Databáze Hot News 2018 July - 2018 January February March April May June July August September October November December

31.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

Malware

OSX.Calisto

Phishing

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

Linux Kernel Multiple Denial of Service Vulnerabilities
2018-07-27
http://www.securityfocus.com/bid/104917

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

IBM Sterling File Gateway CVE-2018-1398 Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104919

SoftNAS Cloud CVE-2018-14417 OS Command Injection Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104914

IBM Sterling B2B Integrator Multiple Unspecified Cross Site Scripting Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/104910

Linux Kernel 'kernel/time/posix-timers.c' Local Information Disclosure Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104909

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Multiple F5 BIG-IP Products CVE-2018-5530 Denial of Service Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104908

SANS News

Exploiting the Power of Curl

Threatpost

DMARC Compliance Lacking in 28 Percent of .Gov Agencies

Jailhouse Tablets Allow Inmates to Steal Thousands of Dollars in Credits

Updated AZORult Spyware Comes with Sophisticated New Techniques

Connected Car Apps Open Privacy Hole For Used Car Owners

Exploint

H2 Database 1.4.197 - Information Disclosure

Charles Proxy 4.2 - Local Privilege Escalation

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

30.7.2018

Bugtraq

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 2018-07-30
Tobias Glemser (tglemser secuvera de)

[SECURITY] [DSA 4257-1] fuse security update 2018-07-28
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-208-01) 2018-07-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

Malware

 

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

SANS News

Using RITA for Threat Analysis

Threatpost

 

Exploint

Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)

29.7.2018

Bugtraq

[SECURITY] [DSA 4256-1] chromium-browser security update 2018-07-27
Michael Gilbert (mgilbert debian org)

[CORE-2018-0009] - SoftNAS Cloud OS Command Injection 2018-07-26
Core Security Advisories Team (advisories coresecurity com)

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

Hacktool.Phantom

Trojan.Redgamble

Exp.CVE-2018-5008

Exp.CVE-2018-5028

Exp.CVE-2018-5040

Exp.CVE-2018-5061

Exp.CVE-2018-12789

Exp.CVE-2018-8324

Phishing

Wells Fargo Online

28th July 2018

Final Notice: Your access to
Online Banking service is
restricted

Bank of America

27th July 2018

Update Your Account

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-07-26
http://www.securityfocus.com/bid/103961

Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104905

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104902

Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104901

Apache Kafka CVE-2018-1288 Security Bypass Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104900

Apache Kafka CVE-2017-12610 User Impersonation Vulnerability
2018-07-26
http://www.securityfocus.com/bid/104899

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Google Chrome Prior to 68.0.3440.75 Multiple Security Vulnerabilities
2018-07-24
http://www.securityfocus.com/bid/104887

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Apple iOS and macOS Multiple Security Vulnerabilities
2018-07-23
http://www.securityfocus.com/bid/104897

SANS News

Sextortion - Follow the Money

Threatpost

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack

Highly Sophisticated Parasite RAT Emerges on the Dark Web

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

COSCO’s American Operations Hit With Crippling Ransomware Attack

Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist

Skills That a ‘Next-Level’ Pentester Should Have

Exploint

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

SoftNAS Cloud < 4.0.3 - OS Command Injection

Online Trade 1 - Information Disclosure

Skia - Heap Overflow in SkScan::FillPath due to Precision Error

NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)

26.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

Wells Fargo Online

26th July 2018

Your access to Online Banking
service is restricted

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Symantec Management Agent (Altiris) CVE-2018-5240 Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104753

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

SANS News

Windows Batch File Deobfuscation

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Exploint

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

25.7.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4255-1] ant security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities 2018-07-25
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4254-1] slurm-llnl security update 2018-07-24
Salvatore Bonaccorso (carnil debian org)

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-25
http://www.securityfocus.com/bid/104669

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
2018-07-23
http://www.securityfocus.com/bid/104879

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Cell Phone Monitoring. Who is Watching the Watchers?

