) - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Classic Infomedia (Login) - Auth Bypass Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Telegram (API) - Cross Site Request Forgery Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Apple WatchOS v2.1 - Denial of Service Vulnerability 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities 2016-01-27
Vulnerability Lab (research vulnerability-lab com)

BK Mobile CMS SQLi and XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3456-1] chromium-browser security update 2016-01-27
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3455-1] curl security update 2016-01-27
Alessandro Ghedini (ghedo debian org)

[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption 2016-01-27
ERPScan inc (erpscan online gmail com)

FreeBSD Security Advisory FreeBSD-SA-16:10.linux 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:09.ntp 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:08.bind 2016-01-27
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3454-1] virtualbox security update 2016-01-26
Moritz Muehlenhoff (jmm debian org)

WP-Ultimate CSV Importer XSS Vulnerability 2016-01-26
Rahul Pratap Singh (techno rps gmail com)

Malware

Win32/TrojanDownloader.Phabeload.E

Win32/Cadelspy.A

Phishing

WILMA PEARSON

27th January 2016

Plz f@ck me, handsome

Outlook Team

27th January 2016

MICROSOFT E-MAIL VERIFICATION
EXTENSION PORTAL

åå?è

26th January 2016

ãå¹èèã中彺¢å ?
åæ ¼å,º¢º¢火火è¿å
å¹

Apple alert

26th January 2016

UPDATE YOUR APPLES ACCOUNT
INFORMATION

CLARA MORAN

26th January 2016

Hey, sexy! Say hello to me

PayPal

25th January 2016

PayPal- Automatic Message

P Service

25th January 2016

IMPORTANT - [ CONFIRM YOUR
ACCOUNT ]

Vulnerebility

 

SANS News

Couple updates and reminders

SYN-ACK Packets With Data

Threatpost

Apple Fixes Cookie Theft Bug in iOS 9.2.1

Apple Fixes Cookie Theft Bug in iOS 9.2.1

Magento Update Addresses XSS, CSRF Vulnerabilities

Amazon Certificate Manager Brings Free SSL Certs to AWS Users

Exploit

Android sensord Local Root Exploit

Android ADB Debug Server Remote Payload Execution

Linux x86/x86_64 tcp_bind Shellcode

Linux x86/x86_64 tcp_bind Shellcode #2

Linux x86/x86_64 Read etc/passwd Shellcode

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection

Gongwalker API Manager 1.1 - Blind SQL Injection

pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap-Based Out-of-Bounds Read

pdfium - opj_j2k_read_mcc (libopenjpeg) Heap-Based Out-of-Bounds Read

Wireshark - iseries_check_file_type Stack-Based Out-of-Bounds Read

Wireshark - dissect_nhdr_extopt Stack-Based Buffer Overflow

Wireshark - hiqnet_display_data Static Out-of-Bounds Read

Wireshark - nettrace_3gpp_32_423_file_open Stack-Based Out-of-Bounds Read

Wireshark dissect_ber_constrained_bitstring Heap-Based Out-of-Bounds Read

Foxit Reader <= 7.2.8.1124 - PDF Parsing Memory Corruption

26.1.2016

Bugtraq

PHP LiteSpeed SAPI out of boundaries read due to missing input validation 2016-01-25
Imre RAD (imre rad search-lab hu)

[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities 2016-01-25
CORE Advisories Team (advisories coresecurity com)

Authentication bypass in PHP File Manager 0.9.8 2016-01-25
Imre Rad (imre rad search-lab hu)

APPLE-SA-2016-01-25-1 tvOS 9.1.1 2016-01-25
Apple Product Security (product-security-noreply lists apple com)

Magento 1.9.x Multiple Man-In The Middle 2016-01-25
cxsecurity protonmail com

glibc catopen() Multiple unbounded stack allocations 2016-01-25
cxsecurity protonmail com

[SECURITY] [DSA 3453-1] mariadb-10.0 security update 2016-01-25
Salvatore Bonaccorso (carnil debian org)

WP Easy Gallery v4.1.4 Stored XSS Vulnerability 2016-01-26
Rahul Pratap Singh (techno rps gmail com)

PHP LiteSpeed SAPI secret key improper disposal 2016-01-25
Imre RAD (imre rad search-lab hu)

PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25
Imre RAD (imre rad search-lab hu)

Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24
zemnmez googlemail com

ZyXel WAP3205 v1 Multiple XSS 2016-01-23
graphx sigaint org

HP ToComMsg DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

Malware

Win32/Coolvidoor.AY

Win32/Delf.SZO

Win32/Filecoder.CryptoWall.A

Win32/Filecoder.CryptoWall.F

Win32/Filecoder.CTBLocker.A

Win32/Filecoder.CTBLocker.B

Phishing

Apple alert

26th January 2016

UPDATE YOUR APPLES ACCOUNT
INFORMATION

CLARA MORAN

26th January 2016

Hey, sexy! Say hello to me

PayPal

25th January 2016

PayPal- Automatic Message

P Service

25th January 2016

IMPORTANT - [ CONFIRM YOUR
ACCOUNT ]

