hotnewsobsah12

Databáze Hot News - Rok - Úvod 2018 2017 2016 2015 2014 2013 - 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 List - 2018 2017 2016 2015 2014 2013
Poslední aktualizace v 08.10.2016 14:19:38

21.7.2015

Bugtraq

[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information 2015-07-20
security-alert hp com

[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-07-20
security-alert hp com

[SECURITY] [DSA 3311-1] mariadb-10.0 security update 2015-07-20
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3310-1] freexl security update 2015-07-19
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3309-1] tidy security update 2015-07-18
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3308-1] mysql-5.5 security update 2015-07-18
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanSpy:Win32/BrobanMos.A
TrojanDownloader:Win32/Banload.BBL
TrojanDownloader:Win32/Banload.BBN
TrojanDownloader:Win32/Banload.BBM
Adware:MSIL/Bawswerps
TrojanSpy:MSIL/Keylogger.BP
TrojanDownloader:Win32/Inexsmar.A
TrojanSpy:Win32/Aneatop.A
TrojanDropper:MSIL/Golbla.C
TrojanDownloader:Win32/Nefhop.A

Phishing

Vulnerebility

SANS News

Special Microsoft Bulletin Patching Remote Code Execution Flaw in OpenType Font Drivers

Exploit

Microsoft Word Local Machine Zone Remote Code Execution Vulnerability

TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service

20.7.2015

Bugtraq

AirDroid ID - Client Side JSONP Callback Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)

FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)

UDID+ v2.5 iOS - Mail Command Inject Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)

Oracle E-Business Suite Servlet URL Redirection Vulnerability 2015-07-17
owais md khan gmail com

Novell GroupWise 2014 WebAccess vulnerable to XSS attacks 2015-07-17
adrian vollmer syss de

Malware

JS/Exploit.Agent.NJY

VBA/TrojanDownloader.Agent.WJ

VBA/TrojanDownloader.Agent.WR

Phishing

METROBANKDIRECT	19th July 2015
Account Blocked
Navy Federal	19th July 2015
Security Preferences

Vulnerebility

SANS News

Autoruns and VirusTotal

Sigcheck and VirusTotal

The Value a "Fresh Set Of Eyes" (FSOE)

Exploit

19.7.2015

Bugtraq

Oracle E-Business Suite Servlet URL Redirection Vulnerability 2015-07-17
owais md khan gmail com

Novell GroupWise 2014 WebAccess vulnerable to XSS attacks 2015-07-17
adrian vollmer syss de

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express 2015-07-16
SEC Consult Vulnerability Lab (research sec-consult com)

Elasticsearch CVE-2015-5531 2015-07-16
Kevin Kluge (kevin elastic co)

Elasticsearch CVE-2015-5377 2015-07-16
Kevin Kluge (kevin elastic co)

Malware

Phishing

Dropbox	18th July 2015
IMPORTANT DROPBOX DOCUMENT ENCLOSED
LateNightFriend	18th July 2015
HUNGRY FOR A F&CK FRIEND
USAA	17th July 2015
YOUR USAA ONLINE CONFIRMATION ALERT

Vulnerebility

SANS News

Exploit

18.7.2015

Bugtraq

Oracle E-Business Suite Servlet URL Redirection Vulnerability 2015-07-17
owais md khan gmail com

Novell GroupWise 2014 WebAccess vulnerable to XSS attacks 2015-07-17
adrian vollmer syss de

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express 2015-07-16
SEC Consult Vulnerability Lab (research sec-consult com)

Elasticsearch CVE-2015-5531 2015-07-16
Kevin Kluge (kevin elastic co)

Elasticsearch CVE-2015-5377 2015-07-16
Kevin Kluge (kevin elastic co)

ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure 2015-07-16
CÃ©dric Champeau (cedric champeau gmail com)

Malware

Phishing

USAA	17th July 2015
YOUR USAA ONLINE CONFIRMATION ALERT
Royal Bank Support	17th July 2015
ROYAL BANK \| PLEASE UPDATE YOUR RBC ACOUNT INFORMATION .

Vulnerebility

SANS News

Exploit

D-Link Cookie Command Execution

WordPress BuddyPress Activity Plus Plugin 1.5 - CSRF Vulnerability

17.7.2015

Bugtraq

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express 2015-07-16
SEC Consult Vulnerability Lab (research sec-consult com)

Elasticsearch CVE-2015-5531 2015-07-16
Kevin Kluge (kevin elastic co)

Elasticsearch CVE-2015-5377 2015-07-16
Kevin Kluge (kevin elastic co)

ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure 2015-07-16
CÃ©dric Champeau (cedric champeau gmail com)

Malware

TrojanDownloader:Win32/Upatre.BR
TrojanDropper:Win32/Plimrost.A
TrojanProxy:Win32/Poindampa.A
TrojanDropper:AutoIt/Jenxcus
Backdoor:Win32/Zegost.DV
TrojanDownloader:Win32/Zegost.C
Worm:Win32/Imafly.B
TrojanDownloader:MSIL/Prardrukat.A
Backdoor:Win32/Venik.I
Backdoor:Win32/Venik.J

Phishing

Metrobankdirect	16th July 2015
Account Blocked

Vulnerebility

SANS News

Exploit

15 TOTOLINK Router Models - Multiple RCE Vulnerabilities

4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities

4 TOTOLINK Router Models - Backdoor Credentials

8 TOTOLINK Router Models - Backdoor and RCE

16.7.2015

Bugtraq

Backdoor credentials found in 4 TOTOLINK router models 2015-07-15
Pierre Kim (pierre kim sec gmail com)

4 TOTOLINK router models vulnerable to CSRF and XSS attacks 2015-07-15
Pierre Kim (pierre kim sec gmail com)

15 TOTOLINK router models vulnerable to multiple RCEs 2015-07-15
Pierre Kim (pierre kim sec gmail com)

Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability 2015-07-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)

XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 2015-07-15
Tim Coen (tc coen gmail com)

XSS vulnerability in OFBiz forms 2015-07-15
lilian_iatco yahoo com

Malware

TrojanDownloader:MSIL/Prardrukat.A
Backdoor:Win32/Venik.I
Backdoor:Win32/Venik.J

Phishing

Lloyds Bank	15th July 2015
UPDATE NOTICE
Storage Limit	15th July 2015
howiem@bigfoot.com Mailbox Exceeded Limit,Verify Your Password

Vulnerebility

SANS News

After Flash, what will exploit kits focus on next?

Exploit

Kaseya Virtual System Administrator - Multiple Vulnerabilities

Joomla DOCman Component - Multiple Vulnerabilities

15.7.2015

Bugtraq

Malware

TrojanDropper:MSIL/Golbla.B
VirTool:MSIL/Injector.EW
TrojanSpy:Win32/Nivdort.BO
TrojanSpy:Win32/Nivdort.BN
Trojan:Win32/Kovter.C!reg
TrojanSpy:Win32/Bradop.E
TrojanDownloader:Win32/Travalork.A
TrojanSpy:Win32/Bradop.G
Trojan:Win32/Apmit.A!plock
Trojan:Win32/Banload.E

Phishing

Storage Limit	15th July 2015
howiem@bigfoot.com Mailbox Exceeded Limit,Verify Your Password

Vulnerebility

SANS News

July 2015 Microsoft Patch Tuesday

Adobe Updates Flash Player, Shockwave and PDF Reader

PHP 5.x Security Updates

freq.py super powers?

VMware Security Bulletins

OPENSSL update fixes Certificate Verification issue

Cisco PSIRT reporting Customers affected by ASA VPN DoS attacks

Detecting Random - Finding Algorithmically chosen DNS names (DGA)

SSL, SSL - Where Art Thou SSL?

BizCN gate actor changes from Fiesta to Nuclear exploit kit

Working with base64

A .BUP File Is An OLE File

Analyzing Quarantine Files

Another example of Angler exploit kit pushing CryptoWall 3.0

Apple "Patch Tuesday"

Exploit

Impero Education Pro - SYSTEM Remote Command Execution

Pimcore CMS Build 3450 - Directory Traversal

Internet Download Manager - (.ief) Crash PoC

Internet Download Manager - (Find Download) Crash PoC

ZOC Terminal Emulator 7 - (Quick Connection) Crash PoC

14.7.2015

Bugtraq

CFP: Passwords 2015, Dec 7-9, Cambridge, UK 2015-07-10
Per Thorsheim (per thorsheim net)

CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal 2015-07-13
Brian Cardinale (brian cardinaleconsulting com)

[SYSS-2015-031] sysPass - SQL Injection 2015-07-13
disclosure syss de

phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS 2015-07-13
apparitionsec gmail com

[slackware-security] mozilla-thunderbird (SSA:2015-192-01) 2015-07-12
Slackware Security Team (security slackware com)

SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 2015-07-10
Tim Coen (tc coen gmail com)

[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information 2015-07-10
security-alert hp com

Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products 2015-07-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability 2015-07-10
Security Alert (Security_Alert emc com)

CVE-2014-7952, Android ADB backup APK injection vulnerability 2015-07-10
Imre RAD (imre rad search-lab hu)

[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-07-10
security-alert hp com

[security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS) 2015-07-10
security-alert hp com

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability 2015-07-10
VMware Security Response Center (security vmware com)

[SECURITY] [DSA 3307-1] pdns-recursor security update 2015-07-09
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3306-1] pdns security update 2015-07-09
Alessandro Ghedini (ghedo debian org)

[slackware-security] openssl (SSA:2015-190-01) 2015-07-09
Slackware Security Team (security slackware com)

FreeBSD Security Advisory FreeBSD-SA-15:12.openssl 2015-07-09
FreeBSD Security Advisories (security-advisories freebsd org)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution 2015-07-08
andrew panfilov tel

[SECURITY] [DSA 3305-1] python-django security update 2015-07-08
Alessandro Ghedini (ghedo debian org)

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection 2015-07-08
CORE Advisories Team (advisories coresecurity com)

[security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information 2015-07-08
security-alert hp com

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution 2015-07-08
hdau deloitte fr

SQL Injection in easy2map-photos wordpress plugin v1.09 2015-07-08
Larry W. Cashdollar (larry0 me com)

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 2015-07-08
Larry W. Cashdollar (larry0 me com)

Symantec EP 12.1.4013 Disabling Vulnerability 2015-07-08
apparitionsec gmail com

[slackware-security] bind (SSA:2015-188-04) 2015-07-08
Slackware Security Team (security slackware com)

[slackware-security] ntp (SSA:2015-188-03) 2015-07-08
Slackware Security Team (security slackware com)

[slackware-security] cups (SSA:2015-188-01) 2015-07-08
Slackware Security Team (security slackware com)

[slackware-security] mozilla-firefox (SSA:2015-188-02) 2015-07-08
Slackware Security Team (security slackware com)

Malware

Phishing

USAA	14th July 2015
New Message From Usaa Bank
Paypal service	12th July 2015
YOUR ACCOUNT WILL BE LIMITED
Mail User	11th July 2015
INCOMING EMAILS
Virgin Money UK	11th July 2015
VIRGIN E-MAIL ALERT !
PayPal	11th July 2015
WE'RE INVESTIGATING A PAYPAI PAYMENT REVERSAI (CASE ID #PP-003-498-237-832)
Chase	10th July 2015
ACTION NEEDED: ONLINE BANKING ALERT!?

Vulnerebility

SANS News

Jump List Files Are OLE Files

Exploit

Accellion FTA getStatus verify_oauth_token Command Execution

VNC Keyboard Remote Code Execution

Adobe Flash opaqueBackground Use After Free

Western Digital Arkeia Remote Code Execution

phpSQLiteCMS - Multiple Vulnerabilities

FreiChat 9.6 - SQL Injection

Arab Portal 3 - SQL Injection Vulnerability

phpVibe - Aribtrary File Disclosure ArticleFR 3.0.6 - Multiple Vulnerabilities

WordPress Swim Team Plugin 1.44.10777 - Arbitrary File Download

ZenPhoto 1.4.8 - Multiple Vulnerabilities

Full Player 8.2.1 - Memory Corruption PoC

2.7.2015

Bugtraq

iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-07-01
Stefan Kanthak (stefan kanthak nexgo de)

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) 2015-07-01
Pierre Kim (pierre kim sec gmail com)

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability 2015-07-01
Security Alert (Security_Alert emc com)

Path Traversal in BlackCat CMS 2015-07-01
High-Tech Bridge Security Research (advisory htbridge ch)

Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)

Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects 2015-07-01

Malware

Infostealer.Bancos.BE

W97M.Downloader.E

W97M.Downloader.D

W97M.Downloader.C

Phishing

Apple	1st July 2015
[ APPLE ] : VIEW YOUR RECENT SECURITY-ACCOUNT
Mail User	30th June 2015
INCOMING MAIL
iTunes	30th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID1381A4C512582B66FF55
Dear Valued Member	30th June 2015
WARNINGS!!
Mr. Martin	30th June 2015
APPROVED PAYMENT.
Microsoft	29th June 2015
You just need to confirm your billing address.

Vulnerebility

Exploit

D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities

McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC

1.7.2015

Bugtraq

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 2015-06-30
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 2015-06-30
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 2015-06-30
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-06-30-1 iOS 8.4 2015-06-30
Apple Product Security (product-security-noreply lists apple com)

Google Chrome Address Spoofing (Request For Comment) 2015-06-30
David Leo (david leo deusen co uk)

CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP 2015-06-29
Fernando MuÃ±oz (fernando null-life com)

Malware

Trojan:Win32/Lodbak

Boot.Pitou

Trojan.Pitou

Phishing

Mail User	30th June 2015
INCOMING MAIL
iTunes	30th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID1381A4C512582B66FF55
Dear Valued Member	30th June 2015
WARNINGS!
Mr. Martin	30th June 2015
APPROVED PAYMENT.
Microsoft	29th June 2015
You just need to confirm your billing address.

Vulnerebility

Exploit

30.6.2015

Bugtraq

[SECURITY] [DSA 3297-1] unattended-upgrades security update 2015-06-29
Alessandro Ghedini (ghedo debian org)

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities 2015-06-29
apparitionsec gmail com

Malware

Phishing

Mail User	30th June 2015
INCOMING MAIL
iTunes	30th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID1381A4C512582B66FF55
Dear Valued Member	30th June 2015
WARNINGS!!
Mr. Martin	30th June 2015
APPROVED PAYMENT.
Microsoft	29th June 2015
You just need to confirm your billing address.
Vodafone	28th June 2015
You Have One Unread Message

Vulnerebility

Exploit

Adobe Flash Player Drawing Fill Shader Memory Corruption

Watchguard XCS <=10.0 - Multiple Vulnerabilities

Novius 5.0.1 - Multiple Vulnerabilities

WedgeOS <= 4.0.4 - Multiple Vulnerabilities

CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion

Fiyo CMS 2.0_1.9.1 - SQL Injection

C2Box 4.0.0(r19171) - CSRF Vulnerability

Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities

encoded 64 bit execve shellcode

Novius 5.0.1 - Multiple Vulnerabilities

29.6.2015

Bugtraq

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities 2015-06-29
apparitionsec gmail com

CollabNet Subversion Edge indes local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

CollabNet Subversion Edge missing single login restriction 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

CollabNet Subversion Edge weak password storage mechanism 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

CollabNet Subversion Edge missing XSRF protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

CollabNet Subversion Edge weak password policy 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

Malware

Trojan:Win32/Lodbak

Phishing

Microsoft	29th June 2015
You just need to confirm your billing address.
Vodafone	28th June 2015
You Have One Unread Message

Vulnerebility

Exploit

27.6.2015

Bugtraq

Malware

Phishing

Bank Of America	27th June 2015
* IMPORTANT * Ensure The Safty For Your Online Banking Account
iTunes	26th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID2108A4C525152AF4847A
PayPal Service	26th June 2015
You just need to confirm your billing address.
Bank of Scotland	25th June 2015
Account Review Notification.

Vulnerebility

Exploit

Thycotic Secret Server 8.8.000004 - Stored XSS

ManageEngine Asset Explorer 6.1 - Stored XSS

26.6.2015

Bugtraq

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA 2015-06-25
Cisco System

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA 2015-06-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability 2015-06-25
Security Alert (Security_Alert emc com)

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities 2015-06-25
post encripto no

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-005] SAP Mobile Platform - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[SECURITY] [DSA 3295-1] cacti security update 2015-06-24
Salvatore Bonaccorso (carnil debian org)

s Product Security Incident Response Team (psirt cisco com)

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability 2015-06-25
Security Alert (Security_Alert emc com)

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities 2015-06-25
post encripto no

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-005] SAP Mobile Platform - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

Malware

Trojan:JS/HideLink.A

PWS:Win32/Emotet.G

Gen1 Trojan.Shunnael!

Trojan.Shunnael

Phishing

PayPal Service	26th June 2015
You just need to confirm your billing address.
Bank of Scotland	25th June 2015
Account Review Notification.
System Notification	24th June 2015
EMAIL ACCOUNT DE-ACTIVATION ALERT...
Barclays Bank	24th June 2015
1 New Security Message From Barclays Online Personal Banking!
Apple	24th June 2015
Your Apple ID has been suspended [#487298]
USAA	24th June 2015
YOUR USAA ONLINE CONFIRMATION ALERT

Vulnerebility

Exploit

Koha <= 3.20.1 - Multiple SQL Injections

Koha <= 3.20.1 - Path Traversal

Koha <= 3.20.1 - Multiple XSS and XSRF Vulnerabilities

Linux/x86 - chmod('/etc/passwd',0777) shellcode (42 bytes)

Linux/x86 - chmod('/etc/gshadow') shellcode (37 bytes)

Linux/x86 chmod('/etc/shadow','0777') shellcode (42 bytes)

25.6.2015

Bugtraq

[SECURITY] [DSA 3295-1] cacti security update 2015-06-24
Salvatore Bonaccorso (carnil debian org)

CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders 2015-06-24
Federick Joe P Fajardo (fjpfajardo ph ibm com)

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 2015-06-24
Marco Delai (Marco Delai csnc ch)

[SECURITY] [DSA 3294-1] wireshark security update 2015-06-23
Moritz Muehlenhoff (jmm debian org)

Malware

Backdoor:Win32/Tenpeq.D

PowerShell / Filecoder.A

Win32 / Filecoder.NBR

Trojan.Sofacy.B

Backdoor.Layork.B

Backdoor.Credmines

Phishing

System Notification	24th June 2015
EMAIL ACCOUNT DE-ACTIVATION ALERT...
Barclays Bank	24th June 2015
1 New Security Message From Barclays Online Personal Banking!
Apple	24th June 2015
Your Apple ID has been suspended [#487298]
USAA	24th June 2015
YOUR USAA ONLINE CONFIRMATION ALERT
Dropbox_notification	23rd June 2015
IMPORTANT DOCUMENT
PayPal	23rd June 2015
Receipt for your payment to peter.hall53@btopenworld.com

Vulnerebility

Exploit

Adobe Flash Player ShaderJob Buffer Overflow

GeniXCMS 0.0.3 - XSS Vulnerabilities

WordPress Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

GeniXCMS 0.0.3 - register.php SQL Injection Vulnerabilities

Joomla SimpleImageUpload - Arbitrary File Upload

Vesta Control Panel 0.9.8 - OS Command Injection

Windows ClientCopyImage Win32k Exploit

Linux/x86 - mkdir HACK & chmod 777 and exit(0) - 29 Bytes

Linux/x86 - Netcat BindShell Port 5555 - 60 bytes

linux/x86-64 execve(/bin/sh) 30 bytes

Linux/x86 Downloand & Execute

Linux/x86 Reboot - 28 Bytes

24.6.2015

Bugtraq

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-06-23
Security Alert (Security_Alert emc com)

ESA-2015-109: EMC Documentum D2 Cross-Site Scripting 2015-06-23
Security Alert (Security_Alert emc com)

KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) 2015-06-23
n4ser farhadi gmail com

The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address 2015-06-22
Amit Klein (aksecurity gmail com)

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability 2015-06-22
Vulnerability Lab (research vulnerability-lab com)

Malware

Win32 / Bamital.GI

JS / Kryptik.AVZ

Win32 / TrojanDownloader.Rottentu.A

Win32 / Potao.D

Win32 / Potao

Phishing

Apple	24th June 2015
Your Apple ID has been suspended [#487298]
USAA	24th June 2015
YOUR USAA ONLINE CONFIRMATION ALERT
Dropbox_notification	23rd June 2015
IMPORTANT DOCUMENT
PayPal	23rd June 2015
Receipt for your payment to peter.hall53@btopenworld.com
Barclays	22nd June 2015
Suspicious Activity Detected On Your Account

Vulnerebility

Exploit

23.6.2015

Bugtraq

KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) 2015-06-23
n4ser farhadi gmail com

The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address 2015-06-22
Amit Klein (aksecurity gmail com)

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability 2015-06-22
Vulnerability Lab (research vulnerability-lab com)

[oCERT-2015-008] FreeRADIUS insufficent CRL application 2015-06-22
Andrea Barisani (lcars ocert org)

mysql-lite-administrator XSS vulnerabilities 2015-06-21
apparitionsec gmail com

[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information 2015-06-22
security-alert hp com

GeniXCMS XSS Vulnerabilities 2015-06-22
apparitionsec gmail com

[SECURITY] [DSA 3293-1] pyjwt security update 2015-06-20
Alessandro Ghedini (ghedo debian org)

[CVE-2015-3188] Apache Storm remote code execution vulnerability 2015-06-20
P. Taylor Goetz (ptgoetz apache org)

Malware

Win32 / LockScreen.BMA

Win32 / Sopinar.A

Win32 / Spy.Bizzana.A

Win32 / Zacom.G

Win32 / Agent.VNL

Phishing

PayPal	23rd June 2015
Receipt for your payment to peter.hall53@btopenworld.com
Barclays	22nd June 2015
Suspicious Activity Detected On Your Account
USAA	22nd June 2015
YOUR USAA ONLINE CONFIRMATION ALERT
Wells Fargo	22nd June 2015
IMPORTANT NOTICE REGARDING YOUR ACCOUNT

