Databáze Hot News 2016 February - 2016 January February March April May June July August September October November December

23.2.2016

Bugtraq

CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM) 2016-02-23
Alexandre Herzog (Alexandre Herzog csnc ch)

CSNC-2016-002 - Open Redirect in OpenAM 2016-02-23
Alexandre Herzog (Alexandre Herzog csnc ch)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-23
Vulnerability Lab (research vulnerability-lab com)

Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SYSS-2015-063] OpenCms - Cross Site Scripting 2016-02-22
rainer boie syss de

Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5346 Apache Tomcat Session fixation 2016-02-22
Mark Thomas (markt apache org)

Malware

Trojan.Cryptolocker.AG

Backdoor:Win32/Degrub.A 
TrojanSpy:MSIL/Zurten.A 
Ransom:Win32/Empercrypt.A 

Phishing

Service@Paypal.co.uk

22nd February 2016

PAYPAL NOTIFICATION: MESSAGE
FOR YOU

Important Notice

22nd February 2016

[SUPPORT INC] : YOUR PAYPAL
ACCOUNT HAS BEEN LIMITED!

Vulnerebility

Linux Kernel CVE-2015-7550 Null Pointer Deference Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79903

Linux Kernel 'fs/fuse/file.c' Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81688

Linux Kernel CVE-2013-4312 Multiple Local Denial of Service Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/82986

Linux Kernel CVE-2016-2069 TLB Flush Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81809

Libxml2 'parser.c' Buffer Overflow Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77621

Google Android Kernel CVE-2015-8543 Null Pointer Deference Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79698

Linux Kernel CVE-2015-8575 Local Information Disclosure Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79724

Linux Kernel Multiple Local Information Disclosure Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/79428

Libxml2 'xmlGROW()' Function Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79509

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-23
http://www.securityfocus.com/bid/74241

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77312

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77528

Linux Kernel Crypto API CVE-2013-7421 Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/72322

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/81329

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2016-02-23
http://www.securityfocus.com/bid/78215

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/75510

ModSecurity 'mod_headers' module Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/66550

Samba CVE-2015-5252 Symlink Vulnerability
2016-02-23
http://www.securityfocus.com/bid/79733

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77524

Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerability
2016-02-23
http://www.securityfocus.com/bid/71078

Linux Kernel Crypto API CVE-2014-9644 Local Security Bypass Vulnerability
2016-02-23
http://www.securityfocus.com/bid/72320

Linux Kernel 'ipc_addid()' Function Local Memory Corruption Vulnerability
2016-02-23
http://www.securityfocus.com/bid/76977

Oracle MySQL Server CVE-2015-4895 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77136

Oracle MySQL Server CVE-2015-4905 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77143

Oracle MySQL Server CVE-2015-4913 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77153

Oracle MySQL Server CVE-2015-4864 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77187

Oracle MySQL Server CVE-2015-4870 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77208

Oracle MySQL Server CVE-2015-4904 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77219

Oracle MySQL Server CVE-2015-4890 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77231

Oracle MySQL Server CVE-2015-4910 Remote Security Vulnerability
2016-02-23
http://www.securityfocus.com/bid/77234

SANS News

VMware VMSA-2016-0002

Threatpost

 

Exploit

 

22.2.2016

Bugtraq

[SYSS-2015-063] OpenCms - Cross Site Scripting 2016-02-22
rainer boie syss de

Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities 2016-02-22
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] CVE-2015-5346 Apache Tomcat Session fixation 2016-02-22
Mark Thomas (markt apache org)

[SECURITY] [DSA 3486-1] chromium-browser security update 2016-02-21
Michael Gilbert (mgilbert debian org)

[security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access 2016-02-20
security-alert hpe com

[SECURITY] [DSA 3485-1] didiwiki security update 2016-02-20
Sebastien Delafond (seb debian org)

Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 2016-02-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

