2018


23.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

 

22.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

OSX.Evilosx

Backdoor.Sagerunex

Phishing

Account 20th June 2018
[Support] : Your bank account
has been limited !

 
AOL18th June 2018
YOUR AOL EMAIL WILL BE DELETED

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
2018-06-21
http://www.securityfocus.com/bid/104528

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco Unified Communications Manager IM CVE-2018-0363 Cross Site Request Forgery Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104523

SANS News

XPS Attachment Used for Phishing

Are Your Hunting Rules Still Working?

Threatpost

Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR

Financial Services Sector Rife with Hidden Tunnels

Exploint

phpMyAdmin 4.8.1 - Local File Inclusion

phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)

GreenCMS 2.3.0603 - Information Disclosure

LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)

Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution

21.6.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-06-21
http://www.securityfocus.com/bid/102376

Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103816

Oracle Outside In Technology CVE-2018-2801 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103819

Oracle Outside In Technology CVE-2018-2768 Remote Security Vulnerability
2018-06-20
http://www.securityfocus.com/bid/103815

Cisco NX-OS Software NX-API CVE-2018-0301 Remote Code Execution Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104512

Symantec Endpoint Protection CVE-2018-5237 Local Privilege Escalation Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104199

Symantec Endpoint Protection CVE-2018-5236 Local Denial of Service Vulnerability
2018-06-20
http://www.securityfocus.com/bid/104198

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

SANS News

 

Threatpost

New Phishing Scam Reels in Netflix Users to TLS-Certified Sites

When It Comes To IoT Security, Liability Is Muddled

Exploint

Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege...

Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

VideoInsight WebClient 5 - SQL Injection

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

20.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities
2018-06-19
http://www.securityfocus.com/bid/104490

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

Secure Phishing: Netflix Phishing Goes TLS

Threatpost

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

When It Comes To IoT Security, Liability Is Muddled

Exploint

Apache CouchDB < 2.1.0 - Remote Code Execution

TP-Link TL-WA850RE - Remote Command Execution

NewMark CMS 2.1 - 'sec_id' SQL Injection

MaDDash 2.0.2 - Directory Listing

Mirasys DVMS Workstation 5.12.6 - Path Traversal

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Redis 5.0 - Denial of Service

19.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Trojan.Invisimole

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-19
http://www.securityfocus.com/bid/104460

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
2018-06-17
http://www.securityfocus.com/bid/104487

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

HP UCMDB Browser CVE-2018-6496 Cross Site Request Forgery Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104483

SANS News

PowerShell: ScriptBlock Logging... Or Not?

Threatpost

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

Google Home, Chromecast Leak Location Information

macOS QuickLook Feature Leaks Data Despite Encrypted Drive

22K Open, Vulnerable Containers Found Exposed on the Net

Exploint

Microsoft COM for Windows - Privilege Escalation

Redis-cli < 5.0 - Buffer Overflow (PoC)

18.6.2018

Bugtraq

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

[SECURITY] [DSA 4229-1] strongswan security update 2018-06-16
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 4230-1] redis security update 2018-06-17
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

Malware

Exp.CVE-2018-5002

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
2018-06-18
http://www.securityfocus.com/bid/104407

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

SANS News

Malicious JavaScript Targeting Mobile Browsers

Threatpost

 

Exploint

Redatam Web Server < 7 - Directory Traversal

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery

Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery

Redis-cli < 5.0 - Buffer Overflow (PoC)

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Pale Moon Browser < 27.9.3 - Use After Free (PoC)

Nikto 2.1.6 - CSV Injection

17.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

SANS News

Anomaly Detection & Threat Hunting with Anomalize

Encrypted Office Documents

Threatpost

WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little

New Banking Trojan Can Launch Overlay Attacks on Latest Android Versions

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Soroush IM Desktop app 0.15 - Authentication Bypass

15.6.2018

Bugtraq

CA20180614-01: Security Notice for CA Privileged Access Manager 2018-06-15
Williams, Ken (Ken Williams ca com)

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 2018-06-15
Branco, Rodrigo (rodrigo branco intel com)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 2018-06-14
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4228-1] spip security update 2018-06-14
Sebastien Delafond (seb debian org)

APPLE-SA-2018-06-13-01 Xcode 9.4.1 2018-06-13
Apple Product Security (product-security-noreply lists apple com)

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104460

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-15
http://www.securityfocus.com/bid/104382

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Node.js CVE-2018-7162 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104468

Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104465

Node.js CVE-2018-7164 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104463

NetApp SANtricity Products CVE-2018-5488 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104462

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

SANS News

SMTP Strangeness - Possible C2

Threatpost

Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement

Microsoft Reveals Which Bugs It Won’t Patch

Exploint

Dimofinf CMS 3.0.0 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting

Joomla Component Ek rishta 2.10 - SQL Injection

Soroush IM Desktop app 0.15 - Authentication Bypass

rtorrent 0.9.6 - Denial of Service

14.6.2018

Bugtraq

Multiple Security Issues in Ecos Secure Boot Stick (SBS) 2018-06-13
Michael Rossberg (michael rossberg tu-ilmenau de)

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Danabot

Phishing

 

Vulnerebility

GNU glibc CVE-2018-1000001 Local Privilege Escalation Vulnerability
2018-06-14
http://www.securityfocus.com/bid/102525

DHCP CVE-2018-1111 Command Injection Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104195

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-06-14
http://www.securityfocus.com/bid/104345

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104460

TIBCO Administrator CVE-2018-5432 Cross Site Scripting Vulnerability
2018-06-13
http://www.securityfocus.com/bid/104458

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

SAP UI5 CVE-2018-2424 Cross Site Scripting Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104459

TIBCO Runtime Agent CVE-2018-5434 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104454

TIBCO Administrator CVE-2018-5433 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104451

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

SANS News

A Bunch of Compromized Wordpress Sites

Threatpost

Malicious Docker Containers Earn Cryptomining Criminals $90K

Two Bugs in WordPress Tooltipy Plugin Patched

Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist

Exploint

DHCP Client - Command Injection (DynoRoot) (Metasploit)

Joomla Component Ek rishta 2.10 - SQL Injection

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload

MACCMS 10 - Cross-Site Request Forgery (Add User)

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

glibc - 'realpath()' Privilege Escalation (Metasploit)

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

13.6.2018

Bugtraq

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 2018-06-13
yavuz atlas (yavatlas gmail com)

CSNC-2018-021 - Vert.x - HTTP Header Injection 2018-06-13
Advisories (advisories compass-security com)

[SECURITY] [DSA 4227-1] plexus-archiver security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

Malware

TROJ_KILLMBR.EE

Trojan.Ursnif

Exp.CVE-2018-8267

Exp.CVE-2018-8249

Exp.CVE-2018-8248

Exp.CVE-2018-8236

Exp.CVE-2018-8229

Exp.CVE-2018-8210

Exp.CVE-2018-8111

Exp.CVE-2018-8110

Phishing

 

Vulnerebility

SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
2018-06-13
http://www.securityfocus.com/bid/103700

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104106

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-06-12
http://www.securityfocus.com/bid/103655

Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/65400

Apache Struts CVE-2015-0899 Security Bypass Vulnerability
2018-06-12
http://www.securityfocus.com/bid/74423

Schneider Electric U.motion Builder ICSA-18-163-01 Multiple Security Vulnerabilities
2018-06-12
http://www.securityfocus.com/bid/104447

SAP UI5 Handler CVE-2018-2428 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104446

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104442

Google V8 CVE-2018-6149 Out-of-Bounds Write Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104440

SAP Business Objects Enterprise Remote Code Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104439

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Microsoft Windows CVE-2018-8210 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104407

Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104406

Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104405

Microsoft Internet Explorer Scripting Engine CVE-2018-8267 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104404

Microsoft ChakraCore Scripting Engine CVE-2018-8243 Remote Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104403

Microsoft Windows Hyper-V CVE-2018-8218 Remote Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104402

Microsoft Windows GDI Component CVE-2018-8239 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104401

Microsoft Windows Media Foundation CVE-2018-8251 Memory Corruption Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104398

Microsoft Windows DNSAPI CVE-2018-8225 Remote Code Execution Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104395

Microsoft Windows Desktop Bridge CVE-2018-8214 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104394

Microsoft Windows Wireless Network Profile CVE-2018-8209 Local Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104393

Microsoft Windows Desktop Bridge CVE-2018-8208 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104392

Microsoft Windows CVE-2018-8205 Local Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104391

Microsoft Windows Code Integrity Module CVE-2018-1040 Denial of Service Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104389

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8233 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104383

Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104382

Microsoft Windows Kernel CVE-2018-8224 Local Privilege Escalation Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104381

SANS News

From Microtik with Love

Microsoft June 2018 Patch Tuesday

Threatpost

Android Devices With Misconfigured ADB, a Ripe Target for Cryptojacking Malware

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

FBI’s BEC Crackdown Leads To 74 Arrests Globally

Exploint

MACCMS 10 - Cross-Site Request Forgery (Add User)

Canon LBP6030w - Authentication Bypass

Canon LBP7110Cw - Authentication Bypass

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

12.6.2018

Bugtraq

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities 2018-06-12
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) 2018-06-12
Defense Code (defensecode defensecode com)

[SECURITY] [DSA 4226-1] perl security update 2018-06-12
Salvatore Bonaccorso (carnil debian org)

AST-2018-008: PJSIP endpoint presence disclosure when using ACL 2018-06-11
Asterisk Security Team (security asterisk org)

AST-2018-007: Infinite loop when reading iostreams 2018-06-11
Asterisk Security Team (security asterisk org)

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-5000

Exp.CVE-2018-5001

Phishing

 

Vulnerebility

SAP Business One CVE-2018-2425 Information Disclosure Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104438

SAP Business Client Unspecified Security Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104436

SAP BASIS Report for Terminology Export OS Command Injection Vulnerability
2018-06-12
http://www.securityfocus.com/bid/104435

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

SANS News

 