Vulnerebility

CUPS < 2.0.3 - Multiple Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 PDF Parsing Memory Corruption Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 PNG Parsing Memory Corruption Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 Gif Parsing Memory Corruption Vulnerabilities

Paintshop Pro X7 GIF Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

Exploit

CUPS < 2.0.3 - Multiple Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 PDF Parsing Memory Corruption Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 PNG Parsing Memory Corruption Vulnerabilities

Photoshop CC2014 and Bridge CC 2014 Gif Parsing Memory Corruption Vulnerabilities

Paintshop Pro X7 GIF Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

22.6.2015

Bugtraq

Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)

Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)

Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)

ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)

ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities 2015-06-19
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3292-1] cinder security update 2015-06-19
Sebastien Delafond (seb debian org)

DUO Security push Timing Attack 2015-06-18
jpierini paysw com

[SECURITY] [DSA 3291-1] drupal7 security update 2015-06-18
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3290-1] linux security update 2015-06-18
Ben Hutchings (benh debian org)

Malware

Exploit:JS/Sevdaq.A

Linux.Shelldos.A

Phishing

USAA	22nd June 2015
YOUR USAA ONLINE CONFIRMATION ALERT
Wells Fargo	22nd June 2015
IMPORTANT NOTICE REGARDING YOUR ACCOUNT
iTunes Service	21st June 2015
ITUNES ID UPDATE
PayPal support	21st June 2015
UPDATE YOUR PAYPAL ACCOUNT
PayPal Inc âœ”	21st June 2015
YOUR ACCOUNT HAS BEEN LIMITED âœ”
PayPal Service	21st June 2015
You just need to confirm your billing address.
PayPal	20th June 2015
Your Account Access Has Been Limited

Vulnerebility

Exploit

18.6.2015

Bugtraq

[SECURITY] [DSA 3291-1] drupal7 security update 2015-06-18
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3290-1] linux security update 2015-06-18
Ben Hutchings (benh debian org)

[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information 2015-06-17
security-alert hp com

Malware

Backdoor.Wecoym

Trojan.Gatak.B

Trojan.Feratuser

Phishing

Lloyds	18th June 2015
YOUR LLYODS ACCOUNT WILL BE BLOCKED #LY739268029
PayPal Service	18th June 2015
You just need to confirm your billing address.
Chase	17th June 2015
CHASE ALERT!
paypal	17th June 2015
WE'VE IIMITED ACCESS TO YOUR PAYPAI ACCOUNT
Michelle	17th June 2015
INTERESTED IN A GUARANTEED FIRST PAGE GOOGLE RANK?
PayPal Service	17th June 2015
WE NOTICE UNUSUAL ACTIVITY LOGIN

Vulnerebility

Exploit

ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability

WinylPlayer 3.0.3 Memory Corruption PoC

HansoPlayer 3.4.0 Memory Corruption PoC

18.6.2015

Bugtraq

[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information 2015-06-17
security-alert hp com

[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information 2015-06-17
security-alert hp com

VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities 2015-06-17
VCE - PSIRT (VCEPSIRT vce com)

Reflected Cross-Site Scripting (XSS) in SearchBlox 2015-06-17
High-Tech Bridge Security Research (advisory htbridge ch)

OS Command Injection in Vesta Control Panel 2015-06-17
High-Tech Bridge Security Research (advisory htbridge ch)

ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities 2015-06-16
Security Alert (Security_Alert emc com)

ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability 2015-06-16
Security Alert (Security_Alert emc com)

BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability 2015-06-16
d4rkr0id gmail com

Malware

Backdoor:MSIL/IRCbot.J

Backdoor.Wecoym

Trojan.Gatak.B

Phishing

PayPal Service	18th June 2015
You just need to confirm your billing address.
Chase	17th June 2015
CHASE ALERT!
paypal	17th June 2015
WE'VE IIMITED ACCESS TO YOUR PAYPAI ACCOUNT
Michelle	17th June 2015
INTERESTED IN A GUARANTEED FIRST PAGE GOOGLE RANK?
PayPal Service	17th June 2015
WE NOTICE UNUSUAL ACTIVITY LOGIN
PayPal Service	16th June 2015
WE NOTICE UNUSUAL ACTIVITY LOGIN

Vulnerebility

Exploit

BlackCat CMS 1.1.1 Arbitrary File Download

16.6.2015

Bugtraq

[SECURITY] [DSA 3289-1] p7zip security update 2015-06-15
Ben Hutchings (benh debian org)

WebdesignJiNi Cms Sql Injection Vulnerability 2015-06-14
iedb team gmail com

Productsurf Cms Sql Injection Vulnerability 2015-06-14
iedb team gmail com

[SECURITY] [DSA 3252-2] sqlite3 security update 2015-06-14
Alessandro Ghedini (ghedo debian org)

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager 2015-06-15
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 3287-1] openssl security update 2015-06-13

Malware

Backdoor.Wecoym

Trojan.Gatak.B

Phishing

EARTHLINK	16th June 2015
BUY GENUINE EARTHLINK RDP NO SMTP NEEDED AND EMAILS
Chase	16th June 2015
ONLINE BANKING VERIFICATION FROM CHASE ONLINE
Amazon UK	15th June 2015
IMPORTANT SECURITY MESSAGE
Apple	15th June 2015
You May To Update Your AccounT ID
google help desk	15th June 2015
YOU HAVE A PENDING INCOMING DOC SHARED WITH YOU VIA GOOGLE DOC

Vulnerebility

Exploit

Cisco AnyConnect Secure Mobility 2.x, 3.x, 4.x - Client DoS PoC

Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - CSRF Vulnerability

E-Detective Lawful Interception System - Multiple Vulnerabilities

TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection

Apexis IP CAM - Information Disclosure

Linux/x86 - /etc/passwd Reader (58 bytes)

Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shell)

Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - CSRF Vulnerability

Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shadow File)

Filezilla 3.11.0.2 - SFTP Module Denial of Service Vulnerability

Putty 0.64 - Denial of Service Vulnerability

15.6.2015

Bugtraq

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager 2015-06-15
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 3287-1] openssl security update 2015-06-13
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3288-1] libav security update 2015-06-13
Moritz Muehlenhoff (jmm debian org)

Buffer Overflow in My Wifi Router Software 2015-06-13
sudson08 gmail com

[SECURITY] [DSA 3286-1] xen security update 2015-06-13
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3285-1] qemu-kvm security update 2015-06-12
Salvatore Bonaccorso (carnil debian org)

[slackware-security] openssl (SSA:2015-162-01) 2015-06-11
Slackware Security Team (security slackware com)

Malware

Phishing

Apple	15th June 2015
You May To Update Your AccounT ID
google help desk	15th June 2015
YOU HAVE A PENDING INCOMING DOC SHARED WITH YOU VIA GOOGLE DOC
iTunes	14th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID3348A4BA153409F53151
EARTHLINK	14th June 2015
BUY GENUINE EARTHLINK RDP NO SMTP NEEDED AND EMAILS
Support	14th June 2015
ACCOUNT NOTIFICATION
Pay Pal	14th June 2015
YOUR ACCOUNT WILL BE LIMITED âœ”
PayPal Security Team	14th June 2015
REMINDER - ACTION REQUIRED: IMPORTANT ACCOUNT SECURITY INTEGRATION

Vulnerebility

Exploit

Milw0rm Clone Script 1.0 - (Auth Bypass) SQL Injection Vulnerability

Filezilla 3.11.0.2 - SFTP Module Denial of Service Vulnerability

Putty 0.64 - Denial of Service Vulnerability

13.6.2015

Bugtraq

[slackware-security] openssl (SSA:2015-162-01) 2015-06-11
Slackware Security Team (security slackware com)

FreeBSD Security Advisory FreeBSD-SA-15:10.openssl 2015-06-12
FreeBSD Security Advisories (security-advisories freebsd org)

[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting 2015-06-12
ludwig stage syss de

ZCMS SQL Injection & Persistent XSS 2015-06-12
apparitionsec gmail com

[slackware-security] php (SSA:2015-162-02) 2015-06-11
Slackware Security Team (security slackware com)

Nakid-CMS CSRF, Persistent XSS & LFI 2015-06-11
apparitionsec gmail com

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability 2015-06-11
Egidio Romano (research karmainsecurity com)

Malware

TrojanDropper:AutoIt/Bokill.A

Win32 / Spy.Zbot.ABV

Win32 / Bundpil.A

Win32 / Adware.MultiPlug.EE

Win32 / Adware.MultiPlug.DJ

Phishing

USAA	13th June 2015
Update Your Account
American Express	13th June 2015
Confirm your American Express online details.
PayPal Security Team	12th June 2015
REMINDER - ACTION REQUIRED: IMPORTANT ACCOUNT SECURITY INTEGRATION
Mercantile	11th June 2015
EARTHLINK RDP, COMCAST RDP, UNLIMITED SMTP

Vulnerebility

Exploit

ClickHeat <= 1.14 Change Admin Password CSRF

Nakid CMS - Multiple Vulnerabilities

Opsview <= 4.6.2 - Multiple XSS Vulnerabilities

ZCMS 1.1 - Multiple Vulnerabilities

WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

12.6.2015

Bugtraq

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability 2015-06-11
Egidio Romano (research karmainsecurity com)

[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities 2015-06-11
Egidio Romano (research karmainsecurity com)

[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability 2015-06-11
Egidio Romano (research karmainsecurity com)

Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin 2015-06-10
Larry W. Cashdollar (larry0 me com)

Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability 2015-06-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)

D-Link DSP-W110 - multiple vulnerabilities 2015-06-11
Peter Adkins (peter adkins kernelpicnic net)

[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-11
security-alert hp com

Malware

Linux / Moose

BAT / Filecoder.AQ

Win32 / Agent.QKJ

Win32 / TrojanDownloader.Wauchos.AK

Win32 / Neurevt.I

Win32 / Spy.Zbot.ABV

Phishing

Mercantile	11th June 2015
EARTHLINK RDP, COMCAST RDP, UNLIMITED SMTP
PayPal	11th June 2015
Update your PayPal !

Vulnerebility

Exploit

OSSEC 2.7 <= 2.8.1 - Local Root Escalation

11.6.2015

Bugtraq

Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability 2015-06-10
Vulnerability Lab (research vulnerability-lab com)

Use-After-Free in PHP 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

Multiple Vulnerabilities in ISPConfig 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

Arbitrary File Disclosure and Open Redirect in Bonita BPM 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-09
security-alert hp com

Malware

Backdoor:MSIL/Bladabindi.BG
Worm:Win32/Rebhip.Y
Worm:Win32/Rebhip.Z
Backdoor:Win32/Zegost.THD

Backdoor:Win32/Zegost.THD
TrojanDownloader:Win32/Redosdru.C

Phishing

PayPal	11th June 2015
Receipt for your PayPal payment to farmville,games@facebook.com
Ð–Ð°Ð½Ð½Ð° Ð¡ÐµÑ€Ð³ÐµÐµÐ²Ð½Ð°	10th June 2015
Ð¡Ð°Ð¹Ñ‚ Ð±Ñ‹ÑÑ‚Ñ€Ð¾ Ð¸ Ð´ÐµÑˆÐµÐ²Ð¾
æ¥¼å‡¤å°?å§è‰¯å®¶å…¼èŒä¿¡æ¯	10th June 2015
5:28:42
EARTHLINK	10th June 2015
WE SELL ONLY GENUINE EARTHLINK RDP NO SMTP NEEDE

Vulnerebility

Exploit

ProFTPD 1.3.5 Mod_Copy Command Execution

Paypal Currencucy Converter Basic For Woocommerce File Read

Wordpress History Collection <=1.1.1 Arbitrary File Download

Pandora FMS 5.0, 5.1 - Authentication Bypass

Wordpress RobotCPA Plugin V5 - Local File Inclusion

HP WebInspect <= 10.4 XML External Entity Injection

Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability

Libmimedir VCF Memory Corruption PoC

FiverrScript CSRF Vulnerability (Add New Admin)

GeoVision (GeoHttpServer) Webcams Remote File Disclosure Exploit

ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities

Bonita BPM 6.5.1 - Multiple Vulnerabilities

Alcatel-Lucent OmniSwitch - CSRF Vulnerability

AnimaGallery 2.6 - Local File Inclusion

WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability

10.6.2015

Bugtraq

Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability 2015-06-10
Vulnerability Lab (research vulnerability-lab com)

Use-After-Free in PHP 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

Multiple Vulnerabilities in ISPConfig 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

Arbitrary File Disclosure and Open Redirect in Bonita BPM 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-09
security-alert hp com

Elasticsearch vulnerability CVE-2015-4165 2015-06-09
Kevin Kluge (kevin elastic co)

Malware

Trojan.Dokabot

Trojan.Hepbot

W32.Duqu.B

Phishing

æ¥¼å‡¤å°?å§è‰¯å®¶å…¼èŒä¿¡æ¯	10th June 2015
5:28:42
EARTHLINK	10th June 2015
WE SELL ONLY GENUINE EARTHLINK RDP NO SMTP NEEDED
EARTHLINK	9th June 2015
WE SELL ONLY GENUINE EARTHLINK RDP NO SMTP NEEDED
iTunes	9th June 2015
ITUNES ACCOUNT HAS BEEN FROZEN ID2725A4B441384E14AFD3
Apple	8th June 2015
Verify your Apple ID information
PayPal	8th June 2015
Update Your PayPal Account !
Chase	8th June 2015
ALERT MESSAGE FROM CHASE ONLINE(SM)

Vulnerebility

Exploit

SV: Milw0rm Clone Script v1.0 - (time based) SQLi

9.6.2015

Bugtraq

[SECURITY] [DSA 3282-1] strongswan security update 2015-06-08
Yves-Alexis Perez (corsac debian org)

Symphony CMS XSS Vulnerability 2015-06-08
apparitionsec gmail com

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability 2015-06-08
d4rkr0id gmail com

[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice 2015-06-07
Thijs Kinkhorst (thijs debian org)

[SECURITY] [DSA 3280-1] php5 security update 2015-06-07
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Woolerg

Backdoor:MSIL/NetWiredRC.A
TrojanDropper:Win32/Plugx.J
TrojanDownloader:MSIL/Dowector.A
BrowserModifier:Win32/IminentSProtection
BrowserModifier:Win32/AskToolbarNotifier

Phishing

Apple	8th June 2015
Verify your Apple ID information
PayPal	8th June 2015
Update Your PayPal Account !
Chase	8th June 2015
ALERT MESSAGE FROM CHASE ONLINE(SM)
ÐšÑÐµÐ½Ð¸Ñ? Ð“Ð»ÐµÐ±Ð¾Ð²Ð½Ð°	7th June 2015
Ð?Ðµ Ð¶Ð´Ð¸Ñ‚Ðµ, Ð´ÐµÐ¹ÑÑ‚Ð²ÑƒÐ¹Ñ‚Ðµ!
PayPal	6th June 2015
[Notice] : Update Your Account Information Case ID PP 003-498-237

Vulnerebility

Exploit

Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability

8.6.2015

Bugtraq

Symphony CMS XSS Vulnerability 2015-06-08
apparitionsec gmail com

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability 2015-06-08
d4rkr0id gmail com

[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice 2015-06-07
Thijs Kinkhorst (thijs debian org)

[SECURITY] [DSA 3280-1] php5 security update 2015-06-07
Moritz Muehlenhoff (jmm debian org)

Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App 2015-06-06
Payatu Research (research payatu com)

[SECURITY] [DSA 3279-1] redis security update 2015-06-06
Alessandro Ghedini (ghedo debian org)

Symphony CMS 2.6.2 2015-06-06
apparitionsec gmail com

CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 2015-06-06
venkatesh nitin gmail com

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS 2015-06-05
Larry W. Cashdollar (larry0 me com)

Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure 2015-06-05
Mike Sheward (msheward expedia com)

CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] 2015-06-05
pan vagenas gmail com

1 Click Extract Audio v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com

Malware

Infostealer.Malumpos

TrojanDownloader:Win32/Noucti.A

Backdoor.Kickesgo

Backdoor.Gwapoors

Backdoor.Salgorea.B

Phishing

ÐšÑÐµÐ½Ð¸Ñ? Ð“Ð»ÐµÐ±Ð¾Ð²Ð½Ð°	7th June 2015
Ð?Ðµ Ð¶Ð´Ð¸Ñ‚Ðµ, Ð´ÐµÐ¹ÑÑ‚Ð²ÑƒÐ¹Ñ‚Ðµ!
PayPal	6th June 2015
[Notice] : Update Your Account Information Case ID PP 003-498-237
PayPal Service âœ”	6th June 2015
YOUR PAYPAL ACCOUNT WILL BE LIMITED UPDATE IT NOW . âœ”
PayPal Service	6th June 2015
You just need to confirm your billing address.

Vulnerebility

Exploit

D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change

TP-Link ADSL2+ TD-W8950ND - Unauthenticated Remote DNS Change

D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change

D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change

5.6.2015

Bugtraq

1 Click Extract Audio v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com

[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities 2015-06-05
alex_haynes outlook com

CA20150604-01: Security Notice for CA Common Services 2015-06-04
Kotas, Kevin J (Kevin Kotas ca com)

[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access 2015-06-04
security-alert hp com

CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] 2015-06-04
pan vagenas gmail com

Malware

TrojanDownloader:Win32/Noucti.A

Backdoor.Kickesgo

Backdoor.Gwapoors

Backdoor.Salgorea.B

Phishing

Verfaction Paypal	4th June 2015
YOUR ACCOUNT HAS BEEN IIMITED UNTII WE HEAR FROM YOU
Chase Bank	3rd June 2015
UNLOCK YOUR USER ID

Vulnerebility

Exploit

JDownloader 2 Beta - Directory Traversal Vulnerability

Seagate Central 2014.0410.0026-F Remote Root Exploit

Wordpress Really Simple Guest Post <= 1.0.6 - File Include

WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion

1 Click Audio Converter 2.3.6 - Activex Buffer Overflow

1 Click Extract Audio 2.3.6 - Activex Buffer Overflow

Jildi FTP Client 1.5.6 (SEH) BOF

ZTE AC 3633R USB Modem Multiple Vulnerabilities

4.6.2015

Bugtraq

ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability 2015-06-03
Security Alert (Security_Alert emc com)

Local PHP File Inclusion in ResourceSpace 2015-06-03
High-Tech Bridge Security Research (advisory htbridge ch)

Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability 2015-06-03
banana88 inbox com

Safari Address Spoofing - Impact, Code, How It Works, History 2015-06-03
David Leo (david leo deusen co uk)

[SECURITY] [DSA 3249-2] jqueryui security update 2015-06-02
Sebastien Delafond (seb debian org)

Malware

Bot-FKS

TrojanDownloader:Win32/Upatre.BJ

TrojanDownloader:Win32/Upatre.BG

Ransom:Win32/Roduk.A!dllDefCon
Ransom:PowerShell/Roduk.ADefCon
TrojanDownloader:PowerShell/Roduk.ADefCon

Trojan.Ransomcrypt.T

Backdoor.Salgorea.B

Ransom:PowerShell/Polock.A

Phishing

Chase Bank	3rd June 2015
UNLOCK YOUR USER ID
Apple	3rd June 2015
Your Apple ID has expired in less than 48 hours! Sign in To Comfirm Your Apple Id Now .
NatWest	2nd June 2015
PROACTIVELY TAKEN ACTION TO DISABLE ONLINE ACCESS !