TrojanSpy:Win32/Bancos 

Phishing

SUPPORT

21st February 2016

Please Login to Update Your
Account informations

PayPal

21st February 2016

RE: NOTIFICATION ONLINE

Apple

21st February 2016

APPLE EXPIRATION YOUR ACCOUNT

Vulnerebility

RETIRED: Network Time Protocol CVE-2014-9298 Authentication Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83185

PhpCOIN Multiple Remote File Include Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/19706

Google Chrome Prior to 48.0.2564.109 Multiple Security Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/83125

Honeyd CVE-2006-4292 ARP Packet Processing Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/19614

Google Chrome CVE-2016-1629 Same Origin Policy Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83302

Libgraphite Multiple Security Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/82991

xdelta3 CVE-2014-9765 Local Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83109

CPIO CVE-2016-2037 Out of Bounds Write Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82293

GNU glibc 'strftime()' Function Memory Corruption Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83277

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/83275

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82244

Mozilla Firefox MFSA 2016-01 Multiple Memory Corruption Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/81953

Mozilla Firefox CVE-2016-1935 Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81952

Linux Kernel CVE-2015-5157 Local Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/76005

Linux Kernel CVE-2016-0728 Local Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81054

NTP 'ntp_io.c' Authentication Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72584

Multiple AMX Products CVE-2015-8362 Hardcoded Credentials Security Bypass Vulnerability
2016-02-22
http://www.securityfocus.com/bid/81545

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/83265

Microsoft Internet Explorer CVE-2016-0069 Remote Privilege Escalation Vulnerability
2016-02-22
http://www.securityfocus.com/bid/82665

NTP 'ntp_crypto.c' Information Disclosure Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72583

JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/80035

GNU glibc 'send_dg()' Function Local Information Disclosure Weakness
2016-02-22
http://www.securityfocus.com/bid/72844

GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
2016-02-22
http://www.securityfocus.com/bid/71216

GNU glibc CVE-2015-1781 Multiple Buffer Overflow Vulnerabilities
2016-02-22
http://www.securityfocus.com/bid/74255

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/71670

GNU glibc CVE-2014-8121 Infinite Loop Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/73038

GNU glibc 'swscanf' Local Heap Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/72428

GNU glibc Locale Environment Handling Directory Traversal Vulnerability
2016-02-22
http://www.securityfocus.com/bid/68505

GNU glibc 'iconv()' Denial of Service Vulnerability
2016-02-22
http://www.securityfocus.com/bid/69472

GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
2016-02-22
http://www.securityfocus.com/bid/68983

SANS News

Reducing False Positives with Open Data Sources

Tip: Quick Analysis of Office Maldoc

Threatpost

 

Exploit

 BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities

InstantCoder 1.0 iOS - Multiple Vulnerabilities

Thru Managed File Transfer Portal 9.0.2 - SQL Injection

Core FTP Server 1.2 - Buffer Overflow PoC

Wireshark - dissect_oml_attrs Static Out-of-Bounds Read

Wireshark - add_ff_vht_compressed_beamforming_report Static Out-of-Bounds Read

Wireshark - dissect_ber_set Static Out-of-Bounds Read

21.2.2016

Bugtraq

Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 2016-02-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-02-18
security-alert hpe com

[SECURITY] [DSA 3483-1] cpio security update 2016-02-19
Salvatore Bonaccorso (carnil debian org)

ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Investors Application - Client Side Cross Site Scripting Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Chamilo LMS - Persistent Cross Site Scripting Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability 2016-02-19
Vulnerability Lab (research vulnerability-lab com)

[SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79) 2016-02-19
erlijn vangenuchten syss de

[SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19
erlijn vangenuchten syss de

Malware

Ransom:MSIL/Crydap.A Zabezpečení
Ransom:Win32/Locky.A Zabezpečení

Win32/Filecoder.Locky.A

Phishing

Hotmail

19th February 2016

Microsoft Password Reset

Turbo Tax Team

18th February 2016

YOUR TURBO TAX UPDATE

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Vulnerebility

 

