Databáze Hot News 2018 January - 2018 January February March April May June July August September October November December

31.1.2018

Bugtraq

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4094-2] smarty3 security update 2018-01-30
Luciano Bello (luciano debian org)

Defense in depth -- the Microsoft way (part 49): fun with application manifests 2018-01-30
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
2018-01-31
http://www.securityfocus.com/bid/102845

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-01-31
http://www.securityfocus.com/bid/101552

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

Jenkins Active Choices Plugin HTML Injection Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101538

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101544

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

VMware AirWatch Console CVE-2017-4951 Cross Site Request Forgery Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102849

w3m 'form.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102846

GNU Binutils CVE-2018-6323 Integer Overflow Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102821

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Desigo Automation Controllers CVE-2018-4834 Authentication Bypass Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102850

Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security Weaknesses
2018-01-25
http://www.securityfocus.com/bid/102837

libming 'util/outputscript.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102828

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102819

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

SANS News

Using FLIR in Incident Response?

Cisco ASA WebVPN Vulnerability

Threatpost

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Exploint

 

30.1.2018

Bugtraq

[SECURITY] [DSA 4098-1] curl security update 2018-01-26
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 4101-1] wireshark security update 2018-01-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4099-1] ffmpeg security update 2018-01-27
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification 2018-01-26
security-alert hpe com

[slackware-security] mozilla-thunderbird (SSA:2018-025-01) 2018-01-26
Slackware Security Team (security slackware com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-01-29
Secunia Research (remove-vuln secunia com)

[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2018-01-29
matthias deeg syss de

Malware

Trojan.Evrial

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102378

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-30
http://www.securityfocus.com/bid/102103

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Mozilla Firefox CVE-2018-5124 Arbitrary Code Execution Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102843

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

Jenkins Active Choices Plugin HTML Injection Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101538

Jenkins Build Publisher Plugin Information Disclosure Vulnerability
2018-01-26
http://www.securityfocus.com/bid/101544

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

GNU Binutils CVE-2018-6323 Integer Overflow Vulnerability
2018-01-26
http://www.securityfocus.com/bid/102821

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security Weaknesses
2018-01-25
http://www.securityfocus.com/bid/102837

libming 'util/outputscript.c' Null Pointer Dereference Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102828

Siemens TeleControl Server Basic CVE-2018-4837 Denial of Service Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102819

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Artifex MuJS CVE-2018-6191 Integer Overflow Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102840

Artifex MuJS CVE-2018-5759 Denial of Service Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102833

Artifex MuPDF CVE-2018-6187 Heap Based Buffer Overflow Vulnerability
2018-01-24
http://www.securityfocus.com/bid/102823

SANS News

Cisco ASA WebVPN Vulnerability

Threatpost

Cisco Patches Critical VPN Vulnerability

Exploint

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding

HPE iMC 7.3 - RMI Java Deserialization

Advantech WebAccess < 8.3 - SQL Injection

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection

Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal

29.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102826

Jenkins Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101773

Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
2018-01-29
http://www.securityfocus.com/bid/101539

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102387

Jenkins Multijob Plugin CVE-2017-1000390 Security Bypass Vulnerability
2018-01-29
http://www.securityfocus.com/bid/102824

SANS News

Comment your Packet Captures - Extra!

Threatpost

 

Exploint

Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80...

Linux/x86 - Egghunter Shellcode (12 Bytes)

KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery

Netis WF2419 Router - Cross-Site Request Forgery

Buddy Zone 2.9.9 - SQL Injection

Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection

Hot Scripts Clone - 'subctid' SQL Injection

TSiteBuilder 1.0 - SQL Injection

Task Rabbit Clone 1.0 - 'id' SQL Injection

28.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

Exploint

 

27.1.2018

Bugtraq

[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

Malware

Win32/Aibolit.AA

W97M.Remkos

Downloader.Remkos

Backdoor.Remkos

TROJ_DIGMINEIN.A

TROJ_CVE20175753.POD

OSX64_CVE20175753.POC

ELF64_CVE20175753.POD

ELF64_CVE20175753.POC

TROJ_CVE20175753.POE
TROJ_CVE20175753.POF
TROJ_CVE20175753.POI
TROJ64_CVE20175753.POD

TROJ_CVE20175753.POG

TROJ_CVE20175753.POH

TROJ64_CVE20175753.POE

TROJ64_CVE20175754.POC
TROJ_CVE20175753.DAM

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Apache NiFi CVE-2016-8748 Cross Site Scripting Vulnerability
2018-01-26
http://www.securityfocus.com/bid/95621

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102378

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Google Chrome Multiple Security Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/102797

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

SANS News

Investigating Microsoft BITS Activity

Threatpost

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

Exploint

 