Vulnerebility

Exploit

vfront-0.99.2 CSRF & Persistent XSS

WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability

Jildi FTP Client Buffer Overflow PoC

3.6.2015

Bugtraq

[SECURITY] [DSA 3277-1] wireshark security update 2015-06-02
Moritz Muehlenhoff (jmm debian org)

WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability 2015-06-02
Vulnerability Lab (research vulnerability-lab com)

vfront-0.99.2 CSRF & Persistent XSS 2015-06-02
apparitionsec gmail com

Enhanced SQL Portal 5.0.7961 XSS Vulnerability 2015-06-02
apparitionsec gmail com

Freebox OS Web interface 3.0.2 XSS, CSRF 2015-06-01
huyngocbk gmail com

t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01
Tomi Tuominen (tomi tuominen t2 fi)

Malware

Ransom:PowerShell/Polock.A PWS:Win32/OnLineGames.AH

IOS.Oneclickfraud

Phishing

Apple	3rd June 2015
Your Apple ID has expired in less than 48 hours! Sign in To Comfirm Your Apple Id Now .
NatWest	2nd June 2015
PROACTIVELY TAKEN ACTION TO DISABLE ONLINE ACCESS !
limited.services@paypal.com	2nd June 2015
YOUR PAYPAI ACCOUNT WILL BE DEACTIVATED (#PP - 2015)
Joey	1st June 2015
FASHION GIFT

Vulnerebility

Exploit

PonyOS <= 3.0 - tty ioctl() Local Kernel Exploit

2.6.2015

Bugtraq

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01
pan vagenas gmail com

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01
pan vagenas gmail com

WebDrive Buffer OverFlow PoC 2015-06-01
banana88 inbox com

Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31
jerold v00d00sec com

Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31
jerold v00d00sec com

[SECURITY] [DSA 3276-1] symfony security update 2015-05-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30
Salvatore Bonaccorso (carnil debian org)

Malware

IOS.Oneclickfraud

Trojan.Cryptolocker.V

Trojan.ChangeDNS! Html

Phishing

limited.services@paypal.com	2nd June 2015
YOUR PAYPAI ACCOUNT WILL BE DEACTIVATED (#PP - 2015)
Joey	1st June 2015
FASHION GIFT
Ms. Carman L. Lapointe	1st June 2015
UNPAID BENEFICIARY!!!
Paypal	1st June 2015
YOUR ACCOUNT LIMITED - UPDATE YOUR INFORMATION ACCOUNT !!
iTunes	1st June 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID2310A4AB53348E4546EA
Service âœ”	1st June 2015
YOUR PAYPAL ACCOUNT WILL BE LIMITED . âœ”

Vulnerebility

Exploit

Realtek SDK Miniigd UPnP SOAP Command Execution

Airties login-cgi Buffer Overflow

IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution

WebDrive 12.2 (Build # 4172) - Buffer OverFlow PoC

D-Link Devices HNAP SOAPAction-Header Command Execution

WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability

Aruba ClearPass Policy Manager Stored XSS

PonyOS <= 3.0 - VFS Permissions Exploit

PonyOS <= 3.0 - ELF Loader Privilege Escalation

1.6.2015

Bugtraq

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01
pan vagenas gmail com

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01
pan vagenas gmail com

WebDrive Buffer OverFlow PoC 2015-06-01
banana88 inbox com

Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31
jerold v00d00sec com

Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31
jerold v00d00sec com

[SECURITY] [DSA 3276-1] symfony security update 2015-05-31
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30
Salvatore Bonaccorso (carnil debian org)

Malware

Phishing

Paypal	1st June 2015
YOUR ACCOUNT LIMITED - UPDATE YOUR INFORMATION ACCOUNT !!
iTunes	1st June 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID2310A4AB53348E4546EA
Service âœ”	1st June 2015
YOUR PAYPAL ACCOUNT WILL BE LIMITED . âœ”
EARTHLINK	1st June 2015
EARTHLINK RDP AND EMAILS FOR SALE OFFICIAL RESELLER

Vulnerebility

Exploit

IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution

WebDrive 12.2 (Build # 4172) - Buffer OverFlow PoC

WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability

PonyOS <= 3.0 - VFS Permissions Exploit

PonyOS <= 3.0 - ELF Loader Privilege Escalation

29.5.2015

Bugtraq

[security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege 2015-05-28
security-alert hp com

Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution 2015-05-28
mystyle_rahul yahoo co in

[SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices 2015-05-28
Gergely Eberhardt (gergely eberhardt search-lab hu)

DbNinja 3.2.6 Flash XSS Vulnerabilities 2015-05-28
apparitionsec gmail com

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

WellsFargo Alert	29th May 2015
Important Update On Your WELLSFARGO Account
PayPal	29th May 2015
Your account PayPal is limited you have to solve the problem in 24 hours
Barclays Bank	28th May 2015
Your Barclays monthly e-statement/document has just arrived.
Sun Trust Banking	27th May 2015
Avoid Notification
Apple	27th May 2015
ALERT: UPDATE YOUR APPLE ACCOUNT. 26/05/2015 08:10:38

Vulnerebility

Exploit

28.5.2015

Bugtraq

[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement 2015-05-27
Onapsis Research Labs (research onapsis com)

[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability 2015-05-27
Onapsis Research Labs (research onapsis com)

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability 2015-05-27
David Coomber (davidcoomber infosec gmail com)

[SECURITY] [DSA 3268-2] ntfs-3g security update 2015-05-26
Salvatore Bonaccorso (carnil debian org)

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] 2015-05-26
pan vagenas gmail com

[SECURITY] [DSA 3273-1] tiff security update 2015-05-25
Moritz Muehlenhoff (jmm debian org)

Synology Photo Station multiple Cross-Site Scripting vulnerabilities 2015-05-25
Securify B.V. (lists securify nl)

Reflected Cross-Site Scripting in Synology DiskStation Manager 2015-05-25
Securify B.V. (lists securify nl)

Command injection vulnerability in Synology Photo Station 2015-05-25
Securify B.V. (lists securify nl)

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

Sun Trust Banking	27th May 2015
Avoid Notification
Apple	27th May 2015
ALERT: UPDATE YOUR APPLE ACCOUNT. 26/05/2015 08:10:38
service@paypal.co.uk	26th May 2015
Limited Account
Apple	26th May 2015
âœ” Your recent purchase with your Apple ID.
Skype	25th May 2015
Receipt for your PayPal payment to Skype !

Vulnerebility

Drupal Views Module Access Bypass Vulnerability
2015-05-29
http://www.securityfocus.com/bid/74462

Exploit

WordPress Plugin Free Counter 1.1 Stored XSS

27.5.2015

Bugtraq

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability 2015-05-27
David Coomber (davidcoomber infosec gmail com)

[SECURITY] [DSA 3268-2] ntfs-3g security update 2015-05-26
Salvatore Bonaccorso (carnil debian org)

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] 2015-05-26
pan vagenas gmail com

[SECURITY] [DSA 3273-1] tiff security update 2015-05-25
Moritz Muehlenhoff (jmm debian org)

Synology Photo Station multiple Cross-Site Scripting vulnerabilities 2015-05-25
Securify B.V. (lists securify nl)

Reflected Cross-Site Scripting in Synology DiskStation Manager 2015-05-25
Securify B.V. (lists securify nl)

Command injection vulnerability in Synology Photo Station 2015-05-25
Securify B.V. (lists securify nl)

[SECURITY] [DSA 3265-2] zendframework regression update 2015-05-24
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3272-1] ipsec-tools security update 2015-05-23
Salvatore Bonaccorso (carnil debian org)

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

Apple	27th May 2015
ALERT: UPDATE YOUR APPLE ACCOUNT. 26/05/2015 08:10:38
service@paypal.co.uk	26th May 2015
Limited Accounta
Apple	26th May 2015
âœ” Your recent purchase with your Apple ID.

Vulnerebility

Exploit

WordPress Plugin Free Counter 1.1 Stored XSS

Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC

26.5.2015

Bugtraq

Synology Photo Station multiple Cross-Site Scripting vulnerabilities 2015-05-25
Securify B.V. (lists securify nl)

Reflected Cross-Site Scripting in Synology DiskStation Manager 2015-05-25
Securify B.V. (lists securify nl)

Command injection vulnerability in Synology Photo Station 2015-05-25
Securify B.V. (lists securify nl)

[SECURITY] [DSA 3265-2] zendframework regression update 2015-05-24
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3272-1] ipsec-tools security update 2015-05-23
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3271-1] nbd security update 2015-05-23
Alessandro Ghedini (ghedo debian org)

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

Apple	26th May 2015
âœ” Your recent purchase with your Apple ID.
Skype	25th May 2015
Receipt for your PayPal payment to Skype !
iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID5377A4A560411EFA6B89
iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID5431A4A501521EFAB94D
iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID7146A4A545301DC8F95D
Mercantile	25th May 2015
FRESH TOOLS ADDED TO THE SHOP NOW

Vulnerebility

Exploit

Wordpress Video Gallery Plugin 2.8 Arbitrary Mail Relay

WordPress NewStatPress Plugin 0.9.8 Multiple Vulnerabilities

WordPress Landing Pages Plugin 1.8.4 Multiple Vulnerabilities

WordPress GigPress Plugin 2.3.8 - SQL Injection

Apache Jackrabbit WebDAV XXE Exploit

Wordpress MailChimp Subscribe Forms 1.1 Remote Code Execution

Wordpress church_admin Plugin 0.800 Stored XSS

Wordpess Simple Photo Gallery 1.7.8 Blind SQL Injection

Sendio ESP Information Disclosure Vulnerability

Clickheat 1.13+ Remote Command Execution

25.5.2015

Bugtraq

[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability 2015-05-22
CORE Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 3270-1] postgresql-9.4 security update 2015-05-22
Christoph Berg (myon debian org)

[SECURITY] [DSA 3268-1] ntfs-3g security update 2015-05-22
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.grp!hy
Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID5377A4A560411EFA6B89
iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID5431A4A501521EFAB94D
iTunes	25th May 2015
ITUNES ACCOUNT WAS BEEN FROZEN ID7146A4A545301DC8F95D
Mercantile	25th May 2015
FRESH TOOLS ADDED TO THE SHOP NOW

Vulnerebility

Exploit

FTP Media Server 3.0 - Authentication Bypass and Denial of Service

22.5.2015

Bugtraq

[SECURITY] [DSA 3266-1] fuse security update 2015-05-21
Salvatore Bonaccorso (carnil debian org)

Webgrind XSS vulnerability 2015-05-21
hyp3rlinx gmail com

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) 2015-05-21
Julian Reschke (julian reschke greenbytes de)

CVE for Apple's ECDHE-ECDSA SecureTransport bug? 2015-05-20
Jeffrey Walton (noloader gmail com)

[SECURITY] [DSA 3261-2] libmodule-signature-perl regression update 2015-05-20
Salvatore Bonaccorso (carnil debian org)

Malware

Exploit-SWF.x
RDN/Generic.grp!hy
Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

Barclays	21st May 2015
IMPORTANT - ONLINE BANKING UPDATE
Halifax Bank	21st May 2015
PLEASE CHECK ACCOUNT
PayPal Inc,	21st May 2015
NOTICE : YOUR ACCOUNT PAYPAL HAS BEEN LIMITED !

Vulnerebility

Exploit

Microsoft Windows - Local Privilege Escalation (MS15-051)

Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052)

Windows 8.0 - 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)

Forma LMS 1.3 Multiple SQL Injection Vulnerabilities

WordPress WP Symposium Plugin 15.1 SQL Injection Vulnerability

21.5.2015

Bugtraq

[security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities 2015-05-20
security-alert hp com

[security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-05-20
security-alert hp com

EisbÃ¤r SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability 2015-05-20
Vulnerability Lab (research vulnerability-lab com)

Stored XSS in WP Photo Album Plus WordPress Plugin 2015-05-20
High-Tech Bridge Security Research (advisory htbridge ch)

WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability 2015-05-20
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3265-1] zendframework security update 2015-05-20
David PrÃ©vot (david tilapin org)

ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability 2015-05-19
akashchavan0708 gmail com

Staff FTP v3.04 Software - DLL Hijacking Vulnerability 2015-05-19
metacom27 gmail com

[SECURITY] [DSA 3263-1] proftpd-dfsg security update 2015-05-19
Sebastien Delafond (seb debian org)

Staff FTP v3.04 Software - DLL Hijacking Vulnerability 2015-05-20
Vulnerability Lab (research vulnerability-lab com)

HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability 2015-05-20
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3264-1] icedove security update 2015-05-19
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow 2015-05-19
security-alert hp com

APPLE-SA-2015-05-19-1 Watch OS 1.0.1 2015-05-19
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access 2015-05-19
security-alert hp com

[SECURITY] [DSA 3175-2] kfreebsd-9 security update 2015-05-18
Alessandro Ghedini (ghedo debian org)

WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability 2015-05-19
metacom27 gmail com

iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability 2015-05-18
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3262-1] xen security update 2015-05-18
Moritz Muehlenhoff (jmm debian org)

OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities 2015-05-18
Vulnerability Lab (research vulnerability-lab com)

Wireless Photo Transfer v3.0 iOS - File Include Vulnerability 2015-05-18
Vulnerability Lab (research vulnerability-lab com)

CRUCMS Crucial Networking - SQL Injection Vulnerability 2015-05-18
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-thunderbird (SSA:2015-137-01) 2015-05-17
Slackware Security Team (security slackware com)

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability 2015-05-16
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3261-1] libmodule-signature-perl security update 2015-05-15
Salvatore Bonaccorso (carnil debian org)

[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine 2015-05-15
Security Explorations (contact security-explorations com)

phpMyAdmin 4.4.6 Man-In-the-Middle API Github 2015-05-14
submit cxsec org

[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass 2015-05-14
Mark Thomas (markt apache org)

SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2) 2015-05-14
SEC Consult Vulnerability Lab (research sec-consult com)

Sidu 5.2 Admin XSS Vulnerability 2015-05-14
apparitionsec gmail com

Malware

Exploit-SWF.x
RDN/Generic.grp!hy
Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4

Phishing

Microsoft	21st May 2015
Dear Gumtree Member,
USAA	20th May 2015
NEW MESSAGE FROM USAA
Alisha Tarologist	20th May 2015
TELL ME WHAT YOUR BIGGEST WORRY IS
Chase	20th May 2015
Account Security Update
Nationwide Building Society	19th May 2015
NATIONWIDE ACCESS RESTRICTED NOTICE
Barclays	19th May 2015
We need to verify your account

Vulnerebility

Exploit

Phoenix Contact ILC 150 ETH PLC Remote Control Script

WordPress FeedWordPress Plugin 2015.0426 - SQL Injection

Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation

ZOC SSH Client Buffer Overflow Vulnerability (SEH)

Linux/x86 execve "/bin/sh" - shellcode 26 bytes

7.3.2015

Bugtraq

Last Call - Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies 2015-03-05
ML (marialemos72 gmail com)

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability 2015-03-05
prathan ptr gmail com

[ MDVSA-2015:054 ] bind 2015-03-04
security mandriva com

WeBid 1.1.1 Unrestricted File Upload Exploit 2015-03-04
prathan ptr gmail com

[ MDVSA-2015:055 ] freetype2 2015-03-04
security mandriva com

Malware

RDN/Generic.grp!hy
Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4
RDN/Generic.bfr!1A1B5134B133

Phishing

TV Stream	7th March 2015
Watch TV!
David	6th March 2015
POST FREE CLASSIFIED ADS ON ADSROAD
Paypal	6th March 2015
YOUR PAYPAL ACCOUNT HAS BEEN LIMITED
Wells Fargo	6th March 2015
[ WELLS FARGO ] IMPORTANT NOTIFICATION
PayPal	6th March 2015
PayPal: View your recent activity
Security Centre	5th March 2015
UPDATE YOUR INFORMATION
Barclays	4th March 2015
Barclays - Important Notification.
PayPal	4th March 2015
Issue PP-001-487-280-335

Vulnerebility

Exploit

HP Data Protector 8.10 Remote Command Execution

ProjectSend r561 - SQL Injection Vulnerability

4.3.2015

Bugtraq

[ MDVSA-2015:054 ] bind 2015-03-04
security mandriva com

WeBid 1.1.1 Unrestricted File Upload Exploit 2015-03-04
prathan ptr gmail com

[ MDVSA-2015:055 ] freetype2 2015-03-04
security mandriva com

[CVE-2015-2102] Clipbucket 2.7 RC3 0.9 - Blind SQL Injection 2015-03-04
prathan ptr gmail com

[SECURITY] [DSA 3179-1] icedove security update 2015-03-03
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBST03265 rev.1 - HP VMA SAN Gateway running Bash Shell and OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information 2015-03-03
security-alert hp com

[ MDVSA-2015:052 ] tomcat 2015-03-03
security mandriva com

Malware

RDN/Generic.grp!hy
Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4
RDN/Generic.bfr!1A1B5134B133

Phishing

Barclays	4th March 2015
Barclays - Important Notification.
PayPal	4th March 2015
Issue PP-001-487-280-335

Vulnerebility

Exploit

Symantec Web Gateway 5 restore.php Post Authentication Command Injection

Seagate Business NAS Unauthenticated Remote Command Execution

Solarwinds Orion Service - SQL Injection Vulnerabilities

BEdita CMS 3.5.0 - Multiple Vulnerabilities

PHPMoAdmin Unauthorized Remote Code Execution (0-Day)

Linux Kernel IRET Instruction #SS Fault Handling - Crash PoC

Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC

Linux Kernel Associative Array Garbage Collection - Crash PoC

2.3.2015

Bugtraq

[ MDVSA-2015:049 ] cups 2015-03-02
security mandriva com

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2 2015-02-28
edricteo outlook sg

BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0 2015-02-28
edricteo outlook sg

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home 2015-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

Wordpress Media Cleaner Plugin - XSS Vulnerability 2015-02-27
iletisim ismailsaygili com tr

[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags 2015-02-27
Jeremy Boynes (jboynes apache org)

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4
RDN/Generic.bfr!1A1B5134B133
Generic.dx!E87F1C1B381E

Phishing

Satya Vathi	2nd March 2015
BANCA IMI SECURITIES CORP.
Satya Vathi	2nd March 2015
BANK ASIA LTD
PayPal	2nd March 2015
[PayPal] your account information appears to be missing
PayPal	2nd March 2015
IMPORTANT: Please re-update your account information.
EARTH LINK RDP	1st March 2015
WE RE-SELL GENUINE EARTHLINK RDPS( CHANGE OF WEBSITE)
Santander UK	1st March 2015
Santander Bank Important Notification
Halifax	1st March 2015
Update Your Online Account
Payments	1st March 2015
YOUR PENDING PURCHASE
Marilynn Johengen	1st March 2015
Now you can take control over every situation, Deb S!!
service@paypal.co.uk	28th February 2015
YOUR ACCOUNT PAYPAL HAS BEEN LIMITED.
Service PayPal	27th February 2015
Your account is currently restricted.
Alert	27th February 2015
3Ð³Ô NotÑ–cÐµ \| PÐ°ymÐµnt DeclÑ–nÐµÔ
Apple Team	27th February 2015
VERIFY YOUR APPLE ID

Vulnerebility

Exploit

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

27.2.2015

Bugtraq

[SECURITY] [DSA 3176-1] request-tracker4 security update 2015-02-26
Salvatore Bonaccorso (carnil debian org)

Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

Data Source: Scopus CMS - SQL Injection Web Vulnerability 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

DSS TFTP 1.0 Server - Path Traversal Vulnerability 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities 2015-02-26
Peter Adkins (peter adkins kernelpicnic net)

[slackware-security] mozilla-firefox (SSA:2015-056-01) 2015-02-26
Slackware Security Team (security slackware com)

[slackware-security] mozilla-thunderbird (SSA:2015-056-02) 2015-02-26
Slackware Security Team (security slackware com)

[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2015-02-26
security-alert hp com

[security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites 2015-02-26
security-alert hp com

[SECURITY] [DSA 3175-1] kfreebsd-9 security update 2015-02-25
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites 2015-02-25
security-alert hp com

[SECURITY] [DSA 3174-1] iceweasel security update 2015-02-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3173-1] libgtk2-perl security update 2015-02-25
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3172-1] cups security update 2015-02-25
Sebastien Delafond (seb debian org)

Malware

Generic PUP.x!47D5B92EC2DE
Generic Downloader.x!C3BE171842B5
RDN/Generic BackDoor!bbv!681E8DE9F748
Generic.bfr!6EABCAE20244
RDN/Generic.bfr!id!89DA4F0B9AFE
RDN/Generic BackDoor!bbv!63D0D36E010A
Generic.dx!9DA85BB0FFAB
Generic FakeAlert!E35608C04D28
RDN/Generic.tfr!ei!40A74770E65E
RDN/Generic.tfr!ei!57CF1966A13B
RDN/Generic.bfr!id!744B66331525
W32/Spybot.bfr!0391BECB1EFF
RDN/Generic.dx!64703124682A
RDN/Generic PUP.x!C3C9518B2E91
Generic.bfr!AC16DBD5D6E8
RDN/Generic.bfr!id!3A6E60A6E410
RDN/Generic.tfr!ei!2DD5F2DB4CCF
RDN/Generic PWS.y!FA849BA90082
Generic Downloader.x!3F5003F05153
RDN/Generic.dx!djn!3316DFE3E56C
RDN/Generic.dx!djn!3104020682F0
RDN/Generic BackDoor!bbv!3B3C64828E7B
RDN/Generic BackDoor!bbv!4882A71A6585
RDN/Generic PUP.x!0AF6343C4EAB
RDN/Generic.bfr!id!26DB9531DF97
RDN/Generic.dx!djn!3BAFE3140147
Generic PUP.x!DDE5C72A8342
Generic PUP.z!F996094B0BA4
RDN/Generic.bfr!1A1B5134B133
Generic.dx!E87F1C1B381E

Phishing

Musâ…½â…¼e.Gaâ…°ns	26th February 2015
Boost Perforâ…¿anâ…½e anâ…¾ Maâ…¹â…°â…¿ize Your Athâ…¼etiâ…½ Enâ…¾uranâ…½e
Paypal Support	26th February 2015
YOUR PAYPAL ACCOUNT HAS BEEN LIMITEDâœ‰
PayPal	26th February 2015
Important: We noticed unusual activity in your PayPal account (Ref #PP-004-621-793-008)3
Internal Revenue Service	26th February 2015
INCOME TAX REFUND REJECTED
Csloxinfo Internet Service ser	26th February 2015
System Warning!!!
Apple Team	25th February 2015
VERIFY YOUR APPLE ID
Diego Glenn	25th February 2015
After trying this you will never diet again!
Barclays Online	25th February 2015
ACCOUNT SECURITY ALERT.
Bank of America	25th February 2015
Bank of America Alert: Sign in to Online Banking Locked

Vulnerebility

Exploit

26.2.2015

Bugtraq

[SECURITY] [DSA 3169-1] eglibc security update 2015-02-23
Aurelien Jarno (aurel32 debian org)

[SECURITY] [DSA 3168-1] ruby-redcloth security update 2015-02-22
Sebastien Delafond (seb debian org)

CVE-2014-8487: Kony EMM insecurity Direct Object Reference 2015-02-22
michael hendrickx helpag com

[SECURITY] [DSA 3167-1] sudo security update 2015-02-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3166-1] e2fsprogs security update 2015-02-22
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3165-1] xdg-utils security update 2015-02-22
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3171-1] samba security update 2015-02-23
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.dx!djl!A782C2548727
Generic PUP.x!A8E86E585ADA
Generic PUP.x!A7779D616CA5
Generic PUP.z!2C1F2C934005
RDN/Generic.bfr!id!BBF9DB1F1E3D
RDN/Generic BackDoor!bb3!3E23EEAE42AA
RDN/StartPage-CQ!c!12A6C161820C
RDN/Spybot.bfr!40F29AB4C339
RDN/Spybot.bfr!41743C60B87A
Generic PUP.z!393D64577F4B
RDN/Generic.dx!djl!B177488FF277
Generic BackDoor!B3B73964FE47
RDN/Generic.dx!djl!B1F83451D13D
RDN/Generic.dx!2866436408EA
RDN/Generic.bfr!B49CADDC45EA
RDN/Generic.bfr!id!B8E2EB87196D
RDN/Generic BackDoor!bb3!BD9FA1986446
RDN/Generic.dx!djl!9B51352A08D4
RDN/Generic PUP.x!A0A0B84662B6
W32/Spybot.bfr!A053813168FD
RDN/Generic.grp!ia!003F4ABAFC5D
RDN/Spybot.bfr!17A0546D71D1
W32/Nabucur!2002CBEA82DD
RDN/Spybot.bfr!2805CF524AF8
RDN/Generic PWS.y!bct!890FCC431415
Ransom!0AA2F54E9FFA
Generic.dx!8022F8836C59
RDN/Generic PWS.y!A3A716E2192E
RDN/Downloader.gen.a!6903120E1CCB
RDN/Generic PUP.x!c2a!9E0DE784E882

Phishing

Csloxinfo Internet Service ser	26th February 2015
System Warning!!!
Apple Team	25th February 2015
VERIFY YOUR APPLE ID
Diego Glenn	25th February 2015
After trying this you will never diet again!
Barclays Online	25th February 2015
ACCOUNT SECURITY ALERT.
Bank of America	25th February 2015
Bank of America Alert: Sign in to Online Banking Locked
Apple Team	24th February 2015
VERIFY YOUR APPLE ID
PayPal	24th February 2015
Your PayPal Account Will Be Closed ! Please Update Your Account

Vulnerebility

Exploit

25.2.2015

Bugtraq

[SECURITY] [DSA 3169-1] eglibc security update 2015-02-23
Aurelien Jarno (aurel32 debian org)

[SECURITY] [DSA 3168-1] ruby-redcloth security update 2015-02-22
Sebastien Delafond (seb debian org)

CVE-2014-8487: Kony EMM insecurity Direct Object Reference 2015-02-22
michael hendrickx helpag com

[SECURITY] [DSA 3167-1] sudo security update 2015-02-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3166-1] e2fsprogs security update 2015-02-22
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3165-1] xdg-utils security update 2015-02-22
Michael Gilbert (mgilbert debian org)

Malware

RDN/Generic Downloader.x!mt!A1EB06E12558
RDN/Downloader.gen.a!4D289BA21246
RDN/Downloader.gen.a!3996A43F450A
Generic.bfr!3E093AD84312
Generic.dx!2B110F720C58
RDN/Generic.tfr!ei!6BB2D748BD16
RDN/Downloader.gen.a!6B691EF24F81
RDN/Generic BackDoor!bb3!1388A03040C3
RDN/Downloader.gen.a!51D92143C853
RDN/Downloader.gen.a!4FAAEBFBDDB6
RDN/Generic Downloader.x!B5B7D38EC65C
RDN/Downloader.gen.a!51E5D557C592
RDN/Downloader.gen.a!518E5A2DE8F8
RDN/Downloader.gen.a!50971DB1FCFD
Generic.bfr!193EC9CF4578
W32/Sality.gen!37B24D6FE482
RDN/Downloader.gen.a!031BA981D8BB
RDN/Generic.dx!4C60DEBFDE55
RDN/Generic.dx!380F439A2BDD
RDN/Generic Dropper!wd!F77DD033EEAD
RDN/Downloader.gen.a!6DDE6FAEC82F
GenericR-DAM!83465DB5A767
RDN/Downloader.gen.a!5EFBA7E7E18E
RDN/Downloader.gen.a!5F4A1C61B63C
RDN/Downloader.gen.a!4B347FD38EAD
RDN/Generic.dx!djl!A37382DAE042
RDN/Downloader.gen.a!4E2922DC3BED
Generic.tfr!304E7F9A4793
RDN/Downloader.gen.a!45FB9D6371A6
Generic.dx!45A6CB5637E1

Phishing

Apple Team	24th February 2015
VERIFY YOUR APPLE ID
PayPal	24th February 2015
Your PayPal Account Will Be Closed ! Please Update Your Account
AppeID Support	23rd February 2015
Verify Your Apple ID
Daniel Paez	23rd February 2015
Account Notification!!