SANS News

Locky: JavaScript Deobfuscation

Hunting for Executable Code in Windows Environments

Threatpost

Joomla Sites Join WordPress As TeslaCrypt Ransomware Target

Exploit

SOLIDserver <=5.0.4 - Local File Inclusion Vulnerability

19.2.2016

Bugtraq

CVE-2015-7521: Apache Hive authorization bug disclosure (update) 2016-02-18
khorgath apache org (Sushanth Sowmyan)

[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) 2016-02-17
security-alert hpe com

[SECURITY] [DSA 3482-1] libreoffice security update 2016-02-17
Sebastien Delafond (seb debian org)

SSO Authentication Bypass and Website Takeover in DOKEOS 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in webSPELL 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in TestLink 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in WeBid 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCommerce 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in Osclass 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCmax 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

Malware

Win32/Filecoder.Locky.A

Android/Locker 

Android/Simplocker 

Android/Koler

Phishing

Turbo Tax Team

18th February 2016

YOUR TURBO TAX UPDATE

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Vulnerebility

 

SANS News

Hunting for Executable Code in Windows Environments

Threatpost

 

Exploit

Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability

Chamilo LMS - Persistent Cross Site Scripting Vulnerability

ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities

XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability

STIMS Buffer - Buffer Overflow SEH - DoS

STIMS Cutter - Buffer Overflow DoS

QuickHeal 16.00 - webssx.sys Driver DoS Vulnerability

Adobe Flash - SimpleButton Creation Type Confusion

Vesta Control Panel <= 0.9.8-15 - Persistent XSS Vulnerability

DirectAdmin 1.491 - CSRF Vulnerability

18.2.2016

Bugtraq

CVE-2015-7521: Apache Hive authorization bug disclosure (update) 2016-02-18
khorgath apaAche org (Sushanth Sowmyan)

[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) 2016-02-17
security-alert hpe com

[SECURITY] [DSA 3482-1] libreoffice security update 2016-02-17
Sebastien Delafond (seb debian org)

SSO Authentication Bypass and Website Takeover in DOKEOS 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in webSPELL 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in TestLink 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in WeBid 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCommerce 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

SQL Injection in Osclass 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

RCE via CSRF in osCmax 2016-02-17
High-Tech Bridge Security Research (advisory htbridge ch)

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

Malware

Ransom:Win32/Locky.A 
TrojanDropper:Win32/Pawxnic.A 

Backdoor.Cloworm

Win32/Spit.8192.E

Phishing

Microsoft

17th February 2016

Informazioni importanti per la
sicurezza Intesa Sanpaolo

PayPal

17th February 2016

[Paypal] : Verification
required

Virgin Media

16th February 2016

YOUR LATEST VIRGIN MEDIA BILL
CANNOT BE PROCESSED

Vulnerebility

 

SANS News

Angler exploit kit generated by "admedia" gates

Threatpost

 

Exploit

JMX2 Email Tester - (save_email.php) Web Shell Upload

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

17.2.2016

Bugtraq

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

Malware

Infostealer.Banprox.B

Backdoor.Redsip.B

Phishing

PayPal

17th February 2016

[Paypal] : Verification
required

Virgin Media

16th February 2016

YOUR LATEST VIRGIN MEDIA BILL
CANNOT BE PROCESSED

Tesco.com.

16th February 2016

Tesco Online Notification.

Vulnerebility

 

SANS News

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo

Threatpost

 

Exploit

JMX2 Email Tester - (save_email.php) Web Shell Upload

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

ManageEngine OPutils 8.0 - Multiple Vulnerabilities

ManageEngine Network Configuration Management Build 11000 - Privilege Escalation

WordPress ALO EasyMail Newsletter Plugin 2.6.01 - CSRF Vulnerability

phpMyBackupPro 2.5 - Remote Command Execution / CSRF

CyberCop Scanner Smbgrind 5.5 - Buffer Overflow

glibc - getaddrinfo Stack-Based Buffer Overflow

16.2.2016

Bugtraq

Redaxo CMS contains multiple vulnerabilities 2016-02-16
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3481-1] glibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3480-1] eglibc security update 2016-02-16
Salvatore Bonaccorso (carnil debian org)