Threatpost

InvisiMole Burrows into Targets with Rich Espionage Tools

Exploint

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection

WordPress Google Map Plugin < 4.0.4 - SQL Injection

Canon PrintMe EFI - Cross-Site Scripting

OX App Suite 7.8.4 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

11.6.2018

Bugtraq

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) 2018-06-08
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 4225-1] openjdk-7 security update 2018-06-10
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4224-1] gnupg security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4220-1] firefox-esr security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect) 2018-06-08
ch sangsakul gmail com

[SECURITY] [DSA 4223-1] gnupg1 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4222-1] gnupg2 security update 2018-06-08
Salvatore Bonaccorso (carnil debian org)

[slackware-security] gnupg2 (SSA:2018-159-01) 2018-06-08
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4221-1] libvncserver security update 2018-06-08
Moritz Muehlenhoff (jmm debian org)

Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS) 2018-06-08
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104412

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/104413

Flexera Software FlexNet Publisher CVE-2015-8277 Buffer Overflow Vulnerability
2018-06-11
http://www.securityfocus.com/bid/83334

Jetty CVE-2015-2080 Information Disclosure Vulnerability
2018-06-11
http://www.securityfocus.com/bid/72768

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-11
http://www.securityfocus.com/bid/103961

Node.js 'Forwarded' Module CVE-2017-16118 Denial of Service Vulnerability
2018-06-11
http://www.securityfocus.com/bid/104427

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Perl CVE-2018-12015 Directory Traversal Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104423

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

SANS News

More malspam pushing Lokibot

Threatpost

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

Creative Spam Thinks Outside the Macro with .IQY Attachments

Google Tackles AI Principles: Is It Enough?

Exploint

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script - 'get_sec.php' SQL Injection

userSpice 4.3.24 - Username Enumeration

userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting

Schools Alert Management Script - Arbitrary File Deletion

Joomla! Component EkRishta 2.10 - 'cid' SQL Injection

Event Manager Admin panel - 'events_new.php' SQL injection

Schools Alert Management Script - SQL Injection

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS

10.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

Malware

 

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

SANS News

Malspam pushing coin miner and other malware

Threatpost

 

Exploint

 

8.6.2018

Bugtraq

[SECURITY] [DSA 4219-1] jruby security update 2018-06-08
Sebastien Delafond (seb debian org)

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities 2018-06-07
Defense Code (defensecode defensecode com)

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4995

Phishing

 

Vulnerebility

Intel Integrated Performance Primitives Cryptography Local Information Disclosure Vulnerability
2018-06-08
http://www.securityfocus.com/bid/104261

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Multiplle Rockwell Automation Products CVE-2018-10619 Local Privilege Escalation Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104415

Adobe Flash Player APSB18-19 Multiple Security Vulnerabilities
2018-06-07
http://www.securityfocus.com/bid/104413

Adobe Flash Player CVE-2018-5002 Stack Buffer Overflow Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104412

Cisco FireSIGHT System Software CVE-2018-0333 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104422

Cisco WebEx CVE-2018-0356 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104421

Cisco WebEx CVE-2018-0357 Cross Site Scripting Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104420

Cisco Meeting Server CVE-2018-0263 Information Disclosure Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104419

Cisco Web Security Appliance CVE-2018-0353 Remote Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104417

Cisco Prime Collaboration Provisioning CVE-2018-0320 SQL Injection Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104416

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104418

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

SANS News

Automated twitter loot collection

Threatpost

Zero-Day Flash Exploit Targeting Middle East

GDPR: A Compliance Quagmire, for Now

Targeted Spy Campaign Hits Russian Service Centers

Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen

CloudPets May Be Out of Business, But Security Concerns Remain

Baby Cam Creeper Actively Watched New Mom

PageUp Malware Scare Sheds Light On Third-Party Risks

Exploint

 

7.6.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-157-01) 2018-06-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4218-1] memcached security update 2018-06-06
Salvatore Bonaccorso (carnil debian org)

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1000200 Local Denial of Service Vulnerability
2018-06-07
http://www.securityfocus.com/bid/104397

Mozilla Firefox and Firefox ESR CVE-2018-6126 Heap Buffer Overflow Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104411

Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104410

Cisco Prime Collaboration Provisioning CVE-2018-0321 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104409

Google Chrome CVE-2018-6148 Security Bypass Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104408

Apache Storm CVE-2018-1332 User Impersonation Vulnerability
2018-06-06
http://www.securityfocus.com/bid/104399

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

QEMU CVE-2018-11806 Heap Buffer Overflow Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104400

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

PageUp Malware Scare Sheds Light On Third-Party Risks

Zip Slip Flaw Affects Thousands of Open-Source Projects

Auth0 Glitch Allows Attackers to Launch Phishing Attacks

Exploint

 

6.6.2018

Bugtraq

Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688) 2018-06-05
yavuz atlas (yavatlas gmail com)

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

Malware

VBS/TrojanDownloader.Agent.OBQ

Win32/TrojanDownloader.Agent.DWX

Win32/Filecoder.Rapid.A

Win32/Corebot.F

Phishing

 

Vulnerebility

WebKit Multiple Memory Corruption Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/103961

ABB IP Gateway ICSA-18-156-01 Multiple Security Vulnerabilities
2018-06-05
http://www.securityfocus.com/bid/104388

Ocularis 'VMS_VA' Server Process Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104387

Multiple F5 BIG-IP Products CVE-2018-5522 Remote Denial of Service Vulnerability
2018-06-05
http://www.securityfocus.com/bid/104384

Apple iOS and macOS Multiple Security Vulnerabilities
2018-06-04
http://www.securityfocus.com/bid/103957

Multiple F-Secure Windows Endpoint Protection Products Arbitrary Code Execution Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104385

Apple macOS/iCloud/iOS/watchOS/tvOS/iTunes CVE-2018-4224 Local Authorization Bypass Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104378

Apple iOS and Safari CVE-2018-4247 Remote Denial of Service Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104366

Apple Safari CVE-2018-4205 Address Bar Spoofing Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104358

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

EMC RSA Web Threat Detection CVE-2018-1252 SQL Injection Vulnerability
2018-05-31
http://www.securityfocus.com/bid/104396

Multiple GE MDS PulseNET Products Multiple Security vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104377

SANS News

Converting PCAP Web Traffic to Apache Log

Threatpost

DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

Drupalgeddon 2.0 Still Haunting 115K+ Sites

Social Media Privacy Dominates Apple iOS 12, macOS Launches

Exploint

 

3.6.2018

Bugtraq

[SECURITY] [DSA 4214-1] zookeeper security update 2018-06-01
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-4 iOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4216-1] prosody security update 2018-06-02
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities 2018-05-31
Core Security Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 4191-2] redmine regression update 2018-06-03
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-06-01-2 Safari 11.1.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4217-1] wireshark security update 2018-06-03
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2018-06-01-6 tvOS 11.4 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4215-1] batik security update 2018-06-02
Sebastien Delafond (seb debian org)

[slackware-security] git (SSA:2018-152-01) 2018-06-01
Slackware Security Team (security slackware com)

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30
Amine Taouirsa (taouirsa gmail com)

APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01
Apple Product Security (product-security-noreply lists apple com)

CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30
mehta himanshu21 gmail com

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Apple Security Updates

Threatpost

 

Exploint

 

2.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Binary analysis with Radare2

Threatpost

Researchers Warn of Microsoft Zero-Day RCE Bug

Browser Side-Channel Flaw De-Anonymizes Facebook Data

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Exploint

 

1.6.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

WordPress CVE-2018-10101 Security Vulnerability
2018-06-01
http://www.securityfocus.com/bid/104350

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

Git CVE-2018-11233 Information Disclosure Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104346

Git CVE-2018-11235 Arbitrary Code Execution Vulnerability
2018-05-30
http://www.securityfocus.com/bid/104345

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SANS News

Resetting Your Router the Paranoid (=Right) Way

Binary analysis with Radare2

Threatpost

ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS

Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info

Huawei Patches Four Server Bugs Rated High Severity

Exploint

 

31.5.2018

Bugtraq

 

Malware

Exp.CVE-2018-4995

Trojan.Wipeboot

Phishing

 

Vulnerebility

Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
2018-05-31
http://www.securityfocus.com/bid/104246

VMware Horizon Client CVE-2018-6964 Local Privilege Escalation Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104315

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

SANS News

Resetting Your Router the Paranoid (=Right) Way

Threatpost

Bug In Git Opens Developer Systems Up to Attack

Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans

Yahoo Hacker Sentenced; Coke Opens Up a Can of Data Breach

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Exploint

 

30.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Use-After-Free Remote Code Execution Vulnerability
2018-05-29
http://www.securityfocus.com/bid/104310

Google Chrome Prior to 67.0.3396.62 Multiple Security Vulnerabilities
2018-05-29
http://www.securityfocus.com/bid/104309

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

SANS News

The end of the lock icon

Threatpost

Fraudsters Claim To Hack Two Canadian Banks

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Google Patches reCAPTCHA Bypass

Exploint

 

29.5.2018

Bugtraq

 

Malware

Win32/Agent.TDK

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

VideoLAN VLC 'input/demux_chained.c' Denial of Service Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104293

Linux Kernel 'kernel/compat.c' Local Information Disclosure Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104292

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

SANS News

DNS is Changing. Are you Ready?

Threatpost

Singapore ISP Leaves 1,000 Routers Open to Attack

Exploint

 

28.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2018-05-28
http://www.securityfocus.com/bid/12577

Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104253

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-28
http://www.securityfocus.com/bid/104263

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

SANS News

Do you hear Laurel or Yanny or is it On-Off Keying?