Vulnerebility

Exploit

HP Client Automation Command Injection

24.2.2015

Bugtraq

[SECURITY] [DSA 3169-1] eglibc security update 2015-02-23
Aurelien Jarno (aurel32 debian org)

[SECURITY] [DSA 3168-1] ruby-redcloth security update 2015-02-22
Sebastien Delafond (seb debian org)

CVE-2014-8487: Kony EMM insecurity Direct Object Reference 2015-02-22
michael hendrickx helpag com

[SECURITY] [DSA 3167-1] sudo security update 2015-02-22
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3166-1] e2fsprogs security update 2015-02-22
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3165-1] xdg-utils security update 2015-02-22
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3171-1] samba security update 2015-02-23
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3164-1] typo3-src security update 2015-02-21
Moritz Muehlenhoff (jmm debian org)

Malware

RDN/Generic PWS.y!bct!23B47C46A0FF
RDN/Generic BackDoor!7A67E3986342
W32/Nabucur!82A06F7CE023
RDN/Generic PWS.y!bct!8F8333ABA99C
RDN/Generic.bfr!ic!86022D6615B1
RDN/Generic.tfr!ei!572B20E1C2DD
RDN/Generic Downloader.x!ms!ADE709B3A8E4
RDN/Generic BackDoor!9EF080A50A42
RDN/Generic PWS.y!bct!65598F56A633
RDN/Generic BackDoor!bbs!00AB15DA7E1F
RDN/Generic.dx!djk!A6BD6E0F1E20
Generic.bfr!B6B12D427296
RDN/Generic.dx!djk!00542E465F70
RDN/Generic Downloader.x!ms!006958E9507D
Generic PUP.z!C9469E0932BC
RDN/Generic.dx!djk!0071BE0F2EA1
Generic.bfr!B53D1E4C2C12
RDN/Generic Downloader.x!ms!001AF8671137
Generic.bfr!0606718B719F
Generic.bfr!A199BA80C2D0
RDN/Generic.dx!djk!7666C239638F
RDN/Generic PUP.z!70847FF10C68
RDN/Generic.bfr!C301BE4517A6
Generic PUP.z!F8BE0AC8530D
Generic BackDoor!985306BD6598
Generic PUP.z!5368C10B75C2
W32/Nabucur!822542E984B0
RDN/Generic BackDoor!40931031274F
RDN/Generic BackDoor!bbk!4AEAB9A14588
RDN/Spybot.bfr!746832399280

Phishing

PayPal	24th February 2015
Your PayPal Account Will Be Closed ! Please Update Your Account
AppeID Support	23rd February 2015
Verify Your Apple ID
Daniel Paez	23rd February 2015
Account Notification!!

Vulnerebility

Exploit

WeBid 1.1.1 Unrestricted File Upload Exploit

Clipbucket 2.7 RC3 0.9 - Blind SQL Injection

Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF)

Zeuscart v.4 - Multiple Vulnerabilities

phpBugTracker 1.6.0 - Multiple Vulnerabilities

WordPress Easy Social Icons Plugin 1.2.2 - CSRF Vulnerability

PHP DateTime Use After Free Vulnerability

23.2.2015

Bugtraq

iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)

Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3163-1] libreoffice security update 2015-02-19
Alessandro Ghedini (ghedo debian org)

Malware

W32/Nabucur!FD0A5300782D
Generic.bfr!C883EEC3831C
RDN/Generic Dropper!DDEF940D1C24
RDN/Generic.bfr!ic!F856C2392213
RDN/Generic.tfr!ei!619A673BFADE
Generic Downloader.x!1726C3C24D5B
Generic.bfr!AA26B5366EBC
Generic.bfr!D9478C899259
Generic.bfr!080AD7EA055F
RDN/Generic Downloader.bfr!4D600F4637D9
RDN/Generic PUP.x!FC9265D268D2
RDN/Generic Dropper!0BFD505E7330
RDN/Generic.bfr!A5F8CFB9ACC3
RDN/Generic.dx!05D6F6B7C44E
Generic.dx!6267083D71F2
Generic.bfr!EC597019C9D3
Generic.bfr!EB62AEDC43EE
Generic.bfr!BB1134E71CE2
Generic.bfr!D874E401DA49
RDN/Generic.dx!7323DCABA891
W32/Nabucur!BE65C017F802
RDN/Generic PUP.x!BD5C35234657
Generic.bfr!E0DA23D8A3A5
RDN/Downloader.a!uo!6435998D37B7
RDN/Generic BackDoor!C8A687CD3B2D
Generic.bfr!E3469AA9FAF8
Generic.bfr!07A826E33C9D
Generic.dx!FDA67CEDBF74
Generic.bfr!CFEEB5875C54
Generic.bfr!E1ED4A23684A

Phishing

Virgin Media	22nd February 2015
An update from Virgin Media

Vulnerebility

Exploit

22.2.2015

Bugtraq

iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)

Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3163-1] libreoffice security update 2015-02-19
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3162-1] bind9 security update 2015-02-18
Florian Weimer (fw deneb enyo de)

PHP Code Execution in jui_filter_rules Parsing Library 2015-02-18
Timo Schmid (tschmid ernw de)

Malware

RDN/Generic PWS.y!bcr!8E85F42EC2F7
Generic.bfr!DCD505B1E2E9
Generic.bfr!DB7D84B5A171
Generic.bfr!DDB5E6DA7E1A
RDN/Generic PUP.z!2F5EEC00F6A9
Generic.bfr!DB1E61D41072
Generic.bfr!DB0458B0B2B7
Generic.bfr!EF6611A46EBA
RDN/Generic.bfr!ic!88D857A54CC1
RDN/Generic.bfr!ic!C935A69FB40A
Generic.bfr!DBC109FB2298
Generic.bfr!DC458CC2F0C4
RDN/Generic.grp!7BDD7D8121A7
Generic.bfr!DAFD84BAA736
Generic.bfr!DAD504D8CA5F
Generic.bfr!DAB520422F1E
Generic.bfr!6CDAF9426679
RDN/Generic BackDoor!bbs!72D3BF138D46
Generic.bfr!DA151018862A
RDN/Generic.grp!70D1AAD09EA3
Generic PUP.x!5C64AD1BED9C
Generic.bfr!DAA39857BC00
Generic.bfr!DA3BD0BEEF22
Generic.bfr!DA80F4CD675F
RDN/Spybot.bfr!p!73734738686E
RDN/Generic.dx!djh!6FC7F88F7F76
RDN/Generic.dx!EE4CF940457C
Generic.bfr!DB23683B8674
Generic Downloader.x!72619AFA412D
RDN/Generic PWS.y!bcr!8B900F9BCC2F

Phishing

RXX_VIAGRA	22nd February 2015
Save 30%
PayPal	22nd February 2015
[ PayPal ] : View your recent activity . #PP = 69901296200527096
PayPal Inc Service	21st February 2015
IMPORTANT NOTICE
Pvsatyanarayana Raju	21st February 2015
LLOYDS TSB BANK PLC.
First Online	21st February 2015
Login Alert
service@paypal	20th February 2015
CP A Y P A L : ACCOUNT SUSPENDED
PayPaI Service	20th February 2015
DEAR COSTUMER : PLEASE CHECK YOUR ACCOUNT
PayPal	20th February 2015
[ PayPal ] : 39View your recent activity . âœ” #PP 896482440
PayPal	20th February 2015
[ PayPal ] : 36View your recent activity . âœ” #PP 15935677467159348
Apple	20th February 2015
[SUSPICIOUS MESSAGE] Please verify your Apple ID 20/02/2015 12:38:14
PayPal	20th February 2015
Reminder: Your account will be limted until we hear from you

Vulnerebility

Exploit

19.2.2015

Bugtraq

PHP Code Execution in jui_filter_rules Parsing Library 2015-02-18
Timo Schmid (tschmid ernw de)

[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 2015-02-18
sven bsddaemon org

[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite 2015-02-18
RedTeam Pentesting GmbH (release redteam-pentesting de)

Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilitiesþ 2015-02-17
Rehan Ahmed (knight_rehan hotmail com)

Malware

RDN/Generic.dx!djf!593D91D70983
RDN/Generic.dx!djf!EF9E818ADF54
Generic.bfr!200B84809135
Generic PUP.z!E8F0A6126272
Generic PUP.z!B94221B67251
RDN/Generic.tfr!41A3490AE7FA
Generic PUP.x!00DE2BA47CAD
RDN/Generic Downloader.x!mr!4B928E0F961B
RDN/Generic PUP.z!fc!3509A1A98309
RDN/Generic Downloader.x!mr!4A67720CAB96
RDN/Generic.dx!3449D60DBB8D
Generic Downloader.x!1E7DE45A54C2
RDN/Generic.dx!2276A6EE5296
Generic PUP.z!B27B3E6740A2
RDN/Generic PUP.z!fc!0F64E56F768D
RDN/Generic PUP.z!fc!D7D856F3B930
Generic PUP.z!DFB9DCB9BD6B
Generic Downloader.x!D6BEA77C1868
Generic.dx!06EEFBD1DAFB
RDN/Generic BackDoor!bbr!DDC86D6259BF
RDN/Spybot.bfr!D2EC7DD2981A
RDN/Generic Dropper!wc!9D9CCDDC3B05
Generic PUP.x!AD99F29BF3DA
Generic PUP.z!45A2ABC5485A
Generic.dx!43FBE27F15CF
Generic.tfr!CBBF86C4038D
Generic PUP.z!84D36C4F703E
Generic.grp!1C1139948DF1
Generic PUP.x!CD5109DB400A
RDN/Generic PUP.z!CD5C1A0114B7

Phishing

Vulnerebility

Exploit

18.2.2015

Bugtraq

NetGear WNDR Authentication Bypass / Information Disclosure 2015-02-17
Peter Adkins (peter adkins kernelpicnic net)

Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability 2015-02-17
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher 2015-02-17
kingkaustubh me com

[slackware-security] sudo (SSA:2015-047-03) 2015-02-16
Slackware Security Team (security slackware com)

[slackware-security] patch (SSA:2015-047-01) 2015-02-16
Slackware Security Team (security slackware com)

[slackware-security] seamonkey (SSA:2015-047-02) 2015-02-16
Slackware Security Team (security slackware com)

Reflected File Download in AOL Search Website 2015-02-16
Ricardo Iramar dos Santos (riramar gmail com) (1 replies)

Malware

Generic PUP.z!C29AE8EB56F2
RDN/Generic Dropper!wc!8C2FAE708392
RDN/Generic BackDoor!bbr!8FF602F4CE68
RDN/Generic.dx!djf!9D4149CAD8E5
W32/Nabucur!7738F75816CC
RDN/Generic PUP.z!034E7ED7020A
Generic.bfr!52394B4514BD
Downloader-FSH!3BBFA0A910A7
RDN/Generic.bfr!ic!042D515141E2
Generic.bfr!20EBAE286C06
RDN/Generic.dx!djf!FDE7BDE7B04D
RDN/Spybot.bfr!205842EFEB7B
Generic BackDoor!627CB67F126D
Generic.dx!1E23B8D32CE2
Downloader.gen.a!1A3AEABD19B8
RDN/Generic.tfr!497531700FB7
Generic PUP.z!B9D958C7DD4C
Generic.bfr!1EFE872D0991
RDN/Downloader.gen.a!6D9121989853
RDN/Generic.dx!EEA4D30599B7
Generic.bfr!032C04E9E284
RDN/Spybot.bfr!p!3200F8126047
RDN/Generic.grp!39FE3510BDD4
RDN/Generic.tfr!2042030924D6
RDN/Generic PUP.z!fc!7CFE40E19108
RDN/Generic.hra!ce!3DEEED3B0108
Generic.tfr!C654A8719DC3
GenericR-CZG!8BC197C4F35C
RDN/Generic PUP.z!6A9EF519BB05
RDN/Generic.bfr!00153955E305

Phishing

Customer Service.Amazon	16th February 2015
Verification-Amazon:Ticket Number PA8-9UP-P84-398SD2-5RD91X099P.
Barclays Online	16th February 2015
ACCOUNT SECURITY ALERT.
Chase Bank	16th February 2015
[ CHASE BANK ] Important Notification
PayPal	16th February 2015
[PayPal]:You Account Has Been Limited !!
PayPal	16th February 2015
IMPORTANT MESSAGE FROM PAYPAL-TEAM.

Vulnerebility

Exploit

X360 VideoPlayer ActiveX Control Buffer Overflow

Java JMX Server Insecure Configuration Java Code Execution

Guppy CMS 5.0.9 & 5.00.10 Authentication Bypass/Change Email

GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities

17.2.2015

Bugtraq

Reflected File Download in AOL Search Website 2015-02-16
Ricardo Iramar dos Santos (riramar gmail com) (1 replies)

Re: Reflected File Download in AOL Search Website 2015-02-16
Mike Antcliffe (mikeantcliffe logicallysecure com)

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher 2015-02-15
kingkaustubh me com

Cosmoshop - XSS on Admin-Login Mask 2015-02-14
innate gmx de

[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 2015-02-14
sven bsddaemon org

CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four 2015-02-14
Hector Marco (hecmargi upv es)

CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak 2015-02-13
jullrich sans edu

UNIT4 Prosoft HRMS XSS Vulnerability 2015-02-13
jerold v00d00sec com

[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution 2015-02-13
security-alert hp com

Malware

RDN/Generic.dx!3E341076E464
Generic.tfr!4CB617EB1566
RDN/Generic.bfr!ic!E73DC74F1535
RDN/Generic BackDoor!bbr!C8AA35AD149F
Generic PUP.x!3A88AE4B6F1E
Generic Downloader.x!A8F0F1BCBC06
Generic PUP.z!8BDD6503D1C4
Generic PUP.z!8B17A24F05B0
Generic.grp!8B00F6BBB60E
Generic.dx!6FBBFDA98466
RDN/Generic PWS.y!E5FB0B1F0FAC
RDN/Generic.dx!E614E42DBD43
RDN/Generic Downloader.x!4ADDC8DE73DE
4shared!7FCBB00E3590
RDN/Generic Dropper!wc!E4A3C7D614A4
RDN/Generic.tfr!ei!3975B00C3B35
Generic Downloader.x!39A9182DDB11
4shared!D0948D6919DD
Generic PUP.z!8A5627477584
4shared!74A37CF83F82
RDN/Generic Dropper!wc!E5A37F87EAE8
Generic PUP.x!8D91BF01B5D9
RDN/Generic Downloader.x!mr!0ECF7FB6409F
RDN/Generic PWS.y!bcr!E34453E576F3
RDN/Generic PWS.y!E41C09AAF3AF
RDN/Generic PWS.y!E37CCF377091
RDN/Generic Malware.jb!c!59DB7B3C21B2
Generic PUP.z!8945C6981CD3
Generic PUP.z!88DC5000E5BB
RDN/Generic.bfr!E3295DF5E207

Phishing

Customer Service.Amazon	16th February 2015
Verification-Amazon:Ticket Number PA8-9UP-P84-398SD2-5RD91X099P.
Barclays Online	16th February 2015
ACCOUNT SECURITY ALERT.
Chase Bank	16th February 2015
[ CHASE BANK ] Important Notification
PayPal	16th February 2015
[PayPal]:You Account Has Been Limited !!
PayPal	16th February 2015
IMPORTANT MESSAGE FROM PAYPAL-TEAM.
Tesco Bank	15th February 2015
PLEASE CONFIRM YOUR ONLINE BANKING ACCOUNT

Vulnerebility

Exploit

eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities

16.2.2015

Bugtraq

UNIT4 Prosoft HRMS XSS Vulnerability 2015-02-13
jerold v00d00sec com

CVE-2015-1574 - Google Email App 4.2.2 remote denial of service 2015-02-13
Hector Marco (hecmargi upv es)

Malware

W32/Nabucur!FE3B8E2429A5
RDN/Generic PUP.z!CD2A27BA3335
W32/Nabucur!AB261E1FF731
RDN/Spybot.bfr!p!7456266404ED
RDN/Generic BackDoor!4F3454D621E2
GenericR-CYY!D5CF39E97A22
RDN/Generic.dx!djf!036825D51B88
RDN/Generic.tfr!ei!037A5BBFD289
RDN/Generic.dx!djf!74D9ACEB45AC
RDN/Generic BackDoor!bbr!FB30C90F4A32
W32/Nabucur!D402DFB53514
RDN/DNSChanger.bfr!f!1C0649EF0A43
RDN/Generic PWS.y!965091106961
Downloader.gen.a!80D48BCEA30B
Generic Downloader.x!7E5A7D349451
RDN/Generic BackDoor!AB7086BDE935
RDN/Downloader.a!uo!F9C8DF52B261
RDN/Generic.tfr!9B55D1D14EDE
Generic BackDoor!CB24BA5414CD
RDN/FakeAV-M.bfr!i!A328729FFD12
W32/Nabucur!AE618BF80BED
RDN/Generic.dx!djf!98B59D41374C
Generic FakeAlert!98FFAB2636BA
Generic FakeAlert!A6E607CAC5D4
Generic FakeAlert!CAD88EAB989F
Generic PUP.z!F56E62C26082
RDN/Generic BackDoor!BB7CC50935BD
RDN/Generic PUP.x!0FD62BC63AF1
Generic PUP.z!3F83018CC005
RDN/Spybot.bfr!3F5F9CF7B6FE

Phishing

Chase Bank	16th February 2015
[ CHASE BANK ] Important Notification
PayPal	16th February 2015
[PayPal]:You Account Has Been Limited !!
PayPal	16th February 2015
IMPORTANT MESSAGE FROM PAYPAL-TEAM.
Tesco Bank	15th February 2015
PLEASE CONFIRM YOUR ONLINE BANKING ACCOUNT
American Express	15th February 2015
Unusual activity in your American Express account

Vulnerebility

Exploit

13.2.2015

Bugtraq

[ MDVSA-2015:046 ] ntp 2015-02-12
security mandriva com

[ MDVSA-2015:045 ] e2fsprogs 2015-02-12
security mandriva com

[ MDVSA-2015:047 ] elfutils 2015-02-12
security mandriva com

[ MDVSA-2015:048 ] postgresql 2015-02-12
security mandriva com

[ MDVSA-2015:044 ] perl-Gtk2 2015-02-12
security mandriva com

Open-Xchange Security Advisory 2015-02-12 2015-02-12
Martin Heiland (martin heiland open-xchange com)

Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-12
Jonathan Brossard (endrazine gmail com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-02-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3161-1] dbus security update 2015-02-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3160-1] xorg-server security update 2015-02-11
Moritz Muehlenhoff (jmm debian org)

Malware

RDN/Generic BackDoor!bbr!93842C94C78F
RDN/Generic BackDoor!bbr!A31F33B21B71
RDN/Generic BackDoor!bbr!E93BC710CB2C
RDN/Generic.dx!EBF91D6E3224
Generic.bfr!0262C498EEF1
RDN/Generic.bfr!90E0FA68F2C5
W32/Nabucur!7CE3FF841163
Generic.bfr!00A2BB2CA651
RDN/Generic.dx!dj3!91638CEED9F1
RDN/BackDoor-FBSA!a!25336C9D4A13
RDN/Spybot.bfr!7A400037FAB1
W32/Sdbot.worm!FEA7847C1048
RDN/Generic.bfr!ic!4BB5A4B987DD
RDN/Generic PUP.z!fc!8EBC07F79354
PWS-Mmorpg.gen!10ADACE4567C
RDN/Generic.tfr!8D6803A22C9E
RDN/Generic.dx!dj3!22B6F59E26CF
RDN/Keylog-Ardamax.dll!6EAC872398BA
Generic PUP.x!8AB289685704
Generic.tfr!899311523978
RDN/Generic Dropper!5869456F8066
RDN/Generic Malware.bj!85961D924D18
RDN/Autorun.worm.gen!C6847562ECEC
Generic.bfr!F04426234A54
Generic.bfr!F9090514609D
RDN/Spybot.bfr!86F22FD46930
Generic BackDoor!88CF9700093E
RDN/Generic.dx!F2251649A098
Generic.dx!872B8DB65909
RDN/Generic BackDoor!bbr!815A104EC022

Phishing

PayPal	12th February 2015
[IMPORTANT] : YOUR ACCOUNT WILL BE LIMITED , PLEASE UPDATE YOUR INFORMATION âœ”
PayPal Inc.	12th February 2015
PAYPAL \|SECURITY TEAM :YOUR ACCOUNT PAYPAL HAS BEEN LIMITED.