CSRF and XsS In Manage Engine oputils 2016-02-15
kingkaustubh me com

Privilege escalation Vulnerability in ManageEngine oputils 2016-02-15
kingkaustubh me com

Missing Function Level Access control Vulnerability in OPutils 2016-02-15
kingkaustubh me com

[SECURITY] [DSA 3478-1] libgcrypt11 security update 2016-02-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3479-1] graphite2 security update 2016-02-15
Moritz Muehlenhoff (jmm debian org)

CyberCop Scanner Smbgrind v5.5 Buffer Overflow 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 Remote Command Execution / CSRF 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 Arbitrary File Upload 2016-02-16
hyp3rlinx lycos com

phpMyBackupPro v.2.5 XSS 2016-02-16
hyp3rlinx lycos com

BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware 2016-02-15
Blue Frost Security Research Lab (research bluefrostsecurity de)

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

Malware

Backdoor:Win64/Swoorp.A 

Backdoor.Contopee

Infostealer.Banprox.B

Phishing

Tesco.com.

16th February 2016

Tesco Online Notification.

Amazon

15th February 2016

IMPORTANT UPDATES FROM AMAZON

Tesco Bank

15th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

Santander UK

15th February 2016

SANTANDER ALERTS SERVICE
UPDATE

Vulnerebility

 

SANS News

CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo

Exploiting (pretty) blind SQL injections

Threatpost

 

Exploit

 

15.2.2016

Bugtraq

BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware 2016-02-15
Blue Frost Security Research Lab (research bluefrostsecurity de)

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

[SECURITY] [DSA 3477-1] iceweasel security update 2016-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3475-1] postgresql-9.1 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution 2016-02-12
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 3476-1] postgresql-9.4 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

[ERPSCAN-15-032] SAP PCo agent â?? DoS vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

Malware

Ransom:Win32/DMALocker.A 
Backdoor:Win32/Qakbot.T 
Win32/Qakbot 

Phishing

Santander UK

15th February 2016

SANTANDER ALERTS SERVICE
UPDATE

Paypal Support

14th February 2016

REMINDER: YOUR ACCOUNT WILL BE
LIMITED UNTIL WE HEAR FROM YOU

PayPaI Inc

14th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

SUPPORT

14th February 2016

Warning! You must update all
your informations 14/02/2016

Vulnerebility

 

SANS News

More Multi-Architecture IoT Malware

Threatpost

 

Exploit

Tiny Tiny RSS - Blind SQL Injection

Windows Kerberos Security Feature Bypass (MS16-014)

Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow Exploit

Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040)

Alternate Pic View 2.150 - .pgm Crash PoC

Ntpd <= ntp-4.2.6p5 - ctl_putdata() Buffer Overflow

Network Scanner Version 4.0.0.0 - SEH Crash POC

13.2.2016

Bugtraq

Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14
Xymon Software (henrik xymon com)

[SECURITY] [DSA 3477-1] iceweasel security update 2016-02-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3475-1] postgresql-9.1 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution 2016-02-12
KoreLogic Disclosures (disclosures korelogic com)

[SECURITY] [DSA 3476-1] postgresql-9.4 security update 2016-02-13
Salvatore Bonaccorso (carnil debian org)

[ERPSCAN-15-032] SAP PCo agent â?? DoS vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-031] SAP MII â?? Encryption Downgrade vulnerability 2016-02-12
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3474-1] libgcrypt20 security update 2016-02-12
Salvatore Bonaccorso (carnil debian org)

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

Paypal Support

14th February 2016

REMINDER: YOUR ACCOUNT WILL BE
LIMITED UNTIL WE HEAR FROM YOU

PayPaI Inc

14th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

SUPPORT

14th February 2016

Warning! You must update all
your informations 14/02/2016

PayPaI Inc

13th February 2016

YOUR ACCOUNT HAS BEEN IIMITED
UNTII WE HEAR FROM YOU

Desiree Benson

13th February 2016

DIRTY TALK AND HOOK UP

Vulnerebility

 