26.1.2018

Bugtraq

[slackware-security] curl (SSA:2018-024-01) 2018-01-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4096-1] firefox-esr security update 2018-01-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4095-1] gcab security update 2018-01-24
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0002 2018-01-24
Carlos Alberto Lopez Perez (clopez igalia com)

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102378

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
2018-01-25
http://www.securityfocus.com/bid/102057

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Google Chrome Multiple Security Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/102797

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Mozilla Firefox MFSA2018-02 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102786

SANS News

Ransomware as a Service

Threatpost

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug

App Flaws Allow Snoops to Spy On Tinder Users, Researchers Say

Exploint

 

25.1.2018

Bugtraq

CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability 2018-01-24
Akira Ajisaka (aajisaka apache org)

APPLE-SA-2018-1-23-1 iOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-4 tvOS 11.2.5 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-3 watchOS 4.2.2 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-5 Safari 11.0.3 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-7 iCloud for Windows 7.3 2018-01-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan 2018-01-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows 2018-01-24
Apple Product Security (product-security-noreply lists apple com)

DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities 2018-01-23
DefenseCode (defensecode defensecode com)

SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com

[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)

Malware

Trojan.Sneark

Phishing

 

Vulnerebility

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
2018-12-20
http://www.securityfocus.com/bid/102765

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-01-24
http://www.securityfocus.com/bid/98369

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Mozilla Firefox MFSA2018-02 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102786

Apple macOS APPLE-SA-2018-1-23-2 Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102785

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102783

Apple iOS/WatchOS/tvOS/macOS Multiple Security Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102782

Advantech WebAccess/SCADA ICSA-18-023-01 Directory Traversal and SQL Injection Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102781

WebKit CVE-2018-4089 Memory Corruption Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102778

WebKit Multiple Memory Corruption Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102775

Apple iOS/tvOS/watchOS Memory Corruption Vulnerabilities
2018-01-23
http://www.securityfocus.com/bid/102774

Apple iOS/WatchOS/macOS CVE-2018-4100 Denial of Service Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102772

Mozilla Firefox ESR CVE-2018-5096 Use After Free Denial of Service Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102771

Blizzard Update Agent Arbitrary Code Execution Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102770

Cisco Policy Suite CVE-2018-0089 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102758

Symantec Reporter CVE-2017-15531 Authentication Bypass Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102751

Fortinet FortiOS CVE-2017-14190 HTML Injection Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102779

IBM Business Process Manager CVE-2017-1769 Cross Site Request Forgery Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102777

SANS News

RTF files for Hancitor utilize exploit for CVE-2017-11882

Threatpost

Satori Author Linked to New Mirai Variant Masuta

App Flaws Allow Snoops to Spy On Tinder Users, Researchers Say

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Exploint

 

24.1.2018

Bugtraq

SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications 2018-01-23
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-22
security-alert hpe com

[SECURITY] [DSA 4094-1] smarty3 security update 2018-01-22
Luciano Bello (luciano debian org)

CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Malware

Backdoor.Neggpy

Backdoor.Calderat
Win32/Agent.XRR
Win32/Spy.Agent.OUD
Win32/Filecoder.BTCWare.A
Win32/TrojanDownloader.Chindo.D
Win32/Spy.Agent.PIR

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102371

Cisco Policy Suite CVE-2018-0089 Information Disclosure Vulnerability
2018-01-23
http://www.securityfocus.com/bid/102758

Moodle CVE-2018-1045 Cross Site Scripting Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102755

Moodle CVE-2018-1044 Unauthorized Access Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102754

Moodle CVE-2018-1042 Server Side Request Forgery Security Bypass Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102752

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

QEMU CVE-2017-18043 Local Denial of Service Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102759

Microsoft Office CVE-2018-0862 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102749

Microsoft Office CVE-2018-0849 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102748

Microsoft Office CVE-2018-0848 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102747

Microsoft Office CVE-2018-0845 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102746

SANS News

HTTPS on every port?

Threatpost

Hacker Infects Gas Pumps with Code to Cheat Customers

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Exploint

NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download

CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection

HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation

RAVPower 2.000.056 - Memory Disclosure

MixPad 5.00 - Buffer Overflow

23.1.2018

Bugtraq

CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities 2018-01-22
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org

CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

Photo Vault v1.2 iOS - Insecure Authentication Vulnerability 2018-01-19
Vulnerability Lab (admin vulnerability-lab com)

Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4093-1] openocd security update 2018-01-22
luciano debian org

CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security) 2018-01-21
apparitionsec gmail com

Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability 2018-01-21
Vulnerability Lab (research vulnerability-lab com)

CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities 2018-01-19
Vulnerability Lab (research vulnerability-lab com)

CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability 2018-01-19
Jason Lowe (jlowe apache org)

Malware

 

Phishing

 