Vulnerebility

Exploit

Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities

Wordpress Video Gallery 2.7.0 - SQL Injection Vulnerability

12.2.2015

Bugtraq

[SECURITY] [DSA 3160-1] xorg-server security update 2015-02-11
Moritz Muehlenhoff (jmm debian org)

Elasticsearch vulnerability CVE-2015-1427 2015-02-11
Kevin Kluge (kevin kluge elasticsearch com)

Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability 2015-02-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability 2015-02-11
sn 1dn eu

[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) 2015-02-11
Stefan Kanthak (stefan kanthak nexgo de)

T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) 2015-02-11
Vulnerability Lab (research vulnerability-lab com)

Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability 2015-02-11
Vulnerability Lab (research vulnerability-lab com)

BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability 2015-02-11
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability 2015-02-11
Vulnerability Lab (research vulnerability-lab com)

Multiple Vulnerabilities in my little forum 2015-02-11
High-Tech Bridge Security Research (advisory htbridge com)

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin 2015-02-11
High-Tech Bridge Security Research (advisory htbridge com)

[SECURITY] [DSA 3159-1] ruby1.8 security update 2015-02-10
Alessandro Ghedini (ghedo debian org)

[ MDVSA-2015:043 ] otrs 2015-02-10
security mandriva com

[ MDVSA-2015:041 ] cabextract 2015-02-10
security mandriva com

[ MDVSA-2015:040 ] zarafa 2015-02-10
security mandriva com

[ MDVSA-2015:042 ] clamav 2015-02-10
security mandriva com

[security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities 2015-02-10
security-alert hp com

[security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities 2015-02-10
security-alert hp com

[security bulletin] HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information 2015-02-10
security-alert hp com

[ MDVSA-2015:039 ] glibc 2015-02-10
security mandriva com

[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page 2015-02-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC 2015-02-10
saman j l33t gmail com

[security bulletin] HPSBGN03251 rev.1 - HP Storage Essentials running SSLv3, Remote Disclosure of Information 2015-02-09
security-alert hp com

[SECURITY] [DSA 3158-1] unrtf security update 2015-02-09
Salvatore Bonaccorso (carnil debian org)

[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling 2015-02-09
Mark Thomas (markt apache org)

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) 2015-02-09
bhdresh gmail com

Radexscript CMS 2.2.0 - SQL Injection vulnerability 2015-02-09
ITAS Team (itas team itas vn)

Malware

Generic PUP.z!1DB9E0B63BB3
Generic.bfr!DADA04B2F630
Generic PUP.z!328E83851A87
RDN/Generic.tfr!ei!7A0DF0FB17E0
Generic PUP.z!E2F6BD605DED
Generic Downloader.x!362E18FFD4CA
RDN/Generic BackDoor!bbr!7F239C3E92AC
Generic.bfr!EC71A26CA59D
Generic PUP.z!2E1F98AEAAB9
Generic PUP.z!DD3B5200DA91
RDN/Generic.dx!73D755C25D91
Generic PUP.x!72D866863849
Generic PUP.x!240806CE3545
Generic.bfr!C400F7019EBC
Generic PUP.x!D0DCD4E07D04
Generic PUP.x!FAB498C571DC
RDN/Generic.bfr!B268482C3872
Generic PUP.z!E92F6BA9A1B2
Generic PUP.x!E9660DCB0F34
Generic.bfr!D06D080C13BB
Generic PUP.z!E954A73C2BE1
Generic.bfr!97884EF2FC48
W32/PdfCrypt.b!899BC1372DD9
Generic.tfr!FACF45AA13A1
RDN/Spybot.bfr!38CC11FC53DC
Generic.dx!994F43805A6F
Generic.tfr!6B3193792EDE
Generic.tfr!C78540207BAA
Generic.bfr!D0B1707EE0AA
Generic PUP.z!A8F5FC66ABC4

Phishing

PayPal	12th February 2015
[IMPORTANT] : YOUR ACCOUNT WILL BE LIMITED , PLEASE UPDATE YOUR INFORMATION âœ”
PayPal Inc.	12th February 2015
PAYPAL \|SECURITY TEAM :YOUR ACCOUNT PAYPAL HAS BEEN LIMITED.
PayPal Inc.	11th February 2015
PAYPAL \|SECURITY TEAM :YOUR ACCOUNT PAYPAL HAS BEEN LIMITED.
alerts@citibank.com	11th February 2015
Suspicious Account Activity Reference wvAt77y
Apple iTunes	11th February 2015
YOUR RECENT DOWNLOAD WITH YOUR APPLE ID
service@paypal.co.uk	11th February 2015
WE'VE IIMITED ACCESS TO YOUR PAYPAI ACCOUNT
Mr. Ban Ki-Moon	11th February 2015
ATM VISA CARD US 2000,000,00,
Whats AppNotifier	10th February 2015
INCOMING VOICEMAIL(S) AT FEB 10
NATWEST BANK	9th February 2015
New Message From Natwest Bank
PayPal	9th February 2015
[ Paypal ] Your account will be closed within 74 hours , please check your account information 09/02/2015
NatWest	9th February 2015
* * Your access to NatWest Services is locked fiona@19mills.fsnet.co.uk
PaypaI Service	9th February 2015
ACCOUNT NOTIFICATION
Wells Fargo Online	9th February 2015
WELLSFARGO ONLINE MAINTENANCE.
Support@PayPal.com	8th February 2015
WE'RE INVESTIGATING A PAYPAI PAYMENT REVERSAI (CASE ID #PP-003-498-237-832)

Vulnerebility

Exploit

Achat v0.150 beta7 Buffer Overflow

SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation

MooPlayer 1.3.0 'm3u' SEH Buffer Overflow

Wordpress Survey and Poll Plugin 1.1 - Blind SQL Injection

Pandora FMS 5.1 SP1 - SQL Injection Vulnerability

IBM Endpoint Manager - Stored XSS Vulnerability

8.2.2015

Bugtraq

Malware

RDN/Generic.dx!djb!4518E4A0FE97
RDN/Generic PUP.z!746DA97260B3
RDN/Generic.dx!D4CED171418A
RDN/Generic.dx!djb!8A8ED5840724
RDN/Generic.dx!djb!B72308CF61EE
Downloader.gen.a!7E9603057D98
RDN/Generic PUP.z!eq!3CB91A6E8244
RDN/Generic Downloader.x!mq!BDCC39D12AA2
RDN/Spybot.bfr!87F633FF03D9
Generic.bfr!9344F2641EBF
RDN/Generic.dx!djb!690041FEA044
RDN/Generic.dx!djb!8225B128B6FD
RDN/Generic.dx!djb!1F7710BF171D
RDN/Generic PUP.z!5FB943DC5AFA
RDN/Generic Downloader.x!mq!B3E22E1E955E
RDN/Spybot.bfr!D81D07FA2A4A
Generic PUP.z!58CA4449D501
RDN/Spybot.bfr!7368ADAF3D37
Generic PUP.x!B239F7F3FF61
RDN/Generic.dx!djb!1423D8E907A4
Generic PUP.z!F3CEC9EB9347
RDN/Spybot.bfr!150A6E36C847
RDN/Spybot.bfr!2FECAE882516
RDN/Generic Dropper!wb!2A98F39BE57F
RDN/Generic.dx!djb!FDC72214D0A6
Generic PUP.z!FA7AEB638BF7
Generic PUP.x!7CA4E822A664
FakeAV-M.bfr!2BC04A24F6E5
RDN/Generic.dx!djb!8B0E3BAA84E8
RDN/Generic.dx!djb!98B15A2FDC66

Phishing

Barclays	7th February 2015
IMPORTANT - ONLINE BANKING UPDATE
Tesco Bank	7th February 2015
IMPORTANT: TESCO ALERTS SERVICE
PayPal	7th February 2015
Your account PayPal is limited you have to solve the problem in 24 hours
Paypal	6th February 2015
YOUR ACCOUNT WILL BE LIMITED PLEASE UPDATE YOUR INFO
PayPal	5th February 2015
* CACTUS * Notification - Account Review

Vulnerebility

Exploit

3.2.2015

Bugtraq

[SECURITY] [DSA 3149-1] condor security update 2015-02-02
Sebastien Delafond (seb debian org)

[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information 2015-02-02
security-alert hp com

[SECURITY] [DSA 3150-1] vlc security update 2015-02-02
Alessandro Ghedini (ghedo debian org)

[security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution 2015-02-02
security-alert hp com

Fork CMS 3.8.3 - XSS Vulnerability 2015-02-02
ITAS Team (itas team itas vn)

Microweber 0.95 - SQL Injection Vulnerability 2015-02-02
ITAS Team (itas team itas vn)

Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities 2015-02-02
ITAS Team (itas team itas vn)

Malware

Generic PUP.x!1C0BA4B41113
Generic.tfr!7E76C547CD4A
RDN/Spybot.bfr!954805E2828D
Generic PWS.y!39AE3C8E0B56
Generic BackDoor!251FF52FFE6E
RDN/Generic PUP.x!ctt!F044AD38967D
RDN/Generic PUP.x!ctt!92C71A122A2C
Generic.bfr!5407B3BAD7B9
RDN/Generic PUP.x!ctt!6DA90FDAAA87
RDN/DNSChanger.bfr!456D5ECCDBE6
RDN/Generic BackDoor!bbp!0A170AF2BF6E
RDN/Generic PUP.x!ctt!C6DD7D3C8F72
Generic PUP.z!79F2F7B22891
RDN/Generic.dx!4AE872BD1A94
RDN/Generic.dx!CAFDFD1F4BE4
RDN/Generic PUP.x!ctt!C18B05CAB38E
Generic.bfr!172CCA6D3BC3
W32/Nabucur!A10662ADEDB5
Generic.bfr!1172FFFB05D2
RDN/Generic.tfr!eh!9712C542DFC4
RDN/Ransom!eo!D171E485B910
RDN/Spybot.bfr!10E7B369354B
RDN/Ransom!eo!6857F5D733EC
RDN/Generic PUP.x!71D89ABD35A5
RDN/Generic PUP.x!26129C6565C5
RDN/Generic PUP.x!F0709AD5CE99
Generic.bfr!0582B27C6A83
Generic.dx!FF9DBB405596
RDN/Spybot.bfr!9492C9DE56E8
RDN/Spybot.bfr!1A9E17DA061D

Phishing

PayPal	3rd February 2015
Please Login to Update Your Account informations. 02/02/2015 10:09:19
PayPal	3rd February 2015
Verify your account informations
Apple	2nd February 2015
Account Verificatio
Apple	2nd February 2015
[Dear customer] : Hi Your User ID will be frozen 01/02/2015 06:38:27
PayPal Security	1st February 2015
Your Account Will Be Limited !

Vulnerebility

Exploit

Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities

1.2.2015

Bugtraq

[security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities 2015-01-30
security-alert hp com

[SECURITY] [DSA 3147-1] openjdk-6 security update 2015-01-30
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3146-1] requests security update 2015-01-30
Sebastien Delafond (seb debian org)

ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability 2015-01-30
Security Alert (Security_Alert emc com)

Malware

Generic PUP.x!4690C4BA0BCE
Downloader.gen.a!7962BD89847F
RDN/Generic.grp!hx!903E8FFC02FA
GenericR-CWH!A0066AACDC8A
RDN/Generic BackDoor!C05EE0DE170F
RDN/Generic Downloader.x!mo!71325CB8FAF9
RDN/Generic PUP.x!3C320BFC8C41
RDN/Generic PUP.x!9E16C931C361
RDN/Generic PUP.x!CB6AD763950D
RDN/Generic PUP.x!D6513432D2BB
RDN/Generic PUP.x!E6245D1E3C13
Generic PUP.x!7FD65C68778F
RDN/Generic PUP.x!F773ED26D511
RDN/Generic.bfr!7D9BD3FAA689
Generic PUP.z!A68D89D858ED
RDN/Generic.dx!4DC23D31E791
RDN/Spybot.bfr!2B391BD39763
RDN/Generic PUP.x!ED4071694E25
RDN/Generic PUP.x!B40F81B254EB
Generic PUP.x!D50E8FF2BBA8
RDN/Generic.dx!90969FB83654
Generic PUP.z!E5CF5A166B24
RDN/Generic PUP.x!FC4CA66E1FD7
RDN/Generic PUP.x!911E4A8D60F8
Generic PUP.z!B1BAB5997DDC
Generic PUP.x!34C58A112530
Generic.tfr!C32994F58A45
PWS-Mmorpg.gen!52D75DE5D64C
W32/PdfCrypt.b!3DFE7C6E24C2
RDN/Generic Downloader.x!CFE2715A431B

Phishing

PayPal Security	1st February 2015
Your Account Will Be Limited !
PayPal Services	31st January 2015
[PayPal Verification] Update Your Account Information
NatWest	31st January 2015
1 New Message
no_reply@bt.com	31st January 2015
Account Verification
Apple	31st January 2015
[Dear customer] : Hi Your User ID will be frozen
NatWest	30th January 2015
1 New Message
no_reply@bt.com	30th January 2015
Account Verification

Vulnerebility

Exploit

30.1.2015

Bugtraq

[SECURITY] [DSA 3144-1] openjdk-7 security update 2015-01-29
Moritz Muehlenhoff (jmm debian org)

NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability 2015-01-29
VMware Security Response Center (security vmware com)

Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection 2015-01-30
Paul Craig (lists vantagepoint sg)

Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router 2015-01-29
kingkaustubh me com

Reflected XSS vulnarbility in Asus RT-N10 Plus Router 2015-01-29
kingkaustubh me com

Malware

Generic PUP.x!8374F57466E0
Generic-FAVX!A24B8AE45E91
Generic-FAVX!DE19A5500766
Generic PUP.x!A806BD18D12B
W32/Sality.gen!7FE793754AFE
RDN/Generic Dropper!35E117E1F43C
RDN/Generic.bfr!ic!81B42E6E7CB8
Generic.dx!A454231A1356
RDN/Generic.bfr!8E516E453FF2
Generic FakeAlert!278C1F35850E
Generic Downloader.x!81212EED0BCB
Generic Downloader.x!80BED2783AED
Generic.dx!FF8390A1355A
RDN/Spybot.bfr!4D639853D222
RDN/Generic PUP.x!ctk!7C6CCEF9BCB4
Generic.dx!CE6897C29CDB
Generic.dx!C23F1DCA3670
RDN/Generic PWS.y!bcp!81064F06FD54
Generic.dx!6AF956E1A8D5
Generic.dx!95FCED611F3F
RDN/Generic PWS.y!bcp!9FAD35347369
Generic.dx!044C180713DF
RDN/Spybot.bfr!6618EB719091
Generic.dx!74ED2809EC3E
Generic.dx!345504F7F52C
RDN/Generic PUP.x!ctk!43F36F5D5BEC
Generic.dx!613C0B8B2C5F
Generic.dx!B696CB117760
Generic.dx!5BB3A0AB2DA6
RDN/Generic BackDoor!bb3!7C2775BCD804

Phishing

no_reply@bt.com	30th January 2015
Account Verification
APPLE STORE	28th January 2015
Your Account Will Be Limited. Update Your Informations !
PayPal	28th January 2015
IMPORTANT: WE NOTICED UNUSUAL ACTIVITY IN YOUR PAYPAL ACCOUNT (REF #PP-004-621-793-329) !

Vulnerebility

Exploit

29.1.2015

Bugtraq

Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router 2015-01-29
kingkaustubh me com

Reflected XSS vulnarbility in Asus RT-N10 Plus Router 2015-01-29
kingkaustubh me com

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities 2015-01-29
Security Alert (Security_Alert emc com)

Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 2015-01-29
Onur Yilmaz (onur netsparker com)

CVE-2014-8779: SSH Host keys on Pexip Infinity 2015-01-29
giles pexip com

[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) 2015-01-28
Pedro Ribeiro (pedrib gmail com)

Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability 2015-01-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

AST-2015-001: File descriptor leak when incompatible codecs are offered 2015-01-28
Asterisk Security Team (security asterisk org)

[slackware-security] glibc (SSA:2015-028-01) 2015-01-28
Slackware Security Team (security slackware com)

Malware

RDN/Generic.bfr!ic!F48887E6C433
Generic PUP.x!4EC1E43160A6
FakeAV-M.bfr!19767E06F6C9
Downloader.gen.a!F77B3D00A546
Generic Downloader.x!A9E6A583A055
Generic Downloader.x!E025396F5795
Generic Downloader.x!367DDA250565
RDN/Generic PUP.x!ctj!192EB76B0840
Generic Downloader.x!F613968F5E58
PWS-Banker!80CEE13734FF
RDN/Generic PUP.x!788F0BF173A9
Generic Downloader.x!4473D15FE542
Generic PUP.x!784547B53E5A
Generic Downloader.x!DF4DFBE34FFA
Generic Downloader.x!932270DC4E9D
Generic Downloader.x!F6DD6BB55D57
Generic Downloader.x!0C7A65F4354A
Generic Downloader.x!303D7D73675E
RDN/Generic.bfr!ic!27370E90C927
Generic.bfr!5935C84A5C88
FakeAV-M.bfr!2DA6310D9018
RDN/Generic BackDoor!bb3!857078AFFA14
RDN/Generic PUP.x!ctj!5BA5242D08F2
RDN/Generic PUP.x!ctj!E3D0CFD4B5A3
RDN/Sdbot.worm!cd!6452AE91839F
Generic PUP.x!DBB594CF0EF8
Generic Downloader.x!51CBA585457C
Generic PUP.x!77243266C757
Generic Downloader.x!ADC4EE9812E0
RDN/Generic Downloader.x!lq!1CF3F0305C9A

Phishing

Vulnerebility

Exploit

VSAT Sailor 900 - Remote Exploit

ClearSCADA - Remote Authentication Bypass Exploit

OS X < 10.10.x - Gatekeeper bypass Vulnerability

UniPDF 1.1 - Crash PoC (SEH overwritten)

Microsoft Windows Server 2003 SP2 - Privilege Escalation

ManageEngine Firewall Analyzer 8.0 - Directory Traversal/XSS Vulnerabilities

FreeBSD Kernel Multiple Vulnerabilities

28.1.2015

Bugtraq

[CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8 2015-01-28
sven bsddaemon org

[CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8 2015-01-28
sven bsddaemon org

[AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability 2015-01-28
Amplia Security Advisories (advisories ampliasecurity com)

NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues 2015-01-27
VMware Security Response Center (security vmware com)

Multiple vulnerabilities in MantisBT 2015-01-28
High-Tech Bridge Security Research (advisory htbridge com)

Two XSS Vulnerabilities in SupportCenter Plus 2015-01-28
High-Tech Bridge Security Research (advisory htbridge com)

Malware

RDN/Generic.dx!6BA8862C2D15
Generic.dx!C455CCA446ED
Gamarue-FAX!93AC2ACD8527
RDN/Generic Downloader.x!7AC2B592E5CE
RDN/Generic PUP.x!cth!8D61C7D1310B
RDN/Generic.grp!hx!8D50D499C4B2
RDN/Generic PUP.x!cth!D97EFBD3CD55
Downloader.gen.a!C97F400CDB3E
RDN/Generic Downloader.x!mn!A67404616BC3
Downloader.gen.a!3AF555C2ACD0
RDN/Generic PUP.z!eq!74078ABEE3A8
RDN/Generic.dx!d2q!DC1755A1C7C4
RDN/Generic PUP.z!eq!EECC50E8A5AC
RDN/Generic BackDoor!bb3!AF654CB7F6EB
Generic BackDoor!D03D53F57ACB
RDN/Generic.bfr!3B3F38A66B70
Generic PUP.x!C7D377F7DC50
RDN/Generic.dx!d2q!A936D918C874
RDN/Generic.bfr!D91D3C5B29DD
RDN/Generic PUP.x!cth!508B498E4FBB
RDN/Generic BackDoor!bbn!506DB3C64D05
Generic PUP.x!502E097B4D3E
RDN/Generic.dx!922FD31003E0
RDN/Generic.bfr!ED5058F4EF49
Generic PUP.x!5527337F26B3
RDN/Generic PUP.x!9B8B6656AE9F
Generic.dx!C3D2802ED4C8
RDN/Spybot.bfr!29B960685EF6
RDN/Generic.dx!d2p!C7E6A437F069
W32/Nabucur!EC14F8BE5B86