Threatpost

Kronos Banking Trojan Resurfaces After Years of Silence

Emotet Malware Evolves Beyond Banking to Threat Delivery Service

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Podcast: The Industrial World is Facing a Security Crisis

Exploint

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)

24.7.2018

Bugtraq

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-07-24
Branco, Rodrigo (rodrigo branco intel com)

[SECURITY] [DSA 4253-1] network-manager-vpnc security update 2018-07-23
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Malware

BKDR_FLAWEDMMYY.B

BKDR_FLAWEDAMMYY.DLOADR

TROJ_KILLMBR.EE

Trojan.Zombieboy

Phishing

 

Vulnerebility

Wireshark CVE-2018-14438 Security Bypass Vulnerability
2018-07-24
http://www.securityfocus.com/bid/104876

Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104861

SANS News

Recent Emotet activity

Threatpost

Privacy Questions Raised as Tech Giants Join Forces on Data Portability

 

Privacy Questions Raised as Tech Giants Join Forces on Data Portability


 

Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops

 

Exploint

Microsoft Windows - 'dnslint.exe' Drive-By Download

Windows Speech Recognition - Buffer Overflow

Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Davolink DVW 3200 Router - Password Disclosure

NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

23.7.2018

Bugtraq

APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-23
Apple Product Security (product-security-noreply lists apple com)

Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 2018-07-23
Anton Black (ablack atlassian com)

[slackware-security] php (SSA:2018-201-01) 2018-07-20
Slackware Security Team (security slackware com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities 2018-07-20
Secunia Research (remove-vuln secunia com)

Malware

 

Phishing

BOA

22nd July 2018

YOUR PAYMENT OF $11.500,000
USD

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

Vulnerebility

 

SANS News

Analyzing MSG files

Threatpost

Facebook Suspends Analytics Firm Over Surveillance Concerns

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

Leaky Backup Spills 157 GB of Automaker Secrets

Facebook Suspends Analytics Firm Over Surveillance Concerns

ThreatList: Supply-Chain Defenses Need Improvement

Exploint

 

22.7.2018

Bugtraq

Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability 2018-07-19
Secunia Research (remove-vuln secunia com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-07-19
Secunia Research (remove-vuln secunia com)

Adobe Systems - Arbitrary Code Injection Vulnerability 2018-07-19
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] httpd (SSA:2018-199-01) 2018-07-18
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4252-1] znc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4251-1] vlc security update 2018-07-18
Moritz Muehlenhoff (jmm debian org)

GhostMail - (Status Message) Persistent Web Vulnerability 2018-07-18
Vulnerability Lab (research vulnerability-lab com)

Malware

Downloader.Zacinlo

Phishing

Anthony accracken

19th July 2018

Money Gram Reference
number:70289895

DHL COURIER COMPANY

19th July 2018

Your ATM CARD

HM Revenue & Customs - UK

19th July 2018

REIMBURSEMENTS ARE AVAILABLE
ONLY FOR A CERTAIN PERIOD OF
TIME (INDIVIDUAL,
ORGANISATION, AGENT,
PENSIONS).

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104779

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104766

Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104784

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104776

Oracle MySQL Server Multiple Security Vulnerabilities
2018-07-20
http://www.securityfocus.com/bid/104769

Oracle MySQL Server CVE-2018-3061 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104785

Oracle Java SE CVE-2018-2940 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104768

Oracle Java SE CVE-2018-2964 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104780

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104765

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104773

Oracle Java SE CVE-2018-2941 Remote Security Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104775

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-20
http://www.securityfocus.com/bid/104664

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

SANS News

Reporting Malicious Websites in 2018

Threatpost

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

ThreatList: Sizing Up The Scourge of Credential-Stuffing

Stealthy Malware Hidden in Images Takes to GoogleUserContent

IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

GangWang GPS Navigation Attack Leads Unsuspecting Drivers Astray

Exploint

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

19.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

HM Revenue & Customs - GOV UK

19th July 2018

A message from HM Revenue
charset=utf-8">

Jim

19th July 2018

Donald Trump Is The Powerful
Man Barack Obama Never Could
Be

TSB Bank Plc

19th July 2018

Important Notice (New Online
Banking Authentication
Procedure)

