Databáze Hot News 2017 October - 2017 January February March April May June July August September October November December

30.10.2017

Bugtraq

VulnWatch] Advisory 02/2002: PHP remote vulnerability 2017-10-27
e-matters Security (security e-matters de)

Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996) 2017-10-26
VSR Advisories (advisories vsecurity com)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Remember ACE files?

Critical Patch For Oracle's Identity Manager

Threatpost

 

Exploint

MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation

Online Exam Test Application - 'sort' SQL Injection

Php Inventory - Arbitrary File Upload

Vastal I-Tech Agent Zone - SQL Injection

Website Broker Script - 'status_id' SQL Injection

Zomato Clone Script - 'resid' SQL Injection

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

29.10.2017

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

"Catch-All" Google Chrome Malicious Extension Steals All Posted Data

Threatpost

Rockwell Automation Patches Wireless Access Point against Krack

Apache OpenOffice Update Patches Four Vulnerabilities

Exploint

Tizen Studio 1.3 Smart Development Bridge < 2.3.2 - Buffer Overflow (PoC)

Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference

27.10.2017

Bugtraq

VulnWatch] Advisory 02/2002: PHP remote vulnerability 2017-10-27
e-matters Security (security e-matters de)

Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996) 2017-10-26
VSR Advisories (advisories vsecurity com)

October 2017 - Bamboo - Critical Security Advisory 2017-10-26
Atlassian (security atlassian com)

KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

SECURITY] DSA 4006-1] mupdf security update 2017-10-24
Luciano Bello (luciano debian org)

security bulletin] HPESBHF03779 rev.1 - HPE Fabric OS using OpenSSH, Denial of Service 2017-10-23
HPE Product Security Response Team (security-alert hpe com)

SECURITY] DSA 4003-1] libvirt security update 2017-10-19
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Michael David

26th October 2017

Please view this important
document

Vulnerebility

WPA2 Key Reinstallation Multiple Security Weaknesses
2017-10-27
http://www.securityfocus.com/bid/101274

MIT krb5 CVE-2017-15088 Remote Buffer Overflow Vulnerability
2017-10-27
http://www.securityfocus.com/bid/101594

Google Chrome CVE-2017-5090 Security Bypass Vulnerability
2017-10-27
http://www.securityfocus.com/bid/101591

IBM Jazz Foundation CVE-2017-1164 Cross Site Scripting Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101586

OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2017-10-26
http://www.securityfocus.com/bid/92212

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101552

Google V8 CVE-2017-15396 Stack Based Buffer Overflow Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101597

GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101592

GNU wget CVE-2017-13090 Heap Buffer Overflow Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101590

Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
2017-10-26
http://www.securityfocus.com/bid/101585

Multiple Pivotal Products CVE-2015-5170 Cross Site Request Forgery Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101579

ProxySG and ASG CVE-2016-9097 Remote Authorization Bypass Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101530

IBM DOORS Next Generation CVE-2017-1169 Cross Site Scripting Vulnerability
2017-10-25
http://www.securityfocus.com/bid/101593

SANS News

Ursnif Banking Trojan Spreading In Japan

Two Critical Vulnerabilities Found In Inmarsat’s SATCOM Systems

Threatpost

 

Exploint

HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow

PHPMailer < 5.2.21 - Local File Disclosure

Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference

26.10.2017

Bugtraq

October 2017 - Bamboo - Critical Security Advisory 2017-10-26
Atlassian (security atlassian com)

KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

SECURITY] DSA 4006-1] mupdf security update 2017-10-24
Luciano Bello (luciano debian org)

Malware

 

Phishing

 

Vulnerebility

OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2017-10-26
http://www.securityfocus.com/bid/92212

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101552

IBM Storwize V7000 CVE-2017-1375 Unified Information Disclosure Vulnerability
2017-10-25
http://www.securityfocus.com/bid/101561

TYPO3 Core TYPO3-SA-2010-012 Multiple Remote Security Vulnerabilities
2017-10-24
http://www.securityfocus.com/bid/42029

Redis CVE-2016-10517 Cross Site Scripting Vulnerability
2017-10-24
http://www.securityfocus.com/bid/101572

IBM BigFix Platform Multiple Security Vulnerabilities
2017-10-24
http://www.securityfocus.com/bid/101571

IBM OpenPages GRC Platform CVE-2016-3049 HTML Injection Vulnerability
2017-10-24
http://www.securityfocus.com/bid/101568

SANS News

Macro-less Code Execution in MS Word

Threatpost

Hackers Prepping IOTroop Botnet with Exploits

BadRabbit Ransomware Attacks Hitting Russia, Ukraine

Exploint

Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

25.10.2017

Bugtraq

KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation 2017-10-24
KoreLogic Disclosures (disclosures korelogic com)

SECURITY] DSA 4006-1] mupdf security update 2017-10-24
Luciano Bello (luciano debian org)

security bulletin] HPESBHF03779 rev.1 - HPE Fabric OS using OpenSSH, Denial of Service 2017-10-23
HPE Product Security Response Team (security-alert hpe com)

SECURITY] DSA 4003-1] libvirt security update 2017-10-19
Salvatore Bonaccorso (carnil debian org)

SECURITY] DSA 4002-1] mysql-5.5 security update 2017-10-19
Salvatore Bonaccorso (carnil debian org)

Malware

Ransom.BadRabbit

VBS.Downloader.C

Phishing

 

Vulnerebility

TYPO3 Core TYPO3-SA-2010-012 Multiple Remote Security Vulnerabilities
2017-10-24
http://www.securityfocus.com/bid/42029

Infineon RSA Library CVE-2017-15361 Cryptographic Security Bypass Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101484

Symantec Endpoint Encryption CVE-2017-13675 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101089

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101544

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2017-10-23
http://www.securityfocus.com/bid/101539

Jenkins Active Choices Plugin HTML Injection Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101538

Jenkins SCP Publisher Plugin SSH credentials Information Disclosure Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101537

cURL/libcURL CVE-2017-1000257 Buffer Overflow Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101519

Symantec Endpoint Encryption CVE-2017-13683 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101498

Symantec Encryption Desktop CVE-2017-13682 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101497

Foxit Reader CVE-2017-15771 Remote Buffer Overflow Vulnerability
2017-10-22
http://www.securityfocus.com/bid/101549