Vulnerebility

Moodle CVE-2018-1045 Cross Site Scripting Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102755

Moodle CVE-2018-1044 Unauthorized Access Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102754

Moodle CVE-2018-1042 Server Side Request Forgery Security Bypass Vulnerability
2018-01-22
http://www.securityfocus.com/bid/102752

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0862 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102749

Microsoft Office CVE-2018-0849 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102748

Microsoft Office CVE-2018-0848 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102747

Microsoft Office CVE-2018-0845 Memory Corruption Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102746

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

SANS News

Retrieving malware over Tor

Threatpost

Hacker Infects Gas Pumps with Code to Cheat Customers

Exploint

 

22.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Followup to IPv6 brute force and IPv6 blocking

An RTF phish

Threatpost

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law

New Dridex Variant Emerges With An FTP Twist

Apple Preps ChaiOS iMessage Bug Fix for Next Week

Exploint

 

19.1.2018

Bugtraq

[SECURITY] [DSA 4092-1] awstats security update 2018-01-19
Sebastien Delafond (seb debian org)

[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com

Malware

Win32/Farfli.BGG

Phishing

 

Vulnerebility

WordPress MediaElement Cross Site Scripting Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102730

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102375

Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102373

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-19
http://www.securityfocus.com/bid/102464

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/89760

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/78215

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2018-01-18
http://www.securityfocus.com/bid/98050

Oracle WebLogic Server CVE-2017-10352 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102442

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102103

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3735 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100515

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100954

SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
2018-01-18
http://www.securityfocus.com/bid/58796

PHP CVE-2016-5385 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91821

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/75919

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/97702

Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
2018-01-17
http://www.securityfocus.com/bid/95072

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Cisco Email Security and Content Security Management Local Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102729

Cisco NX-OS Software CVE-2018-0102 Denial of Service Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102728

SANS News

 

Threatpost

Sprawling Mobile Espionage Campaign Targets Android Devices

Google Awards Record $112,500 Bounty for Android Exploit Chain

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Exploint

 

18.1.2018

Bugtraq

[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation 2018-01-17
security-alert hpe com

[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-17
security-alert hpe com

[slackware-security] bind (SSA:2018-017-01) 2018-01-17
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities 2018-01-17
security-alert hpe com

[SECURITY] [DSA 4090-1] wordpress security update 2018-01-17
Sebastien Delafond (seb debian org)

Malware

Trojan.KillDiskmens

Phishing

 

Vulnerebility

Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91869

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/79091

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2018-01-18
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/95814

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100872

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91067

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/89760

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/78215

Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability
2018-01-18
http://www.securityfocus.com/bid/98050

Oracle WebLogic Server CVE-2017-10352 Remote Security Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102442

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/102103

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-01-18
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3735 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100515

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/100954

SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
2018-01-18
http://www.securityfocus.com/bid/58796

PHP CVE-2016-5385 Security Bypass Vulnerability
2018-01-18
http://www.securityfocus.com/bid/91821

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/75919

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-01-18
http://www.securityfocus.com/bid/97702

Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
2018-01-17
http://www.securityfocus.com/bid/95072

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Cisco Email Security and Content Security Management Local Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102729

Cisco NX-OS Software CVE-2018-0102 Denial of Service Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102728

Cisco Prime Infrastructure CVE-2018-0096 Privilege Escalation Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102727

Cisco Unified Communications Manager CVE-2018-0105 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102725

Cisco Prime Infrastructure CVE-2018-0097 Open Redirection Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102724

Cisco WebEx Meetings Server CVE-2018-0111 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102723

SANS News

Comment your Packet Captures!

Threatpost

Oracle Ships 237 Fixes in Latest Critical Patch Update

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Google Chrome Once Again Target of Malicious Extensions

Exploint

 

17.1.2018

Bugtraq

[SECURITY] [DSA 4089-1] bind9 security update 2018-01-16
Salvatore Bonaccorso (carnil debian org)

ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869 2018-01-16
tim kretschmann pallas com

[SECURITY] [DSA 4088-1] gdk-pixbuf security update 2018-01-15
Moritz Muehlenhoff (jmm debian org)

MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)

Zenario v7.6 CMS - SQL Injection Web Vulnerability 2018-01-15
Vulnerability Lab (research vulnerability-lab com)

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2 2018-01-15
RedTeam Pentesting GmbH (release redteam-pentesting de)

Broken TLS certificate pinning in VTech DigiGo Kid Connect app 2018-01-13
Summer of Pwnage (lists securify nl)

Authentication bypass in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

Arbitrary file read in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

[SECURITY] [DSA 4087-1] transmission security update 2018-01-14
Moritz Muehlenhoff (jmm debian org)

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack 2018-01-13
Summer of Pwnage (lists securify nl)