Phishing

NETELLER	28th January 2015
Your NETELLER Account Has Been Disabled - 10/01/2015 09:34:03
Service .inc	28th January 2015
UPDATE YOUR ACCOUNT INFORMATION
PayPal	28th January 2015
account has been frozen
BT	28th January 2015
Update Your Details
PayPal	28th January 2015
WHY MY ACCOUNT IS LIMITED ?
PayPal	28th January 2015
CHECK YOUR RECENT ACTIVITY BY LOGGING IN [PAYPAL] âœ”
PayPal	28th January 2015
[Paypal]: You Need To Confirm Your Information ! 02/01/2015 05:27:45
Skype	28th January 2015
New Payment To Skype !
Citibank	28th January 2015
Customer Service Reference: ASO0Q5SL
PayPal	28th January 2015
Service.security@Paypal.cu
Apple	28th January 2015
Your recent download
PayPal	28th January 2015
Your PayPal account is limited until we hear from you.
Your Barclays Account	28th January 2015
Your Barclays Bank Support
Paypal Support	28th January 2015
âœ‰ [PAYPAI]: UPDATE YOUR INFORMATION ACCOUNT NUMBER 1544
Apple	28th January 2015
Account Info Change
HSBC Bank	28th January 2015
TONY.THELMA@NTLWORLD.COM, YOUR ACCOUNT SERVICE INFORMATION
NatWest	28th January 2015
Security Update
Microsoft	28th January 2015
Dear Email Account Owner,
PayPal Reminder	28th January 2015
âœ” ALERT ! YOUR PAYPAL ACCOUNT WILL BE LIMITED PP1366
PayPal Services	28th January 2015
YOUR ACCOUNT PAYPAL IS LIMITED YOU HAVE TO SOLVE THE PROBLEM IN 24 HOURS.
PayPal	28th January 2015
YOUR PAYPAL ACCOUNT HAS BEEN LIMITED !
PayPal Update	28th January 2015
UPDATE YOUR ACCOUNT INFORMATION !
PayPal Inc	28th January 2015
VERIFY YOUR INFORMATION TO ACTIVATE YOUR ACCOUNT !
HSBC Bank	28th January 2015
DARREN.M.BROWN@NTLWORLD.COM, YOUR ACCOUNT SERVICE INFORMATION

Vulnerebility

Exploit

ClearSCADA - Remote Authentication Bypass Exploit

27.1.2015

Bugtraq

[SECURITY] [DSA 3140-1] xen security update 2015-01-27
Moritz Muehlenhoff (jmm debian org)

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt 2015-01-27
matthias deeg syss de

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting 2015-01-27
matthias deeg syss de

[SYSS-2014-012] FancyFon FAMOC - Session Fixation 2015-01-27
matthias deeg syss de

CVE-2015-0223: anonymous access to qpidd cannot be prevented 2015-01-26
Gordon Sim (gsim apache org)

CVE-2015-0224: qpidd can be crashed by unauthenticated user 2015-01-26
Gordon Sim (gsim apache org)

[CORE-2015-0002] - Android WiFi-Direct Denial of Service 2015-01-26
CORE Advisories Team (advisories coresecurity com)

WebKitGTK+ Security Advisory WSA-2015-0001 2015-01-26
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

Generic Dropper!04F6E78DCFA7
RDN/T-UPA-AAQ!a!147A717AABD6
Generic.bfr!0EE37BAE7D60
GenericR-CUT!DE932FF7C7F4
RDN/Generic PUP.z!A81CBA4F3A6F
RDN/Downloader.gen.a!C58BAFAB8A83
RDN/Spybot.bfr!C5EBA520DD07
RDN/Spybot.bfr!A88216E1F80F
RDN/Generic PUP.x!F66759103E9D
Generic PUP.x!DC913B05B5D1
W32/Sdbot.worm!AF206A5A94B5
Ransom!DC407A859787
Generic.dx!CB74F89923D7
RDN/Generic.dx!CCD805F09122
W32/Expiro.gen.ra!0087645D3EEE
RDN/Generic BackDoor!bbn!D9FCD9AF9734
RDN/Generic PUP.x!ct3!0A4AAEB9CFB5
RDN/Generic.tfr!eh!D637D2F8F974
Generic PUP.x!D9B7B9A26F6D
RDN/Generic BackDoor!bbn!D8B272BF9464
RDN/Generic PWS.y!bc3!6DA0E3545ED2
Generic PUP.x!CB18F1FF6A54
RDN/Generic PUP.x!9DC23113DD3D
RDN/Generic PUP.x!ct3!9390F2C19DDB
Generic PUP.x!D5410A6DF20F
RDN/Generic Dropper!vz!D5526013BF00
Generic PUP.x!CE605667AB19
Generic PUP.x!C889E72BB100
RDN/Generic BackDoor!bbn!CAFA19ED9847
RDN/Generic PUP.x!ct3!C65ADBDCE885

Phishing

Paypal	27th January 2015
[IMPORTANT] : UPDATE YOUR ACCOUNT INFORMATION !
National	27th January 2015
She has no taboos and restrictions
Apple Inc.	27th January 2015
PLEASE UPDATE YOUR ACCOUNT
PayPal	27th January 2015
Your PayPal account is limited until we hear from you.
ebilling@bt.com	27th January 2015
Verify your account
Natwest	27th January 2015
\|Natwest Bank\| Case Reference #: 458839348482
onlinebankinservice@tescobank.	27th January 2015
TESCO BANK - NEW ESTATEMENT AND EADVICE
_-Vydox_-_Plus_-	27th January 2015
~NEW~YEAR,~NEW~YOU:~30~DAY~FRE E~TRIAL~FOR~A~BULL~PERFORMANCE ~IN~BED~
MS MARY ARINZE	27th January 2015
Re: Very Urgent Response!!!
JANET NAPOLITANO	27th January 2015
HOMELAND SECURITY ALERT!!!
PayPal Services	27th January 2015
YOUR ACCOUNT PAYPAL IS LIMITED YOU HAVE TO SOLVE THE PROBLEM IN 24 HOURS.
PayPal	27th January 2015
[PAYPAL] :UPDATE YOUR ACCOUNT INFORMATION
Apple Service	27th January 2015
YOUR APPLE ACCOUNT IS TEMPORARILY SUSPENDED !
Ysande	27th January 2015
WHEN WAS VIAGRA INVENTED
PayPal	27th January 2015
YOU'VE SENT A PAYMENT
PayPal	27th January 2015
PLEASE UPDATE YOUR PAYPAL ACCOUNT
Barclays	27th January 2015
IMPORTANT - ONLINE BANKING UPDATE
Bank of America Alert	27th January 2015
Bank Of America Alert: Online Access Suspension Message®
Apple	27th January 2015
Account Info Change
Apple	27th January 2015
Account Suspended
PayPal INC.	27th January 2015
YOUR ACCOUNT WILL BE LIMITED. PLEASE UPDATE YOUR ACCOUNT INFORMATION !
NatWest Online Banking	27th January 2015
IMPORTANT NOTICE REGARDING YOUR NATWEST ONLINE ACCOUNT.
head office	27th January 2015
FEDERAL BUREAU OF INVESTIGATION(WWW.FBI.GOV)
Navy Federal Online	27th January 2015
Important notice regarding your Navy Federal Online account.

Vulnerebility

Exploit

D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit

VLC Player 2.1.5 - DEP Access Violation Vulnerability

VLC Player 2.1.5 - Write Access Violation Vulnerability

Comodo Backup 4.4.0.0 - NULL Pointer Dereference EOP

Mangallam CMS - SQL Injection Web Vulnerability

Barracuda Networks Cloud Series - Filter Bypass Vulnerability

ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management Vulnerability

PHP Webquest 2.6 - SQL Injection

Android WiFi-Direct Denial of Service

26.1.2015

Bugtraq

Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days 2015-01-22
Hafez Kamal (aphesz hackinthebox org)

PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-1180-xss-eventsentry 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1179-xss-mango-automation-scada 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

Malware

Generic.bfr!8A3B913C0CB2
FakeAV-M.bfr!ED4D5F7A7DE1
RDN/Generic.dx!77C0AF9BC1F5
RDN/Generic Dropper!vz!208DA38CD99C
Generic.bfr!A6BBE611A563
RDN/Spybot.bfr!1204314BD74C
Generic PUP.x!48BEA33D9F9B
Generic.bfr!6BF9CA39794A
Generic.bfr!D1B231D2719A
W32/Expiro!886E724B2CE6
RDN/Generic.bfr!ED1009DC35CE
Generic.bfr!5C0AF6FC056F
RDN/Generic PUP.x!cs3!AACE94796ECE
W32/PdfCrypt.b!BA14824E7F23
Generic.bfr!721DC78264EB
RDN/Generic PUP.x!cs3!201FDD65FB44
Generic BackDoor!1BC129D7FCF2
RDN/Generic PUP.x!cs3!B04724526543
Generic PUP.x!FAB21799D89E
RDN/Generic PUP.x!cs3!38D531E8176B
W32/PdfCrypt.b!92FAE8BA7B4F
Generic.dx!D389E6D2A064
RDN/Generic PUP.x!cs3!3548AD3FE731
Generic PUP.x!8EEDADE1FCF7
RDN/Generic PUP.x!cs3!4B96A469E3D5
RDN/Generic PUP.x!cs3!09E806628D0B
RDN/Generic PUP.x!cs3!6E0D30D8403A
Generic PUP.x!1489244252B6
GenericR-CVC!D987642100A9
RDN/Generic.bfr!ib!63F951F778E6

Phishing

Vulnerebility

Exploit

23.1.2015

Bugtraq

Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days 2015-01-22
Hafez Kamal (aphesz hackinthebox org)

PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-1180-xss-eventsentry 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1179-xss-mango-automation-scada 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

Malware

Generic.dx!067B470A053D
Generic.bfr!D7FEB35BB2A1
RDN/Generic.bfr!B29C6360E83E
Generic.bfr!D888CB6FA6AF
RDN/Generic PUP.z!F4442F9F8418
RDN/Vundo!dw!ADD711C4860B
Generic PUP.x!9B80E9F86A26
RDN/Generic PUP.x!csw!BE2F5C90BC0B
W32/Expiro!D8AD51FA9426
RDN/Generic Dropper!vz!75AFBB90E21A
Generic.bfr!D7DB922CE718
Generic.bfr!D967F0170BBE
Generic.bfr!D913158B5084
Generic.bfr!D8F64F9DA566
RDN/Spybot.bfr!0E70274958CB
Generic PUP.x!7A1D7A67616C
Generic.bfr!D929D5267784
RDN/Generic.bfr!A0DD7B3DDFE9
RDN/Generic PUP.x!0395D14646D2
Generic.dx!D8EC94FCFD13
Generic.bfr!D8CE6E5DF2F6
Generic.bfr!D9A1D3ED9F4B
Generic.bfr!D95B486B6A10
Generic PUP.x!CA967E90D614
Generic.bfr!D9508A6F10BB
BackDoor-FCKD!37F36C0A897F
Generic PUP.x!7FB5F408BEC7
Generic PUP.x!6D5A0586C9B8
Generic PUP.x!937DEB1D76C3
RDN/Generic.bfr!ib!387FE14AE78F

Phishing

Vulnerebility

Exploit

22.1.2015

Bugtraq

PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22
Vulnerability Lab (research vulnerability-lab com)

CVE-2015-1180-xss-eventsentry 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1179-xss-mango-automation-scada 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

CVE-2015-1177-xss-exponent 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP 2015-01-22
SEC Consult Vulnerability Lab (research sec-consult com)

CVE-2015-1176-xss-osticket 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)

[slackware-security] samba (SSA:2015-020-01) 2015-01-21
Slackware Security Team (security slackware com)

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities 2015-01-21
Vulnerability Lab (research vulnerability-lab com)

iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll 2015-01-21
Vulnerability Lab (research vulnerability-lab com)

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass 2015-01-21
RedTeam Pentesting GmbH (release redteam-pentesting de)

PhotoSync v1.1.3 Android - Command Inject Vulnerability 2015-01-21
Vulnerability Lab (research vulnerability-lab com)

[oCERT-2015-001] JasPer input sanitization errors 2015-01-21
Andrea Barisani (lcars ocert org)

[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-01-20
security-alert hp com

[SECURITY] [DSA 3134-1] sympa security update 2015-01-20
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3133-1] privoxy security update 2015-01-20
Moritz Muehlenhoff (jmm debian org)

Malware

Generic PUP.x!CE70394F8239
Generic Downloader.x!13FC6901B52B
RDN/Generic.bfr!hr!55CE2FF9438E
Generic PUP.x!C9CBBCCBC8E0
Generic Downloader.x!B4668C5C9C61
RDN/Generic PUP.x!A3ADCA0ADAE0
Downloader-FAMV!F1034F5D5113
RDN/Generic.bfr!D6F0A2E6278E
Generic Downloader.x!C30E01943939
RDN/Generic PWS.y!bcn!C94BDFAF3418
RDN/Generic PUP.z!9E66C1048F7A
RDN/Generic BackDoor!142A9CBD2619
Downloader-FAMV!43D08191F217
Downloader-FAMV!D15017BE80CE
Generic PUP.x!902C2764627C
Downloader-FAMV!C312342EC3BC
Downloader-FAMV!EE6EC0C1A19D
RDN/Generic PUP.x!cs3!0758D179BE2B
FakeAV-M.bfr!2F960BDC6C64
Downloader.gen.a!C08C55404726
RDN/Generic Downloader.x!lq!A728C66D4ED3
RDN/Generic PUP.x!F6B06C2C7184
RDN/Generic BackDoor!bbm!292F12911B1C
Generic Downloader.x!14A97544DD9B
Generic Downloader.x!338AFDEC37DC
RDN/Generic PWS.y!bcn!56D9162976F4
Generic Downloader.x!A4255BE12904
RDN/Generic PUP.x!FFF625D03DE7
RDN/Generic.bfr!ib!D583C3A8187D
FakeAV-M.bfr!327E59689596

Phishing

Vulnerebility

Exploit

Exif Pilot 4.7.2 - SEH Based Buffer Overflow

19.1.2015

Bugtraq

CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability 2015-01-18
Riley Baird (BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix bitmessage ch)

[slackware-security] seamonkey (SSA:2015-016-04) 2015-01-17
Slackware Security Team (security slackware com)

[slackware-security] mozilla-firefox (SSA:2015-016-02) 2015-01-17
Slackware Security Team (security slackware com)

[slackware-security] freetype (SSA:2015-016-01) 2015-01-17
Slackware Security Team (security slackware com)

[slackware-security] mozilla-thunderbird (SSA:2015-016-03) 2015-01-17
Slackware Security Team (security slackware com)

[ MDVSA-2015:027 ] kernel 2015-01-16
security mandriva com

Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability 2015-01-16
admin@evolution-sec.com (admin evolution-sec com)

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

VeryPhoto v3.0 iOS - Command Injection Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3129-1] rpm security update 2015-01-15
Moritz Muehlenhoff (jmm debian org)

Malware

Generic PUP.x!2784A9A43253
Generic PUP.x!5C147FA73DA8
RDN/Generic Downloader.x!01A1FC9794A9
RDN/Generic PUP.x!00628B0E0AEA
RDN/PWS-Banker!7DA2C4265BFA
RDN/Generic Downloader.x!00BF20E1D1F7
RDN/Generic Downloader.x!01AD5A920DD1
RDN/Generic.tfr!3417066DEE20
RDN/Generic PUP.x!csm!F8BD291AC448
Generic.dx!171101C2764C
RDN/Generic Downloader.x!006D0AC356F4
Generic Downloader.x!6E7914EED837
RDN/Generic PUP.x!511647C2A0EA
RDN/Generic Downloader.x!00B8BB0C619E
Generic PUP.x!01733A5D11A6
RDN/Generic.grp!E614E42DBD43
RDN/Generic Downloader.x!lq!510E0FF39E0E
Generic PUP.x!F67D77899793
Generic PUP.x!09567F67D2F8
RDN/Generic.bfr!hr!345918FCBE69
RDN/Generic BackDoor!83024D35B795
Generic PUP.x!294A682EC2DB
Generic PUP.x!7961FA202561
RDN/Downloader.gen.a!41E940093654
RDN/Generic Downloader.x!01AE9B1881BF
RDN/Generic PUP.x!csm!A6AB6EDB03D1
RDN/Generic PUP.x!csm!A203B1439669
RDN/Generic PUP.x!6E05CE615DC5
Generic.bfr!10C053F007C3
Generic PUP.x!A3CC151715CB

Phishing

Vulnerebility

Exploit

17.1.2015

Bugtraq

[ MDVSA-2015:027 ] kernel 2015-01-16
security mandriva com

Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability 2015-01-16
admin@evolution-sec.com (admin evolution-sec com)

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

VeryPhoto v3.0 iOS - Command Injection Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability 2015-01-16
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3129-1] rpm security update 2015-01-15
Moritz Muehlenhoff (jmm debian org)

Malware

Generic PUP.x!F8210A91CE1F
Generic PUP.x!164541277E79
DNSChanger.bfr!97396B26AE8C
Generic PUP.x!969519608272
Generic PUP.x!B55BFEC042CB
Generic PUP.x!F2D6BE48D661
Generic PUP.x!A5D5EEE7E377
Generic PUP.x!E3863A98ED2A
Downloader.gen.a!AAA6668D140B
RDN/DNSChanger.bfr!f!97F27C51B64E
Generic PUP.x!28559171E86B
Generic PUP.x!3507C6BF9E81
RDN/Generic PUP.x!csh!EFEFF51032F2
Generic PUP.x!93689A4A5DA8
Generic PUP.x!1F8F5137BA31
Generic PUP.x!3658EFFAD7A4
RDN/Generic PWS.y!bcm!E898209E7127
Generic PWS.y!6431FA1BD1D1
RDN/Generic.bfr!ib!856FE2142B49
Generic PUP.x!AF0273D472F8
Generic PUP.x!0830EE8E6572
RDN/Generic PUP.x!csh!1482AF5D012D
RDN/YahLover.worm!6422F1BC75B0
RDN/YahLover.worm!6C8143A75964
RDN/BackDoor-FBSA!a!956F51A85607
Generic PWS.y!950DFA9A26E2
RDN/Generic.bfr!ib!AD64C0D9A0A2
Generic PWS.y!60F012781288
Generic PUP.x!20B8704BB552
Generic PUP.x!D127F03C61A7

Phishing

Vulnerebility

Exploit

16.1.2015

Bugtraq

Alienvault OSSIM/USM Command Execution Vulnerability 2015-01-15
Peter Lapp (lappsec gmail com)

[ MDVSA-2015:025 ] mpfr 2015-01-15
security mandriva com

[ MDVSA-2015:024 ] libsndfile 2015-01-15
security mandriva com

[ MDVSA-2015:026 ] untrf 2015-01-15
security mandriva com

[ MDVSA-2015:023 ] libvirt 2015-01-15
security mandriva com

[SECURITY] [DSA 3128-1] linux security update 2015-01-15
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-15:01.openssl 2015-01-14
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3127-1] iceweasel security update 2015-01-14
Moritz Muehlenhoff (jmm debian org)

Two XSS vulnerabilities in Simple Security WordPress Plugin 2015-01-14
High-Tech Bridge Security Research (advisory htbridge com)

AusCERT2015 Call for Papers: closes 18th January 2015-01-14
AusCERT (auscert auscert org au)

Malware

RDN/Generic PUP.x!cnq!6872CDFCD62D
Generic BackDoor!AC12DACEE9B9
Generic PUP.x!D16A9892306B
RDN/Generic.grp!C5124A18052D
Generic PUP.x!CE2FB5664C1D
Generic.bfr!CC0D7E913192
Generic PUP.x!EDE24D0DC2A3
Generic PUP.x!98277CE56227
Generic PUP.x!1D45105CEE55
RDN/Generic.bfr!hr!3569E1EDD37F
RDN/Generic Downloader.x!lq!21AD6CE4B465
Generic.bfr!C57410C9D064
RDN/Downloader.a!uj!0A8FC56066EA
Generic PUP.x!2742F93BD348
Generic.bfr!C5EF09163249
RDN/Generic PUP.x!3A4D4E2FF8D0
RDN/Generic PUP.x!csf!283742066D48
Generic PUP.x!CDDD17698E0E
Generic PUP.x!43F4A79F9531
Generic PUP.x!F918B586CC51
RDN/Spybot.bfr!2AA32316D8AF
Generic PUP.x!280EC5F5D376
RDN/Generic PUP.x!698E6F967F17
RDN/Generic PUP.x!D6BFDEF7769D
RDN/Generic PUP.x!csf!669417C96549
RDN/Generic PUP.x!48C95F3C71FD
RDN/Downloader.a!uj!5AFB36330EF1
RDN/Generic PWS.y!bcl!CA55CD724B01
Generic PUP.x!5E5C440D9996
RDN/Generic Downloader.x!ml!D2D1FF7729AC

Phishing

Vulnerebility

Exploit

15.1.2015

Bugtraq

[SECURITY] [DSA 3127-1] iceweasel security update 2015-01-14
Moritz Muehlenhoff (jmm debian org)

Two XSS vulnerabilities in Simple Security WordPress Plugin 2015-01-14
High-Tech Bridge Security Research (advisory htbridge com)

AusCERT2015 Call for Papers: closes 18th January 2015-01-14
AusCERT (auscert auscert org au)

[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information 2015-01-13
security-alert hp com

[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update 2015-01-13
Thijs Kinkhorst (thijs debian org)

Sitefinity Enterprise v7.2.53 - Persistent Vulnerability 2015-01-13
Vulnerability Lab (research vulnerability-lab com)

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities 2015-01-13
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information 2015-01-13
security-alert hp com

SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)

CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user 2015-01-13
Gordon Sim (gsim apache org)