Foxit Reader CVE-2017-15770 Remote Buffer Overflow Vulnerability
2017-10-22
http://www.securityfocus.com/bid/101540

GNU glibc CVE-2017-15804 Heap Buffer Overflow Vulnerability
2017-10-22
http://www.securityfocus.com/bid/101535

Multiple F5 BIG-IP Products CVE-2017-6165 Local Information Disclosure Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101543

Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101532

Cisco AMP for Endpoints CVE-2017-12317 Local Privilege Escalation Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101520

FFmpeg CVE-2017-15186 Denial of Service Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101518

GNU glibc CVE-2017-15671 Local Denial of Service Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101517

Oracle E-Business Suite CVE-2017-10416 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101303

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91453

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95813

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/70988

Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98888

PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/65727

Wireshark TN5250 Dissector CVE-2014-8714 Infinite Loop Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/71072

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/68348

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95814

SANS News

DUHK attack, continuing a week of named issues

Threatpost

BadRabbit Ransomware Attacks Hitting Russia, Ukraine

Whois Maintainer Accidentally Makes Password Hashes Available For Download

Exploit

 

24.10.2017

Bugtraq

security bulletin] HPESBHF03779 rev.1 - HPE Fabric OS using OpenSSH, Denial of Service 2017-10-23
HPE Product Security Response Team (security-alert hpe com)

SECURITY] DSA 4003-1] libvirt security update 2017-10-19
Salvatore Bonaccorso (carnil debian org)

SECURITY] DSA 4002-1] mysql-5.5 security update 2017-10-19
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2017-11826

Phishing

 

Vulnerebility

TYPO3 Core TYPO3-SA-2010-012 Multiple Remote Security Vulnerabilities
2017-10-24
http://www.securityfocus.com/bid/42029

Infineon RSA Library CVE-2017-15361 Cryptographic Security Bypass Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101484

Symantec Endpoint Encryption CVE-2017-13675 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101089

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101544

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2017-10-23
http://www.securityfocus.com/bid/101539

Jenkins Active Choices Plugin HTML Injection Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101538

Jenkins SCP Publisher Plugin SSH credentials Information Disclosure Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101537

cURL/libcURL CVE-2017-1000257 Buffer Overflow Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101519

Symantec Endpoint Encryption CVE-2017-13683 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101498

Symantec Encryption Desktop CVE-2017-13682 Denial-of-Service Vulnerability
2017-10-23
http://www.securityfocus.com/bid/101497

Foxit Reader CVE-2017-15770 Remote Buffer Overflow Vulnerability
2017-10-22
http://www.securityfocus.com/bid/101540

GNU glibc CVE-2017-15804 Heap Buffer Overflow Vulnerability
2017-10-22
http://www.securityfocus.com/bid/101535

Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101532

Cisco AMP for Endpoints CVE-2017-12317 Local Privilege Escalation Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101520

FFmpeg CVE-2017-15186 Denial of Service Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101518

GNU glibc CVE-2017-15671 Local Denial of Service Vulnerability
2017-10-20
http://www.securityfocus.com/bid/101517

Oracle E-Business Suite CVE-2017-10416 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101303

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91453

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95813

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/70988

Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98888

PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/65727

Wireshark TN5250 Dissector CVE-2014-8714 Infinite Loop Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/71072

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/68348

SANS News

BadRabbit: New ransomware wave hitting RU & UA

Stop relying on file extensions

Threatpost

Latest Sofacy Campaign Targeting Security Researchers

Exploit

Polycom - Command Shell Authorization Bypass (Metasploit)

Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution...

Unitrends UEB 9 - http api/storage Remote Root (Metasploit)

Ayukov NFTP FTP Client < 2.0 - Buffer Overflow

FS OLX Clone - 'catg_id' SQL Injection

FS Lynda Clone - 'category' SQL Injection

FS Indiamart Clone - 'keywords' SQL Injection

FS Groupon Clone - 'category' SQL Injection

FS Freelancer Clone - 'sk' SQL Injection

FS Expedia Clone - 'hid' SQL Injection

FS Food Delivery Script - 'keywords' SQL Injection

Mikogo 5.4.1.160608 - Local Credentials Disclosure

23.10.2017

Bugtraq

 

Malware

Linux.Iotreaper

Trojan.Turla.B

Phishing

Santander

22nd October 2017

Your online account status

Vulnerebility

 

SANS News

Is a telco in Brazil hosting an epidemic of open SOCKS proxies?

Threatpost

New Magniber Ransomware Targets South Korea, Asia Pacific

Exploit

Ayukov NFTP FTP Client < 2.0 - Buffer Overflow

CometChat < 6.2.0 BETA 1 - Local File Inclusion

Logitech Media Server - Cross-Site Scripting

TP-Link TL-MR3220 - Cross-Site Scripting

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service

Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation

Ayukov NFTP FTP Client < 2.0 - Buffer Overflow

20.10.2017

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa REVISED] 2017-10-19
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

Support

20th October 2017

PAYMENT RECEIPT EVOLVE MONSTER
: 6540 DIAMONDS

Vulnerebility

Oracle E-Business Suite CVE-2017-10416 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101303

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91453

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95813

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/70988

Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98888

PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/65727

Wireshark TN5250 Dissector CVE-2014-8714 Infinite Loop Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/71072

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/68348

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95814

MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
2017-10-19
http://www.securityfocus.com/bid/69168

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98050

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/67121

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/67899

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2017-10-19
http://www.securityfocus.com/bid/89760

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91869

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2017-10-19
http://www.securityfocus.com/bid/78215

NTP CVE-2016-7431 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/94454

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/93150

Oracle Java Advanced Management Console CVE-2017-10380 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101450

Oracle Java SE and JRockit CVE-2017-10356 Local Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101413

SANS News

Necurs Botnet malspam pushes Locky using DDE attack

Using Yara rules with Volatility

Threatpost

Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps

Hackers Take Aim at SSH Keys in New Attacks

Google Advanced Protection Trades Ease-of-Use for Security

Exploit

Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection

TP-Link WR940N - Authenticated Remote Code Exploit

Check_MK 1.2.8p25 - Information Disclosure

ZKTime Web Software 2.0 - Improper Access Restrictions

ZKTime Web Software 2.0 - Cross-Site Request Forgery

Mozilla Firefox < 55 - Denial of Service

19.10.2017

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa REVISED] 2017-10-19
FreeBSD Security Advisories (security-advisories freebsd org)

slackware-security] xorg-server (SSA:2017-291-03) 2017-10-18
Slackware Security Team (security slackware com)

slackware-security] wpa_supplicant (SSA:2017-291-02) 2017-10-18
Slackware Security Team (security slackware com)

slackware-security] libXres (SSA:2017-291-01) 2017-10-18
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2017-0008 2017-10-18
Carlos Alberto Lopez Perez (clopez igalia com)