Threatpost

 

Exploint

 

27.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Malware

Exp.CVE-2018-4990

Phishing

 

Vulnerebility

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104228

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

SANS News

Quick analysis of malware created with NSIS

Threatpost

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

Pet Trackers Open to MITM Attacks, Interception

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

Attackers Cashing In On Cryptocurrency With Increased Scams

Exploint

 

25.5.2018

Bugtraq

[SECURITY] [DSA 4209-1] thunderbird security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4210-1] xen security update 2018-05-25
Moritz Muehlenhoff (jmm debian org)

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24
Yavuz Atlas (yavuz atlas biznet com tr)

Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24
research nightwatchcybersecurity com

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-25
http://www.securityfocus.com/bid/104232

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

SANS News

Antivirus Evasion? Easy as 1,2,3

"Blocked" Does Not Mean "Forget It"

Threatpost

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Amazon Comes Under Fire for Facial Recognition Platform

James Comey: FBI Faces Deep Tech-Related Questions

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Exploint

 

24.5.2018

Bugtraq

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23
reggie dodd30 gmail com

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23
cyber-psrt microfocus com

[CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23
Simon Steiner (simonsteiner1984 gmail com)

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
2018-05-24
http://www.securityfocus.com/bid/104256

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

strongSwan CVE-2018-5388 Buffer Underflow Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104263

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104252

Multiple BMW Products Multiple Security Vulnerabilities
2018-05-22
http://www.securityfocus.com/bid/104258

SANS News

"Blocked" Does Not Mean "Forget It"

Threatpost

Amazon Comes Under Fire for Facial Recognition Platform

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Exploint

 

23.5.2018

Bugtraq

K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22
fuming22 gmail com

[slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4208-1] procps security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23
Slackware Security Team (security slackware com)

[slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4207-1] packagekit security update 2018-05-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

Malware

Win32/Agent.YEV

Win32/Filecoder.SynAck.A

Win32/Agent.ZNG

Phishing

 

Vulnerebility

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104167

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-23
http://www.securityfocus.com/bid/104232

Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104239

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/10422

SANS News

 

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

Track naughty and nice binaries with Google Santa

Exploint

 

22.5.2018

Bugtraq

[SECURITY] [DSA 4206-1] gitlab security update 2018-05-21
Moritz Muehlenhoff (jmm debian org)

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4204-1] imagemagick security update 2018-05-18
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

VMware Workstation and Fusion CVE-2018-6963 Multiple Denial of Service Vulnerabilities
2018-05-21
http://www.securityfocus.com/bid/104237

VMware Fusion CVE-2018-6962 Local Security Bypass Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104235

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104232

Multiple CPU Hardwares CVE-2018-3640 Information Disclosure Vulnerability
2018-05-21
http://www.securityfocus.com/bid/104228

OpenDaylight Controller 'SdniDataBase.java' SQL Injection Vulnerability
2018-05-19
http://www.securityfocus.com/bid/104238

ISC BIND CVE-2018-5737 Remote Denial of Service Vulnerability
2018-05-18
http://www.securityfocus.com/bid/104236

SANS News

Malware Distributed via .sylk Files

Threatpost

Intel Responds to Spectre-Like Flaw In CPUs

TeenSafe Tracking App Exposes Thousands of Private Records

Exploint

Superfood 1.0 - Multiple Vulnerabilities

21.5.2018

Bugtraq

Qualys Security Advisory - Procps-ng Audit Report 2018-05-21
Qualys Security Advisory (qsa qualys com)

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

DASAN GPON home routers exploits in-the-wild

Something Wicked this way comes

Threatpost

 

Exploint

Superfood 1.0 - Multiple Vulnerabilities

mySCADA myPRO 7 - Hard-Coded Credentials

Superfood 1.0 - Multiple Vulnerabilities

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

19.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Targeting UK Bank Customers

Threatpost

Hurdles Remain After Senate Votes To Restore Net Neutrality

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Exploint

mySCADA myPRO 7 - Hard-Coded Credentials

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution

D-Link DSL-3782 - Authentication Bypass

HPE iMC 7.3 - Remote Code Execution (Metasploit)

SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Cisco SA520W Security Appliance - Path Traversal

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

DynoRoot DHCP - Client Command Injection

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

18.5.2018

Bugtraq

MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18
Harry Sintonen (bugtraq kyber fi)

[SECURITY] [DSA 4203-1] vlc security update 2018-05-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-136-01) 2018-05-17
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2018-136-02) 2018-05-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco Meeting Server CVE-2018-0280 Denial of Service Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104209

Cisco Enterprise NFV Infrastructure Software CVE-2018-0324 Local Command Injection Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104208

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104207

SANS News

Business Email Compromise incidents

Anatomy of a Redis mining worm

Threatpost

Fake Fortnite Apps for Android Spread Spyware, Cryptominers

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Exploint

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request...

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

17.5.2018

Bugtraq

[SECURITY] [DSA 4202-1] curl security update 2018-05-16
Alessandro Ghedini (ghedo debian org)

CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16
Alfredo Ortega (ortegaalfredo gmail com)

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

Malware

 

Phishing

 

Vulnerebility

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104020

PHP CVE-2018-10545 Security Bypass Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104022

PHP Multiple Security Vulnerabilities
2018-05-17
http://www.securityfocus.com/bid/104019

Xen CVE-2018-10981 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104149

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104003

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104071

Xen CVE-2018-10982 Local Denial of Service Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104150

Xen XSA-258 Information Disclosure Vulnerability
2018-05-17
http://www.securityfocus.com/bid/104002

Cisco DNA Center Software CVE-2018-0268 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104192

Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104191

Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104164

Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
2018-05-16
http://www.securityfocus.com/bid/104163

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

SANS News

 

Threatpost

Critical Linux Flaw Opens the Door to Full Root Access

New Cryptominer Distributes XMRig in Aggressive Attacks

Exploint

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

Jenkins CLI - HTTP Java Deserialization (Metasploit)

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat...

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Intelbras NCLOUD 300 1.0 - Authentication bypass

NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

16.5.2018

Bugtraq

[SECURITY] [DSA 4201-1] xen security update 2018-05-15
Moritz Muehlenhoff (jmm debian org)

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

Malware

 

Phishing

 

Vulnerebility

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104162

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104102

Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
2018-05-15
http://www.securityfocus.com/bid/104190

oVirt CVE-2018-1073 User Enumeration Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104189

oVirt Ansible Roles CVE-2018-1117 Local Information Disclosure Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104186

VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104185

Microsoft PowerPoint CVE-2018-8176 Remote Code Execution Vulnerability
2018-05-15
http://www.securityfocus.com/bid/104184

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Atlassian Application Links CVE-2017-16860 Cross Site Scripting Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104188

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104177

Adobe Acrobat and Reader CVE-2018-4965 Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104176

SANS News

EFAIL, a weakness in openPGP and S\MIME

Threatpost

Phishing Spy Campaign Targets Top Mideast Officials

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Adobe Doles Out Second Round of Higher Priority Patches

EFAIL Opens Up Encrypted Email to Prying Eyes

Exploint

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

WhatsApp 2.18.31 - Memory Corruption

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity...

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting

Rockwell Scada System 27.011 - Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

Libuser - roothelper Privilege Escalation (Metasploit)

15.5.2018

Bugtraq

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

Adobe Acrobat and Reader CVE-2018-4950 Arbitrary Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104174

Adobe Acrobat/Reader/Photoshop CC CVE-2018-4946 Remote Code Execution Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104171

Multiple Products S/MIME CVE-2017-17689 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104165

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Rockwell Automation Arena CVE-2018-8843 Denial of Service Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104166

SANS News

Phishing emails for fake MyEtherWallet login page

Threatpost

GDPR Phishing Scam Targets Apple Accounts, Financial Data

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung Patches Six Critical Bugs in Flagship Handsets

Exploint

XATABoost 1.0.0 - SQL Injection

Monstra CMS 3.0.4 - Remote Code Execution

2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)

14.5.2018

Bugtraq

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104138

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104136

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-14
http://www.securityfocus.com/bid/104143

OpenPGP CVE-2017-17688 Man In The Middle Information Disclosure Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104162

Pivotal Greenplum Command Center CVE-2018-1280 SQL Injection Vulnerability
2018-05-14
http://www.securityfocus.com/bid/104153

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

SANS News

Malspam pushing Trickbot malware on Friday 2018-05-11

Threatpost

 

Exploint

 

12.5.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Vega Stealer Malware Takes Aim at Chrome, Firefox

Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets

Exploint

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution

WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting

11.5.2018

Bugtraq

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com

[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

Malware

Exp.CVE-2018-8137

Exp.CVE-2018-4944

Phishing

 

Vulnerebility

OpenVPN CVE-2016-6329 Information Disclosure Vulnerability
2018-05-11
http://www.securityfocus.com/bid/92631

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
2018-05-10
http://www.securityfocus.com/bid/104143

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
2018-05-09
http://www.securityfocus.com/bid/101964

SANS News

Reversed C2 traffic from China

Threatpost

GandCrab Ransomware Found Hiding on Legitimate Websites

PoS Malware ‘TreasureHunter’ Source Code Leaked

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Exploint

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Open-AudIT Community - 2.2.0 – Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

10.5.2018

Bugtraq

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

Malware

Win64/NukeSped.AQ

Win32/SdbMine.B

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-10
http://www.securityfocus.com/bid/104071

Multiple Siemens Products Multiple Denial of Service Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/98369

SANS News

Exfiltrating data from (very) isolated environments

Threatpost

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

May Patch Tuesday Fixes Two Bugs Under Active Attack

Exploint

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

ModbusPal 1.6b - XML External Entity Injection

9.5.2018

Bugtraq

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4196-1] linux security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08
FreeBSD Security Advisories (security-advisories freebsd org)

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

CANADIAN JOB VACANCY!!! 2018-05-06
SUNCOR ENERGY (info suncor-recruitments com)

Malware

Exp.CVE-2018-0953

Exp.CVE-2018-8114

Exp.CVE-2018-8122

Exp.CVE-2018-8133

Exp.CVE-2018-8123

Exp.CVE-2018-8147

Exp.CVE-2018-8148

Exp.CVE-2018-0946

Exp.CVE-2018-0951

Exp.CVE-2018-8174

Exp.CVE-2018-8157

Exp.CVE-2018-8158

Exp.CVE-2018-8179

Exp.CVE-2018-0955

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
2018-05-09
http://www.securityfocus.com/bid/104071