JOHN ABBOTT

25th January 2016

hello Bill

TIFFANY RICE

25th January 2016

Make me sweat

RITA BURNS

25th January 2016

Wanna play with your c0ck

Vulnerebility

 

SANS News

Pentest Time Machine: NMAP + Powershell + whatever tool is next

Threatpost

 

Exploit

 

25.1.2016

Bugtraq

PHP LiteSpeed SAPI secret key improper disposal 2016-01-25
Imre RAD (imre rad search-lab hu)

PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25
Imre RAD (imre rad search-lab hu)

Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24
zemnmez googlemail com

ZyXel WAP3205 v1 Multiple XSS 2016-01-23
graphx sigaint org

HP ToComMsg DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities 2016-01-23
Securify B.V. (lists securify nl)

HP LaserJet Fax Preview DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)

XMB - eXtreme Message Board v1.9.11.13 Weak Crypto 2016-01-23
hyp3rlinx lycos com

imageone Cms Multiple vulnerabilities 2016-01-23
iedb team gmail com

[SECURITY] [DSA 3452-1] claws-mail security update 2016-01-23
Ben Hutchings (benh debian org)

Malware

Ransom:Win32/Rackcrypt.A 
Ransom:MSIL/Tarocrypt.B 
Ransom:MSIL/Tarocrypt.A 
TrojanProxy:Win32/Bunitu.O 
Ransom:MSIL/Tarocrypt 

Phishing

PayPal

25th January 2016

PayPal- Automatic Message

P Service

25th January 2016

IMPORTANT - [ CONFIRM YOUR
ACCOUNT ]

JOHN ABBOTT

25th January 2016

hello Bill

TIFFANY RICE

25th January 2016

Make me sweat

RITA BURNS

25th January 2016

Wanna play with your c0ck

Security Team

25th January 2016

YOUR ACCOUNT IS TEMPORARILY
LOCKED

AOL

25th January 2016

Cant wait for this Sunday
evening! I wanna go and eff
around.

Vulnerebility

 

SANS News

Assessing Remote Certificates with Powershell

Threatpost

 

Exploit

x86_64 Linux xor/not/div Encoded execve Shellcode

Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 (MS16-008)

Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008)

Linux Kernel - prima WLAN Driver Heap Overflow

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection

pfSense Firewall <= 2.2.5 - Config File CSRF

FreeBSD SCTP ICMPv6 Error Processing Vulnerability

24.1.2016

Bugtraq

 

Malware

Ransom:Win32/Rackcrypt.A 

Trojan.Guildma

Linux.Mokes

Exp.CVE-2016-0015

Win32/TrojanDownloader.Tiny.NMO

Win32/TrojanDownloader.Tiny.NMN

Win32/TrojanDownloader.Tiny.NMK

MSIL/PSW.CoinStealer.Y

MSIL/Gruf.A

Win32/Goweh.E

Phishing

Discover

23rd January 2016

Security Notification About
Your Discover Account

PayPal

22nd January 2016

ATTENTION Y0UR ACC0UNT HAS
BEEN LIMITED!

CHARLOTTE SHARP

22nd January 2016

Wanna be f@cked brutally

PayPal

22nd January 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Vulnerebility

 

SANS News

Obfuscated MIME Files

Sigcheck and VirusTotal for Offline Machine

Threatpost

 

Exploit

 

22.1.2016

Bugtraq

January 2016 - Bamboo - Critical Security Advisory 2016-01-22
David Black (dblack atlassian com)

[SECURITY] [DSA 3451-1] fuse security update 2016-01-21
Yves-Alexis Perez (corsac debian org)

Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21
Stefan Kanthak (stefan kanthak nexgo de)

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21
SEC Consult Vulnerability Lab (research sec-consult com)

Oracle HtmlConverter.exe Buffer Overflow 2016-01-21
hyp3rlinx lycos com

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

Malware

TrojanSpy:Win32/Nivdort.DB 
TrojanSpy:Win32/Nivdort.DA 
TrojanSpy:Win32/Nivdort.CZ 

Phishing

PayPal

22nd January 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

AUTO YOUTUBE SERVICE

21st January 2016

Hi, You have missed mails
retrieves

PayPal Security

21st January 2016

YOUR ACCOUNT WILL BE CLOSED

DAISY SPARKS

21st January 2016

We could have the wildest
night

IMMO USA

21st January 2016

DÃSABONNEMENT DE LA
NEWSLETTER

Secure Facebook Notify

21st January 2016

Attention Missed mails
erroneously

Vulnerebility

 

SANS News

Scanning for Fortinet ssh backdoor

Extracting pcap from memory

Threatpost

 

Exploit

 xWPE 1.5.30a-2.1 - Local Buffer Overflow

Oracle HtmlConverter.exe - Buffer Overflow

21.1.2016

Bugtraq

Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21
Stefan Kanthak (stefan kanthak nexgo de)

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21
SEC Consult Vulnerability Lab (research sec-consult com)

Oracle HtmlConverter.exe Buffer Overflow 2016-01-21
hyp3rlinx lycos com

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-1 iOS 9.2.1 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3449-1] bind9 security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19
security-alert hpe com

Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19
Stefan Kanthak (stefan kanthak nexgo de)

Malware

TrojanSpy:MSIL/Dyzinew.A 
TrojanSpy:MSIL/Rastabaf.A 
HackTool:Win32/SmptMailStress 
TrojanDownloader:MSIL/Banload.AN 

Win32/TrojanDownloader.Tiny.NMI

Win32/TrojanDownloader.Tiny.NLK

Win32/TrojanDownloader.Tiny.NMN

Win32/TrojanDownloader.Tiny.NMK

Phishing

Apple Support

20th January 2016

WE MAY DELETE YOUR APPLE
ITUNES ACCOUNT.