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products 2017-10-18
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

Trojan.Esaprof

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91453

OpenSSL CVE-2017-3731 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95813

cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/70988

Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98888

PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/65727

Wireshark TN5250 Dissector CVE-2014-8714 Infinite Loop Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/71072

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/68348

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2017-10-19
http://www.securityfocus.com/bid/95814

MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
2017-10-19
http://www.securityfocus.com/bid/69168

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2017-10-19
http://www.securityfocus.com/bid/98050

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/67121

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
2017-10-19
http://www.securityfocus.com/bid/67899

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2017-10-19
http://www.securityfocus.com/bid/89760

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/91869

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2017-10-19
http://www.securityfocus.com/bid/78215

NTP CVE-2016-7431 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/94454

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2017-10-19
http://www.securityfocus.com/bid/93150

Oracle Java Advanced Management Console CVE-2017-10380 Remote Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101450

Oracle Java SE and JRockit CVE-2017-10356 Local Security Vulnerability
2017-10-19
http://www.securityfocus.com/bid/101413

RSA Archer GRC CMS Multiple Security Vulnerabilities
2017-10-18
http://www.securityfocus.com/bid/101195

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2017-10-18
http://www.securityfocus.com/bid/91867

Perl 'perl.c' CVE-2016-2381 Security Bypass Vulnerability
2017-10-18
http://www.securityfocus.com/bid/83802

lcms2 CVE-2016-10165 Out-of-Bounds Read Denial of Service Vulnerability
2017-10-18
http://www.securityfocus.com/bid/95808

Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
2017-10-18
http://www.securityfocus.com/bid/66397

GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
2017-10-18
http://www.securityfocus.com/bid/72325

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/75919

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/93236

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/95429

Cisco WebEx Meetings Server CVE-2017-12296 Cross Site Scripting Vulnerability
2017-10-18
http://www.securityfocus.com/bid/101489

SANS News

HSBC-themed malspam uses ISO attachments to push Loki Bot malware

Threatpost

FBI Asks Businesses to Share Details About DDoS Attacks

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Exploit

Xen - Unbounded Recursion in Pagetable De-typing

Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities

Linksys E Series - Multiple Vulnerabilities

Wordpress Plugin Car Park Booking - SQL Injection

18.10.2017

Bugtraq

SECURITY] DSA 3999-1] wpa security update 2017-10-16
Yves-Alexis Perez (corsac debian org)

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ 2017-10-16
SEC Consult Vulnerability Lab (research sec-consult com)

security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege 2017-10-13
swpmb cyber-psrt microfocus com

Advisory X41-2017-010: Command Execution in Shadowsocks-libev 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

Malware

 

Phishing

AOL

17th October 2017

Your AOL email will be blocked

Amazon.com

16th October 2017

Your Amazon.com order cannot
be shipped

Vulnerebility

lcms2 CVE-2016-10165 Out-of-Bounds Read Denial of Service Vulnerability
2017-10-18
http://www.securityfocus.com/bid/95808

Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
2017-10-18
http://www.securityfocus.com/bid/66397

GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
2017-10-18
http://www.securityfocus.com/bid/72325

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/75919

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/93236

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2017-10-18
http://www.securityfocus.com/bid/95429

Oracle Java Advanced Management Console CVE-2017-10380 Remote Security Vulnerability
2017-10-18
http://www.securityfocus.com/bid/101450

Oracle E-Business Suite CVE-2017-10416 Remote Security Vulnerability
2017-10-18
http://www.securityfocus.com/bid/101303

Oracle E-Business Suite CVE-2017-10417 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101308

Oracle E-Business Suite CVE-2017-10329 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101300

Oracle Hospitality Hotel Mobile CVE-2017-10014 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101299

Oracle E-Business Suite CVE-2017-10330 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101298

Oracle Hospitality Hotel Mobile CVE-2017-10353 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101305

Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
2017-10-17
http://www.securityfocus.com/bid/83330

WPA2 Key Reinstallation Multiple Security Weaknesses
2017-10-17
http://www.securityfocus.com/bid/101274

Liblouis CVE-2014-8184 Stack Based Buffer Overflow Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101289

SAP Host Agent CVE-2017-15297 Denial of Service Vulnerability
2017-10-17
http://www.securityfocus.com/bid/99528

Apache Struts Incomplete Fix Remote Code Execution Vulnerability
2017-10-17
http://www.securityfocus.com/bid/91277

SAP Point of Sale (POS) Retail Xpress Server Authentication Bypass Vulnerability
2017-10-17
http://www.securityfocus.com/bid/100713

SAP Customer Relationship Management (CRM) Cross Site Scripting Vulnerability
2017-10-17
http://www.securityfocus.com/bid/99532

Oracle PeopleSoft Enterprise PT PeopleTools CVE-2017-10418 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101462

Oracle Hospitality Suite8 CVE-2017-10419 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101461

Oracle PeopleSoft Enterprise PT PeopleTools CVE-2017-10373 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101460

Oracle Hospitality OPERA 5 Property Services CVE-2017-10197 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101459

Oracle PeopleSoft Enterprise PT PeopleTools CVE-2017-10335 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101458

Oracle Hospitality Suite8 CVE-2017-10389 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101457

Oracle Hospitality Cruise Materials Management CVE-2017-10054 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101456

Oracle PeopleSoft Enterprise PT PeopleTools CVE-2017-10366 Remote Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101455

Oracle Hospitality Suite8 CVE-2017-10317 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101454

Oracle Hospitality Cruise Materials Management CVE-2017-10401 Local Security Vulnerability
2017-10-17
http://www.securityfocus.com/bid/101453

SANS News

 

Threatpost

Oracle Patches 250 Bugs in Quarterly Critical Patch Update

Adobe Patches Flash Zero Day Exploited by Black Oasis APT

Exploit

Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory...

Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback...

Microsoft Edge Chakra - Accesses to Uninitialized Pointers in...

Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass

Microsoft Excel - OLE Arbitrary Code Execution

Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)

Apple iOS 10.2 (14C92) - Remote Code Execution

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution

OpenText Documentum Content Server - Arbitrary File Download

OpenText Documentum Content Server - dmr_content Privilege Escalation

OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation

OpenText Documentum Content Server - Privilege Escalation

3CX Phone System 15.5.3554.1 - Directory Traversal

Shadowsocks - Log File Command Execution

shadowsocks-libev 3.1.0 - Command Execution

Linux Kernel - 'AF_PACKET' Use-After-Free

17.10.2017

Bugtraq

SECURITY] DSA 3999-1] wpa security update 2017-10-16
Yves-Alexis Perez (corsac debian org)

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ 2017-10-16
SEC Consult Vulnerability Lab (research sec-consult com)

security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege 2017-10-13
swpmb cyber-psrt microfocus com

Malware

Ransom.Hermes.B
Exp.CVE-2017-11292

Phishing

Amazon.com

16th October 2017

Your Amazon.com order cannot
be shipped

Vulnerebility

WPA2 Key Reinstallation Multiple Security Weaknesses
2017-10-16
http://www.securityfocus.com/bid/101274

Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution Vulnerability
2017-10-16
http://www.securityfocus.com/bid/101286

AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability
2017-10-16
http://www.securityfocus.com/bid/101284

Fortinet FortiWLC CVE-2017-7335 Multiple Cross Site Scripting Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101287

Fortinet FortiMail CVE-2017-7732 Cross Site Scripting Vulnerability
2017-10-13
http://www.securityfocus.com/bid/101278

Fortinet FortiWLC CVE-2017-7341 OS Command Injection Vulnerability
2017-10-13
http://www.securityfocus.com/bid/101273

HP Connected Backup CVE-2017-14355 Unspecified Local Privilege Escalation Vulnerability
2017-10-13
http://www.securityfocus.com/bid/101270

Oracle October 2017 Critical Patch Update Multiple Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101265

MultiFLEX M10a Controller Multiple Security Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101259

SQLite CVE-2017-15286 Denial of Service Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101285

QEMU CVE-2017-15268 Denial of Service Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101277

ImageMagick CVE-2017-15281 Denial of Service Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101276

Atlassian Bamboo CVE-2017-9514 Remote Code Execution Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101269

Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101261

NXP Semiconductors MQX RTOS ICSA-17-285-04 Buffer Overflow and Denial Of Service Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101252

Wecon LEVI Studio HMI Editor CVE-2017-13999 Multiple Stack Based Buffer Overflow Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101250

Envitech EnviDAS Ultimate CVE-2017-9625 Authentication Bypass Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101249

Multiple Siemens Products Authentication Bypass and Directory Traversal Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101248

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101059

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101053

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101055

SANS News

Hancitor malspam uses DDE attack

Threatpost

KRACK ATTACK DEVASTATES WI-FI SECURITY

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

Adobe Patches Flash Zero Day Exploited by Black Oasis APT

Exploit

3CX Phone System 15.5.3554.1 - Directory Traversal

Vulnerabilities

Windows x64 - API Hooking Shellcode (117 bytes)

Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution

16.10.2017

Bugtraq

SECURITY] DSA 3999-1] wpa security update 2017-10-16
Yves-Alexis Perez (corsac debian org)

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ 2017-10-16
SEC Consult Vulnerability Lab (research sec-consult com)

security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege 2017-10-13
swpmb cyber-psrt microfocus com

Advisory X41-2017-010: Command Execution in Shadowsocks-libev 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

Malware

Android.Sockbot

Exp.CVE-2017-11762
Exp.CVE-2017-8727

Exp.CVE-2017-11793
Exp.CVE-2017-11798

Exp.CVE-2017-11800

Exp.CVE-2017-11810

Exp.CVE-2017-11822

Phishing

 

Vulnerebility

Oracle October 2017 Critical Patch Update Multiple Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101265

MultiFLEX M10a Controller Multiple Security Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101259

Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101261

NXP Semiconductors MQX RTOS ICSA-17-285-04 Buffer Overflow and Denial Of Service Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101252

Wecon LEVI Studio HMI Editor CVE-2017-13999 Multiple Stack Based Buffer Overflow Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101250

Envitech EnviDAS Ultimate CVE-2017-9625 Authentication Bypass Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101249

Multiple Siemens Products Authentication Bypass and Directory Traversal Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101248

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101059

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101053

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101055

Oniguruma CVE-2017-9227 Out of Bounds Read Memory Corruption Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100538

FFmpeg CVE-2017-14767 Heap Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101019

SANS News

WPA2 "KRACK" Attack

Peeking into .msg files

Threatpost

Cyberespionage Group Steps Up Campaigns Against Japanese Firms

Hyatt Hit By Credit Card Breach, Again

Exploit

AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery

Webmin 1.850 - Multiple Vulnerabilities

15.10.2017

Bugtraq

Multiple vulnerabilities in OpenText Documentum Content Server 2017-10-13
Andrey B. Panfilov (andrew panfilov tel)

SECURITY] DSA 3995-1] libxfont security update 2017-10-10
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

Chase Online

14th October 2017

Request to update your details
with Chase!

E-mail Administrator

12th October 2017

Avoid account deactivation

Vulnerebility

Oracle October 2017 Critical Patch Update Multiple Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101265

MultiFLEX M10a Controller Multiple Security Vulnerabilities
2017-10-13
http://www.securityfocus.com/bid/101259

Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101261

NXP Semiconductors MQX RTOS ICSA-17-285-04 Buffer Overflow and Denial Of Service Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101252

Wecon LEVI Studio HMI Editor CVE-2017-13999 Multiple Stack Based Buffer Overflow Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101250

Envitech EnviDAS Ultimate CVE-2017-9625 Authentication Bypass Vulnerability
2017-10-12
http://www.securityfocus.com/bid/101249

Multiple Siemens Products Authentication Bypass and Directory Traversal Vulnerabilities
2017-10-12
http://www.securityfocus.com/bid/101248

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101059

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101053

SANS News

 

Threatpost

 