SANS News

VMware VMSA-2015-0007.3 has been Re-released

Threatpost

 

Exploit

 

12.2.2016

Bugtraq

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) 2016-02-12
Berend-Jan Wever (berendjanwever gmail com)

[slackware-security] mozilla-firefox (SSA:2016-042-01) 2016-02-11
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3473-1] nginx security update 2016-02-11
Salvatore Bonaccorso (carnil debian org)

Re: [oss-security] HTTPS Only (Open Source, Python) 2016-02-11
P J P (ppandit redhat com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-11
Securify B.V. (lists securify nl)

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)

MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor:Win32/Qakbot.T 
Win32/Qakbot 

Win32/Gremo.3302

Phishing

THE CO-OPERATIVE PLC

12th February 2016

Fix The Error On Your Account.

Apple Online Support

10th February 2016

Apple Account Locked.

Amazon

9th February 2016

Important updates from Amazon

NatWest

9th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

11.2.2016

Bugtraq

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)

MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)

ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org

dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com

Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

Malware

 

Phishing

 

Vulnerebility

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75895

Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77340

Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
2016-02-11
http://www.securityfocus.com/bid/78219

Linux kernel CVE-2013-7446 Use After Free Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77638

PHP 'xsltprocessor.c' Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76733

PHP 'valuePop()' Function Null Pointer Deference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76738

PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/76649

PHP 'php_var_unserialize()' Function Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/76734

PHP CVE-2015-4642 OS Command Injection Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75290

PHP CVE-2015-4598 Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/75244

PHP CVE-2015-6831 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/76737

PHP NULL Character CVE-2015-4025 Incomplete Fix Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/74904

PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/74903

PHP 'process_nested_data()' Function Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/73431

PHP CVE-2015-0273 Use After Free Remote Code Execution Vulnerability
2016-02-11
http://www.securityfocus.com/bid/72701

PHP CVE-2015-3411 Null Character Security Bypass Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75255

PHP NULL Character CVE-2015-3412 Multiple Security Bypass Vulnerabilities
2016-02-11
http://www.securityfocus.com/bid/75250

PHP PHAR CVE-2015-2783 Remote Memory Corruption Vulnerability
2016-02-11
http://www.securityfocus.com/bid/74239

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/75158

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77304

Oracle Java SE CVE-2016-0448 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81123

Oracle Java SE CVE-2016-0402 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81096

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-02-11
http://www.securityfocus.com/bid/79684

Oracle Java SE and JRockit CVE-2016-0466 Remote Security Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81118

QEMU 'ui/vnc.c' Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/78708

QEMU 'eepro100.c' Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/77985

QEMU CVE-2015-8558 Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/80694

QEMU 'hw/pci/msix.c' Null Pointer Dereference Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/80761

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-02-11
http://www.securityfocus.com/bid/81329

SANS News

Critical Cisco ASA IKEv2/v2 Vulnerability. Active Scanning Detected

Tomcat IR with XOR.DDoS

Threatpost

Vitaly Kamluk on the Adwind RAT

Exploit

File Replication Pro <= 7.2.0 - Multiple Vulnerabilities

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnerability

Deepin Linux 15 - lastore-daemon Privilege Escalation

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

10.2.2016

Bugtraq

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)

VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)

ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org

dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com

Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com

[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Bayrob.BM

MSIL/Filecoder.CryptoJoker.A

Phishing

Apple Online Support

10th February 2016

Apple Account Locked.

Amazon

9th February 2016

Important updates from Amazon

NatWest

9th February 2016

YOUR ACCOUNT HAS BEEN CLOSED

SKY

9th February 2016

Second Notice from Sky -
Update immediately your
account or it will be deleted!

service@e.paypal.com

9th February 2016

WE'RE INVESTIGATING YOUR
ACCOUNT ACTIVITY PAYPAL.