ANN FOWLER

20th January 2016

$ex tonight?

Email Administrator

20th January 2016

YOUR EMAIL ACCOUNT WAS
RECENTLY LOGGED INTO FROM
ANOTHER COMPUTER,

PaypaI Service

20th January 2016

YOUR ACCOUNT HAS BEEN LIMITED
UNTIL WE HEAR FROM YOU

PayPal

20th January 2016

[Paypal] : Verification
required

AOL

20th January 2016

update

AOL

19th January 2016

update

PayPal

19th January 2016

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED

Vulnerebility

 

SANS News

 

Threatpost

Oracle Releases Record Number of Security Patches

Dridex Borrows Tricks From Dyre, Targets U.K. Users

Exploit

 

20.1.2016

Bugtraq

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com

Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com

Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org

LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability 2016-01-20
Onur Yilmaz (onur netsparker com)

APPLE-SA-2016-01-19-3 Safari 9.0.3 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-19-1 iOS 9.2.1 2016-01-19
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3449-1] bind9 security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19
security-alert hpe com

Malware

Ransom:Win32/Cryproto.A 
TrojanDownloader:MSIL/Genmaldow.M 
DDoS:MSIL/Loioir.A 
Backdoor:Win32/Aimbot.D 
TrojanDownloader:MSIL/Gurim.A 
Adware:Win32/Chekua 

Phishing

Email Administrator

20th January 2016

YOUR EMAIL ACCOUNT WAS
RECENTLY LOGGED INTO FROM
ANOTHER COMPUTER,

PaypaI Service

20th January 2016

YOUR ACCOUNT HAS BEEN LIMITED
UNTIL WE HEAR FROM YOU

PayPal

20th January 2016

[Paypal] : Verification
required

AOL

20th January 2016

update

AOL

19th January 2016

update

PayPal

19th January 2016

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED

LISA STRICKLAND

19th January 2016

1 New InstaSextMatch

Vulnerebility

 

SANS News

/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!

Threatpost

Bot Fraud to Cost Advertisers $7 Billion in 2016

Apple Releases Patches for iOS, OS X and Safari

Exploit

Linux Kernel REFCOUNT Overflow/Use-After-Free in Keyrings

PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption

19.1.2016

Bugtraq

Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19
Stefan Kanthak (stefan kanthak nexgo de)

[CORE-2016-0001] - Intel Driver Update Utility MiTM 2016-01-19
CORE Advisories Team (advisories coresecurity com)

Quick Cart v6.6 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3448-1] linux security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)

Quick CMS v 6.1 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)

Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 CSRF 2016-01-18
hyp3rlinx lycos com

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan-FHNH

TrojanSpy:Win32/Nivdort.AC 
TrojanSpy:Win32/Pstsca.A 

JS/Redirector.NCK

JS/Redirector

Phishing

Pay-Pal Support

18th January 2016

THERE'S A PROBLEM WITH YOUR
ACCOUNT . MAKE SURE TO RESOLVE
IT SO YOU HAVE FULL ACCESS TO
YOUR ACCOUNT AGAIN

Microsoft

18th January 2016

1 New Message in Secure
Message Center

Vulnerebility

 

SANS News

Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)

Threatpost

 

Exploit

PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption

Advanced Electron Forum 1.0.9 - CSRF Vulnerabilities

18.1.2016

Bugtraq

Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18
hyp3rlinx lycos com

Advanced Electron Forum v1.0.9 CSRF 2016-01-18
hyp3rlinx lycos com

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

Malware

Boot.Pitou.B

Win32/Filecoder.FH

Phishing

Paypal Inc

18th January 2016

œ [PAYPAL] : UPDATE – YOUR
PAYPAL ACCOUNT !

Info

18th January 2016

UPDATE YOUR ACCOUNT
INFORMATIONS !

setting

18th January 2016

UPDATE

AOL

17th January 2016

update

Vulnerebility

 

SANS News

Some useful volatility plugins

Threatpost

 

Exploit

Advanced Electron Forum 1.0.9 - CSRF Vulnerabilities

Advanced Electron Forum 1.0.9 - Persistent XSS Vulnerabilities

Advanced Electron Forum 1.0.9 - RFI / CSRF Vulnerability

WEG SuperDrive G2 12.0.0 - Insecure File Permissions

17.1.2016

Bugtraq

[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)

[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

Malware

 

Phishing

iCloud Helpdesk

17th January 2016

Please review your iCloud ID.