Exploit

Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)

phpMyFAQ 2.9.8 - Cross-Site Scripting

Dreambox Plugin BouquetEditor - Cross-Site Scripting

TYPO3 Extension Restler 1.7.0 - Local File Disclosure

E-Sic Software livre CMS - Cross Site Scripting

E-Sic Software livre CMS - 'f' Parameter SQL Injection

E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection

E-Sic Software livre CMS - Autentication Bypass

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)

13.10.2017

Bugtraq

SECURITY] DSA 3995-1] libxfont security update 2017-10-10
Moritz Muehlenhoff (jmm debian org)

SECURITY] DSA 3994-1] nautilus security update 2017-10-08
Yves-Alexis Perez (corsac debian org)

SECURITY] DSA 3993-1] tor security update 2017-10-06
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

E-mail Administrator

12th October 2017

Avoid account deactivation

Auto-Confirm Amazon

12th October 2017

Your Amazon.com
(#204-2683040-3434708)

American Express

11th October 2017

Confirmation of Your Recent
Address Update

DocuSign

11th October 2017

DOCUSIGN NOTIFICATIONS-

Bank of America

10th October 2017

Account Update

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101059

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101053

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-10-11
http://www.securityfocus.com/bid/101055

Oniguruma CVE-2017-9227 Out of Bounds Read Memory Corruption Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100538

FFmpeg CVE-2017-14767 Heap Buffer Overflow Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101019

FFmpeg 'libavformat/asfdec_f.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100703

FFmpeg CVE-2017-14171 Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100706

FFmpeg 'libavformat/mov.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100701

FFmpeg 'libavutil/pixdesc.c' NULL pointer Dereference Remote Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100704

FFmpeg 'libavformat/mxfdec.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100700

FFmpeg 'libavformat/mxfdec.c' Security Bypass Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100692

FFmpeg 'libavformat/asfdec_f.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100630

FFmpeg 'libavformat/cinedec.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100631

FFmpeg CVE-2017-14055 Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100626

FFmpeg 'libavformat/rmdec.c' Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100627

FFmpeg CVE-2017-14058 Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100629

FFmpeg CVE-2017-14056 Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100628

Linux kernel CVE-2017-14106 Local Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100878

Linux Kernel 'mm/migrate.c' Local Information Disclosure Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100876

Xen CVE-2017-12134 Memory Corruption Vulnerability
2017-10-11
http://www.securityfocus.com/bid/100343

GNU Binutils CVE-2017-14939 Remote Denial of Service Vulnerability
2017-10-11
http://www.securityfocus.com/bid/101216

Wireshark MBIM Dissector 'epan/dissectors/packet-mbim.c' Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101240

Intel Bootgaurd CVE-2017-5722 Local Security Bypass Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101236

Wireshark BT ATT Dissector 'epan/dissectors/packet-btatt.c' Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101235

ImageMagick CVE-2017-15218 Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101233

ImageMagick 'coders/sgi.c' Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101231

Wireshark RTSP Dissector 'epan/dissectors/packet-rtsp.c' Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101229

Wireshark DOCSIS Dissector '/docsis/packet-docsis.c' Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101228

Wireshark DMP Dissector CVE-2017-15191 Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101227

SANS News

Version control tools aren't only for Developers

Threatpost

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

Equifax Takes Down Compromised Page Redirecting to Adware Download

Exploit

OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting

10.10.2017

Bugtraq

 

Malware

 

Phishing

Bank of America

10th October 2017

Account Update

Vulnerebility

GNU Binutils CVE-2017-14939 Remote Denial of Service Vulnerability
2017-10-26
http://www.securityfocus.com/bid/101216

SAP NetWeaver Mobile Client Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101218

SAP NetWeaver Mobile Client Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101214

Microsoft Windows CVE-2017-11829 Local Privilege Escalation Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101213

SAP NetWeaver System Landscape Directory Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101211

SAP ERP Remote Authorization Bypass Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101210

SAP Customer Relationship Management (CRM) IC WebClient Unspecified Spoofing Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101209

SAP NetWeaver Instance Agent Service Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101208

SAP Netweaver Web Dynpro ABAP Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101207

SAP Customer Relationship Management Mail Form Editor Cross Site Scripting Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101206

SAP NetWeaver Instance Agent Service Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101205

Microsoft Windows DNSAPI CVE-2017-11779 Remote Code Execution Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101166

Microsoft Windows Subsystem for Linux CVE-2017-8703 Local Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101164

Microsoft Windows Device Guard CVE-2017-8715 Local Security Bypass Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101163

Microsoft Jet Database Engine CVE-2017-8718 Buffer Overflow Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101162

Microsoft Jet Database Engine CVE-2017-8717 Buffer Overflow Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101161

Microsoft Skype for Business CVE-2017-11786 Privilege Escalation Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101156

Microsoft SharePoint Server CVE-2017-11777 Cross Site Scripting Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101155

Cisco Spark Messaging Software CVE-2017-12269 HTML Injection Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101150

Microsoft Windows Kernel CVE-2017-11785 Local Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101149

Microsoft Windows Kernel CVE-2017-11784 Local Information Disclosure Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101147

Microsoft ChakraCore Scripting Engine CVE-2017-11801 Remote Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101146

Microsoft ChakraCore Scripting Engine CVE-2017-11797 Remote Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101145

Microsoft Windows CVE-2017-11783 Local Privilege Escalation Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101144

Microsoft Windows SMB Server CVE-2017-11782 Remote Privilege Escalation Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101143

Microsoft Windows Shell CVE-2017-8727 Remote Code Execution Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101142

Microsoft Internet Explorer CVE-2017-11793 Remote Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101141

Microsoft Windows SMB Server CVE-2017-11781 Denial of Service Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101140

Microsoft Edge Scripting Engine CVE-2017-11812 Remote Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101139

Microsoft Edge Scripting Engine CVE-2017-11811 Remote Memory Corruption Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101138

SANS News

 

Threatpost

FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors

NFL Players, Agents Targeted in Database Extortion Attempt

Exploit

IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)

Complain Management System - Hard-Coded Credentials / Blind SQL injection

ClipShare 7.0 - SQL Injection

9.10.2017

Bugtraq

SECURITY] DSA 3994-1] nautilus security update 2017-10-08
Yves-Alexis Perez (corsac debian org)

SECURITY] DSA 3993-1] tor security update 2017-10-06
Moritz Muehlenhoff (jmm debian org)

slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

Malware

 