Vulnerebility

 

SANS News

Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor

Adobe Patch Tuesday - February 2016

Threatpost

 

Exploit

D-Link DCS-930L Authenticated Remote Command Execution

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnerability

Yeager CMS 1.2.1 - Multiple Vulnerabilities

Deepin Linux 15 - lastore-daemon Privilege Escalation

Microsoft Windows WebDAV BSoD PoC (MS-016)

PotPlayer 1.6.5x - .mp3 Crash PoC

9.2.2016

Bugtraq

Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com

[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3470-1] qemu-kvm security update 2016-02-08
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3469-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3471-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)

WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #4 - (name) Persistent Validation Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #5 - Persistent Filename Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

service@e.paypal.com

9th February 2016

WE'RE INVESTIGATING YOUR
ACCOUNT ACTIVITY PAYPAL.

Tesco Bank

8th February 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Mary Alonzo

8th February 2016

Automated confirmation from
Western Union Speedpay

Vulnerebility

 

SANS News

Microsoft February 2016 Patch Tuesday

Out-of Order Java Update

Threatpost

 

Exploit

Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption

Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2

Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption

dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability

WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure

WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation

WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload

WordPress Booking Calendar Contact Form Plugin <= 1.0.23 - Multiple Vulnerabilities

8.2.2016

Bugtraq

WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #4 - (name) Persistent Validation Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Getdpd BB #5 - Persistent Filename Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)

Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) 2016-02-08
Ralf Spenneberg (info os-t de)

Symphony CMS multiple vulnerabilities 2016-02-08
Filippo Cavallarin (filippo cavallarin wearesegment com)

WordPress User Meta Manager Plugin [Information Disclosure] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)

Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-02-07
Stefan Kanthak (stefan kanthak nexgo de)

CFP: SIN 2016 - 9th International Conference on Security of Information and Networks 2016-02-07
Hossain Shahriar (hshahria kennesaw edu)

[SECURITY] [DSA 3468-1] polarssl security update 2016-02-06
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3467-1] tiff security update 2016-02-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Tesco Bank

8th February 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Mary Alonzo

8th February 2016

Automated confirmation from
Western Union Speedpay

Felicia Haines

8th February 2016

31,842.29 a day with ZERO work
(details inside)

Vulnerebility

 

SANS News

More Malicious JavaScript Obfuscation

Threatpost

 

Exploit

 

6.2.2016

Bugtraq

 

Malware

 

Phishing

CHARLENE FIGUEROA

6th February 2016

Make me sweat

NatWest

6th February 2016

Your account has been closed

Security-Team

6th February 2016

PLEASE CHECK YOUR ACCOUNT !

Apple Support ©

6th February 2016

YOUR ACCOUNT WILL BE CLOSED

National

6th February 2016

FedEx International #3829

Vulnerebility

 

SANS News

DDOS is down, but still a concern for ISPs

Threatpost

 

Exploit

 

5.2.2016

Bugtraq

CVE-2015-3252: Apache CloudStack VNC authentication issue 2016-02-05
John Kinsella (jlk thrashyour com)

CVE-2015-3251: Apache CloudStack VM Credential Exposure 2016-02-05
John Kinsella (jlk thrashyour com)

[SECURITY] [DSA 3466-1] krb5 security update 2016-02-04
Salvatore Bonaccorso (carnil debian org)

WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04
Slackware Security Team (security slackware com)

AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04
Asterisk Security Team (security asterisk org)

[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04
Pedro Ribeiro (pedrib gmail com)

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03
David Coomber (davidcoomber infosec gmail com)

Malware

JS/TrojanDownloader.Agent.OFN

Win32/Dridex.AA

Phishing

CUSTOMER INFORMATION

4th February 2016

Customer Information

PayPal Secure

4th February 2016

Temporarily unable to load
your account

Amazon Security Team

4th February 2016

Account verification

Chase Support

4th February 2016

NEW MESSAGE REGARDING YOUR
CHASE ACCOUNT (REF
#CHS-852-992-)

Vulnerebility

 

SANS News

A trip through the spam filters: more malspam with zip attachments containing .js files