Broken TLS certificate validation in VTech DigiGo browser 2018-01-13
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 4086-1] libxml2 security update 2018-01-13
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server allows deleting of arbitrary files and folders 2018-01-13
Summer of Pwnage (lists securify nl)

Adminer <= v4.3.1 Server Side Request Forgery 2018-01-14
apparitionsec gmail com

Code execution in Kaseya VSA 2018-01-13
Securify B.V. (lists securify nl)

[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege 2018-01-12
security-alert hpe com

[SECURITY] [DSA 4085-1] xmltooling security update 2018-01-12
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass 2018-01-12
security-alert hpe com

Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4084-1] gifsicle security update 2018-01-12
Sebastien Delafond (seb debian org)

MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Magento Commerce - SSRF & XSPA Web Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Magento Connect T1 - (Claim) Persistent Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability 2018-01-12
Vulnerability Lab (submit vulnerability-lab com)

Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

Flash Operator Panel v2.31.03 - Command Execution Vulnerability 2018-01-12
Vulnerability Lab (research vulnerability-lab com)

CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

Malware

Trojan.PowStage

Exp.CVE-2017-5754

Backdoor.Spoofrand
Win32/Spy.Agent.OTL
Win32/Agent.ZEA

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102378

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102642

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102371

Oracle Java SE CVE-2018-2627 Local Security Vulnerability
2018-01-17
http://www.securityfocus.com/bid/102584

Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/101304

Linux Kernel CVE-2017-1000405 Local Race Condition Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102032

Oracle Financial Services Analytical Applications Infrastructure Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102677

Oracle Financial Services Profitability Management CVE-2018-2670 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102676

Oracle Financial Services Profitability Management CVE-2018-2679 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102675

Oracle MySQL Connectors CVE-2018-2585 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102674

Oracle Financial Services Price Creation and Discovery CVE-2018-2722 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102673

Oracle Financial Services Market Risk Measurement and Management Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102672

Oracle Communications Order and Service Management CVE-2018-2567 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102671

Oracle Java Advanced Management Console CVE-2018-2675 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102670

Oracle Communications Unified Inventory Management CVE-2018-2571 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102669

Oracle Financial Services Price Creation and Discovery CVE-2018-2721 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102668

Oracle Financial Services Market Risk Measurement and Management Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102667

Oracle Financial Services Market Risk CVE-2018-2714 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102666

Oracle Communications Unified Inventory Management CVE-2018-2570 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102665

Oracle Financial Services Market Risk CVE-2018-2726 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102664

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102661

Oracle Financial Services Loan Loss Forecasting and Provisioning Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102660

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102659

Oracle Financial Services Loan Loss Forecasting and Provisioning Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102658

Oracle Financial Services Liquidity Risk Management CVE-2018-2682 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102657

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102656

Oracle Financial Services Liquidity Risk Management CVE-2018-2720 Remote Security Vulnerability
2018-01-16
http://www.securityfocus.com/bid/102655

SANS News

Are you watching for brute force attacks on IPv6?

Decrypting malicious PDFs with the key

Threatpost

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute

Apps Exposing Children to Porn Ads Booted From Google Play

Exploint

 

12.1.2018

Bugtraq

CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11
Advisories (advisories compass-security com)

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

TROJ_DIGMINEIN.A

Exp.CVE-2018-0775

Exp.CVE-2018-0776

Exp.CVE-2018-0777

Exp.CVE-2018-4871

Exp.CVE-2018-0762

Exp.CVE-2018-0758

Exp.CVE-2018-0769

Exp.CVE-2018-0773

Exp.CVE-2018-0774

Phishing

 

Vulnerebility

Moxa MXview CVE-2017-14030 Local Privilege Escalation Vulnerability
2018-01-11
http://www.securityfocus.com/bid/102494

Wecon LEVI Studio HMI Editor CVE-2017-13999 Multiple Buffer Overflow Vulnerabilities
2018-01-11
http://www.securityfocus.com/bid/102493

Juniper Junos CVE-2018-0009 Security Bypass Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102491

Multiple VMware Products CVE-2017-4950 Integer Overflow Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102490

Multiple VMware Products CVE-2017-4949 Remote Code Execution Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102489

RubyGems 'rails_admin' CVE-2017-12098 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102486

RubyGems 'delayed_job_web' CVE-2017-12097 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102484

SANS News

 

Threatpost

House Votes to Reauthorize Controversial Spy Provision, Section 702

Exploint

Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read

macOS - 'process_policy' Stack Leak Through Uninitialized Field

Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege...

Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation

Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation

Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass

Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon

phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)

LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)

D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

Parity Browser < 1.6.10 - Bypass Same Origin Policy

Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode...