Phishing

Chase Bank

8th October 2017

Dear Chase Online Customer:
Important Notification

Vulnerebility

Cisco Spark Messaging Software CVE-2017-12269 HTML Injection Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101150

RSA Archer GRC CMS Multiple Security Vulnerabilities
2017-10-09
http://www.securityfocus.com/bid/101195

Ruby CVE-2017-14033 Buffer Underrun Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100868

Ruby CVE-2017-14064 Arbitrary Memory Disclosure Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100890

RubyGems CVE-2017-0899 Security Bypass Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100576

RubyGems CVE-2017-0901 Local Arbitrary File Overwrite Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100580

Ruby CVE-2017-0898 Buffer Underrun Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100862

RubyGems CVE-2017-0900 Denial of Service Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100579

Curl CVE-2017-1000254 Out of Bounds Read Denial of Service Vulnerability
2017-10-09
http://www.securityfocus.com/bid/101115

cURL CVE-2017-1000101 Out of Bounds Read Information Disclosure Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100249

cURL/libcURL CVE-2017-1000100 Heap Based Buffer Overflow Vulnerability
2017-10-09
http://www.securityfocus.com/bid/100286

GNOME Nautilus CVE-2017-14604 Arbitrary Command Execution Vulnerability
2017-10-09
http://www.securityfocus.com/bid/101012

Symantec Endpoint Encryption CVE-2017-13675 Denial-of-Service Vulnerability
2017-10-09
http://www.securityfocus.com/bid/101089

EMC Network Configuration Manager CVE-2017-8017 Cross Site Scripting Vulnerability
2017-10-06
http://www.securityfocus.com/bid/101194

Microsoft Windows WAV File Handling Denial of Service Vulnerability
2017-10-06
http://www.securityfocus.com/bid/101192

Magento CMS Multiple Security Vulnerabilities
2017-10-05
http://www.securityfocus.com/bid/100869

SANS News

A strange JPEG file

Base64 All The Things!

Threatpost

 

Exploit

Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery

PyroBatchFTP 3.17 - Buffer Overflow (SEH)

OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)

Rancher Server - Docker Daemon Code Execution (Metasploit)

Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery

8.10.2017

Bugtraq

slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Malware

Win32/Filecoder.FS

Win32/Ceatrg.A

MSIL/Filecoder.FF

Win32/Delf.TSU

Win32/Spy.Small.NDA

Phishing

 

Vulnerebility

Cisco Spark Messaging Software CVE-2017-12269 HTML Injection Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101150

Microsoft Windows WAV File Handling Denial of Service Vulnerability
2017-10-06
http://www.securityfocus.com/bid/101192

Magento CMS Multiple Security Vulnerabilities
2017-10-05
http://www.securityfocus.com/bid/100869

Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow Vulnerability
2017-10-05
http://www.securityfocus.com/bid/70441

Microsoft Windows CVE-2014-6332 OLE Remote Code Execution Vulnerability
2017-10-05
http://www.securityfocus.com/bid/70952

Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2017-10-05
http://www.securityfocus.com/bid/71047

SANS News

CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises

Threatpost

Security Industry Failing to Establish Trust

Exploit

 

6.10.2017

Bugtraq

slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

SECURITY] DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

Malware

Backdoor.Korplug.E

Phishing

*****THURSDAY*****

5th October 2017

THURSDAY: Your $50 Amazon gift
card

office fiel

5th October 2017

Annullato: CONTACT MONEY GRAM
FOR YOUR FIRST PAYMENT OF
$5000 @ domenica, 01 ottobre
2017

Vulnerebility

Cisco Spark Messaging Software CVE-2017-12269 HTML Injection Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101150

Magento CMS Multiple Security Vulnerabilities
2017-10-05
http://www.securityfocus.com/bid/100869

Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow Vulnerability
2017-10-05
http://www.securityfocus.com/bid/70441

Microsoft Windows CVE-2014-6332 OLE Remote Code Execution Vulnerability
2017-10-05
http://www.securityfocus.com/bid/70952

Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2017-10-05
http://www.securityfocus.com/bid/71047

Adobe Flash Player CVE-2014-8439 Remote Code Execution Vulnerability
2017-10-05
http://www.securityfocus.com/bid/71289

Microsoft Windows CVE-2015-0016 Remote Privilege Escalation Vulnerability
2017-10-05
http://www.securityfocus.com/bid/71965

Adobe Flash Player CVE-2015-0310 Unspecified Memory Corruption Vulnerability
2017-10-05
http://www.securityfocus.com/bid/72261

Adobe Flash Player CVE-2015-0311 Use After Free Memory Corruption Vulnerability
2017-10-05
http://www.securityfocus.com/bid/72283

Adobe Flash Player CVE-2015-0313 Remote Code Execution Vulnerability
2017-10-05
http://www.securityfocus.com/bid/72429

Adobe Flash Player CVE-2015-0336 Type Confusion Remote Code Execution Vulnerability
2017-10-05
http://www.securityfocus.com/bid/73084

Adobe Flash Player APSB15-06 Multiple Remote Code Execution Vulnerabilities
2017-10-05
http://www.securityfocus.com/bid/74067

Apple macOS CVE-2017-7150 Security Bypass Vulnerability
2017-10-05
http://www.securityfocus.com/bid/101177

GE CIMPLICITY CVE-2017-12732 Stack Based Buffer Overflow Vulnerability
2017-10-05
http://www.securityfocus.com/bid/101174

Microsoft Windows GDI+ CVE-2015-1671 TrueType Font Handling Remote Code Execution Vulnerability
2017-10-04
http://www.securityfocus.com/bid/74490

Adobe Flash Player and AIR Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/74605

Adobe Flash Player and AIR CVE-2015-3104 Remote Integer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75081

Adobe Flash Player and AIR CVE-2015-3105 Unspecified Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75086

Adobe Flash Player CVE-2015-3113 Unspecified Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75371

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75568

Adobe Flash Player CVE-2015-5122 Use After Free Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75712

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/76194

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2017-10-04
http://www.securityfocus.com/bid/77081

Ghostscript GhostXPS CVE-2017-9727 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99999

Ghostscript GhostXPS CVE-2017-9726 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99992

Ghostscript GhostXPS CVE-2017-9612 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99979

Ghostscript GhostXPS CVE-2017-9739 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99987

Artifex Ghostscript CVE-2017-9835 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99991

Ghostscript GhostXPS CVE-2017-9611 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99975

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101054

SANS News

 

Threatpost

US Top Law Enforcement Calls Strong Encryption a ‘Serious Problem’

Latin American ATM Thieves Turning to Hacking

Exploit

Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow

Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution

Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution

Unitrends UEB 9.1 - Privilege Escalation

NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution

5.10.2017

Bugtraq

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

SECURITY] DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com

SECURITY] DSA 3987-1] firefox-esr security update 2017-09-29
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Dubki

Trojan.Flusihoc

Ransom.Arena

Phishing

office fiel

5th October 2017

Invito: CONTACT MONEY GRAM FOR
YOUR FIRST PAYMENT OF $5000 @
domenica, 01 ottobre 2017

Security Department

4th October 2017

Yahoo Has Been Hacked Again!