PaypaI

17th January 2016

WARNING! YOU MUST UPDATE ALL
YOUR INFORMATIONS 17/01/2016

PAYPAL

17th January 2016

PayPal

USAA

16th January 2016

1 New Message in Secure
Message Centre

Paypal

16th January 2016

YOUR ACCOUNT HAS BEEN LIMITED
UNTIL WE HEAR FROM YOU. œ
16/01/2016

Service PayPal

16th January 2016

WE HAVE FACED SOME PROBLEMS
WITH YOUR PAY PAL ACCOUNT

Vulnerebility

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77160

Mozilla Network Security Services Memory Corruption and Heap Buffer Overflow Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/77416

TigerVNC Screen Size Handling Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70391

libwmf 'DecodeImage()' Function Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74923

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77415

MPFR 'strtofr.c' Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71542

Firebird CVE-2013-2492 Remote Code Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/58393

Adobe Flash Player and AIR APSB16-01 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/79701

Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/79705

Adobe Flash Player and AIR CVE-2015-8644 Type Confusion Remote Code Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/79704

Adobe Flash Player and AIR APSB16-01 Multiple Memory Corruption Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/79700

Oracle Java SE CVE-2015-4881 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77159

Linux Kernel 'virtio-net' Fragmented Packets Handling Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/76230

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77161

KDE Workspace Arbitrary Command Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70904

Django CVE-2015-8213 Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77750

Linux Kernel CVE-2010-5313 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71363

Linux Kernel CVE-2014-8559 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70854

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2016-01-15
http://www.securityfocus.com/bid/74045

cURL/libcURL CVE-2015-3148 Remote Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74301

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/74241

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77304

netcf CVE-2014-8119 Remote Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/78046

Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71078

cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74299

cups-filters CVE-2015-3279 Remote Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/75557

cups-filters 'texttopdf' Remote Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/75436

SANS News

 

Threatpost

Advantech EKI Vulnerable to Bypass, Possible Backdoor

Exploit

NetSchedScan 1.0 - Crash PoC

phpDolphin <= 2.0.5 - Multiple Vulnerabilities

15.1.2016

Bugtraq

[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)

Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

FreeBSD Security Advisory FreeBSD-SA-16:07.openssh 2016-01-15
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD bsnmpd information disclosure 2016-01-15
Pierre Kim (pierre kim sec gmail com)

Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

FreeBSD Security Advisory FreeBSD-SA-16:05.tcp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:01.sctp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[slackware-security] dhcp (SSA:2016-012-01) 2016-01-13
Slackware Security Team (security slackware com)

Remote Code Execution in Roundcube 2016-01-13
High-Tech Bridge Security Research (advisory htbridge ch)

FreeBSD Security Advisory FreeBSD-SA-16:04.linux 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege 2016-01-13
security-alert hpe com

[SECURITY] [DSA 3444-1] wordpress security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Kasidet.AF

Java/Exploit.Agent.RJN

TrojanDownloader:Win32/Farfli.C 
TrojanSpy:Win32/Nivdort.CW 
TrojanSpy:Win32/Nivdort.CV 
TrojanDownloader:Win32/Silcon.A 

Exp.CVE-2016-0034

Win32/DoS.Agent.NAI

Phishing

service.intl@paypal.com

15th January 2016

ACTION REQUIRED: YOUR ACCOUNT
HAS BEEN LIMITED (ID:
C360-L001-T13037-S111-W0L0000)

NAFCU

14th January 2016

Your account has been
temporary locked !

Heather ODonnell

14th January 2016

....

Service Team

14th January 2016

[IMPORTANT] : YOUR ACCOUNT HAS
BEEN FROZEN !

Vulnerebility


Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77160

Mozilla Network Security Services Memory Corruption and Heap Buffer Overflow Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/77416

TigerVNC Screen Size Handling Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70391

libwmf 'DecodeImage()' Function Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74923

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77415

MPFR 'strtofr.c' Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71542

Firebird CVE-2013-2492 Remote Code Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/58393

Adobe Flash Player and AIR APSB16-01 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/79701

Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/79705

Adobe Flash Player and AIR CVE-2015-8644 Type Confusion Remote Code Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/79704

Adobe Flash Player and AIR APSB16-01 Multiple Memory Corruption Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/79700

Oracle Java SE CVE-2015-4881 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77159

Linux Kernel 'virtio-net' Fragmented Packets Handling Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/76230

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77161

KDE Workspace Arbitrary Command Execution Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70904

Django CVE-2015-8213 Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77750

Linux Kernel CVE-2010-5313 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71363

Linux Kernel CVE-2014-8559 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/70854

NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
2016-01-15
http://www.securityfocus.com/bid/74045

cURL/libcURL CVE-2015-3148 Remote Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74301

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-01-15
http://www.securityfocus.com/bid/74241

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-01-15
http://www.securityfocus.com/bid/77304

netcf CVE-2014-8119 Remote Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/78046

Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
2016-01-15
http://www.securityfocus.com/bid/71078

cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
2016-01-15
http://www.securityfocus.com/bid/74299

cups-filters CVE-2015-3279 Remote Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/75557

cups-filters 'texttopdf' Remote Heap Buffer Overflow Vulnerability
2016-01-15
http://www.securityfocus.com/bid/75436

SANS News

JavaScript Deobfuscation Tool

Threatpost

 