Dave Jacobs

19th July 2018

eBay vehicle for sale

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

libgcrypt CVE-2017-0379 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/100503

Oracle MySQL CVE-2018-2767 Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
2018-07-19
http://www.securityfocus.com/bid/103954

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-07-19
http://www.securityfocus.com/bid/101666

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Cisco Policy Suite CVE-2018-0376 Access Bypass Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104849

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

SANS News

Request for Packets: Port 15454

Oracle Critical Patch Update Release

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Oracle Sets All-Time Record with July Critical Patch Update

ThreatList: Popular Apps Get Enterprise Blacklisted

Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

LabCorp Investigates a Potential Breach that Could Affect Millions

Oracle Sets All-Time Record with July Critical Patch Update

Exploint

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

HomeMatic Zentrale CCU2 - Remote Code Execution

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

JavaScript Core - Arbitrary Code Execution

18.7.2018

Bugtraq

[SECURITY] [DSA 4250-1] wordpress security update 2018-07-18
Sebastien Delafond (seb debian org)

[slackware-security] mutt (SSA:2018-198-01) 2018-07-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4248-1] blender security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4249-1] ffmpeg security update 2018-07-17
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper 2018-07-17
Justin Bull (me justinbull ca)

Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities 2018-07-17
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

Anthony accracken

18th July 2018

Money Gram Reference
number:70289895

Vulnerebility

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104764

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104824

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104830

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104792

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104783

Oracle Java SE and JRockit CVE-2018-2952 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104765

Oracle WebCenter Portal CVE-2018-3101 Remote Security Vulnerability
2018-07-18
http://www.securityfocus.com/bid/104820

Oracle FLEXCUBE Universal Banking Multiple Security Vulnerabilities
2018-07-18
http://www.securityfocus.com/bid/104778

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104655

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104460

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2923 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104843

Oracle Sun ZFS Storage Appliance Kit (AK) CVE-2018-2905 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104842

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104841

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104840

Oracle PeopleSoft HRMS CVE-2018-3072 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104839

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104838

Oracle E-Business Suite CVE-2018-2996 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104837

Oracle E-Business Suite CVE-2018-2934 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104836

Oracle E-Business Suite CVE-2018-2997 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104835

Oracle Order Management CVE-2018-2954 Local Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104834

Oracle E-Business Suite Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104833

Oracle PeopleSoft Enterprise HCM Human Resources CVE-2018-3068 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104832

Oracle E-Business Suite CVE-2018-2953 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104831

Oracle Retail Bulk Data Integration CVE-2018-2891 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104829

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104828

Oracle Retail Customer Management and Segmentation Foundation Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104827

Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104826

Oracle MICROS Relate CRM Software CVE-2018-3052 Remote Security Vulnerability
2018-07-17
http://www.securityfocus.com/bid/104825

Oracle Primavera Unifier Multiple Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104823

Oracle MICROS Retail-J Multiple Remote Security Vulnerabilities
2018-07-17
http://www.securityfocus.com/bid/104822

SANS News

Oracle Critical Patch Update Release

Searching for Geographically Improbable Login Attempts

Threatpost

DDoS Attacks Get Bigger, Smarter and More Diverse

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

Oracle Sets All-Time Record with July Critical Patch Update

Microsoft Bounty Program Offers Payouts for Identity Service Bugs

Smaller Nation State Attacks: A Growing Cyber Menace

Exploint

HomeMatic Zentrale CCU2 - Remote Code Execution

Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)

QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Modx Revolution < 2.6.4 - Remote Code Execution