Vulnerebility

Cisco Spark Messaging Software CVE-2017-12269 HTML Injection Vulnerability
2017-10-10
http://www.securityfocus.com/bid/101150

Microsoft Windows GDI+ CVE-2015-1671 TrueType Font Handling Remote Code Execution Vulnerability
2017-10-04
http://www.securityfocus.com/bid/74490

Adobe Flash Player and AIR Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/74605

Adobe Flash Player and AIR CVE-2015-3104 Remote Integer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75081

Adobe Flash Player and AIR CVE-2015-3105 Unspecified Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75086

Adobe Flash Player CVE-2015-3113 Unspecified Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75371

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75568

Adobe Flash Player CVE-2015-5122 Use After Free Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/75712

Microsoft Internet Explorer CVE-2015-2444 Remote Memory Corruption Vulnerability
2017-10-04
http://www.securityfocus.com/bid/76194

Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2017-10-04
http://www.securityfocus.com/bid/77081

Ghostscript GhostXPS CVE-2017-9727 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99999

Ghostscript GhostXPS CVE-2017-9726 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99992

Ghostscript GhostXPS CVE-2017-9612 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99979

Ghostscript GhostXPS CVE-2017-9739 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99987

Artifex Ghostscript CVE-2017-9835 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99991

Ghostscript GhostXPS CVE-2017-9611 Heap Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/99975

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101055

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101053

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101059

OCaml CVE-2015-8869 Multiple Security Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/89318

QEMU Out of Bounds Read and Write Memory Access CVE-2017-14167 Local Integer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100694

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100540

Qemu CVE-2017-12809 Null Pointer Dereference Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100451

QEMU 'hw/usb/hcd-xhci.c' Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/98915

QEMU CVE-2017-13711 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100534

Multiple Cisco Products CVE-2017-12226 Remote Privilege Escalation Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101063

Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/98814

Cisco Meeting App CVE-2017-12266 Local Privilege Escalation Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101158

Cisco AnyConnect Secure Mobility Client CVE-2017-12268 Local Security Bypass Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101157

SANS News

pcap2curl: Turning a pcap file into a set of cURL commands for "replay"

Security Awareness Month: How to Help Friends and Family

Securing "Out of Band" Access

Threatpost

Attackers Redefining Objectives, Approaches

Experts Have Sobering Message on Human Rights, Privacy for Security Pros

Costin Raiu and Juan Andres Guerrero-Saade on APT Fourth-Party Collection

Cloudflare CTO Goes Inside the Cloudbleed Bug

Exploit

ERS Data System 1.8.1 - Java Deserialization

NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution

4.10.2017

Bugtraq

security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

SECURITY] DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com

Malware

 

Phishing

Amazon Prime Survey

3rd October 2017

, HUGE SAVING AT AMAZON.COM *
DETAILS INSIDE

Charles Schwab

3rd October 2017

Urgent! Update your details
with Charles Schwab

Vulnerebility

Mozilla Firefox CVE-2017-7810 Multiple Unspecified Memory Corruption Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101054

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101055

Mozilla Firefox and Firefox ESR CVE-2017-7824 Buffer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101053

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/101059

OCaml CVE-2015-8869 Multiple Security Vulnerabilities
2017-10-04
http://www.securityfocus.com/bid/89318

QEMU Out of Bounds Read and Write Memory Access CVE-2017-14167 Local Integer Overflow Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100694

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100540

Qemu CVE-2017-12809 Null Pointer Dereference Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100451

QEMU 'hw/usb/hcd-xhci.c' Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/98915

QEMU CVE-2017-13711 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/100534

Multiple Cisco Products CVE-2017-12226 Remote Privilege Escalation Vulnerability
2017-10-04
http://www.securityfocus.com/bid/101063

Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
2017-10-04
http://www.securityfocus.com/bid/98814

Tcpdump CVE-2017-12997 Denial of Service Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100914

Multiple EMC Products CVE-2017-8007 Directory Traversal Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100957

Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100918

Samba CVE-2017-12163 Arbitrary File Write Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100925

Zoho Site24x7 Mobile Network Poller SSL Certificate Validation Security Bypass Vulnerability
2017-10-03
http://www.securityfocus.com/bid/101091

Cisco IOS and IOS XE Software CVE-2017-12228 Certificate Validation Security Bypass Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101065

IBM Spectrum Protect CVE-2017-1301 Insecure Temporary File Creation Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101107

Google Android Media Framework Components Multiple Security Vulnerabilities
2017-10-02
http://www.securityfocus.com/bid/101088

Google Android Framework CVE-2017-0806 Security Bypass Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101086

SANS News

 

Threatpost

Five Critical Android Bugs Get Patched in October Update

Google Warns of DoS and RCE Bugs in Dnsmasq

Exploit

ERS Data System 1.8.1 - Java Deserialization

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass /...