11.1.2018

Bugtraq

[SECURITY] [DSA 4083-1] poco security update 2018-01-11
Sebastien Delafond (seb debian org)

WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10
Carlos Alberto Lopez Perez (clopez igalia com)

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)

Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com

Malware

Exp.CVE-2017-5754

ANDROIDOS_STEALERC32

Phishing

 

Vulnerebility

Cisco Unified Communications Manager CVE-2018-0118 Cross Site Scripting Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102478

Multiple F5 BIG-IP Products CVE-2017-6133 Remote Denial of Service Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102467

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

CPP-Ethereum Multiple Security Vulnerabilities
2018-01-09
http://www.securityfocus.com/bid/102475

Rockwell Automation MicroLogix 1400 Controllers CVE-2017-16740 Stack Buffer Overflow Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102474

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0807 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102461

Microsoft Word CVE-2018-0806 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102460

Microsoft Word CVE-2018-0805 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102459

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

Symantec ProxySG and ASG CVE-2016-9099 Open Redirection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102455

Symantec ProxySG and ASG CVE-2016-9100 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102454

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

Symantec ProxySG CVE-2016-10256 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102451

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Symantec ProxySG and ASG CVE-2016-10257 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102447

Microsoft Access CVE-2018-0799 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102411

Microsoft Word CVE-2018-0797 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102406

Microsoft SharePoint Server CVE-2018-0789 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102394

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102383

Microsoft Word CVE-2018-0792 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102381

SANS News

Mining or Nothing!

Threatpost

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’

Exploint

D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode...

Parity Browser < 1.6.10 - Bypass Same Origin Policy

Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer...

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)

HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)

DiskBoss Enterprise 8.8.16 - Buffer Overflow

Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting

WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege...

WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery

WordPress Plugin Events Calendar - 'event_id' SQL Injection

Muviko 1.1 - SQL Injection

Jungo Windriver 12.5.1 - Privilege Escalation

Multiple CPUs - Information Leak Using Speculative Execution

10.1.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10
DefenseCode (defensecode defensecode com)

Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10
chunibalon gmail com

[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-09
security-alert hpe com

[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)

CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)

[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Small.NNX

Win32/Filecoder.Crypt888.B

Win32/Sayunojok.A

Win32/Lecna.AP

Exp.CVE-2018-0797

Backdoor.Spoofrand

Phishing

 

Vulnerebility

Multiple F5 BIG-IP Products CVE-2017-6133 Remote Denial of Service Vulnerability
2018-01-10
http://www.securityfocus.com/bid/102467

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0807 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102461

Microsoft Word CVE-2018-0806 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102460

Microsoft Word CVE-2018-0805 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102459

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

Symantec ProxySG and ASG CVE-2016-9099 Open Redirection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102455

Symantec ProxySG and ASG CVE-2016-9100 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102454

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

Symantec ProxySG CVE-2016-10256 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102451

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Symantec ProxySG and ASG CVE-2016-10257 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102447

Microsoft Access CVE-2018-0799 Cross Site Scripting Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102411

Microsoft Word CVE-2018-0797 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102406

Microsoft SharePoint Server CVE-2018-0789 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102394

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102383

Microsoft Word CVE-2018-0792 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102381

Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102380

Microsoft ASP.NET Core CVE-2018-0785 Cross Site Request Forgery Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102379

Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102377

SANS News

GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer

Microsoft January 2018 Patch Tuesday

Threatpost

 

Exploint

Commvault Communications Service (cvd) - Command Injection (Metasploit)

DiskBoss Enterprise 8.8.16 - Buffer Overflow

Muviko 1.1 - SQL Injection

Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure

Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

9.1.2018

Bugtraq

[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)

CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)

[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

[slackware-security] irssi (SSA:2018-008-01) 2018-01-09
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4081-1] php5 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)

Response to Meltdown and Spectre 2018-01-08
Gordon Tetlow (gordon tetlows org)

APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)

Malware

Win32/Hikit.K

Win64/Heriplor.A

Phishing

MR. KEVIN BEN

9th January 2018

RE:Good News 05/01/2018

Aρρle-ID

7th January 2018

INVOICE: This email confirms
your purchase of the following
subscription

Vulnerebility

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102371

SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102145

Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102465

Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102464

Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102463

Microsoft Word CVE-2018-0804 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102457

SAP HANA CVE-2018-2362 Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102452

SAP Solution Manager CVE-2018-2361 Remote Authorization Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102450

SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102449

SAP Kernel CVE-2018-2360 Authentication Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102448

Microsoft SharePoint Server CVE-2018-0790 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102391

Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102387

Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102380

Microsoft ASP.NET Core CVE-2018-0785 Cross Site Request Forgery Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102379

Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102377

Microsoft Office CVE-2018-0801 Remote Code Execution Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102348

Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102347

Xen 'Hypervisor' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102169

Xen 'arch/x86/mm/paging.c' Denial of Service vulnerability
2018-01-08
http://www.securityfocus.com/bid/102175

Xen '/mm/hap/hap.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102167

Xen 'mm/shadow/multi.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102172

Malwarebytes Premium CVE-2018-5279 Local Denial of Service Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102453

Cisco Node-jose Library CVE-2018-0114 Remote Security Bypass Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102445

Dell SonicWall SonicOS NSA CVE-2018-5281 Multiple HTML Injection Vulnerabilities
2018-01-08
http://www.securityfocus.com/bid/102443

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102438

ImageMagick CVE-2017-18022 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102437

IBM Security Key Lifecycle Manager CVE-2017-1666 XML External Entity Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102434

Xen CVE-2018-5244 Memory Corruption Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102433

SANS News

Microsoft January 2018 Patch Tuesday

A Story About PeopleSoft: How to Make $250k Without Leaving Home.

What is going on with port 3333?

Threatpost

Apple Releases Spectre Patches for Safari, macOS and iOS

New Rules Announced for Border Inspection of Electronic Devices

Anti-Virus Updates Required Ahead of Microsoft’s Meltdown, Spectre Patches

Exploint

Commvault Communications Service (cvd) - Command Injection (Metasploit)

Android - Inter-Process munmap due to Race Condition in ashmem

Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138,...

Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76,...

Microsoft Edge Chakra JIT - Escape Analysis Bug

Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read

Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert...

Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call...

Microsoft Windows - Local XPS Print Spooler Sandbox Escape

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)

BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

Vanilla < 2.1.5 - Cross-Site Request Forgery

8.1.2018

Bugtraq

Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty 2018-01-06
Vulnerability Lab (research vulnerability-lab com)

SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4079-1] poppler security update 2018-01-07
Moritz Muehlenhoff (jmm debian org)

CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com

CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com

Social Media Widget by Acurax [CSRF] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com) (1 replies)

CMS Tree Page View [CSRF, Privilege Escalation] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com)

Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) 2018-01-06
apparitionsec gmail com

iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

Malware

Python.Zealot

Phishing

Aρρle-ID

7th January 2018

INVOICE: This email confirms
your purchase of the following
subscription

HSBC Bank plc

6th January 2018

YOUR ONLINE ACCESS HAS BEEN
SUSPENDED

Vulnerebility

Xen 'Hypervisor' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102169

Xen 'arch/x86/mm/paging.c' Denial of Service vulnerability
2018-01-08
http://www.securityfocus.com/bid/102175

Xen '/mm/hap/hap.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102167

Xen 'mm/shadow/multi.c' Memory Corruption Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102172

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
2018-01-08
http://www.securityfocus.com/bid/102438

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102378

IBM Security Key Lifecycle Manager CVE-2017-1666 XML External Entity Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102434

Xen CVE-2018-5244 Memory Corruption Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102433

ImageMagick CVE-2018-5248 Heap Buffer Overflow Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102431

IBM Security Key Lifecycle Manage CVE-2017-1668 Unspecified Open Redirect Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102430

IBM Security Key Lifecycle Manager CVE-2017-1670 Unspecified SQL Injection Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102429

Google Android Runtime CVE-2017-13176 Privilege Escalation Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102422

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Multiple Pivotal Cloud Foundry products CVE-2018-1190 Cross Site Scripting Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102427

Delta Electronics Delta Industrial Automation Screen Editor Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102426

Advantech WebAccess ICSA-18-004-02 Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102424

ImageMagick CVE-2017-1000476 Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102428

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

SANS News

Meltdown and Spectre: clearing up the confusion

Fake anti-virus pages popping up like weeds

Threatpost

Experts Weigh In On Spectre Patch Challenges

Exploint

DiskBoss Enterprise 8.5.12 - Denial of Service

Sync Breeze Enterprise 10.1.16 - Denial of Service

Disk Pulse Enterprise 10.1.18 - Denial of Service

VX Search Enterprise 10.1.12 - Denial of Service

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution

SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities

Photos in Wifi 1.0.1 - Path Traversal

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

FiberHome LM53Q1 - Multiple Vulnerabilities

BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

7.1.2018

Bugtraq

 

Malware

Win32/Juasek.C

Win32/Juasek.D

Phishing

HSBC Bank plc

6th January 2018

YOUR ONLINE ACCESS HAS BEEN
SUSPENDED

service@intl.paypal.com

6th January 2018

Re : Someone has your password
- [ Saturday, January 6, 2018
(GMT7) ]

Order Confirmation AppIe

4th January 2018

Re: [Invoice] Thank you for
your purchase at Apple Store
Order from Dec 26, 2017.