FTP2FTP 1.0 - Arbitrary File Download

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

17.7.2018

Bugtraq

[SECURITY] [DSA 4247-1] ruby-rack-protection security update 2018-07-16
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4246-1] mailman security update 2018-07-15
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4245-1] imagemagick security update 2018-07-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4244-1] thunderbird security update 2018-07-13
Moritz Muehlenhoff (jmm debian org)

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability 2018-07-13
Vulnerability Lab (research vulnerability-lab com)

Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability 2018-07-12
Secunia Research (remove-vuln secunia com)

SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS 2018-07-12
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

Malware

Trojan.Peralta

Win32/Emotet.BK

Phishing

Bank of America

13th July 2018

Notice: Your Profile is
Updated !

Vulnerebility

phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95720

phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95721

phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95726

phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95738

phpMyAdmin PMASA-2017-6 Server Side Request Forgery Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/95732

Symantec Norton App Lock CVE-2018-5239 Local Security Bypass Vulnerability
2018-07-16
http://www.securityfocus.com/bid/104693

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

VMware Tools HGFS CVE-2018-6969 Local Information Disclosure Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104737

Eaton 9000X Drive CVE-2018-8847 Stack Based Buffer Overflow Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104736

Oracle July 2018 Critical Patch Update Multiple Vulnerabilities
2018-07-12
http://www.securityfocus.com/bid/104735

F5 BIG-IP APM Client CVE-2018-5529 Local Privilege Escalation Vulnerability
2018-07-12
http://www.securityfocus.com/bid/104730

SANS News

Extracting BTC addresses from emails

Threatpost

DanaBot Trojan Targets Bank Customers In Phishing Scam

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

No Evidence of GandCrab Leveraging SMB Exploit – Yet

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race

DanaBot Trojan Targets Bank Customers In Phishing Scam

Exploint

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

macOS/iOS - JavaScript Injection Bug in OfficeImporter

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

VelotiSmart WiFi B-380 Camera - Directory Traversal

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)

12.7.2018

Bugtraq

[security bulletin] MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities 2018-07-12
cyber-psrt microfocus com

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability 2018-07-12
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] curl (SSA:2018-192-02) 2018-07-12
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2018-192-01) 2018-07-12
Slackware Security Team (security slackware com)

[CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 2018-07-11
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4243-1] cups security update 2018-07-11
Luciano Bello (luciano debian org)

AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Intel System CU - Buffer Overflow (Denial of Service) Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

Secutech DSL WR RIS 330 - Filter Bypass Vulnerability 2018-07-11
Vulnerability Lab (research vulnerability-lab com)

SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T 2018-07-11
SEC Consult Vulnerability Lab (research sec-consult com)

[slackware-security] mozilla-thunderbird (SSA:2018-191-01) 2018-07-11
Slackware Security Team (security slackware com)

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

Malware

Exp.CVE-2018-8125

Exp.CVE-2018-8242

Exp.CVE-2018-8262

Exp.CVE-2018-8274

Exp.CVE-2018-8297

Exp.CVE-2018-8296

Exp.CVE-2018-8291

Exp.CVE-2018-8289

Exp.CVE-2018-8288

Exp.CVE-2018-8275

Exp.CVE-2018-8279

Exp.CVE-2018-8283

Phishing

Microsoft.com Team

11th July 2018

REMINDER: Account closure
alert

Vulnerebility

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-07-12
http://www.securityfocus.com/bid/65400

SAP Business Client Unspecified Security Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104436

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/103700

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

Cisco FireSIGHT System Software CVE-2018-0383 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104726

Cisco FireSIGHT System Software CVE-2018-0384 Remote Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104725

Cisco Web Security Appliance CVE-2018-0366 Cross Site Scripting Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104724

Cisco StarOS for ASR 5000 Series Routers CVE-2018-0369 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104723

Juniper Junos CVE-2018-0027 Denial of Service Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104721

Juniper Junos CVE-2018-0026 Security Bypass Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104720

Juniper Junos CVE-2018-0025 Information Disclosure Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104719

Juniper Junos CVE-2018-0024 Local Privilege Escalation Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104718

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

SANS News

Well, Hello Again Peppa!