Apple iOS and macOS Multiple Security Vulnerabilities
2018-05-09
http://www.securityfocus.com/bid/103957

Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/102095

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/103998

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Microsoft ChakraCore Scripting Engine CVE-2018-8177 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104090

Microsoft Windows Kernel CVE-2018-8141 Local Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104078

Microsoft Edge CVE-2018-8179 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104077

Microsoft Internet Explorer and Edge CVE-2018-8178 Remote Memory Corruption Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104076

Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104072

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104070

Microsoft InfoPath CVE-2018-8173 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104069

Microsoft Windows Kernel Image CVE-2018-8170 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104068

Microsoft SharePoint Server CVE-2018-8168 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104067

Microsoft Windows Device Guard CVE-2018-8132 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104066

Microsoft Windows Device Guard CVE-2018-8129 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104065

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104064

Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104063

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8166 Local Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104062

Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104060

Microsoft Excel CVE-2018-8163 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104059

Microsoft Excel CVE-2018-8162 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104058

Microsoft Exchange Server CVE-2018-8159 Remote Privilege Escalation Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104056

Microsoft Exchange Server CVE-2018-8154 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104054

Microsoft Excel CVE-2018-8148 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104053

Microsoft Office CVE-2018-8161 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104052

Microsoft Outlook CVE-2018-8160 Information Disclosure Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104051

Microsoft Office CVE-2018-8158 Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104049

SANS News

Nice Phishing Sample Delivering Trickbot

Threatpost

Georgia Governor Vetoes Controversial Hack-Back Bill

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

Exploint

Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes)

GNU wget - Cookie Injection

2345 Security Guard 3.7 - Denial of Service

8.5.2018

Bugtraq

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

JS.Facexworm

Phishing

 

Vulnerebility

Adobe Creative Cloud APSB18-12 Multiple Security Vulnerabilities
2018-05-08
http://www.securityfocus.com/bid/104103

Adobe Connect CVE-2018-4994 Authentication Bypass Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104102

Adobe Flash Player CVE-2018-4944 Type Confusion Remote Code Execution Vulnerability
2018-05-08
http://www.securityfocus.com/bid/104101

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

SANS News

Adding Persistence Via Scheduled Tasks

Threatpost

Adobe Patches Critical Bugs In Flash Player, Creative Cloud

“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach

FBI: Cyber-Fraud Losses Rise to Reach $1.4B

Exploint

FTPShell Client 6.7 - Buffer Overflow

PlaySMS 1.4 - sendfromfile.php Authenticated "Filename" Field Code Execution (Metasploit)

PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)

Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)

7.5.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-1108 Predictable Random Number Generator Weakness
2018-05-07
http://www.securityfocus.com/bid/104055

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
2018-05-07
http://www.securityfocus.com/bid/104089

Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability
2018-05-05
http://www.securityfocus.com/bid/102516

Apple Swift CVE-2018-4220 Arbitrary Code Execution Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104085

SANS News

Scans Attempting to use PowerShell to Download PHP Script

Adding Persistence Via Scheduled Tasks

Threatpost

Romanian Hackers Extradited to U.S. over $18M Vishing Scam

Variant of SynAck Malware Adopts Doppelgänging Technique

Asylo Open-Source Framework Tackles TEEs for Cloud

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Exploint

WordPress Plugin User Role Editor < 4.25 - Privilege Escalation

CSP MySQL User Manager 2.3.1 - Authentication Bypass

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)

HWiNFO 5.82-3410 - Denial of Service

6.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104084

Cisco Prime Service Catalog CVE-2018-0285 Denial of Service Vulnerability
2018-05-04
http://www.securityfocus.com/bid/104082

SANS News

Vulnerabilities on the Rise?

Threatpost

Report: Intel Facing New Spectre-Like Security Flaws

Pr0nbot is Back – and Evading Twitter Censors

Exploint

Google Chrome V8 - Object Allocation Size Integer Overflow

Windows WMI - Recieve Notification Exploit (Metasploit)

IceWarp Mail Server < 11.1.1 - Directory Traversal

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting

4.5.2018

Bugtraq

[slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04
Slackware Security Team (security slackware com)

Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 4191-1] redmine security update 2018-05-03
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03
Sebastien Delafond (seb debian org)

SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03
SEC Consult Vulnerability Lab (research sec-consult com)

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

Malware

Win32/SdbMine.A

Win32/SdbMine.C

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

WebLogic Exploited in the Wild (Again)

Threatpost

MassMiner Takes a Kitchen-Sink Approach to Cryptomining

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Exploint

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

3.5.2018

Bugtraq

Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03
IM (ivanm security-net biz)

[SECURITY] [DSA 4189-1] quassel security update 2018-05-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

Malware

Win32/Delf.BFP

Win32/Qadars.AZ

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-05-03
http://www.securityfocus.com/bid/103518

GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/71670

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-02
http://www.securityfocus.com/bid/104020

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-05-02
http://www.securityfocus.com/bid/101274

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102009

Mozilla Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103384

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/99263

SLF4J 'EventData' Constructor Remote Code Execution Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103737

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102518

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/103388

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101277

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100540

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102118

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102295

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103713

NTP CVE-2017-6462 Local Buffer Overflow Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97045

OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101666

OpenSSL CVE-2017-3737 Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102103

MIT Kerberos 5 CVE-2017-11368 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100291

MIT krb5 CVE-2017-7562 Authentication Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/100511

Linux Kernel 'kernel/futex.c' Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/103023

OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101552

NTP CVE-2017-6464 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97050

NTP CVE-2017-6463 Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/97049

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102056

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-05-02
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-05-02
http://www.securityfocus.com/bid/102117

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-05-02
http://www.securityfocus.com/bid/101288

SANS News

 

Threatpost

Facebook Introduces ‘Clear History’ Option Amid Data Scandal

Schneider Electric Patches Critical RCE Vulnerability

Exploint

Windows - Local Privilege Escalation

GPON Routers - Authentication Bypass / Command Injection

Call of Duty Modern Warefare 2 - Buffer Overflow

TBK DVR4104 / DVR4216 - Credentials Leak

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)

Exim < 4.90.1 - 'base64d' Remote Code Execution

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)

xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery

Adobe Reader PDF - Client Side Request Injection

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

LibreOffice/Open Office - '.odt' Information Disclosure

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free

Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free

2.5.2018

Bugtraq

[SECURITY] [DSA 4187-1] linux security update 2018-05-01
Ben Hutchings (benh debian org)

CA20180501-01: Security Notice for CA Spectrum 2018-05-02
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4188-1] linux security update 2018-05-01
Salvatore Bonaccorso (carnil debian org)

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF 2018-05-01
robin verton telekom de

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Windows Commands Reference - An InfoSec Must Have

Threatpost

Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software

Millions of Home Fiber Routers Vulnerable to Complete Takeover

Volkswagen Cars Open To Remote Hacking, Researchers Warn

Exploint

WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent...

1.5.2018

Bugtraq

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01
Akira Ajisaka (aajisaka apache org)

[slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01
Slackware Security Team (security slackware com)

[slackware-security] libwmf (SSA:2018-120-01) 2018-05-01
Slackware Security Team (security slackware com)

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103432

PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/101745

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103192

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103144

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103191

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/104020

PHP CVE-2018-7584 Stack Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103204

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-05-01
http://www.securityfocus.com/bid/103069

PHP 'gd_gif_in.c' Memory Corruption Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99492

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103194

PHP CVE-2018-5712 Cross Site Scripting Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102742

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103351

ISC DHCP CVE-2018-5733 Remote Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103188

Oracle MySQL Server CVE-2018-2562 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102713

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/103388

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103506

TigerVNC CVE-2017-5581 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/95789

GIMP CVE-2017-17789 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102898

GIMP CVE-2017-17784 Heap Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102899

TigerVNC Multiple Security Vulnerabilities
2018-05-01
http://www.securityfocus.com/bid/97305

PHP CVE-2017-11143 Denial of Service Vulnerability
2018-05-01
http://www.securityfocus.com/bid/99553

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2018-05-01
http://www.securityfocus.com/bid/93775

Oracle MySQL Server CVE-2018-2696 Remote Security Vulnerability
2018-05-01
http://www.securityfocus.com/bid/102701

Quagga CVE-2018-5379 Remote Code Execution Vulnerability
2018-05-01
http://www.securityfocus.com/bid/103105

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

SANS News

Diving into a Simple Maldoc Generator

Threatpost

USB Sticks Can Trigger BSOD – Even on a Locked Device

Tens of Thousands of Malicious Apps Using Facebook APIs

Exploint

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site...

30.4.2018

Bugtraq

Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30
Atlassian (security atlassian com)

[SECURITY] [DSA 4183-1] tor security update 2018-04-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4186-1] gunicorn security update 2018-04-28
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104003

Xen XSA-258 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/104002

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102371

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
2018-04-30
http://www.securityfocus.com/bid/103432

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102009

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-30
http://www.securityfocus.com/bid/99263

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-30
http://www.securityfocus.com/bid/102378

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103872

Oracle Java SE CVE-2018-2790 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103877

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103868

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103841

Oracle Java SE and JRockit CVE-2018-2794 Local Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103817

Oracle Java SE CVE-2018-2814 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103798

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103847

Symantec Norton Core CVE-2018-5234 Local Command Injection Vulnerability
2018-04-30
http://www.securityfocus.com/bid/103955

PHP CVE-2018-5712 Incomplete Fix Cross Site Scripting Vulnerability
2018-04-29
http://www.securityfocus.com/bid/104020

SANS News

Another approach to webapplication fingerprinting

Threatpost

Updated GravityRAT Malware Adds Advanced AV Detection

Twitter Sold Data To Cambridge Analytica-Linked Company

Exploint

macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership...

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG...

Navicat < 12.0.27 - Oracle Connection Overflow

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote...

Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root

WordPress Plugin Form Maker 1.12.20 - CSV Injection

29.4.2018

Bugtraq

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-27
http://www.securityfocus.com/bid/104003

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103825

SANS News

Microsoft Security Update for Spectre V2

Threatpost

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies

Uber Tightens Bug Bounty Extortion Policies

ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks

Exploint

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote...

27.4.2018

Bugtraq

[slackware-security] openvpn (SSA:2018-116-01) 2018-04-27
Slackware Security Team (security slackware com)

[HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26
Hafez Kamal (aphesz hackinthebox org)

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Xen 'x86/x86_64/entry.S' Denial of Service Vulnerability
2018-04-27
http://www.securityfocus.com/bid/104003

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103828

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2784 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103801

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2782 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103799

Oracle MySQL Server CVE-2018-2787 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103804

Oracle MySQL Server CVE-2018-2805 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103831

Oracle MySQL Server CVE-2018-2766 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103805

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2758 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103802

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Delta Electronics PMSoft CVE-2018-8839 Multiple Stack Based Buffer Overflow Vulnerabilities
2018-04-26
http://www.securityfocus.com/bid/104013

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal JSON API Module Cross Site Request Forgery Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104004

Xen XSA-258 Information Disclosure Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104002

Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
2018-04-25
http://www.securityfocus.com/bid/104001

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

GNU Binutils CVE-2018-10372 Remote Buffer Overflow Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103976

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

SANS News

More Threat Hunting with User Agent and Drupal Exploits

Threatpost

Microsoft Issues More Spectre Updates For Intel CPUs

Rubella Crimeware Kit: Cheap, Easy and Gaining Traction

Metamorfo Targets Brazilian Users with Banking Trojans

Exploint

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot

GitList 0.6 - Unauthenticated Remote Code Execution

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)

26.4.2018

Bugtraq

[SECURITY] [DSA 4180-1] drupal7 security update 2018-04-25
Salvatore Bonaccorso (carnil debian org)

Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25
Secunia Research (remove-vuln secunia com)

APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2013-2929 Local Privilege Escalation Vulnerability
2018-04-26
http://www.securityfocus.com/bid/64111

Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
2018-04-26
http://www.securityfocus.com/bid/100872

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2018-04-26
http://www.securityfocus.com/bid/97702

Oracle Security Service CVE-2018-2765 Remote Security Vulnerability
2018-04-26
http://www.securityfocus.com/bid/103808

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Drupal Core CVE-2018-7602 Remote Code Execution Vulnerability
2018-04-25
http://www.securityfocus.com/bid/103985

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Multiple Intel 2G Modem Products CVE-2018-3624 Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103968

Vecna VGo Robot ICSA-18-114-01 Information Disclosure and OS Command Execution Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103966

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_inode_buf.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103960

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Yet Another Drupal RCE Vulnerability

Threatpost

Western Digital My Cloud EX2 NAS Device Leaks Files

Metamorfo Targets Brazilian Users with Banking Trojans

Europol Smacks Down World’s Largest DDoS-for-Hire Market

Exploint

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting

SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command...

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)

Chrome V8 JIT - Arrow Function Scope Fixing Bug

Chrome V8 JIT - 'AwaitedPromise' Update Bug

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

Adobe Flash - Out-of-Bounds Write in blur Filtering

Adobe Flash - Info Leak in Image Inflation

Adobe Flash - Overflow in Slab Rendering

Adobe Flash - Overflow when Playing Sound

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting

HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection

HRSALE The Ultimate HRM v1.0.2 - CSV Injection

Blog Master Pro v1.0 - CSV Injection

Shopy Point of Sale v1.0 - CSV Injection

25.4.2018

Bugtraq

APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Apple iOS and macOS Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103957

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities
2018-04-25
http://www.securityfocus.com/bid/103958

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

WebKit Multiple Memory Corruption Vulnerabilities
2018-04-24
http://www.securityfocus.com/bid/103961

Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103959

FFmpeg 'libavformat/img2dec.c' Denial of Service Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103956

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

SANS News

Malicious Network Traffic From /bin/bash

Threatpost

Exploit Targets Nvidia Tegra-Based Nintendo Systems

Orangeworm Mounts Espionage Campaign Against Healthcare

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

Exploint

 

24.4.2018

Bugtraq

[SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24
Salvatore Bonaccorso (carnil debian org)

SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 4175-1] freeplane security update 2018-04-18
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4178-1] libreoffice security update 2018-04-20
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-04-24
http://www.securityfocus.com/bid/103713

HDF5 CVE-2016-4331 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94411

HDF5 CVE-2016-4330 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94414

HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94417

HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability
2018-04-24
http://www.securityfocus.com/bid/94416

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

SANS News

 

Threatpost

 

Exploint

 

23.4.2018

Bugtraq

[SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20
Salvatore Bonaccorso (carnil debian org)

Seagate Media Server path traversal vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

Malware

 

Phishing

 

Vulnerebility

Google Android Qualcomm Components Multiple Security Vulnerabilities
2018-04-23
http://www.securityfocus.com/bid/100658

Linux Kernel 'net/netfilter/xt_TCPMSS.c' Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102367

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102056

Linux kernel CVE-2017-15265 Use After Free Local Denial of Service Vulnerability
2018-04-23
http://www.securityfocus.com/bid/101288

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-04-23
http://www.securityfocus.com/bid/102101

Oracle MySQL Server CVE-2018-2781 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103825

Oracle MySQL Server CVE-2018-2755 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103807

Oracle MySQL Server CVE-2018-2817 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103818

Oracle MySQL Server CVE-2018-2813 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103830

Oracle MySQL Server CVE-2018-2818 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103824

Oracle MySQL Server CVE-2018-2761 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103820

Oracle MySQL Server CVE-2018-2773 Local Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103811

Oracle MySQL Server CVE-2018-2819 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103814

Oracle MySQL Server CVE-2018-2771 Remote Security Vulnerability
2018-04-23
http://www.securityfocus.com/bid/103828

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

SANS News

New IE 0-day in the wild

Threatpost

 

Exploint

 

22.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

A malicious word document with a VBA form - video

Threatpost

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Exploint

 

20.4.2018

Bugtraq

Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19
Summer of Pwnage (lists securify nl)

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

SANS News

Malspam pushing ransomware using two layers of password protection to avoid detection

Threatpost

Cloud Credentials: New Attack Surface for Old Problem

Use of ‘StegWare’ Increases in Stealth Malware Attacks

iOS Sync Glitch Lets Attackers Control Devices

Gold Galleon Hacking Group Plunders Shipping Industry

Exploint

 

19.4.2018

Bugtraq

[slackware-security] gd (SSA:2018-108-01) 2018-04-19
Slackware Security Team (security slackware com)

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Agent.OBS

Win32/Korplug.HM

Win32/Filecoder.Crysis.P

Phishing

 

Vulnerebility

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2018-04-19
http://www.securityfocus.com/bid/91453

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103880

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-04-19
http://www.securityfocus.com/bid/103203

Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
2018-04-19
http://www.securityfocus.com/bid/97948

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Cisco Unified Computing System Director CVE-2018-0238 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103919

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

SANS News

 

Threatpost

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018

Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Exploint

 

18.4.2018

Bugtraq

WebKitGTK+ Security Advisory WSA-2018-0003 2018-04-17
Michael Catanzaro (mcatanzaro igalia com)

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
2018-11-02
http://www.securityfocus.com/bid/103880

WPA2 Key Reinstallation Multiple Security Weaknesses
2018-04-18
http://www.securityfocus.com/bid/101274

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/102371

Oracle Database Server CVE-2016-3506 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91867

Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
2018-04-18
http://www.securityfocus.com/bid/91687

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93150

FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/99623

Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/100954

Oracle Java SE and JRockit CVE-2018-2800 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103849

Oracle Java SE and JRockit CVE-2018-2799 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103872

Oracle Java SE and JRockit CVE-2018-2796 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103868

Multiple RedHat JBoss Products CVE-2015-7501 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/78215

Oracle Java SE and JRockit CVE-2018-2815 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103848

Oracle Java SE and JRockit CVE-2018-2795 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103847

Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
2018-04-18
http://www.securityfocus.com/bid/60534

Oracle Java SE and JRockit CVE-2018-2797 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103846

Oracle Java SE and JRockit CVE-2018-2798 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103841

Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
2018-04-18
http://www.securityfocus.com/bid/79091

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/95429

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
2018-04-18
http://www.securityfocus.com/bid/93236

Oracle Java SE and JRockit CVE-2018-2783 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103832

Oracle Retail Back Office CVE-2018-2861 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103809

Oracle MySQL Server CVE-2018-2775 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103777

Oracle VM VirtualBox CVE-2018-2845 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103861

Oracle VM VirtualBox CVE-2018-2844 Local Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103855

Oracle MySQL Server CVE-2018-2759 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103780

Oracle MySQL Server CVE-2018-2786 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103779

Oracle MySQL Server CVE-2018-2780 Remote Security Vulnerability
2018-04-18
http://www.securityfocus.com/bid/103778

Python rhn-setup CVE-2015-1777 SSL Certificate Validation Security Bypass Vulnerability
2018-04-17
http://www.securityfocus.com/bid/72943

SANS News

Webshell looking for interesting files

A Review of Recent Drupal Attacks (CVE-2018-7600)

Threatpost

Cryptominer Malware Threats Overtake Ransomware, Report Warns

Automated Bots Growing Tool For Hackers

Exploint

 

17.4.2018

Bugtraq

[SECURITY] [DSA 4174-1] corosync security update 2018-04-17
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4173-1] r-cran-readxl security update 2018-04-16
Moritz Muehlenhoff (jmm debian org)

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Malware

Win32/Agent.ZIL

Win32/Liech.G

Trojan.Cryptoshuf

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

A Review of Recent Drupal Attacks (CVE-2018-7600)

A malicious word document with a VBA form

Threatpost

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Millions of Apps Leak Private User Data Via Leaky Ad SDKs

Automated Bots Growing Tool For Hackers

Exploint

 

16.4.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-16
http://www.securityfocus.com/bid/103708