Exploit

phpDolphin <= 2.0.5 - Multiple Vulnerabilities

Roundcube 1.1.3 - Path Traversal Vulnerability

mcart.xls Bitrix Module 6.5.2 - SQL Injection Vulnerability

Amanda <= 3.3.1 - amstar Command Injection Local Root

SevOne NMS <= 5.3.6.0 - Remote Root Exploit

Manage Engine Applications Manager 12 - Multiple Vulnerabilities

Manage Engine Application Manager 12.5 - Arbitrary Command Execution Vulnerability

14.1.2016

Bugtraq

 

Malware

VBS/TrojanDownloader.Agent.NUQ

Win32/Yoddos.CA

Phishing

AOL

14th January 2016

update

PayPal

13th January 2016

YOUR PAYPAI ACCOUNT WILL BE
CLOSED !

Dr.

13th January 2016

BELIEVE ME, RESTORE PERFECT
20/20 VISION IN 7 DAYS
NATURALLY

Vulnerebility

 

SANS News

OpenSSH 7.1p2 released with security fix for CVE-2016-0777

CryptoWall sent by Angler and Neutrino exploit kits or through malicious spam

Threatpost

 

Exploit

SevOne NMS <= 5.3.6.0 - Remote Root Exploit

Manage Engine Applications Manager 12 - Multiple Vulnerabilities

Manage Engine Application Manager 12.5 - Arbitrary Command Execution Vulnerability

Microsoft Office / COM Object DLL Planting with WMALFXGFXDSP.dll (MS-16-007)

Microsoft Windows devenum.dll!DeviceMoniker::Load() - Heap Corruption Buffer Underflow (MS16-007)

13.1.2016

Bugtraq

 

Malware

Trojan.Ransomcrypt.Y

Trojan.Cryptolocker.AC

Backdoor.Chilurat

Trojan.Spymel

Trojan.Dustky

Trojan.Ransomcrypt.Z

Win32/Spy.Pavica.AK

Win32/Duuzer.A

Win32/Spy.Pavica.AC

Win32/Kasidet.AD

Trojan.Ransomcrypt.Z

Trojan.Ransomcrypt.AA

Win32/Yoddos.CA

Phishing

Bank of America

13th January 2016

Important Information
Regarding Your Bank of America
Account

michael swartz

13th January 2016

Executive Careers

service@paypal.co.uk

12th January 2016

Receipt for your PayPal
payment to Toolsave Ltd

Vulnerebility

 

SANS News

You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo

January 2016 Microsoft Patch Tuesday

Threatpost

Denial-of-Service Flaw Patched in DHCP

Exploit

SNScan 1.05 - Scan Hostname/IP Field Buffer Overflow Crash PoC

WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution

12.1.2016

Bugtraq

SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems 2016-01-12
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 3441-1] perl security update 2016-01-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3440-1] sudo security update 2016-01-11
Ben Hutchings (benh debian org)

Exploiting XXE vulnerabilities in AMF libraries 2016-01-11
Nicolas Grgoire (nicolas gregoire agarri fr)

Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
Reed Loden (reed reedloden com)

Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10
fgghy dodo com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

OpenBravo Hibernate HQL Injection 2016-01-11
Ng, Sam \(Fortify\) (samn hpe com)

[SECURITY] [DSA 3439-1] prosody security update 2016-01-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:MSIL/Genmaldow.B 
TrojanDownloader:MSIL/Bladabindi.K 
Backdoor:MSIL/Bladabindi.BI 
HackTool:MSIL/Injector.A 
TrojanDownloader:MSIL/Guplof.D 
TrojanDownloader:Win32/Nymaim.I 
Backdoor:Win32/Htbot.C 
PWS:Win32/Fareit.AH 
Backdoor:Win32/Farfli.DC 
Ransom:JS/Enrume.A 

Phishing

service@paypal.co.uk

12th January 2016

Receipt for your PayPal
payment to Toolsave Ltd

setting

12th January 2016

UPDATE

Dr.

12th January 2016

BELIEVE ME, RESTORE PERFECT
20/20 VISION IN 7 DAYS
NATURALLY

Jim Johnson

12th January 2016

Fw: new message

Microsoft

12th January 2016

[Verification] Update Your
Account Information

Vulnerebility

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities
2016-01-12
http://www.securityfocus.com/bid/78416

Xen CVE-2015-8338 Denial of Service Vulnerability
2016-01-12
http://www.securityfocus.com/bid/78920

Antirez Redis 'lua_struct.c' Integer Overflow Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77507

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/74147

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77160

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2016-01-12
http://www.securityfocus.com/bid/77238

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-01-12
http://www.securityfocus.com/bid/77163

Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
2016-01-12
http://www.securityfocus.com/bid/76452

Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
2016-01-12
http://www.securityfocus.com/bid/65615

Apache ActiveMQ Source Code Information Disclosure Vulnerability
2016-01-12
http://www.securityfocus.com/bid/39636

Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
2016-01-12
http://www.securityfocus.com/bid/59402

ActiveMQ Cron Jobs CVE-2013-1879 HTML Injection Vulnerability
2016-01-12
http://www.securityfocus.com/bid/61142

Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
2016-01-12
http://www.securityfocus.com/bid/39119

Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
2016-01-12
http://www.securityfocus.com/bid/59400

Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
2016-01-12
http://www.securityfocus.com/bid/72511

SANS News

January 2016 Microsoft Patch Tuesday

Threatpost

 

Exploit

FingerTec Fingerprint Reader - Remote Access and Remote Enrollment

FortiGate OS Version 4.x - 5.0.7 - SSH Backdoor

Linux Kernel overlayfs - Local Privilege Escalation

Apple watchOS 2 - Crash PoC

Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow

11.1.2016

Bugtraq

[SECURITY] [DSA 3441-1] perl security update 2016-01-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3440-1] sudo security update 2016-01-11
Ben Hutchings (benh debian org)

Exploiting XXE vulnerabilities in AMF libraries 2016-01-11
Nicolas Grgoire (nicolas gregoire agarri fr)

Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
Reed Loden (reed reedloden com)

Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10
fgghy dodo com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com

OpenBravo Hibernate HQL Injection 2016-01-11
Ng, Sam \(Fortify\) (samn hpe com)

[SECURITY] [DSA 3439-1] prosody security update 2016-01-10
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3438-1] xscreensaver security update 2016-01-10
Michael Gilbert (mgilbert debian org)

CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer 2016-01-11
Stelios Tsampas (stelios census-labs com)

CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent 2016-01-11
Stelios Tsampas (stelios census-labs com)

Malware

TrojanDownloader:JS/Swabfex

SMS/Smishing.D 

Backdoor.Chilurat

Trojan.Spymel

Trojan.Dustky

Phishing

NatWest

11th January 2016

Your account has been closed

AOL

10th January 2016

If you thought you are small
or even your c*ck

AOL

10th January 2016

Are you on Twitter / FB or
Pinterest? If so, watch me

Vulnerebility

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/78734

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/77608

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77618

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78622

Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78209

Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
2016-01-11
http://www.securityfocus.com/bid/76452

Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
2016-01-11
http://www.securityfocus.com/bid/65615

Apache ActiveMQ Source Code Information Disclosure Vulnerability
2016-01-11
http://www.securityfocus.com/bid/39636

Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/59402

ActiveMQ Cron Jobs CVE-2013-1879 HTML Injection Vulnerability
2016-01-11
http://www.securityfocus.com/bid/61142

Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
2016-01-11
http://www.securityfocus.com/bid/39119

Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/59400

Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/72511

Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/59401

PHP PCRE Extension 'trunk/pcre_exec.c' Information Disclosure Vulnerability
2016-01-11
http://www.securityfocus.com/bid/76157

PCRE Regular Expression Handling Heap Buffer Overflow Vulnerability
2016-01-11
http://www.securityfocus.com/bid/76187

Mozilla Firefox Multiple Security Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/79279

PHPMailer 'class.phpmailer.php' Security Bypass Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78619

IBM Installation Manager '/tmp' Local Command Injection Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77558

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77181

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2016-01-11
http://www.securityfocus.com/bid/77192

Cisco Integrated Management Controller CVE-2015-6399 Denial of Service Vulnerability
2016-01-11
http://www.securityfocus.com/bid/79031

Ganeti RESTful Control Interface Information Disclosure and Denial of Service Vulnerabilities
2016-01-11
http://www.securityfocus.com/bid/79787

Lepide Active Directory Self Service Password Reset Security Bypass Vulnerability
2016-01-11
http://www.securityfocus.com/bid/78729

SANS News

BlackEnergy .XLS Dropper

VMware security update

Threatpost

 

Exploit

TrendMicro node.js HTTP Server Listening on localhost Can Execute Commands

Amanda <= 3.3.1 - Local Root Exploit

KeePass Password Safe Classic 1.29 - Crash PoC

Adobe Flash BlurFilter Processing - Out-of-Bounds Memset

Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts

Adobe Flash - Use-After-Free When Setting Stage

10.1.2016

Bugtraq

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-08
Stefan Kanthak (stefan kanthak nexgo de)

MobaXTerm before version 8.5 vulnerability in "jump host" functionality 2016-01-08
Thomas Bleier (thomas bleier at)

[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials 2016-01-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability 2016-01-08
Rahul Pratap Singh (techno rps gmail com)

[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-07
security-alert hpe com

Symantec EP DOS 2016-01-08
hyp3rphp gmail com

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Malware

 

Phishing

Dr.