Threatpost

Fresh Spectre Variants Come to Light

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Chrome Now Features Site Isolation to Defend Against Spectre

Ticketmaster Breach: Just One Part of a Wide-Ranging Campaign

Multiple Bugs Found in QNAP Q’Center Web Console

Deceased Patient Data Being Sold on Dark Web

Exploint

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE...

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Dicoogle PACS 2.5.0 - Directory Traversal

Instagram-Clone Script 2.0 - Cross-Site Scripting

Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

11.7.2018

Bugtraq

APPLE-SA-2018-7-9-7 iTunes 12.8 for Windows 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-3 tvOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-6 iCloud for Windows 7.6 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-2 watchOS 4.3.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-5 Safari 11.1.2 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-7-9-1 iOS 11.4.1 2018-07-09
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4242-1] ruby-sprockets security update 2018-07-09
Salvatore Bonaccorso (carnil debian org)

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Emotet.BK

Hacktool.Zacinlo

Backdoor.Ophop

Backdoor.Plaintee

Phishing

 

Vulnerebility

SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability
2018-07-11
http://www.securityfocus.com/bid/104115

SAP Internet Graphics Server CVE-2018-2437 Arbitrary Command Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104705

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104102

Adobe Acrobat and Reader CVE-2018-12802 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104704

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104703

Adobe Experience Manager Server Side Request Forgery Multiple Security Bypass Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104702

Adobe Acrobat and Reader APSB18-21 Multiple Arbitrary Code Execution Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104701

Adobe Acrobat and Reader APSB18-21 Multiple Heap Buffer Overflow Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104700

Adobe Acrobat and Reader APSB18-21 Multiple Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104699

Adobe Flash Player APSB18-24 Arbiitrary Code Execution and Information Disclosure Vulnerabilities
2018-07-10
http://www.securityfocus.com/bid/104698

Adobe Connect CVE-2018-12804 Authentication Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104697

Adobe Connect Add-in Installer CVE-2018-12805 DLL Loading Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104696

SAP BusinessObjects Business Intelligence Suite CVE-2018-2431 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104695

Microsoft Windows Kernel CVE-2018-8313 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104670

Microsoft Windows Kernel CVE-2018-8308 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104669

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8282 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104668

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104667

Microsoft .NET Framework CVE-2018-8260 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104666

Microsoft .NET Framework CVE-2018-8202 Local Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104665

Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104664

Microsoft ASP.NET Core CVE-2018-8171 Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104659

Microsoft Web Customization for ADFS CVE-2018-8326 Cross Site Scripting Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104656

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104655

Microsoft Edge CVE-2018-8301 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104654

Microsoft Edge CVE-2018-8274 Remote Memory Corruption Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104653

Microsoft Windows CVE-2018-8314 Privilege Escalation Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104652

Microsoft Edge CVE-2018-8325 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104651

Microsoft Edge CVE-2018-8324 Information Disclosure Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104650

Microsoft Windows PowerShell CVE-2018-8327 Remote Code Execution Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104649

Microsoft Windows CVE-2018-8309 Local Denial of Service Vulnerability
2018-07-10
http://www.securityfocus.com/bid/104648

SANS News

Microsoft Patch Tuesday July 2018 (now with Dashboard!)

Threatpost

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

Adobe Issues Over 100 Patches for Flash, Acrobat and Reader

Researchers Reveal Workaround for Apple’s USB Restricted Mode

Apple OS Update Lifts Curtain on iPhone USB Restricted Mode

How to Solve the Developer vs. Cybersecurity Team Battle

Exploint

D-Link DIR601 2.02 - Credential Disclosure

Elektronischer Leitz-Ordner 10 - SQL Injection

WolfSight CMS 3.2 - SQL Injection

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote...