Malware

RDN/Spybot.bfr!F08225F09441
RDN/Generic.bfr!ib!FA44DE457E08
RDN/Generic.grp!311DA383E661
RDN/Generic PWS.y!bcl!D64172F03935
GenericR-CTB!1AFA3748F402
RDN/Generic.tfr!eh!421C15032D2C
RDN/Generic PUP.x!cs3!837958BA9E1F
Generic.dx!FE30DF21A4EB
RDN/Generic PUP.x!cs3!AD08D95AF5C9
RDN/Spybot.bfr!o!C02E40ECCBB7
RDN/Generic.hra!AF18CD376414
Generic.bfr!0860D291AEE8
RDN/Downloader.gen.a!2FE9084EDDC6
RDN/Generic PWS.y!bck!331E5B7F9E84
RDN/Generic PUP.x!2814302C5BD0
RDN/Generic.bfr!C153E9B64B8B
Generic BackDoor!B891325D4943
RDN/Generic BackDoor!bbk!EA6193E3C38D
RDN/Generic Downloader.x!mk!CDD5682DD30F
W32/PdfCrypt.a!7434B09DB96D
RDN/Generic PWS.y!bcl!1F6F4C449485
RDN/Downloader.gen.a!79C8C2AAAD0C
RDN/Generic.bfr!A6F199B074B2
Generic PUP.x!5ADECE38D036
Generic PUP.x!0600BDE7888C
RDN/Generic PUP.x!1242212DF90F
RDN/Downloader.gen.a!2DCC925310BF
Generic PUP.x!5B695ED1096D
RDN/Generic.hra!732B1E836EF9
DNSChanger.bfr!5B1488BB70A2

Phishing

Vulnerebility

Exploit

13.1.2015

Bugtraq

[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution 2015-01-12
security-alert hp com

[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-13
Peter Lapp (lappsec gmail com)

Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-12
Peter Lapp (lappsec gmail com)

[SECURITY] [DSA 3126-1] php5 security update 2015-01-12
Thijs Kinkhorst (thijs debian org)

Corel Software DLL Hijacking 2015-01-12
CORE Advisories Team (advisories coresecurity com)

CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)

[ MDVSA-2015:022 ] wireshark 2015-01-12
security mandriva com

[ MDVSA-2015:021 ] curl 2015-01-12
security mandriva com

[ MDVSA-2015:020 ] libssh 2015-01-12
security mandriva com

ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Blitz CMS Community - SQL Injection Web Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3125-1] openssl security update 2015-01-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3124-1] otrs2 security update 2015-01-10
Salvatore Bonaccorso (carnil debian org)

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities 2015-01-10
Pietro Oliva (pietroliva gmail com)

[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities 2015-01-10
security-alert hp com

Malware

RDN/Generic PUP.x!crw!D1D32BA67B91
RDN/Generic.bfr!16EA0C625C7E
RDN/Generic PUP.x!D7CFB3230CC8
Generic PUP.x!0438CF026B14
RDN/Generic PUP.x!B47021383155
BrowseFox-FTQ!6F8BAEED194F
RDN/Generic PUP.x!crw!A0D2FBD32F9D
RDN/Generic PUP.x!2B12BBB098DF
RDN/Downloader.gen.a!7C31636FEA7D
RDN/Generic.bfr!2F4136418923
RDN/Generic.bfr!5A88407FBD2A
RDN/Generic.bfr!FEAC61A55E4D
RDN/Generic.bfr!E353F9A01588
Generic.bfr!3066D2040BEB
RDN/Generic.bfr!F2BF05E09080
RDN/Generic.bfr!532B0598C1B8
Generic PUP.x!C68F3453E9E8
RDN/Generic PUP.x!crw!2D7F7519B290
BrowseFox-FTQ!CA98CD3D9758
RDN/Generic PUP.x!crw!D3F00DE77667
RDN/Generic.bfr!ib!322C7F4465EA
RDN/Generic.bfr!11348799E37D
W32/Sdbot.worm!BF50C50AAA04
Generic PUP.x!A46C19BE4DF6
RDN/Downloader.gen.a!73B1D7C909F7
Generic PUP.x!F4E1E6685D86
Generic PUP.x!EAA85004BA5F
Generic.bfr!83B266E98CFA
Generic.bfr!4D5BE97E90A4
Generic.bfr!3135A5B0ED16

Phishing

Vulnerebility

Exploit

9.1.2015

Bugtraq

Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada 2015-01-08
root recon cx (root)

[ MDVSA-2015:018 ] asterisk 2015-01-08
security mandriva com

[ MDVSA-2015:017 ] libevent 2015-01-08
security mandriva com

[SECURITY] [DSA 3121-1] file security update 2015-01-08
Moritz Muehlenhoff (jmm debian org)

[ MDVSA-2015:016 ] unzip 2015-01-08
security mandriva com

[ MDVSA-2015:015 ] sox 2015-01-08
security mandriva com

[ MDVSA-2015:014 ] libjpeg 2015-01-08
security mandriva com

[ MDVSA-2015:013 ] znc 2015-01-08
security mandriva com

[ MDVSA-2015:012 ] jasper 2015-01-08
security mandriva com

[ MDVSA-2015:011 ] nail 2015-01-08
security mandriva com

[ MDVSA-2015:010 ] file 2015-01-08
security mandriva com

[ MDVSA-2015:009 ] krb5 2015-01-08
security mandriva com

[ MDVSA-2015:008 ] pwgen 2015-01-08
security mandriva com

[ MDVSA-2015:007 ] unrtf 2015-01-08
security mandriva com

[ MDVSA-2015:006 ] mediawiki 2015-01-08
security mandriva com

[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2015-01-06
security-alert hp com

[SECURITY] [DSA 3120-1] mantis security update 2015-01-06
Moritz Muehlenhoff (jmm debian org)

Brother MFC Administration Reflected Cross-Site Scripting 2015-01-07
vulns dionach com

Self-XSS in Microsoft Dynamics CRM 2013 SP1 2015-01-07
High-Tech Bridge Security Research (advisory htbridge com)

Malware

RDN/Generic PUP.x!17D2625B5AC9
Generic PUP.x!5DC4C957B4F0
Generic Downloader.x!42568B493955
Generic PWS.y!687897E3628E
RDN/Generic PWS.y!bc3!13B9317EE3B1
RDN/Generic PUP.x!EA1BB16EA7DF
RDN/Generic.dx!AE90AFF297D3
RDN/Generic Dropper!0222A58692AC
RDN/Generic BackDoor!547C3BE22FF8
RDN/Generic BackDoor!9BDC6DB5FD3E
Generic PUP.x!77840BC0306D
RDN/Generic.bfr!BFC7A0ED9261
Generic.dx!0E7E442074D5
Generic Downloader.x!8AB7FF6A57F6
Generic PUP.x!FB1FD12B66BE
RDN/Generic.bfr!E0068AD24025
RDN/Generic.bfr!hr!3841BDE1178B
Generic Downloader.x!2E77F00244A5
Generic Downloader.x!BDFC9B684D13
RDN/Generic.dx!d2d!0C6194C031A7
RDN/Generic.hra!61CA40317EBF
RDN/Downloader.gen.a!4840140778F6
RDN/Spybot.bfr!0C118F5EDA3A
RDN/Generic BackDoor!bbh!EEA496B99D52
RDN/Generic PUP.x!9E23632CABA5
RDN/Spybot.bfr!382FCE40E0B1
BackDoor-ABF.gen!597EC24410C2
Generic.tfr!03CF3F19B465
RDN/Generic PUP.x!cr3!0C4D5F6A69B7
RDN/Generic PUP.x!62B033472136

Phishing

Vulnerebility

Exploit

Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability

Ntpdc 4.2.6p3 - Local Buffer Overflow

WordPress Shopping Cart 3.0.4 - Unrestricted File Upload

8.1.2015

Bugtraq

[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2015-01-06
security-alert hp com

[SECURITY] [DSA 3120-1] mantis security update 2015-01-06
Moritz Muehlenhoff (jmm debian org)

Brother MFC Administration Reflected Cross-Site Scripting 2015-01-07
vulns dionach com

Self-XSS in Microsoft Dynamics CRM 2013 SP1 2015-01-07
High-Tech Bridge Security Research (advisory htbridge com)

ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities 2015-01-06
Vulnerability Lab (research vulnerability-lab com)

[ MDVSA-2015:005 ] subversion 2015-01-05
security mandriva com

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3119-1] libevent security update 2015-01-06
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic BackDoor!bbg!D09BD1F3E83D
Generic PUP.x!1522E089F754
Generic PUP.x!DA05B6D461A9
RDN/Downloader.gen.a!64B8E39F167F
RDN/Generic Downloader.x!18D20A383307
Generic PUP.x!0A568899692E
RDN/Generic BackDoor!529268AB92F8
Generic PUP.x!B5326A7E51E1
RDN/Downloader.gen.a!6EC8558146C9
RDN/Generic.dx!E7D426DED48A
RDN/Keylog-Ardamax.dll!EF4A639EEC9F
Generic PUP.x!184DB2FFD21B
Generic PUP.x!58B98EA5B0B7
Generic PUP.x!5239F8B0E4B4
RDN/Generic PUP.x!12AA08B0CF68
RDN/Generic.tfr!DFAAFE04A9AC
RDN/Generic.bfr!44C21E68E1C8
RDN/Generic PUP.x!8FF0AF54F200
Generic PUP.x!76922D5DA973
RDN/Generic PUP.x!626D44FC35CF
RDN/Generic.bfr!ia!11B9380CC0D1
RDN/Generic.bfr!ia!190026AB351F
RDN/Generic PUP.x!crl!069A8AE9DF5F
RDN/Generic.bfr!ia!CD889C85D076
RDN/Generic PUP.x!crl!2776CD400351
Generic PUP.x!E2B8921A8D5F
Generic PUP.x!17FC4B83544C
Generic PUP.x!17C7DB055988
RDN/Generic PUP.x!crl!31A175C81E63
RDN/Generic.dx!B1F0BEB067C7

Phishing

Vulnerebility

Exploit

Microweber CMS 0.95 - SQL Injection

Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

Sefrengo CMS 1.6.0 - SQL Injection

7.1.2015

Bugtraq

ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities 2015-01-06
Vulnerability Lab (research vulnerability-lab com)

[ MDVSA-2015:005 ] subversion 2015-01-05
security mandriva com

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3119-1] libevent security update 2015-01-06
Salvatore Bonaccorso (carnil debian org)

[ MDVSA-2015:001 ] c-icap 2015-01-05
security mandriva com

[ MDVSA-2015:002 ] pcre 2015-01-05
security mandriva com

Open-Xchange Security Advisory 2015-01-05 2015-01-05
Martin Heiland (martin heiland open-xchange com)

Malware

Generic.tfr!29B45B717F15
Generic PUP.x!E7EFC36A5ACA
RDN/Generic BackDoor!bbg!93379282503B
RDN/Generic.bfr!C43A6E2081AB
Trojan-FFMU!202AF72C5E12
Generic PUP.x!5B8C3E2B98B3
Downloader.gen.a!34D4B358FD45
PWS-Lineage!CB3B57D4E7EC
RDN/Generic.dx!D3918BC69E28
Generic PUP.x!2EBF4CE6C1F3
Generic Downloader.x!6A9803D84A70
Generic Downloader.x!22EE967D51DC
Generic Downloader.x!35FD70C36E7B
RDN/Generic BackDoor!bbg!CDDFD11504BF
Generic PUP.x!970D5BD4293E
RDN/Generic Downloader.x!mk!BFC6E4F3252A
Generic PUP.x!DF749FCED5BF
Downloader.gen.a!3EE749F9413A
Generic Downloader.x!5E9C0612C96B
Generic PUP.x!E3D7343EE85C
RDN/Generic Dropper!vw!03ACA684CCB7
RDN/Generic BackDoor!bbg!FE7E192BE55A
RDN/Generic PUP.x!crj!AEB9B09A4619
Generic Downloader.x!290670BB7D61
Generic PUP.x!7A1A1056D789
RDN/Generic PUP.x!C09FB752FDBA
Generic PUP.x!D5634BC0D629
Generic PUP.x!C4883784D04D
RDN/Generic.bfr!B8CC653FD572
Generic Downloader.x!7529A6376647

Phishing

Vulnerebility

Exploit

BulletProof FTP Client BPS Buffer Overflow

AdaptCMS 3.0.3 - Multiple Vulnerabilities

6.1.2015

Bugtraq

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3119-1] libevent security update 2015-01-06
Salvatore Bonaccorso (carnil debian org)

[ MDVSA-2015:001 ] c-icap 2015-01-05
security mandriva com

[ MDVSA-2015:002 ] pcre 2015-01-05
security mandriva com

Open-Xchange Security Advisory 2015-01-05 2015-01-05
Martin Heiland (martin heiland open-xchange com)

[SECURITY] [DSA 3118-1] strongswan security update 2015-01-05
Yves-Alexis Perez (corsac debian org)

[ MDVSA-2015:003 ] ntp 2015-01-05
security mandriva com

[ MDVSA-2015:004 ] php 2015-01-05
security mandriva com

[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04
Pedro Ribeiro (pedrib gmail com)

Malware

Generic PUP.x!F73CB638C4D7
RDN/Generic PUP.x!341801A5C8CE
RDN/Generic.bfr!ia!1F531FD030B8
RDN/Generic PUP.x!cr3!FCCBBFAFC98A
RDN/Ransom!em!54B8C2A2D5D3
RDN/Generic.dx!D6435B228C10
RDN/Generic.dx!D9F905DB6998
Generic PUP.x!B9DC026F222A
RDN/Generic.dx!D784971DD5C1
Generic PUP.x!140EEC1C8D22
Generic PUP.x!8F81BBC0A115
RDN/Generic.dx!D80A7BB7E79F
RDN/Generic.dx!D68AA99BF804
RDN/Generic.dx!D6B7E184CC33
RDN/Generic.dx!D66746DAA259
RDN/Generic PUP.x!248A9E3FE16F
Generic PUP.x!4D82DA8C0EC5
RDN/Generic.bfr!09505DCB5D95
RDN/Generic PUP.x!BD7F2390C539
Generic PUP.x!744C50FC5BCA
Generic PUP.x!7ED93CB79E61
RDN/Ransom!EC09200FF69A
Generic PUP.x!CFE86D81D255
RDN/Generic.dx!D705D2DC049F
RDN/Generic.dx!d2b!DDD1661565DB
Generic PWS.y!8E3F5A209C29
Generic PUP.x!B22D9AB29222
RDN/Generic PUP.x!6AAC829DC6BE
RDN/Generic PUP.x!cr3!27B254B279FB
RDN/Generic.dx!D5FFE883A70F

Phishing

Vulnerebility

Exploit

5.1.2015

Bugtraq

[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04
Pedro Ribeiro (pedrib gmail com)

[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

Malware

Generic Downloader.x!76806064621B
RDN/Generic PUP.x!cr3!05B92CEA4205
Downloader.gen.a!D723DD899F75
Generic PUP.x!944099CE2FEC
Generic PUP.x!5006BDA2B0BE
Generic Dropper!94FE4D1D206F
Generic PUP.x!ADB7AE3A2C57
Generic PUP.x!2DFF5A78BD88
Downloader.gen.a!53A3F1280877
Downloader.gen.a!5C45964EB7CD
Downloader.gen.a!71C8E867E4BC
Downloader.gen.a!EB99741C5542
Generic PUP.x!4DF2CE548554
Generic PUP.x!1CB8ABBB9754
Generic PUP.x!BB1AB2FC292C
Generic PUP.x!5B9519D6D561
Downloader.gen.a!77601E8EFFB9
RDN/Generic PUP.x!cr3!C0C5DF53C17C
RDN/Generic PUP.x!cr3!B983D74C660E
RDN/Generic.dx!E02D2763244E
RDN/Generic.dx!950DB26E5BE3
PWSZbot-FIA!09ACFA7175AC
Generic PUP.x!5B69539A1C14
RDN/Generic.dx!6EC5E3A9D546
Generic PUP.x!1B96E44DE802
RDN/Ransom!em!CB2058251928
RDN/Generic PUP.x!cr3!F622E82D5BA5
Generic PUP.x!C7EF0C4E032A
RDN/Generic PUP.x!3FCE706FC5BF
RDN/Generic PUP.x!cr3!7CE94C3A5457

Phishing

Vulnerebility

Exploit

ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution

Crea8Social 2.0 - XSS Change Interface

1.1.2015

Bugtraq

[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)

[SECURITY] [DSA 3117-1] php5 security update 2014-12-31
Salvatore Bonaccorso (carnil debian org)

[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31
Pedro Ribeiro (pedrib gmail com)

Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30
Stefan Kanthak (stefan kanthak nexgo de)

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)

Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29
z fedotkin infosec ru

[SECURITY] [DSA 3115-1] pyyaml security update 2014-12-29
Moritz Muehlenhoff (jmm debian org)

Malware

W32/Spybot.bfr!B1E0B757538E
RDN/Generic.bfr!ia!C45120DA9266
Generic PUP.x!13EC92963563
Generic PUP.x!F5A6F138B821
RDN/Generic PUP.x!crd!3E49CC68D48B
RDN/Generic.tfr!35E33D0284D7
RDN/Generic PUP.x!crd!D90AC34126B0
RDN/Generic PUP.x!crd!3D9EF3B646E0
RDN/Generic PUP.x!5ED8AF97D018
Downloader.gen.a!CFEF6FC0D0BD
Generic PUP.x!09672B48778B
RDN/Generic.bfr!ia!DF91B75339B1
RDN/Generic PUP.x!crd!9AEF5D6D3DD5
RDN/Generic.bfr!ia!966D59C28531
Generic PUP.x!96A5F0D2D146
RDN/Generic PUP.x!B35F6240EA7C
RDN/Generic PUP.x!crd!6A79D8F9709B
RDN/Generic PUP.x!crd!BF5271733B9D
DNSChanger.bfr!0860CD8ED7DB
RDN/Generic PUP.x!crd!CB37D6BF141A
RDN/Generic PUP.x!crd!D8E1CB9C10CA
Generic PUP.x!973DCBA02BB2
Generic PUP.z!6230E73B081B
RDN/Generic PUP.x!crd!7FE47033E13A
RDN/Generic PUP.x!crd!66B5719587DD
RDN/Generic PUP.x!crd!08561B026E49
RDN/Generic Downloader.x!mg!1A84B52259DD
RDN/Generic.bfr!ia!21A783BB5E55
RDN/Generic.dx!dh3!69DD833D040B
RDN/Generic.bfr!ia!243FE2C3905A

Phishing

Vulnerebility

Exploit

Windows 8.1 (32/64 bit) - Privilege Escalation (ahcache.sys/NtApphelpCacheControl)

ProjectSend Arbitrary File Upload

Social Microblogging PRO 1.5 Stored XSS Vulnerability

2014

31.12.2014

Bugtraq

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)

Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29
z fedotkin infosec ru

[SECURITY] [DSA 3115-1] pyyaml security update 2014-12-29
Moritz Muehlenhoff (jmm debian org)

nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)

[SECURITY] [DSA 3113-1] unzip security update 2014-12-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3114-1] mime-support security update 2014-12-29
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Spybot.bfr!3579B79FF705
Generic.bfr!0E361092DC71
RDN/Generic.dx!583FE8361C55
RDN/Generic PUP.x!3EA905D70130
RDN/Generic Dropper!vu!79C9E2DC17E9
RDN/Generic PUP.x!crc!2F6CF576D9D5
RDN/Generic PWS.y!bcf!945C7CEE1F68
RDN/Generic.dx!dhw!FB81F27EB7F8
RDN/Generic.bfr!986D34A2097B
RDN/DNSChanger.bfr!B47DC9E79E92
RDN/DNSChanger.bfr!DC4B059C45F1
Generic.dx!68BDFE238DF1
RDN/Generic.bfr!ia!E134EF50DB53
RDN/Generic.bfr!3B2CA5837595
RDN/Generic PUP.x!crc!7B9FECD3720B
RDN/Generic PUP.x!E373DD3B4B06
RDN/Generic BackDoor!bb3!AC56CD5EE486
Generic PUP.x!6F930603D4B4
RDN/Generic Dropper!vu!49A8BFA00F9D
Generic PUP.x!518478624A2E
Generic.bfr!4322AC83C313
RDN/Generic BackDoor!A4C8C8FCA02B
Generic PUP.x!0DE35E3F69AB
RDN/Generic Downloader.x!mf!C7E30DF91996
RDN/Generic PWS.y!bcf!B0543ED1E059
RDN/Generic BackDoor!1E82F9D68402
RDN/Generic PUP.z!68072D0618A6
RDN/Generic.tfr!eg!6DDE50B9BB29
Ransom!87E362E7540F
Generic PUP.x!DC2FA138F478

Phishing

Vulnerebility

Exploit

Liferay Portal 7.0.x <= 7.0.2 - Pre-Auth RCE

30.12.2014

Bugtraq

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)

FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.dx!dhv!1531860F1651
RDN/Generic.bfr!A4BB0D416E6E
RDN/Generic PUP.x!039DF24978E1
DNSChanger.bfr!8D679ACB9AF3
Downloader.gen.a!F907F3E12622
RDN/Generic Dropper!vu!E4011D6D0E33
Generic PUP.x!E38F99BC96C7
RDN/Generic PWS.y!bcf!2E25E96AA1EB
Generic PUP.x!B67D358929F5
Generic PUP.x!C7FC61FF2CEB
RDN/Downloader.gen.a!557407112CC1
Generic PUP.x!B5CC31261201
RDN/Generic Dropper!vu!B4FCB2CBCB3E
Generic PUP.x!520B07D599A1
RDN/Spybot.bfr!2065F9E63A43
DNSChanger.bfr!D160ED66D84A
Generic PUP.x!5925BDC40D67
Generic PUP.x!213B73DCDD90
Generic PUP.x!1A5CCA9830C8
RDN/Downloader.a!ud!219094AFC7BF
RDN/Generic PWS.y!bcf!B34D917EBD4C
RDN/Generic PUP.x!5BA186B231B4
RDN/Generic.bfr!ia!504DE29B7598
RDN/Generic PUP.x!cr3!742804B395D6
RDN/Downloader.a!ud!C50F3CD54AB0
RDN/Generic PUP.x!0DB1C7F87B25
RDN/Generic PUP.x!cr3!C1B4D476BDB6
RDN/Generic.bfr!0DEBECEAFD71
Generic PUP.x!DABD8FC77626
RDN/Generic.bfr!2CBC5A74DF65

Phishing

Vulnerebility

Exploit

29.12.2014

Bugtraq

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)

DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)

FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)