Vulnerebility

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102371

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102378

Google Android Runtime CVE-2017-13176 Privilege Escalation Vulnerability
2018-01-05
http://www.securityfocus.com/bid/102422

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Multiple Pivotal Cloud Foundry products CVE-2018-1190 Cross Site Scripting Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102427

Delta Electronics Delta Industrial Automation Screen Editor Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102426

Advantech WebAccess ICSA-18-004-02 Multiple Security Vulnerabilities
2018-01-04
http://www.securityfocus.com/bid/102424

ImageMagick CVE-2017-1000476 Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102428

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

Microsoft Edge Scripting Engine CVE-2018-0774 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102399

Microsoft Edge Scripting Engine CVE-2018-0773 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102398

Microsoft Edge Scripting Engine CVE-2018-0770 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102397

Microsoft Edge Scripting Engine CVE-2018-0769 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102396

Microsoft Edge Scripting Engine CVE-2018-0768 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102395

Microsoft Edge CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102393

Microsoft Edge CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102392

Microsoft Edge CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102389

Microsoft Edge CVE-2018-0766 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102388

Microsoft Edge CVE-2018-0803 Remote Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102384

SANS News

SSH Scans by Clients Types

VMware Security Advisory for V4H and V4PA desktop agent privilege escalation vulnerability -

Threatpost

Google Play Removes 22 Malicious ‘LightsOut’ Apps From Marketplace

Exploint

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC...

Cisco IOS - Remote Code Execution

Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit)

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

Gespage 7.4.8 - SQL Injection

GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow

5.1.2018

Bugtraq

iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability 2018-01-04
Vulnerability Lab (research vulnerability-lab com)

Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 4078-1] linux security update 2018-01-04
Yves-Alexis Perez (corsac debian org)

Re "Intel responds to security research findings" 2018-01-03
Ed Maste (emaste freebsd org)

Malware

Exp.CVE-2017-5753

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-04
http://www.securityfocus.com/bid/102365

Microsoft ChakraCore Scripting Engine CVE-2018-0818 Security Bypass Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102412

HP Moonshot Provisioning Manager Multiple Security Vulnerabilities
2018-01-03
http://www.securityfocus.com/bid/102410

Microsoft Internet Explorer and Edge CVE-2018-0772 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102409

Microsoft Internet Explorer and Edge CVE-2018-0762 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102408

Red Hat JBoss Enterprise Application Incomplete Fix Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102407

Microsoft Edge Scripting Engine CVE-2018-0758 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102405

Microsoft Edge Scripting Engine CVE-2018-0781 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102404

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

Microsoft Edge Scripting Engine CVE-2018-0774 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102399

Microsoft Edge Scripting Engine CVE-2018-0773 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102398

Microsoft Edge Scripting Engine CVE-2018-0770 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102397

Microsoft Edge Scripting Engine CVE-2018-0769 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102396

Microsoft Edge Scripting Engine CVE-2018-0768 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102395

Microsoft Edge CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102393

Microsoft Edge CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102392

Microsoft Edge CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102389

Microsoft Edge CVE-2018-0766 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102388

Microsoft Edge CVE-2018-0803 Remote Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102384

Cisco WebEx Network Recording Player CVE-2018-0104 Remote Code Execution Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102382

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102371

Cisco WebEx Network Recording Player CVE-2018-0103 Local Buffer Overflow Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102369

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102367

Microsoft Windows Kernel CVE-2018-0747 Local Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102366

Microsoft Windows ATMFD.dll CVE-2018-0788 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102364

SANS News

 

Threatpost

 

Exploint

Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69...

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Multiple CPUs - 'Spectre' Information Disclosure (PoC)

GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access

4.1.2018

Bugtraq

Re "Intel responds to security research findings" 2018-01-03
Ed Maste (emaste freebsd org)

Intel CPU bug forcing page table switch during syscalls? 2018-01-03
Pavel Machek (pavel ucw cz)

[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code 2018-01-03
security-alert hpe com

[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities 2018-01-03
cyber-psrt microfocus com

CVE-2017-6094 - Genexis GAPS Access Control Vulnerability 2018-01-03
Antoine Neuenschwander (antoine schoggi org)

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution 2018-01-02
Anti Räis (antirais gmail com)

Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 2018-01-03
Atlassian (security atlassian com)

Malware

 

Phishing

Order Confirmation AppIe

4th January 2018

Re: [Invoice] Thank you for
your purchase at Apple Store
Order from Dec 26, 2017.