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-16
http://www.securityfocus.com/bid/103715

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

SANS News

Metasploit's Payload UUID

Threatpost

 

Exploint

 

15.4.2018

Bugtraq

 

Malware

PE_XIAOBAMINER.SM

Phishing

 

Vulnerebility

Drupal Core CVE-2018-7600 Multiple Remote Code Execution Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103534

Oracle April 2018 Critical Patch Update Multiple Vulnerabilities
2018-04-13
http://www.securityfocus.com/bid/103743

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

VMware vRealize Automation Cross Site Scripting and Session Hijacking Vulnerabilities
2018-04-12
http://www.securityfocus.com/bid/103752

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

SANS News

Getting Incident Response Help from Richard Feynman

Threatpost

Don’t Trust Android OEM Patching, Claims Researcher

Exploint

 

13.4.2018

Bugtraq

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-04-12
cyber-psrt microfocus com

[security bulletin] MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability 2018-04-12
cyber-psrt microfocus com

[SECURITY] [DSA 4079-2] poppler regression update 2018-04-12
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103518

Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99263

Linux Kernel 'kernel/fork.c' Local Use After Free Memory Corruption Vulnerability
2018-04-12
http://www.securityfocus.com/bid/102009

Poppler CVE-2017-9776 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/99240

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

runV for Docker CVE-2018-9862 Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103738

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Juniper Junos CVE-2018-0022 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103740

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

GNU Binutils CVE-2018-9996 Remote Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103733

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

SANS News

Drupal CVE-2018-7600 PoC is Public

Threatpost

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Exploint

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

12.4.2018

Bugtraq

[SECURITY] [DSA 4169-1] pcs security update 2018-04-11
Yves-Alexis Perez (corsac debian org)

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

Malware

W32.Downuk

Exp.CVE-2018-4932

Exp.CVE-2018-4933

Exp.CVE-2018-4934

Exp.CVE-2018-4935

Exp.CVE-2018-4937

Exp.CVE-2018-4936

Exp.CVE-2018-1003

Exp.CVE-2018-1001

Exp.CVE-2018-1004

Exp.CVE-2018-1010

Exp.CVE-2018-1011

Exp.CVE-2018-1012

Exp.CVE-2018-1013

Exp.CVE-2018-1015

Exp.CVE-2018-1016

Exp.CVE-2018-1023

Exp.CVE-2018-1026

Exp.CVE-2018-1027

Exp.CVE-2018-1028

Exp.CVE-2018-1029

Exp.CVE-2018-1030

Phishing

 

Vulnerebility

Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103696

Microsoft Jet Database Engine CVE-2018-1003 Buffer Overflow Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103655

Microsoft Windows Graphics Component CVE-2018-1008 Local Privilege Escalation Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103658

Microsoft Windows Graphics Component CVE-2018-8116 Denial of Service Vulnerability
2018-04-12
http://www.securityfocus.com/bid/103705

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

FFmpeg 'libavcodec/utvideodec.c' Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103732

Atlassian Application Links CVE-2018-5227 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103731

Atlassian JIRA CVE-2017-18101 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103730

Atlassian JIRA CVE-2017-18100 Cross Site Scripting Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103729

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

SANS News

Glitch in malspam campaign temporarily reduces spread of GandCrab

Threatpost

 

Exploint

Linux/x64 - x64 Assembly Shellcode (Generator)

11.4.2018

Bugtraq

Call for Papers: USENIX Workshop on Offensive Technologies (WOOT '18) 2018-04-10
Yves Younan (wootcfp fort-knox org)

[SECURITY] [DSA 4170-1] pjproject security update 2018-04-09
Moritz Muehlenhoff (jmm debian org)

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH 2018-04-09
Stefan Kanthak (stefan kanthak nexgo de)

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application 2018-04-09
Simon Bieber (sbieber secuvera de)

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

Malware

W32.Rarogminer

Exp.CVE-2018-0920

Exp.CVE-2018-0980

Exp.CVE-2018-0988

Exp.CVE-2018-0990

Exp.CVE-2018-0994

Exp.CVE-2018-0993

Exp.CVE-2018-0995

Exp.CVE-2018-0996

Exp.CVE-2018-0998

Phishing

 

Vulnerebility

QEMU CVE-2017-15124 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102295

QEMU 'b/nbd/server.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102011

QEMU CVE-2017-15268 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101277

QEMU 'b/nbd/server.c' Stack Buffer Overflow Vulnerability
2018-04-11
http://www.securityfocus.com/bid/101975

QEMU CVE-2017-13673 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100527

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102518

QEMU CVE-2017-13711 Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100534

QEMU 'hw/display/vga.c' Denial of Service Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100540

Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-11
http://www.securityfocus.com/bid/103708

Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/103642

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability
2018-04-11
http://www.securityfocus.com/bid/100170

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-04-11
http://www.securityfocus.com/bid/102371

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102378

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/102376

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/85896

Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
2018-04-10
http://www.securityfocus.com/bid/99137

SAP Disclosure Management Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103727

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103723

ATI Systems Multiple Emergency Mass Notification Systems Products Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103721

SAP Crystal Reports Server CVE-2018-2406 Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103719

Adobe ColdFusion APSB18-14 Multiple Security Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103718

Adobe InDesign CC CVE-2018-4927 DLL Loading Local Privilege Escalation Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103716

Microsoft Visual Studio CVE-2018-1037 Information Disclosure Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103715

Adobe InDesign CC CVE-2018-4928 Memory Corruption Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103714

Adobe Digital Editions APSB18-13 Multiple Information Disclosure Vulnerabilities
2018-04-10
http://www.securityfocus.com/bid/103712

Microsoft Wireless Keyboard CVE-2018-8117 Local Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103711

Adobe PhoneGap Push Plugin CVE-2018-4943 Security Bypass Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103710

Adobe Experience Manager CVE-2018-4931 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103709

Adobe Experience Manager CVE-2018-4929 HTML Injection Vulnerability
2018-04-10
http://www.securityfocus.com/bid/103707

SANS News

Microsoft April 2018 Patch Tuesday

A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel

Threatpost

AMD Rolls Out Spectre Fixes

Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Adobe Patches Four Critical Bugs in Flash, InDesign

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Exploint

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion

WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS

WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid...

WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery

WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery

Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

DVD X Player Standard 5.5.3.9 - Buffer Overflow

10.4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102661

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102625

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102615

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102659

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102656

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102576

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102605

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102633

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102612

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102592

SANS News

 

Threatpost

Word Attachment Delivers FormBook Malware, No Macros Required

Exploint

iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting

9 .4.2018

Bugtraq

[SECURITY] [DSA 4168-1] squirrelmail security update 2018-04-08
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure 2018-04-09
RedTeam Pentesting GmbH (release redteam-pentesting de)

[slackware-security] patch (SSA:2018-096-01) 2018-04-07
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Malware

Trojan.Coinminer.B

W32.Mysracoin

Phishing

 

Vulnerebility

 

SANS News

Cisco Smart Install vulnerability exploited in the wild

Threatpost

 

Exploint

WordPress Plugin Google Drive 2.2 - Remote Code Execution

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection

CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution

WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code...

Yahei PHP Prober 0.4.7 - Cross-Site Scripting

WolfCMS 0.8.3.1 - Open Redirection

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Cobub Razor 0.7.2 - Add New Superuser Account

WolfCMS 0.8.3.1 - Cross Site Request Forgery

PMS 0.42 - Local Stack-Based Overflow (ROP)

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)

H2 Database - 'Alias' Arbitrary Code Execution

CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure

WebKit - WebAssembly Parsing Does not Correctly Check Section Order

8.4.2018

Bugtraq

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 2

Threatpost

Mirai Variant Targets Financial Sector With IoT DDoS Attacks

Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Exploint

LineageOS 14.1 Blueborne - Remote Code Execution

Cobub Razor 0.7.2 - Cross Site Request Forgery

DotNetNuke DNNarticle Module 11 - Directory Traversal

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

6 .4.2018

Bugtraq

[SECURITY] [DSA 4167-1] sharutils security update 2018-04-05
Luciano Bello (luciano debian org)

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Delta, Sears Breaches Blamed on Malware Attack Against a Third-Party Chat Service

Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Exploint

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass

GetSimple CMS 3.3.13 - Cross-Site Scripting

Z-Blog 1.5.1.1740 - Full Path Disclosure

Z-Blog 1.5.1.1740 - Cross-Site Scripting

YzmCMS 3.6 - Cross-Site Scripting

5 .4.2018

Bugtraq

Advisory - Fisheye and Crucible - CVE-2018-5223 2018-04-05
Atlassian (security atlassian com)

Advisory - Bamboo - CVE-2018-5224 2018-04-05
Atlassian (security atlassian com)

[SECURITY] [DSA 4166-1] openjdk-7 security update 2018-04-04
Moritz Muehlenhoff (jmm debian org)

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4164-1] apache2 security update 2018-04-03
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Agent.SWZ

W97M.Eplose

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Oracle Java SE and JRockit CVE-2018-2579 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102663

Oracle Java SE and JRockit CVE-2018-2588 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102661

Oracle Java SE and JRockit CVE-2018-2603 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102625

Oracle Java SE and JRockit CVE-2018-2663 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102662

Oracle Java SE and JRockit CVE-2018-2629 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102615

Oracle Java SE and JRockit CVE-2018-2678 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102659

Oracle Java SE CVE-2018-2677 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102656

Oracle Java SE and JRockit CVE-2018-2637 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102576

Oracle Java SE CVE-2018-2641 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102605

Oracle Java SE and JRockit CVE-2018-2599 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102633

Oracle Java SE and JRockit CVE-2018-2618 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102612

Oracle Java SE CVE-2018-2634 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102592

Oracle Java SE CVE-2018-2602 Local Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102642

Oracle Java SE and JRockit CVE-2018-2633 Remote Security Vulnerability
2018-04-05
http://www.securityfocus.com/bid/102557