10th January 2016

BELIEVE ME, RESTORE PERFECT
20/20 VISION IN 7 DAYS
NATURALLY

iCloud-ID

10th January 2016

ID: 502635079

PayPal

9th January 2016

YOUR PAYPAL ACCOUNT HAS BEEN
LIMITED

Dolores Hampton

9th January 2016

1 NEW INSTAHOOKUP ALERT

Vulnerebility


Oracle Java SE CVE-2015-0458 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/74141

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/74111

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77160

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4840 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77242

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4871 Multiple Security Bypass Vulnerabilities
2016-01-10
http://www.securityfocus.com/bid/77238

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77229

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/75895

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77162

Google Chrome Prior to 47.0.2526.80 Multiple Security Vulnerabilities
2016-01-10
http://www.securityfocus.com/bid/78734

Oracle Java SE CVE-2015-0477 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/74119

Kaspersky Antivirus Multiple Memory Corruption Vulnerabilities
2016-01-10
http://www.securityfocus.com/bid/77608

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
2016-01-10
http://www.securityfocus.com/bid/73684

Multiple Kaspersky Products Certificate Handling Directory Traversal Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77616

Multiple Kaspersky Products Local Security Bypass Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77618

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77154

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-01-10
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-01-10
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2016-01-10
http://www.securityfocus.com/bid/78622

Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/74072

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2016-01-10
http://www.securityfocus.com/bid/77148

SANS News

SLOTH, attack on TLS using MD5

Virtual Bitlocker Containers

Threatpost

 

Exploit

WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities

8.1.2016

Bugtraq

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-08
Stefan Kanthak (stefan kanthak nexgo de)

MobaXTerm before version 8.5 vulnerability in "jump host" functionality 2016-01-08
Thomas Bleier (thomas bleier at)

[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials 2016-01-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability 2016-01-08
Rahul Pratap Singh (techno rps gmail com)

[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-07
security-alert hpe com

Symantec EP DOS 2016-01-08
hyp3rphp gmail com

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Malware

Backdoor.Chilurat

Trojan.Spymel

Win32/PSW.Legendmir.AU

Win32/Delf.AM

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities

OpenMRS Reporting Module 0.9.7 - Remote Code Execution

AVM FRITZ!Box < 6.30 - Buffer Overflow

7.1.2016

Bugtraq

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)

[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability 2016-01-07
Daniel Schliebner (mail ds-develop de)

Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603 2016-01-07
Onur Yilmaz (onur netsparker com)

[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow 2016-01-07
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images 2016-01-07
RedTeam Pentesting GmbH (release redteam-pentesting de)

Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-07
Stefan Kanthak (stefan kanthak nexgo de)

[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) 2016-01-07
erlijn vangenuchten syss de

Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-07
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access 2016-01-06
security-alert hpe com

Malware

Trojan.Spymel

Backdoor:MSIL/Corinrat.A 
TrojanDownloader:Win32/Banload.BFZ 
TrojanDownloader:MSIL/Banload.AO 

Phishing

Microsoft

6th January 2016

For security reasons your
accounts has been blocked

Pay-Pal

6th January 2016

[Norton Anti][Shaw Suspected
Junk Email] your PayPal
Account Will Be Closed in 24
Hours.

Vulnerebility

 

SANS News

A recent example of wire transfer fraud

Threatpost

 

Exploit

MediaAccess TG788vn - Unauthenticated File Disclosure

D-Link DCS-931L File Upload

6.1.2016

Bugtraq

[SECURITY] [DSA 3434-1] linux security update 2016-01-05
Ben Hutchings (benh debian org)

[SECURITY] [DSA 3435-1] git security update 2016-01-05
Laszlo Boszormenyi \(GCS\) (gcs debian org)

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

Malware

Exploit:HTML/NeutrinoEK.G 

Phishing

Microsoft

6th January 2016

For security reasons your
accounts has been blocked

Pay-Pal

6th January 2016

[Norton Anti][Shaw Suspected
Junk Email] your PayPal
Account Will Be Closed in 24
Hours.

Pvs Nr

6th January 2016

NATIONAL AUSTRALIA BANK

USAA

6th January 2016

Your USAA Account Has Been
Restricted

Vulnerebility

 

SANS News

toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics

Site Updates: ISC/DShield API and ipinfo_ascii.html Page

What are you Concerned the Most in 2016?

Threatpost

Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack

Exploit

MediaAccess TG788vn - Unauthenticated File Disclosure

TCP Reverse Shell with Password Prompt - 151 bytes

5.1.2016

Bugtraq

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

Open Audit SQL Injection Vulnerability 2016-01-02
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability 2016-01-02
Stefan Seelmann (seelmann apache org)

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

Malware

TrojanSpy:Win32/Ranbyus.R 
Ransom:MSIL/Samas.A

Win32/Bayrob.AQ

Win32/Sazoora.C 

Trojan.Ransomcrypt.Y

Trojan.Cryptolocker.AC

Phishing

TEAM SUPPORT

5th January 2016

Check Your Account !

Important Notice

4th January 2016

[SUPPORT INC] : YOUR PAYPAL
ACCOUNT HAS BEEN LIMITED!