Threatpost

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Exploit

 

4.2.2016

Bugtraq

WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

[slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04
Slackware Security Team (security slackware com)

AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04
Asterisk Security Team (security asterisk org)

AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04
Asterisk Security Team (security asterisk org)

[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04
Pedro Ribeiro (pedrib gmail com)

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03
David Coomber (davidcoomber infosec gmail com)

Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Security Advisories 2016-02-03
Portcullis Advisories (advisories portcullis-security com)

Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Malware

JS/TrojanDownloader.Agent.OFN

Phishing

VISA

3rd February 2016

Australia Carnival Cruise job
Vacancy (Apply Now)

Tesco Bank

3rd February 2016

PROBLEM WITH YOUR SAVINGS AND
CURRENT

PayPal

2nd February 2016

Important - We noticed unusual
activity in your PayPal Debit
MasterCard - 61922794

Virgin Media

2nd February 2016

Verify your account

Vulnerebility

 

SANS News

Fake Adobe Flash Update OS X Malware

Threatpost

eBay Vulnerability Exposes Users to Phishing, Data Theft

Exploit

FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow

GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities

DLink DVG­N5402SP - Multiple Vulnerabilities

WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection

WordPress User Meta Manager Plugin 3.4.6 - Privilege Escalation

NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities

UliCMS <= v9.8.1 - SQL Injection

OpenDocMan 1.3.4 - CSRF Vulnerability

ATutor 2.2 - Multiple XSS Vulnerabilities

Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

Jive Forums <= 5.5.25 - Directory Traversal Vulnerability

Viprinet Multichannel VPN Router 300 - Stored XSS Vulnerabilities

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

3.2.2016

Bugtraq

Security Advisories 2016-02-03
Portcullis Advisories (advisories portcullis-security com)

Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)

Mezzanine CMS 4.1.0 XSS 2016-02-03
hyp3rlinx lycos com

Mezzanine CMS 4.1.0 Arbitrary File Upload 2016-02-03
hyp3rlinx lycos com

ASUS RT-N56U Persistent XSS 2016-02-02
graphx sigaint org

TimeClock - Multiple SQL Injections 2016-02-02
marcelabx gmail com

[SECURITY] [DSA 3465-1] openjdk-6 security update 2016-02-02
Moritz Muehlenhoff (jmm debian org)

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02
Onur Yilmaz (onur netsparker com)

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)

WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

Win32/Bundpil.DF

Win32/Pastraw.G

Win32/Bruter.C

Win32/Trontoz.C

Win32/Alinaos.E

Win32/Ennumi.A

MSIL/Duawlor.A

Phishing

Tesco Bank

3rd February 2016

PROBLEM WITH YOUR SAVINGS AND
CURRENT

PayPal

2nd February 2016

Important - We noticed unusual
activity in your PayPal Debit
MasterCard - 61922794

Virgin Media

2nd February 2016

Verify your account

USAA

1st February 2016

Confirmation - urgent account
safeguard update

USAA

1st February 2016

Your USAA Checking/Savings
Account Suspicious Activity

Tesco Bank

1st February 2016

Your account has been
suspended

Vulnerebility

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77164

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77181

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74733

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77154

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77645

IBM Cognos Business Intelligence Server CVE-2015-1969 Unspecified Cross Site Scripting Vulnerability
2016-02-02
http://www.securityfocus.com/bid/76472

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74665

Libxml2 'parser.c' Buffer Overflow Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77621

libxml2 Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/77681

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2016-02-02
http://www.securityfocus.com/bid/77148

libxml2 'parser.c' Out of Bounds Read Multiple Information Disclosure Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/74241

IBM SDK CVE-2015-1914 Sandbox Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74645

Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79507

Libxml2 'xmlGROW()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79509

libxml2 CVE-2015-7500 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79562

libxml2 CVE-2015-7498 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79548

Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/74475

Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
2016-02-02
http://www.securityfocus.com/bid/72557

Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79508

libxml2 CVE-2015-5312 XML Entity Expansion Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/79536