EPESI 1.8.2 rev20170830 - Cross-Site Scripting

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

3.10.2017

Bugtraq

HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

SECURITY] DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com

SECURITY] DSA 3987-1] firefox-esr security update 2017-09-29
Moritz Muehlenhoff (jmm debian org)

SECURITY] DSA 3986-1] ghostscript security update 2017-09-29
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

AMA

2nd October 2017

AOL Mail: Account

*****CONGRATULATION*****

1st October 2017

TODAY ONLY: Your $50 Amazon
gift card

Vulnerebility

Tcpdump CVE-2017-12997 Denial of Service Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100914

Multiple EMC Products CVE-2017-8007 Directory Traversal Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100957

Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100918

Samba CVE-2017-12163 Arbitrary File Write Vulnerability
2017-10-03
http://www.securityfocus.com/bid/100925

Cisco IOS and IOS XE Software CVE-2017-12228 Certificate Validation Security Bypass Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101065

Google Android Framework CVE-2017-0806 Security Bypass Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101086

Dnsmasq VU#973527 Multiple Security Vulnerabilities
2017-10-02
http://www.securityfocus.com/bid/101085

Multiple Wordpress Plugins PHP Object Injection Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101082

SolarWinds Network Performance Monitor CVE-2017-9537 Multiple HTML Injection Vulnerabilities
2017-09-29
http://www.securityfocus.com/bid/101071

SolarWinds Network Performance Monitor CVE-2017-9538 Denial of Service Vulnerability
2017-09-29
http://www.securityfocus.com/bid/101066

Jenkins Multiple Plugins Multiple HTML Injection Vulnerabilities
2017-09-29
http://www.securityfocus.com/bid/101061

Adobe FlashPlayer and AIR APSB15-32 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/78712

Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
2017-09-28
http://www.securityfocus.com/bid/79705

Adobe Flash Player and AIR APSB16-08 Multiple Unspecified Integer Overflow Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/84308

Adobe Flash Player CVE-2016-1019 Unspecified Remote Code Execution Vulnerability
2017-09-28
http://www.securityfocus.com/bid/85856

Microsoft Internet Explorer CVE-2016-0189 Scripting Engine Remote Memory Corruption Vulnerability
2017-09-28
http://www.securityfocus.com/bid/90012

Adobe Flash Player CVE-2016-4117 Unspecified Remote Code Execution Vulnerability
2017-09-28
http://www.securityfocus.com/bid/90505

Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability
2017-09-28
http://www.securityfocus.com/bid/96069

Microsoft Internet Explorer and Edge CVE-2017-0037 Remote Memory Corruption Vulnerability
2017-09-28
http://www.securityfocus.com/bid/96088

Drupal Ctools Module Cross Site Scripting and Access Bypass Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/76441

TrendMicro OfficeScan Multiple Security Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/101076

Trend Micro OfficeScan CVE-2017-14087 Host Header Injection Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101074

IBM WebSphere Commerce CVE-2017-1569 Unspecified Denial of Service Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101073

Trend Micro OfficeScan CVE-2017-14084 Remote Code Execution Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101072

Xen Information Disclosure Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101067

Git CVE-2017-14867 OS Command Injection Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101060

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/101059

IBM Insights Foundation for Energy CVE-2017-1311 Unspecified SQL Injection Vulnerability
2017-09-28
http://www.securityfocus.com/bid/101058

Mozilla Firefox Multiple Security Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/101057

Mozilla Firefox and Firefox ESR Multiple Use After Free Denial of Service Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/101055

SANS News

Malspam pushing Formbook info stealer

Threatpost

Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices

Judge: FBI Can Keep iPhone Crack and Price Secret

Gary McGraw on BSIMM8 and Software Security

Exploit

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Fiberhome AN5506-04-F - Command Injection

UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code...

Qmail SMTP - Bash Environment Variable Injection (Metasploit)

OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection

phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload

NPM-V (Network Power Manager) 2.4.1 - Password Reset

UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape

UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation

Dnsmasq < 2.78 - Integer Underflow

Dnsmasq < 2.78 - Lack of free() Denial of Service

Dnsmasq < 2.78 - Information Leak

Dnsmasq < 2.78 - Stack-Based Overflow

Dnsmasq < 2.78 - Heap-Based Overflow

Dnsmasq < 2.78 - 2-byte Heap-Based Overflow

Linux Kernel < 4.14.rc3 - Local Denial of Service

2.10.2017

Bugtraq

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com

SECURITY] DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)

Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com

Malware

 

Phishing

*****CONGRATULATION*****

1st October 2017

TODAY ONLY: Your $50 Amazon
gift card

IRS

30th September 2017

Urgent attention on your
account

Vulnerebility

Cisco IOS and IOS XE Software CVE-2017-12228 Certificate Validation Security Bypass Vulnerability
2017-10-02
http://www.securityfocus.com/bid/101065

SolarWinds Network Performance Monitor CVE-2017-9538 Denial of Service Vulnerability
2017-09-29
http://www.securityfocus.com/bid/101066

Jenkins Multiple Plugins Multiple HTML Injection Vulnerabilities
2017-09-29
http://www.securityfocus.com/bid/101061

Adobe FlashPlayer and AIR APSB15-32 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/78712

SANS News

Investigating Security Incidents with Passive DNS

Threatpost

 

Exploit

Linux Kernel < 4.14.rc3 - Local Denial of Service

Sync Breeze Enterprise 10.0.28 - Buffer Overflow

HBGK DVR 3.0.0 build20161206 - Authentication Bypass

ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download

Real Estate MLM plan script 1.0 - 'srch' Parameter SQL Injection

PHP Multi Vendor Script 1.02 - 'sid' Parameter SQL Injection

WordPress Plugin WPHRM - SQL Injection

SmarterStats 11.3.6347 - Cross-Site Scripting

1.10.2017

Bugtraq

CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com

security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-28
swpmb cyber-psrt microfocus com

CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com

Malware

 

Phishing

Paypal Inc.

30th September 2017

PAYPAL ASK TO UPDATE YOUR
ACCOUNT.

contact

29th September 2017

ACCOUNT UPDATE RECIEPT #DA5413

Vulnerebility

Jenkins Multiple Plugins Multiple HTML Injection Vulnerabilities
2017-09-29
http://www.securityfocus.com/bid/101061

Adobe FlashPlayer and AIR APSB15-32 Multiple Unspecified Heap Buffer Overflow Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/78712

Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
2017-09-28
http://www.securityfocus.com/bid/79705

Adobe Flash Player and AIR APSB16-08 Multiple Unspecified Integer Overflow Vulnerabilities
2017-09-28
http://www.securityfocus.com/bid/84308

Adobe Flash Player CVE-2016-1019 Unspecified Remote Code Execution Vulnerability
2017-09-28
http://www.securityfocus.com/bid/85856

SANS News

Who's Borrowing your Resources?

Good Analysis = Understanding(tools + logs + normal)

Threatpost

Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol

ICANN Postpones Scheduled DNS Crypto Key Rollover

Exploit