SUPPORT TEAM

4th January 2016

Good day

Mail Server X

4th January 2016

ACCOUNT UPDATE

Vulnerebility

libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
2016-12-31
http://www.securityfocus.com/bid/79811

Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability
2016-12-08
http://www.securityfocus.com/bid/79800

Oracle Java SE CVE-2015-0491 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74094

Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74083

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/71936

Oracle Java SE CVE-2015-0480 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74104

WebKit CVE-2015-7050 Information Disclosure Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78722

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/78726

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/78720

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77524

Xen CVE-2015-8555 Information Disclosure Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77283

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77063

Mozilla Firefox Multiple Security Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/79279

IBM Installation Manager '/tmp' Local Command Injection Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77558

Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79507

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74665

libxml2 CVE-2015-7498 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79548

Libxml2 CVE-2015-1819 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/75570

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78524

Google Android 'PPP Character Device Driver' Local Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77033

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78215

Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79508

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/76960

SANS News

Ransom32: The first javascript ransomware

Threatpost

 

Exploit

Online Airline Booking System - Multiple Vulnerabilities

Simple PHP Polling System - Multiple Vulnerabilities

Ubuntu 14.04 LTS, 15.10 overlayfs - Local Root Exploit

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution

 Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities

PHPIPAM 1.1.010 - Multiple Vulnerabilities

Ganeti - Multiple Vulnerabilities

 

4.1.2016

Bugtraq

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) 2016-01-04
Pierre Kim (pierre kim sec gmail com)

Confluence Vulnerabilities 2016-01-04
Sebastian Perez (s3bap3 gmail com)

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities 2016-01-03
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3433-1] samba security update 2016-01-02
Salvatore Bonaccorso (carnil debian org)

Open Audit SQL Injection Vulnerability 2016-01-02
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability 2016-01-02
Stefan Seelmann (seelmann apache org)

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

Malware

Trojan.Disakil

BrowserModifier:Win32/Shopperz 

Phishing

Mail Server X

4th January 2016

ACCOUNT UPDATE

Diane Lynch

4th January 2016

1 New SexiSnap Alert

Barclays

3rd January 2016

Your account has been revoked

Amazon

3rd January 2016

IMPORTANT ACTIVITY ABOUT YOUR
ACCOUNT YOU'VE MISSED !

Vulnerebility

libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
2016-12-31
http://www.securityfocus.com/bid/79811

Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability
2016-12-08
http://www.securityfocus.com/bid/79800

Oracle Java SE CVE-2015-0491 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74094

Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74083

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/71936

Oracle Java SE CVE-2015-0480 Remote Security Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74104

WebKit CVE-2015-7050 Information Disclosure Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78722

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/78726

WebKit Multiple Unspecified Memory Corruption Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/78720

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77524

Xen CVE-2015-8555 Information Disclosure Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79543

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79579

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77626

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77283

Adobe Flash Player and AIR CVE-2015-7628 Same Origin Policy Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77063

Mozilla Firefox Multiple Security Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/79279

IBM Installation Manager '/tmp' Local Command Injection Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77558

Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79507

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/74665

libxml2 CVE-2015-7498 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79548

Libxml2 CVE-2015-1819 Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/75570

GNU GRUB2 CVE-2015-8370 Multiple Local Authentication Bypass Vulnerabilities
2016-01-04
http://www.securityfocus.com/bid/79358

cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78524

Google Android 'PPP Character Device Driver' Local Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/77033

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2016-01-04
http://www.securityfocus.com/bid/78215

Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
2016-01-04
http://www.securityfocus.com/bid/79508

OpenStack Nova CVE-2015-7713 Security Bypass Vulnerability
2016-01-04
http://www.securityfocus.com/bid/76960

SANS News

Testing for DNS recursion and avoiding being part of DNS amplification attacks

Year End Surveys

Threatpost

 

Exploit

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution

pdfium CPDF_DIBSource::DownSampleScanline32Bit - Heap-Based Out-of-Bounds Read

pdfium CPDF_TextObject::CalcPositionData - Heap-Based Out-of-Bounds Read

pdfium IsFlagSet (v8 memory management) - SIGSEGV

pdfium CPDF_Function::Call - Stack-Based Buffer Overflow

3.1.2016

Bugtraq

 

Malware

 

Phishing

Amazon

2nd January 2016

IMPORTANT ACTIVITY ABOUT YOUR
ACCOUNT YOU'VE MISSED !

Amazon

2nd January 2016

PLEASE CONFIRM YOUR ACCOUNT
FOR AVOID SUSPENSION !

amtoandmxi

2nd January 2016

STANDARD CHARTERED BANK
GERMANY BRANCH

Support

2nd January 2016

WE'RE CONSTANTLY WORKING TO
MAKE YOUR ACCOUNT SAFER ðŸ

Paypal Support

2nd January 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Vulnerebility

 

SANS News

x86_64 Linux bind TCP port shellcode

tcp bindshell with password prompt in 162 bytes

Threatpost

 

Exploit

 

2.1.2016

Bugtraq

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag 2016-01-01
Ralf Spenneberg (info os-t de)

OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S 2016-01-01
Ralf Spenneberg (info os-t de)

[SECURITY] [DSA 3431-1] ganeti security update 2016-01-01
Moritz Muehlenhoff (jmm debian org)

OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders 2016-01-01
Ralf Spenneberg (info os-t de)

[SECURITY] [DSA 3432-1] icedove security update 2016-01-01
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

Support

2nd January 2016

WE'RE CONSTANTLY WORKING TO
MAKE YOUR ACCOUNT SAFER ðŸ

Paypal Support

2nd January 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Natwest

1st January 2016

Your Natwest Account is
Suspended

Capital One 360

1st January 2016

Access Suspended!

Vulnerebility

 

SANS News

A Tip For The Analysis Of MIME Files

Failure Is An Option

Threatpost

 

Exploit