7.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

dd progress indicator on Linux

Threatpost

Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining

Google Patches Critical Remote Code Execution Bugs in Android OS

Keeping False Positives in Check

Newsmaker Interview: VDOO CEO Talks Top IoT Threats

Exploint

PolarisOffice 2017 8 - Remote Code Execution

Airties AIR5444TT - Cross-Site Scripting

6.7.2018

Bugtraq

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-07-06
http://www.securityfocus.com/bid/101274

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

SANS News

 

Threatpost

Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear

ThreatList: Biggest Cybercrime Developments in 2018, So Far

Exploint

PolarisOffice 2017 8 - Remote Code Execution

5.7.2018

Bugtraq

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

Malware

 

Phishing

TSB Bank

5th July 2018

We are having problems with
your account

LLOYDS BANK

5th July 2018

Important Notice OR Important
Update

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

SANS News

XPS Metadata

Threatpost

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Android Apps Are Sharing Screenshots, Video Recordings to Third Parties, Report Finds

Exploint

ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Local Root Jailbreak

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection

4.7.2018

Bugtraq

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

Backdoor.Plaintee

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/104555

Cisco Adaptive Security Appliance Software CVE-2018-0296 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104612

Multiple Cisco Products CVE-2018-0240 Multiple Denial of Service Vulnerabilities
2018-07-04
http://www.securityfocus.com/bid/103934

Multiple Cisco Products CVE-2018-0227 SSL Certificate Validation Security Bypass Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104018

Cisco Adaptive Security Appliance (ASA) Software CVE-2018-0228 Denial of Service Vulnerability
2018-07-04
http://www.securityfocus.com/bid/104220

Palo Alto Networks PAN-OS CVE-2017-17841 Information Disclosure Vulnerability
2018-07-04
http://www.securityfocus.com/bid/102458

Mozilla Thunderbird MFSA2018-18 Multiple Information Disclosure Vulnerabilities
2018-07-03
http://www.securityfocus.com/bid/104613

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

SANS News

Progress indication for scripts on Windows

Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Newsmaker Interview: Marten Mickos on the Future of Bug Bounty

Samsung Investigates Claims of Spontaneous Texting of Images to Contacts

More Federal Agencies Wrapped Up in Facebook Data Privacy Probe

Welcome to a New Look for Threatpost

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

Exploint

ShopNx - Arbitrary File Upload

Online Trade - Information Disclosure

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

CMS Made Simple 2.2.5 - Remote Code Execution

ntop-ng < 3.4.180617 - Authentication Bypass

ModSecurity 3.0.0 - Cross-Site Scripting

Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)

openslp 2.0.0 - Double-Free

3.7.2018

Bugtraq

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

Malware

 

Phishing

 

Vulnerebility

GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
2018-07-03
http://www.securityfocus.com/bid/104594

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

SANS News

 

Threatpost

 

Exploint

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

2.7.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

GNU Binutils CVE-2018-13033 Denial of Service Vulnerability
2018-07-01
http://www.securityfocus.com/bid/104584

phpMyAdmin PMASA-2017-8 Security Bypass Vulnerability
2018-06-29
http://www.securityfocus.com/bid/97211

GNU libiberty CVE-2018-12934 Denial of Service Vulenerability
2018-06-29
http://www.securityfocus.com/bid/104575

InPage '.inp' File Parser Remote Code Execution Vulnerability
2018-06-28
http://www.securityfocus.com/bid/94548

Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
2018-06-28
http://www.securityfocus.com/bid/104563

Perl Archive-Zip CVE-2018-10860 Directory Traversal Vulnerability
2018-06-28
http://www.securityfocus.com/bid/104580

SANS News

Hello Peppa! - PHP Scans

Threatpost

 

Exploint

VMware NSX SD-WAN Edge < 3.1.2 - Command Injection

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution...

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

SIPp 3.6 - Local Buffer Overflow (PoC)

Core FTP LE 2.2 - Buffer Overflow (PoC)

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)