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-02-02
http://www.securityfocus.com/bid/75510

Mozilla Firefox MFSA 2016-01 Multiple Memory Corruption Vulnerabilities
2016-02-02
http://www.securityfocus.com/bid/81953

SANS News

EMET 5.5 Released

Automating Vulnerability Scans

Threatpost

 

Exploit

Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities

Jive Forums <= 5.5.25 - Directory Traversal Vulnerability

Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability

Manage Engine Network Configuration Manager Build 11000 - CSRF

eClinicalWorks (CCMR) - Multiple Vulnerabilities

Toshiba Viewer v2 p3console - Local Denial of Service

pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free

2.2.2016

Bugtraq

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02
Onur Yilmaz (onur netsparker com)

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)

WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01
Carlos Alberto Lopez Perez (clopez igalia com)

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3461-1] freetype security update 2016-01-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3462-1] radicale security update 2016-01-30
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3463-1] prosody security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3464-1] rails security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31
jerold v00d00sec com

Malware

Ransom:Win32/Pottieq.A 

PDF/Fraud.AY

Phishing

USAA

1st February 2016

Confirmation - urgent account
safeguard update

USAA

1st February 2016

Your USAA Checking/Savings
Account Suspicious Activity

Tesco Bank

1st February 2016

Your account has been
suspended

Virgin Media

31st January 2016

Verify your account

YVETTE MCKINNEY

31st January 2016

Theres nothing we cant try in
bed

Vulnerebility

 

SANS News

Targeted IPv6 Scans Using pool.ntp.org .

Threatpost

 

Exploit

Toshiba Viewer v2 p3console - Local Denial of Service

Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution

WPS Office < 2016 - .ppt Heap Memory Corruption

WPS Office < 2016 - .doc OneTableDocumentStream Memory Corruption

WPS Office < 2016 - .ppt drawingContainer Memory Corruption

WPS Office < 2016 - .xls Heap Memory Corruption

1.2.2016

Bugtraq

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3461-1] freetype security update 2016-01-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3462-1] radicale security update 2016-01-30
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3463-1] prosody security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3464-1] rails security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)

eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31
jerold v00d00sec com

Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-01-30
Stefan Kanthak (stefan kanthak nexgo de)

WP-Comment-Rating XSS Vulnerability 2016-01-30
Rahul Pratap Singh (techno rps gmail com)

OpenXchange | Information Disclosure 2016-01-30
t schughart prosec-networks com

VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-01-30
t schughart prosec-networks com

[SECURITY] [DSA 3460-1] privoxy security update 2016-01-30
Sebastien Delafond (seb debian org)

CVE-2015-5344 - Apache Camel medium disclosure vulnerability 2016-01-30
Claus Ibsen (claus ibsen gmail com)

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

Trojan:O97M/Madeba.A!det 

RANSOM_CRYPTRITU.A

RANSOM_MEMEKAP.A

BKDR_BLACKEN.B

Phishing

Tesco Bank

1st February 2016

Your account has been
suspended

Virgin Media

31st January 2016

Verify your account

YVETTE MCKINNEY

31st January 2016

Theres nothing we cant try in
bed

SOPHIA FISHER

31st January 2016

l like you, handsome

daniel wouters

31st January 2016

DEMANDE SPONTANéE D EMPLOIS
LIVREUR CHAUFFEUR MAGASINIER
AUTRE...

Tesco Bank

31st January 2016

YOUR ACCOUNT HAS BEEN
SUSPENDED

Vulnerebility

 

SANS News

Windows 10 and System Protection for DATA Default is OFF

Threatpost

Data Theft Hole Identified in LG G3 Smartphones

Exploit

iScripts EasyCreate 3.0 - Multiple Vulnerabilities

iScripts EasyCreate 3.0 - Remote Code Execution Exploit

Hippo CMS 10.1 - Multiple Vulnerabilities

x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version v2

Linux x86 Download & Execute Shellcode

x86_64 Linux Polymorphic Execve-Stack - 47 bytes