FreeBSD CVE-2018-6917 Multiple Integer Overflow Vulnerabilities
2018-04-04
http://www.securityfocus.com/bid/103668

FreeBSD CVE-2018-6918 Denial of Service Vulnerability
2018-04-04
http://www.securityfocus.com/bid/103666

Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability
2018-04-04
http://www.securityfocus.com/bid/103653

Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability
2018-04-03
http://www.securityfocus.com/bid/103593

Google Android Qualcomm Component CVE-2017-11087 Information Disclosure Vulnerability
2018-04-02
http://www.securityfocus.com/bid/103669

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

Apple Xcode CVE-2018-4164 Multiple Security Vulnerabilities
2018-03-29
http://www.securityfocus.com/bid/103583

SANS News

Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 1

Threatpost

Facebook Bolsters Privacy Measures With New Data Access Restrictions

Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Exploint

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

ProcessMaker - Plugin Upload (Metasploit)

Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting

4 .4.2018

Bugtraq

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-18:04.vt 2018-04-04
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4165-1] ldap-account-manager security update 2018-04-04
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4164-1] apache2 security update 2018-04-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4163-1] beep security update 2018-04-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

Malware

Trojan.Coinreg

Ransom.Precist

Linux.Hajime

Trojan.Cadbex

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability
2018-04-03
http://www.securityfocus.com/bid/103593

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

Apple Xcode CVE-2018-4164 Multiple Security Vulnerabilities
2018-03-29
http://www.securityfocus.com/bid/103583

SANS News

A Suspicious Use of certutil.exe

Threatpost

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Exploint

 

3 .4.2018

Bugtraq

[SECURITY] [DSA 4163-1] beep security update 2018-04-02
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4159-1] remctl security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4162-1] irssi security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4160-1] libevt security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[slackware-security] php (SSA:2018-090-01) 2018-04-01
Slackware Security Team (security slackware com)

Malware

Downloader.Malurl

Backdoor.Leenania

Phishing

 

Vulnerebility

 

SANS News

Phishing PDFs with multiple links - Detection

Java Deserialization Attack Against Windows

Threatpost

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program

Cloudflare Launches Publicly DNS-Over-HTTPS Service

Exploint

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)

Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion

Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change

OpenCMS 10.5.3 - Cross-Site Scripting

OpenCMS 10.5.3 - Cross-Site Request Forgery

DLink DIR-601 - Admin Password Disclosure

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

WampServer 3.1.2 - Cross-Site Request Forgery

WebLog Expert Enterprise 9.4 - Privilege Escalation

2 .4.2018

Bugtraq

[SECURITY] [DSA 4161-1] python-django security update 2018-04-01
Luciano Bello (luciano debian org)

[SECURITY] [DSA 4159-1] remctl security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4162-1] irssi security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4160-1] libevt security update 2018-04-01
Moritz Muehlenhoff (jmm debian org)

[slackware-security] php (SSA:2018-090-01) 2018-04-01
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

DLink DIR-601 - Admin Password Disclosure

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

WampServer 3.1.2 - Cross-Site Request Forgery

WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)

WebLog Expert Enterprise 9.4 - Privilege Escalation s

1 .4.2018

Bugtraq

[SECURITY] [DSA 4158-1] openssl1.0 security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-2 watchOS 4.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

SANS News

Phishing PDFs with multiple links

Threatpost

Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack

Exploint

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer...

Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)

Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)

D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass

Tenda W316R Wireless Router 5.07.50 - Remote DNS Change

osCommerce 2.3.4.1 - Remote Code Execution

Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change

WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection

Homematic CCU2 2.29.23 - Remote Command Execution

WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection

WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting

MiniCMS 1.10 - Cross-Site Request Forgery

Homematic CCU2 2.29.23 - Arbitrary File Write

Open-AuditIT Professional 2.1 - Cross-Site Request Forgery

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow

Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow

Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)

Systematic SitAware - NVG Denial of Service

SysGauge 4.5.18 - Local Denial of Service

31 .3.2018

Bugtraq

[SECURITY] [DSA 4158-1] openssl1.0 security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-2 watchOS 4.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center 2018-03-30
Williams, Ken (Ken Williams ca com)

[SECURITY] [DSA 4157-1] openssl security update 2018-03-29
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2018-3-29-4 Xcode 9.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2018-3-29-3 tvOS 11.3 2018-03-29
Apple Product Security (product-security-noreply lists apple com)

Malware

Heur.AdvML.M

Phishing

 

Vulnerebility

Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation Vulnerability
2018-03-30
http://www.securityfocus.com/bid/103549

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

Cisco IOS XE Software CVE-2018-0157 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103561

Cisco IOS XE Software CVE-2018-0170 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103560

Cisco IOS Software Integrated Services Module for VPN CVE-2018-0154 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103559

Cisco IOS XE Software CVE-2018-0152 Remote Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103558

Cisco IOS XE Software CVE-2018-0195 Authorization Bypass Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103557

Cisco IOS Login Enhancements Feature Multiple Denial of Service Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103556

Cisco IOS XE Software CVE-2018-0183 Local Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103555

Cisco IOS and IOS XE Software CVE-2018-0174 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103554

Cisco IOS XE Software CVE-2018-0164 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103553

Cisco IOS and IOS XE Software CVE-2018-0172 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103552

Cisco IOS XE Software Multiple Cross Site Scripting Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103551

Cisco IOS XE Software CVE-2018-0184 Local Privilege Escalation Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103550

Cisco IOS and IOS XE Software CVE-2018-0189 Denial of Service Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103548

Cisco IOS XE Software Multiple Command Injection Vulnerabilities
2018-03-28
http://www.securityfocus.com/bid/103547

SANS News

Version 7 of the CIS Controls Released

Threatpost

 

Exploint

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)

30 .3.2018

Bugtraq

[SECURITY] [DSA 4156-1] drupal7 security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

CA20180328-01: Security Notice for CA API Developer Portal 2018-03-29
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 4155-1] thunderbird security update 2018-03-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27
Luciano Bello (luciano debian org)

Malware

Win32/Shyape.T

Win64/Emotet.AB

Phishing

 

Vulnerebility

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability
2018-03-28
http://www.securityfocus.com/bid/103523

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Novell NetIQ Identity Manager CVE-2018-1350 Information Disclosure Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103532

SANS News

One hash to rule them all: drupalgeddon2

Threatpost

 

Exploint

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

GitStack - Unsanitized Argument Remote Code Execution (Metasploit)

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)

29 .3.2018

Bugtraq

[SECURITY] [DSA 4154-1] net-snmp security update 2018-03-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 4153-1] firefox-esr security update 2018-03-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4152-1] mupdf security update 2018-03-27
Luciano Bello (luciano debian org)

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Malware

Ransom.Zenis

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

OpenSSL CVE-2017-3738 Information Disclosure Vulnerability
2018-03-28
http://www.securityfocus.com/bid/102118

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

GraphicsMagick CVE-2018-9018 Denial of Service Vulnerability
2018-03-25
http://www.securityfocus.com/bid/103526

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

SANS News

How are Your Vulnerabilities?

Threatpost

Alleged Mastermind Behind Carbanak Crime Gang Arrested

Exploint

Microsoft Windows Remote Assistance - XML External Entity Injection

TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting

TwonkyMedia Server 7.0.11-8.5 - Directory Traversal

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

28 .3.2018

Bugtraq

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4151-1] librelp security update 2018-03-26
Salvatore Bonaccorso (carnil debian org)

Malware

MSH.Gosopad

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

SANS News

Side-channel information leakage in mobile applications

Threatpost

Sanny Malware Updates Delivery Method

Facebook Woes Continue as FTC Opens Data Privacy Probe

Exploint

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

27 .3.2018

Bugtraq

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability 2018-03-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2018-085-01) 2018-03-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4151-1] librelp security update 2018-03-26
Salvatore Bonaccorso (carnil debian org)

Malware

MSH.Gosopad

Phishing

 

Vulnerebility

Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
2018-12-15
http://www.securityfocus.com/bid/103513

Google Chrome Prior to 63.0.3239.84 Multiple Security Vulnerabilities
2018-03-27
http://www.securityfocus.com/bid/102098

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103518

OpenSSL CVE-2018-0733 Security Bypass Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103517

Apache Struts CVE-2018-1327 Denial of Service Vulnerability
2018-03-27
http://www.securityfocus.com/bid/103516

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Mozilla Firefox and Firefox ESR CVE-2018-5148 Use After Free Denial of Service Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103506

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

SANS News

Side-channel information leakage in mobile applications

Threatpost

Sanny Malware Updates Delivery Method

Facebook Woes Continue as FTC Opens Data Privacy Probe

Exploint

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)

26 .3.2018

Bugtraq

Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links 2018-03-24
Securify B.V. (lists securify nl)

[slackware-security] mozilla-thunderbird (SSA:2018-082-01) 2018-03-24
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4150-1] icu security update 2018-03-23
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Ipafanli

Phishing

 

Vulnerebility

Nortek Linear eMerge E3 Series CVE-2018-5439 Remote Command Injection Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103053

Symantec Norton App Lock for Android CVE-2017-15534 Local Authentication Bypass Vulnerability
2018-03-26
http://www.securityfocus.com/bid/103377

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

SANS News

Windows IRC Bot in the Wild

Threatpost

Facebook Woes Continue as FTC Opens Data Privacy Probe

FBI: Iranian Firm Stole Data In Massive Spear Phishing Campaign

Exploint

Acrolinx Server < 5.2.5 - Directory Traversal

Laravel Log Viewer < 0.13.0 - Local File Download

LabF nfsAxe 3.7 - Privilege Escalation

Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow

24 .3.2018

Bugtraq

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Malware

 

Phishing

 

Vulnerebility

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

memcached Remote Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/59567

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103181

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102518

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2018-1068 Local Privilege Escalation Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103459

Linux Kernel 'drivers/net/wireless/mac80211_hwsim.c' Local Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103397

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103177

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-03-23
http://www.securityfocus.com/bid/103174

Open vSwitch CVE-2016-2074 Multiple Buffer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/85700

SIMATIC WinCC OA UI CVE-2018-4844 Access Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103475

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103468

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103488

Beckhoff TwinCAT CVE-2018-7502 Multiple Local Privilege Escalation Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103487

Linux Kernel CVE-2018-8822 Multiple Memory Corruption Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103476

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

SANS News

"Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence."