Vulnerebility

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability
2018-01-09
http://www.securityfocus.com/bid/102365

Microsoft Edge Scripting Engine CVE-2018-0778 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102403

Microsoft Edge Scripting Engine CVE-2018-0777 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102402

Microsoft Edge Scripting Engine CVE-2018-0776 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102401

Microsoft Edge Scripting Engine CVE-2018-0775 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102400

Microsoft Edge Scripting Engine CVE-2018-0774 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102399

Microsoft Edge Scripting Engine CVE-2018-0773 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102398

Microsoft Edge Scripting Engine CVE-2018-0770 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102397

Microsoft Edge Scripting Engine CVE-2018-0769 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102396

Microsoft Edge Scripting Engine CVE-2018-0768 Remote Memory Corruption Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102395

Microsoft Edge CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102393

Microsoft Edge CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102392

Microsoft Edge CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102389

Microsoft Edge CVE-2018-0766 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102388

Microsoft Edge CVE-2018-0803 Remote Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102384

Cisco WebEx Network Recording Player CVE-2018-0104 Remote Code Execution Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102382

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102378

Multiple CPU Hardwares CVE-2017-5715 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102376

Multiple CPU Hardwares CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102371

Cisco WebEx Network Recording Player CVE-2018-0103 Local Buffer Overflow Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102369

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102367

Microsoft Windows Kernel CVE-2018-0747 Local Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102366

Microsoft Windows ATMFD.dll CVE-2018-0788 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102364

Microsoft Windows Kernel CVE-2018-0751 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102359

Microsoft Windows GDI Component CVE-2018-0750 Local Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102357

Microsoft Windows Server Message Block CVE-2018-0749 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102355

Microsoft Windows Kernel CVE-2018-0748 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102354

Microsoft Windows Kernel CVE-2018-0745 Local Information Disclosure Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102353

Microsoft Windows Kernel CVE-2018-0744 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102351

Microsoft Windows Subsystem for Linux CVE-2018-0743 Local Privilege Escalation Vulnerability
2018-01-03
http://www.securityfocus.com/bid/102350

SANS News

Phishing to Rural America Leads to Six-figure Wire Fraud Losses

Threatpost

MacOS LPE Exploit Gives Attackers Root Access

Spectre and Meltdown: What You Need to Know Right Now

Exploint

Xplico - Remote Code Execution (Metasploit)

Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)

EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection

EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection

Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation

3.1.2018

Bugtraq

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution 2018-01-02
Anti Räis (antirais gmail com)

Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 2018-01-03
Atlassian (security atlassian com)

Malware

 

Phishing

 

Vulnerebility

Huawei FusionSphere OpenStack CVE-2017-8135 Multiple Command Injection Vulnerabilities
2018-01-02
http://www.securityfocus.com/bid/102262

GNU C Library 'elf/dl-load.c ' CVE-2017-16997 Local Privilege Escalation Vulnerability
2018-01-02
http://www.securityfocus.com/bid/102228

Apple macOS 'IOHIDFamily' Component Local Privilege Escalation Vulnerability
2018-01-01
http://www.securityfocus.com/bid/102335

Webmin 'custom/run.cgi' Cross Site Scripting Vulnerability
2017-12-30
http://www.securityfocus.com/bid/102339

SANS News

PDF documents & URLs: video

Threatpost

VMware Issues 3 Critical Patches for vSphere Data Protection

Exploint

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection

2.1.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Huawei FusionSphere OpenStack CVE-2017-8135 Multiple Command Injection Vulnerabilities
2018-01-02
http://www.securityfocus.com/bid/102262

GNU C Library 'elf/dl-load.c ' CVE-2017-16997 Local Privilege Escalation Vulnerability
2018-01-02
http://www.securityfocus.com/bid/102228

Apple macOS 'IOHIDFamily' Component Local Privilege Escalation Vulnerability
2018-01-01
http://www.securityfocus.com/bid/102335

LibTIFF CVE-2017-17973 Memory Corruption Vulnerability
2017-12-29
http://www.securityfocus.com/bid/102331

Linux Kernel 'drivers/media/usb/usbtv/usbtv-core.c' Local Denial of Service Vulnerability
2017-12-29
http://www.securityfocus.com/bid/102330

Linux Kernel 'drivers/acpi/apei/einj.c' Local Denial of Service Vulnerability
2017-12-29
http://www.securityfocus.com/bid/102327

LibTIFF CVE-2017-17942 Heap Based Buffer Overflow Vulnerability
2017-12-28
http://www.securityfocus.com/bid/102312

SANS News

 

Threatpost

Forever 21 Says PoS Systems Exposed Customer Data for 8 Months

Exploint

Apple macOS - IOHIDSystem Kernel Read/Write

Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)

Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)

HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)

1.1.2018

Bugtraq

 

Malware

 

Phishing

Dr. Samuel Tata

28th December 2017

Ref to your fund: $850.000.00.

Vulnerebility

 

SANS News

What is new?

Analyzing TNEF files

Threatpost

 

Exploint

PHP Melody 2.7.1 - 'playlist' SQL Injection

D3DGear 5.00 Build 2175 - Buffer Overflow