Threatpost

Senate Gives Nod To Controversial Cross-Border Data Access Bill

A Closer Look at APT Group Sofacy’s Latest Targets

Exploint

 

23 .3.2018

Bugtraq

[SECURITY] [DSA 4149-1] plexus-utils2 security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4148-1] kamailio security update 2018-03-22
Moritz Muehlenhoff (jmm debian org)

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22
Matthew Hart (mhart atlassian com)

Malware

Win64/CoinMiner

JS/CoinMiner

Phishing

 

Vulnerebility

Multiple AMD Processors Multiple Remote Security Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/103409

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103055

ARM mbed TLS CVE-2018-0488 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103057

ARM mbed TLS CVE-2018-0487 Remote Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103056

Memcached Multiple Integer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/94083

Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
2018-03-23
http://www.securityfocus.com/bid/99874

Memcached verbose mode CVE-2013-7291 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64989

memcache SASL Authentication Security Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64559

memcached Verbose Mode Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64978

Memcached 'items.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/64988

memcached Remote Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/59567

Qemu CVE-2018-7550 Out of Bounds Read and Write Arbitrary Code Execution Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103181

QEMU CVE-2018-5683 Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102518

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-23
http://www.securityfocus.com/bid/102376

Linux Kernel CVE-2018-1068 Local Privilege Escalation Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103459

Linux Kernel 'drivers/net/wireless/mac80211_hwsim.c' Local Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103397

Xen 'xen/common/grant_table.c' Denial of Service Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103177

Xen 'xen/common/memory.c' Denial of Service vulnerability
2018-03-23
http://www.securityfocus.com/bid/103174

Open vSwitch CVE-2016-2074 Multiple Buffer Overflow Vulnerabilities
2018-03-23
http://www.securityfocus.com/bid/85700

SIMATIC WinCC OA UI CVE-2018-4844 Access Bypass Vulnerability
2018-03-23
http://www.securityfocus.com/bid/103475

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103468

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability
2018-03-22
http://www.securityfocus.com/bid/103488

Beckhoff TwinCAT CVE-2018-7502 Multiple Local Privilege Escalation Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103487

Linux Kernel CVE-2018-8822 Multiple Memory Corruption Vulnerabilities
2018-03-22
http://www.securityfocus.com/bid/103476

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

SANS News

Extending Hunting Capabilities in Your Network

Threatpost

A Closer Look at APT Group Sofacy’s Latest Targets

Drupal Forewarns ‘Highly Critical’ Bug to be Patched Next Week

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Exploint

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting

XenForo 2 - CSS Loader Denial of Service

TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control...

Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)

Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )

Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak

Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service

WM Recorder 16.8.1 - Denial of Service

Dell EMC NetWorker - Denial of Service

Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read

Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure

22 .3.2018

Bugtraq

ModSecurity WAF 3.0 for Nginx - Denial of Service 2018-03-22
x ksi (s3810 pjwstk edu pl)

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22
x ksi (s3810 pjwstk edu pl)

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22
x ksi (s3810 pjwstk edu pl)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22
Matthew Hart (mhart atlassian com)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability 2018-03-21
Secunia Research (remove-vuln secunia com)

[SECURITY] [DSA 4147-1] polarssl security update 2018-03-21
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20
Moritz Muehlenhoff (jmm debian org)

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Advisories (advisories compass-security com) (1 replies)

Malware

Trojan.Fakeinstall

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102101

Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102038

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102056

Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102084

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102117

Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/101954

Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102110

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102716

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/103468

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102376

SANS News

Automatic Hunting for Malicous Files Crossing your Network

Threatpost

Netflix Opens Public Bug Bounty Program with $15K Payout Cap

Orbitz Warns 880,000 Payment Cards Suspected Stolen

Experts Call Facebook’s Latest Controversy a Social Media ‘Breach Of Trust’

Exploint

 

21 .3.2018

Bugtraq

[SECURITY] [DSA 4146-1] plexus-utils security update 2018-03-20
Moritz Muehlenhoff (jmm debian org)

CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Advisories (advisories compass-security com) (1 replies)

Unsubscribe - Re: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20
Gary Frank (garoo7 hotmail com)

ES2018-05 Kamailio heap overflow 2018-03-20
Sandro Gauci (sandro enablesecurity com) (1 replies)

Unsubscribe - Re: ES2018-05 Kamailio heap overflow 2018-03-20
Gary Frank (garoo7 hotmail com)

[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17
Salvatore Bonaccorso (carnil debian org)

Malware

Exp.CVE-2018-4897

Exp.CVE-2018-4898

Exp.CVE-2018-4920

Exp.CVE-2018-4899

Exp.CVE-2018-4919

Exp.CVE-2018-4900

Exp.CVE-2018-4902

Exp.CVE-2018-4901

Exp.CVE-2018-4915

Exp.CVE-2018-4905

Exp.CVE-2018-4913

Exp.CVE-2018-4907

Exp.CVE-2018-4910

Exp.CVE-2018-4909

Exp.CVE-2018-4914

Exp.CVE-2018-4889

Exp.CVE-2018-4890

Exp.CVE-2018-4892

Exp.CVE-2018-4895

Exp.CVE-2018-4896

Exp.CVE-2018-4887

Exp.CVE-2018-4882

Exp.CVE-2018-4883

Exp.CVE-2018-4885

Exp.CVE-2018-4879

Exp.CVE-2018-4903

Exp.CVE-2018-4904

Exp.CVE-2018-4906

Exp.CVE-2018-4912

Exp.CVE-2018-4908

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-17806 Stack Based Buffer Overflow Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102293

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102227

Linux kernel Multiple CVE-2017-17805 Local Denial of Service Vulnerabilities
2018-03-21
http://www.securityfocus.com/bid/102291

Linux Kernel CVE-2017-17807 Local Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102301

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102378

Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102122

Linux Kernel CVE-2017-1000410 Information Disclosure Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102101

Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102038

Linux Kernel CVE-2017-8824 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102056

Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102084

Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102117

Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/101954

Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102110

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2018-03-21
http://www.securityfocus.com/bid/102716

Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability
2018-03-21
http://www.securityfocus.com/bid/103468

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102376

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-03-20
http://www.securityfocus.com/bid/102371

Siemens SIMATIC/SINUMERIK/PROFINET IO CVE-2018-4843 Denial of Service Vulnerability
2018-03-20
http://www.securityfocus.com/bid/103465

Bouncy Castle BKS-V1 CVE-2018-5382 Security Weakness
2018-03-19
http://www.securityfocus.com/bid/103453

SANS News

Surge in blackmailing?

Administrator's Password Bad Practice 

Threatpost

Telegram Ordered to Hand Over Encryption Keys to Russian Authorities

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident

A Mirai Botnet Postscript: Lessons Learned

Exploint

Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write...

Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege...
Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Cisco node-jos < 0.11.0 - Re-sign Tokens

Vehicle Sales Management System - Multiple Vulnerabilities

Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Cisco node-jos < 0.11.0 - Re-sign Tokens

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)

 

19 .3.2018

Bugtraq

[SECURITY] [DSA 4145-1] gitlab security update 2018-03-18
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4142-1] uwsgi security update 2018-03-17
Salvatore Bonaccorso (carnil debian org)

[slackware-security] libvorbis (SSA:2018-076-01) 2018-03-18
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4143-1] firefox-esr security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)

[slackware-security] mozilla-firefox (SSA:2018-075-01) 2018-03-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4144-1] openjdk-8 security update 2018-03-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4141-1] libvorbisidec security update 2018-03-16
Salvatore Bonaccorso (carnil debian org)

Malware

Backdoor.Teawhy

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploint

Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege...

Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege...

Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation

18 .3.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

[Wireshark-announce] Wireshark 2.5.1 is now available

Wireshark and USB

Threatpost

 

Exploint

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution

MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow

SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution

Contec Smart Home 4.15 - Unauthorized Password Reset

Android DRM Services - Buffer Overflow

16 .3.2018

Bugtraq

[SECURITY] [DSA 4139-1] firefox-esr security update 2018-03-15
Moritz Muehlenhoff (jmm debian org)

[slackware-security] curl (SSA:2018-074-01) 2018-03-16
Slackware Security Team (security slackware com)

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-03-15
Secunia Research (remove-vuln secunia com)

[SECURITY] [DSA 4138-1] mbedtls security update 2018-03-15
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 4137-1] libvirt security update 2018-03-14
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4136-1] curl security update 2018-03-14
Alessandro Ghedini (ghedo debian org)

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) 2018-03-14
SEC Consult Vulnerability Lab (research sec-consult com)

Malware

Backdoor.Ohlotus

W32.Xiaobaminer

Phishing

 

Vulnerebility

Linux Kernel CVE-2017-18232 Local Denial of Service Vulnerability
2018-03-16
http://www.securityfocus.com/bid/103423

MikroTik RouterOS CVE-2018-7445 Buffer Overflow Vulnerability
2018-03-15
http://www.securityfocus.com/bid/103427

ZOHO ManageEngine Event LogAnalyzer CVE-2018-8721 HTML Injection Vulnerability
2018-03-15
http://www.securityfocus.com/bid/103424

IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103422

cURL/libcURL CVE-2018-1000121 Denial of Service Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103415

cURL/libcURL CVE-2018-1000120 Buffer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103414

spice-gtk CVE-2017-12194 Integer Overflow Vulnerability
2018-03-14
http://www.securityfocus.com/bid/103413

SANS News

 

Threatpost

Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws

GandCrab Ransomware Crooks Take Agile Development Approach

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

Iran-Linked Group ‘TEMP.Zagros’ Updates Tactics, Techniques In Latest Campaign

Exploint