Malware

RDN/Generic.bfr!hz!861E69442CF5
RDN/Generic.bfr!8C83874A4C72
Generic PUP.x!A672475E0B7C
Generic PUP.x!945B4CF3D358
RDN/Generic.bfr!hz!8D1D7CA67258
Generic PUP.x!94802FD14984
RDN/Generic.bfr!hz!8FAD9011F4D3
RDN/Generic.bfr!hz!8975281D641A
RDN/Generic.dx!B7EA46C58E75
Generic PUP.x!A41F20088C1C
RDN/Generic.dx!dhs!27B01AF456B4
Generic PUP.x!1E4FEB1E9E1B
RDN/Generic PUP.x!A30E1A05028D
RDN/Generic.bfr!hz!8B8FF2790013
RDN/Generic PUP.x!D0B803786532
Generic PUP.x!0E9449E8464C
Generic PUP.x!A4CE34B1A9C9
RDN/Generic.bfr!hz!8A2C7317F1D1
Generic Dropper!C7E0D0E61A3C
Generic Dropper!9C8B9F0E283F
RDN/Generic.bfr!hz!8967F65ED6A2
Generic PUP.x!104D4374B1C2
Downloader.gen.a!DDF5D22B7E91
RDN/Generic.bfr!hz!88615C474B4B
RDN/Generic BackDoor!bbc!93A137415768
RDN/Generic.bfr!hz!7C4E8047F318
Generic PWS.y!D2A21A446577
Generic PUP.x!74E21FE9E7D6
RDN/Generic.bfr!81CDDA0756CE
Generic PUP.x!7FE494EF5B8F

Phishing

Vulnerebility

Exploit

WhatsApp <= 2.11.476 - Remote Reboot/Crash App Android

Pimcore 3.0 & 2.3.0 CMS - SQL Injection Vulnerability

PHPLIST 3.0.6 & 3.0.10 - SQL Injection Vulnerability

PMB <= 4.1.3 - Post-Auth SQL Injection Vulnerability

Wickr Desktop 2.2.1 Windows - Denial of Service Vulnerability

25.12.2014

Bugtraq

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 2014-12-19
Onur Yilmaz (onur netsparker com)

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 2014-12-19
Onur Yilmaz (onur netsparker com)

Facebook BB #18 - IDOR Issue & Privacy Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

iBackup v10.0.0.45 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor 2014-12-19
SEC Consult Vulnerability Lab (research sec-consult com)

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 2014-12-18
Apple Product Security (product-security-noreply lists apple com)

[oCERT-2014-012] JasPer input sanitization errors 2014-12-18
Andrea Barisani (lcars ocert org)

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

E-Journal CMS (ID) - Multiple Web Vulnerabilities 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Apple iOS v8.x - Message Context & Privacy Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)

Malware

RDN/Generic.bfr!hz!3547F58037A5
DNSChanger.bfr!9AF8E550B515
RDN/Generic Dropper!1A05A342CAA7
Generic PUP.x!74ECA1F17961
RDN/Generic Downloader.x!mb!5DF1A6A37ECC
Generic PUP.x!23E85F8436A8
RDN/Generic PUP.x!cqt!2626F871ABB6
RDN/Generic.dx!dh3!269C9DC798E8
RDN/Generic PUP.x!cqt!2639738FFF7F
RDN/Generic PUP.x!9EFD7AB61465
RDN/Generic PUP.x!cqt!5A91F3388BBB
RDN/Spybot.bfr!747B6FD44CC1
RDN/Generic Downloader.x!8D7DF055C7CE
RDN/Spybot.bfr!0C7C3EA238A4
RDN/Spybot.bfr!0C8EF176E70C
RDN/Generic Downloader.x!mb!1A5B25DABA50
BrowseFox-FTQ!9C37005668CE
Generic PUP.x!2FB2AAD45CDE
RDN/Generic PUP.x!DD0F60FA4E0C
Generic PUP.x!2618569C3329
RDN/Generic.dx!2648B65474D1
RDN/Generic PUP.x!cqt!2614F3F2C7A2
RDN/Generic PUP.x!2653C83103F8
RDN/Generic PUP.x!26A5A06170A5
RDN/Downloader.a!ub!1B3FA6F7AFB2
Generic Downloader.x!1A3D1FA9761A
RDN/Generic StartPage!cc!B0C96F5BDDFF
RDN/Generic PUP.x!cqt!A235EB690301
RDN/Generic PUP.x!cqt!724B84E684AA
Generic PUP.x!04F683600409

Phishing

Vulnerebility

Exploit

Cacti Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection Exploit

Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities

miniBB 3.1 - Blind SQL Injection

Varnish Cache CLI Interface Remote Code Execution

19.12.2014

Bugtraq

Malware

Phishing

Vulnerebility

Exploit

17.12.2014

Bugtraq

[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution 2014-12-16
security-alert hp com

[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities 2014-12-16
security-alert hp com

[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) 2014-12-16
security-alert hp com

[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information 2014-12-16
security-alert hp com

RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

iWifi for Chat v1.1 iOS - Denial of Service Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3105-1] heirloom-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3104-1] bsd-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface 2014-12-16
Mazin Ahmed (mazen150 hotmail com)

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA 2014-12-16
Onapsis Research Labs (research onapsis com)

"Ettercap 8.0 - 8.1" multiple vulnerabilities 2014-12-16
Nick Sampanis (n sampanis obrela com)

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) 2014-12-16
Security Explorations (contact security-explorations com)

Malware

RDN/Generic BackDoor!b2z!F542CA8889DF
W32/Expiro!E961D87DE3CE
Generic PWS.y!5ECF5F3F2731
RDN/Generic PUP.x!cqs!9AEB54781C52
RDN/Generic PUP.x!cqs!8398D4381A50
RDN/Generic PUP.x!07E3F54A4E44
RDN/Generic PWS.y!1C057DF9E4F6
Generic PUP.x!7951D50D9234
RDN/Generic PUP.x!cqs!0A5A2E682AD4
RDN/Generic PUP.x!cqs!56DA359E0AEB
RDN/Generic PUP.x!cqs!FA9C54D17D07
RDN/Generic.bfr!hr!1DD9DCA0D329
W32/Expiro!9F02E561D1F6
RDN/Generic PUP.x!cqs!E78537AE86AE
RDN/Generic PUP.x!cqs!CEE54E072D7C
RDN/Generic.tfr!ef!84B048B61C92
RDN/Generic PUP.x!cqs!00D64659159C
RDN/Generic PUP.x!cqs!D5D7D6E2590C
W32/Sality.gen!64E1558CC743
RDN/Generic BackDoor!b2z!0A1617359122
RDN/Generic.tfr!ef!856697A0B189
Generic PUP.x!120737EDD33D
RDN/BackDoor-FBSA!a!679E62CF3081
RDN/Generic PUP.x!cqs!CB88F0D39132
RDN/Generic Downloader.x!021CAAB2453A
RDN/Generic.bfr!hr!65265631A229
RDN/Generic PUP.x!EC2E573F2FC9
RDN/Spybot.bfr!087C41FA5614
Generic PUP.x!53F4CE07ABCD
RDN/Generic BackDoor!D6EB7C7A9404

Phishing

Vulnerebility

Exploit

ActualAnalyzer 'ant' Cookie Command Execution

CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution

CMS Papoo 6.0.0 Rev. 4701 - Stored XSS

16.12.2014

Bugtraq

CA20141215-01: Security Notice for CA LISA Release Automation 2014-12-15
Williams, Ken (Ken Williams ca com)

[ MDVSA-2014:252 ] nss 2014-12-15
security mandriva com

[ MDVSA-2014:253 ] apache-mod_wsgi 2014-12-15
security mandriva com

Malware

RDN/Spybot.bfr!o!573E6228C366
RDN/Generic.dx!B8BFCD6C2B8D
RDN/Generic.dx!B973C946394F
Generic Dropper!F67F5ACFDB7A
RDN/Generic.dx!B7E1BB056964
RDN/Generic.bfr!hy!5A83F889F1D5
Generic PUP.x!670FE5B3D191
Generic PUP.x!CA6D9DA1F479
RDN/Generic.dx!ADB24F1C4561
Generic PUP.x!97F875B92C6D
RDN/Generic Dropper!vs!111F2B3E1D26
RDN/Generic PUP.x!cqq!CB4E9CD380CB
RDN/Generic.dx!dhm!EA6816D2B24D
Generic PUP.x!21DB0BFA7902
RDN/Generic PUP.x!cqq!D90E0D49B21C
RDN/Generic.dx!dhm!A7373A3B327A
RDN/Generic PUP.x!B1AE742BAD81
Generic PUP.x!F26D1450CAA5
RDN/Generic BackDoor!b2z!7A2CBD82783C
RDN/Generic.dx!dhm!2B3BD772196E
Generic PUP.x!C4D6B4BF51D0
RDN/Generic.bfr!CBD9DF96C27D
Generic PUP.x!1153EFC27530
Generic PUP.x!C18590F1E5A9
RDN/Generic.bfr!hy!366BEB355C90
RDN/Generic.bfr!hy!3AA3BA0BB730
RDN/Generic.bfr!hy!85848A153B93
W32/Virut.gen!5A00083F332A
RDN/PWS-Banker.dldr!i!8041326FFE81
RDN/Generic PUP.x!cqq!8F7ECB797D42

Phishing

Vulnerebility

Exploit

Tuleap PHP Unserialize Code Execution

Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.m3u)

Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.lst)

jaangle 0.98i.977 - Denial of Service Vulnerability

HTCSyncManager 3.1.33.0 - Service Trusted Path Privilege Escalation

Avira 14.0.7.342 - (avguard.exe) Service Trusted Path Privilege Escalation

CodeMeter 4.50.906.503 - Service Trusted Path Privilege Escalation

GLPI 0.85 - Blind SQL Injection

Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Exploit

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling

Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit

15.12.2014

Bugtraq

[ MDVSA-2014:242 ] yaml 2014-12-14
security mandriva com

[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3102-1] libyaml security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... 2014-12-13
Stefan Kanthak (stefan kanthak nexgo de)

[ MDVSA-2014:238 ] bind 2014-12-13
security mandriva com

[SECURITY] [DSA 3101-1] c-icap security update 2014-12-13
Salvatore Bonaccorso (carnil debian org)

[ MDVSA-2014:243 ] phpmyadmin 2014-12-14
security mandriva com

[ MDVSA-2014:244 ] openafs 2014-12-14
security mandriva com

[ MDVSA-2014:245 ] mutt 2014-12-14
security mandriva com

CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" 2014-12-14
Christian Schneider (mail Christian-Schneider net)

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" 2014-12-14
Christian Schneider (mail Christian-Schneider net)

[SECURITY] [DSA 3100-1] mediawiki security update 2014-12-13
Sebastien Delafond (seb debian org)

[ MDVSA-2014:251 ] rpm 2014-12-14
security mandriva com

[ MDVSA-2014:239 ] flac 2014-12-14
security mandriva com

[ MDVSA-2014:250 ] cpio 2014-12-14
security mandriva com

[ MDVSA-2014:249 ] qemu 2014-12-14
security mandriva com

[ MDVSA-2014:248 ] graphviz 2014-12-14
security mandriva com

[ MDVSA-2014:247 ] jasper 2014-12-14
security mandriva com

[ MDVSA-2014:246 ] openvpn 2014-12-14
security mandriva com

Malware

Generic PUP.x!2162F7A0B0B1
RDN/Generic Dropper!EE586D102E0A
Generic PUP.x!457A1B32F266
Generic PUP.x!9D17AE644668
Generic PUP.x!55177817FFE5
Generic PUP.x!30CF353C836C
RDN/Generic PUP.x!cqp!9D8EAB90C30A
Generic PUP.x!7E189B586D4A
RDN/Generic PUP.x!0ED6209D0694
Generic PUP.x!40063A03E7EF
Generic PUP.x!246117D07613
Ransom!18919C306EA4
RDN/Generic.dx!DB0192556405
RDN/Generic.dx!dhm!A123EF553902
RDN/Generic PUP.x!cqp!A07C5716E874
RDN/Generic PUP.x!3808ED714971
RDN/Generic PUP.x!cqp!93CD1F8CF804
RDN/Generic PUP.x!165BD5981245
RDN/Generic PUP.x!34243A89DA6A
RDN/Generic PUP.x!cqp!937E15D5BB76
RDN/Generic PUP.x!cqp!91C0596595C0
RDN/Generic PUP.x!cqp!345A0020F5A8
Generic PUP.x!47C37AD484AD
Generic PUP.x!6433F15A9257
RDN/Generic PUP.x!cqp!9B05F89C97C2
RDN/Generic PUP.x!cqp!9AC2F7132046
Generic PUP.x!72396B1B5D8C
Generic PUP.x!C68FF433737C
Generic PUP.x!0B0A8B55C001
Generic PUP.x!9B36A075327F

Phishing

Vulnerebility

Exploit

12.12.2014

Bugtraq

[security bulletin] HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack 2014-12-11
security-alert hp com

Docker 1.3.3 - Security Advisory [11 Dec 2014] 2014-12-12
Eric Windisch (eric windisch docker com)

[SECURITY] [DSA 3099-1] dbus security update 2014-12-11
Florian Weimer (fw deneb enyo de)

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities 2014-12-11
petri iivonen tmbc gov uk

APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 2014-12-11
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3098-1] graphviz security update 2014-12-11
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3097-1] unbound security update 2014-12-10
Yves-Alexis Perez (corsac debian org)

[slackware-security] openssh (SSA:2014-344-03) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] wpa_supplicant (SSA:2014-344-07) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] mozilla-firefox (SSA:2014-344-02) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] pidgin (SSA:2014-344-05) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] bind (SSA:2014-344-01) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] seamonkey (SSA:2014-344-06) 2014-12-11
Slackware Security Team (security slackware com)

[slackware-security] openvpn (SSA:2014-344-04) 2014-12-11
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3096-1] pdns-recursor security update 2014-12-11
Sebastien Delafond (seb debian org)

Malware

RDN/Generic PUP.x!800B12C999F0
RDN/Generic PUP.x!cqm!3E67D8A6B6E5
Generic PUP.x!182AD4EE434A
Generic PUP.x!D1390FE10703
RDN/Generic.bfr!hy!DC009B4CBECA
RDN/Generic Downloader.x!lx!EF1F320E4BC4
RDN/Generic PUP.x!cqm!32A855917E2C
Generic PUP.x!B722121B2F85
RDN/Generic.dx!dhk!CAF89054CA41
Generic PUP.x!8DCB06E5261C
RDN/Generic.bfr!hy!F69301B6A9C2
RDN/Generic Downloader.x!FEFDA7B4CD45
Generic PUP.x!3402B2256F3B
RDN/Spybot.bfr!o!091A5A811931
RDN/Ransom!680C3147CA83
Generic PUP.x!B55E0A4DCFAB
RDN/Generic PUP.x!cqm!31DFD3C67A31
RDN/Generic PUP.x!cqm!602BDCFDCDCB
RDN/Ransom!CC176FDF8DE8
RDN/Generic PUP.x!cqm!10F663474EB7
RDN/Generic BackDoor!b2w!EFB8156D0102
RDN/Generic Downloader.x!lx!7C054A348B82
RDN/Generic PUP.x!cqm!67BD3FC62352
Generic PUP.x!B714CADEACCD
RDN/DNSChanger.bfr!f!91DCEE49A884
RDN/DNSChanger.bfr!f!D6368D693751
RDN/Generic PUP.x!cqm!4BCCEB0D396A
RDN/Generic BackDoor!b2w!E738581CCC00
RDN/Generic PWS.y!bc3!DF87FED7B766
Generic.bfr!B88590217930

Phishing

Vulnerebility

Exploit

10.12.2014

Bugtraq

Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities 2014-12-09
simo morxploit com

[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information 2014-12-09
security-alert hp com

[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-12-09
security-alert hp com

NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability 2014-12-09
VMware Security Response Center (security vmware com)

[CVE-2014-8340] phpTrafficA SQL injection 2014-12-09
DaniÃ«l Geerts (dgeerts nikhef nl)

[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com

[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com

Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 2014-12-09
Onur Yilmaz (onur netsparker com)

Malware

RDN/Generic PUP.x!9229DE0F4550
Generic PUP.x!59BB1588B0D7
RDN/Generic Dropper!CB071AB48A43
W32/Autorun.worm.aaeh!5331BAED2229
RDN/Generic.dx!dhh!E908A7B34261
Generic PUP.x!CFEDE9614756
RDN/Generic PUP.x!cql!EFD29FEEFCD0
RDN/Generic.tfr!ef!131338C5DDFB
RDN/Generic PUP.x!cql!113BECD44DE2
RDN/Generic PUP.x!cql!2456B4D3C3C8
RDN/Generic BackDoor!b2v!9E03E7076352
Generic PUP.x!64B7C901809E
DNSChanger.bfr!212E6E26D255
Generic Dropper!EF81368C766B
Generic PUP.x!A2802E5DB212
RDN/Generic PUP.x!cql!AB72EF5A28D4
Downloader.gen.a!EC4498931F4B
RDN/Generic Downloader.x!lw!2568B9FC647C
RDN/Generic StartPage!4BAFA4A023E2
Generic PUP.x!F1FA25DE8E7F
RDN/Generic Downloader.x!lw!7F38656A8BC7
RDN/Generic BackDoor!b2v!CB7F315D1A36
Generic PUP.x!2F9CCA2FAA4F
Generic PUP.x!0055B1F813D7
RDN/Generic Downloader.x!lw!EB770CA7FBDE
RDN/Generic Downloader.x!lw!0AE10A8E3D35
RDN/Generic BackDoor!b2v!BACFA358FA87
RDN/Generic BackDoor!b2v!F55EDE4A7973
RDN/Generic PUP.x!19938D4EB609
RDN/Downloader.a!tz!74788F35DCFA

Phishing

Vulnerebility

Exploit

9.12.2014

Bugtraq

[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds 2014-12-08
jlk apache org

[ANN] Apache Struts 2.3.20 GA release available with security fix 2014-12-08
Lukasz Lenart (lukaszlenart apache org)

CFP: InfoSec SouthWest 2015 (ISSW) 2014-12-08
Tod Beardsley (todb packetfu com)

Malware

Generic PUP.x!391008A6951A
RDN/Generic Downloader.x!lw!1B904B66BC2E
RDN/Generic PUP.x!6EF6FE98A3AB
Generic PUP.x!62EA1B9E4DB0
RDN/Generic.dx!0D16269BA604
Generic PUP.x!65AF418038BC
RDN/Spybot.bfr!o!74AC6FFD7A2F
Generic PUP.x!63048FB8C704
RDN/Generic.tfr!ef!062DFB0D87F6
RDN/Generic Downloader.x!lw!6314FE26A3B6
Generic PUP.x!295E252B1F82
RDN/Generic.dx!dhh!765CED612BAB
RDN/Generic.dx!66A176B3A70B
RDN/Generic.dx!190865AA137D
RDN/Generic PUP.x!626C7D510D9A
Generic PUP.x!64126E2A24F6
RDN/Generic.hra!cd!570313706885
Generic PUP.x!5A001CCDE177
Generic PUP.x!6249CC174D79
RDN/Generic PUP.x!cqk!3D06DE7CDC43
Generic PUP.x!5C9F42D85E29
Generic PUP.x!5AB2A956AE7D
Generic PUP.x!682A171D0C74
Generic PUP.x!C78B66E1679A
Generic PUP.x!6B01B593D558
RDN/Generic.dx!69B5792532E1
RDN/Spybot.bfr!448E404BA180
Generic PUP.x!61BCF0767085
Generic PUP.x!64DC1768D819
Generic PUP.x!60B0A0B51CFB

Phishing

Vulnerebility

Exploit

8.12.2014

Bugtraq

[SECURITY] [DSA 3091-1] getmail4 security update 2014-12-07
Giuseppe Iuculano (iuculano debian org)

[SECURITY] [DSA 3092-1] icedove security update 2014-12-07
Moritz Muehlenhoff (jmm debian org)

Malware

RDN/Generic.bfr!00DD55F14869
RDN/Generic.dx!D3A39A90401B
RDN/Generic.bfr!98020D83A9B4
RDN/Generic.bfr!CD1042080EA2
RDN/Generic.dx!D33627C8D4BB
RDN/Generic.bfr!5EB658A32E03
RDN/Generic.bfr!CCA81CD51AF1
RDN/Generic.bfr!18D758F08C92
RDN/Generic PWS.y!bb3!B68427EFCE31
RDN/Generic.dx!dhg!464DE1957DD6
RDN/Generic.dx!E728075A30B4
RDN/Generic.bfr!75D1F68DD7B1
RDN/Generic.dx!D36EF214F161
RDN/Generic.bfr!2AE7CC0FDF68
RDN/Generic.bfr!B7ED4D8E22A4
RDN/Generic.bfr!016D00B60E76
RDN/Sdbot.worm!62230CFE8AEF
RDN/Generic PUP.x!A64858F103B8
RDN/Generic.dx!D2D3C1BFADDE
RDN/Generic Dropper!7AE2189384D6
RDN/Generic.bfr!017B524C6E57
RDN/PWS-Banker!dp!BEFBBCD9839E
RDN/Generic PUP.x!1615087403C8
Generic PWS.y!CAC109385C51
Generic PWS.y!15BC0DFBBC3D
Generic PWS.y!ACD9608887D4
RDN/Generic.bfr!45492755ACCA
RDN/Generic.bfr!348E1DA52D6C
RDN/Generic.bfr!17D4E25658B3
RDN/Generic.bfr!8F3768A6C7DF

Phishing

Vulnerebility

Exploit

6.12.2014

Bugtraq

NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) 2014-12-05
Vulnerability Lab (research vulnerability-lab com)

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)

Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)

[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com

Malware

RDN/Generic PUP.x!cq3!87B6EA190355
RDN/Generic PUP.x!3217DC0D978E
Generic PUP.x!2C2F22733F56
Generic PUP.x!0106BC5B4A78
Generic PUP.x!B2D43C998B84
Generic PUP.x!1C41135C3730
Generic PUP.x!1D2696F0BE06
RDN/Generic PUP.x!9FEEB7FA4EDB
RDN/Generic PUP.x!cq3!F9F93597F11C
RDN/Generic PUP.x!019AE0E9D6D0
RDN/Generic PUP.x!D13E402D8D92
RDN/Generic PUP.x!58A3420FB44F
Generic PUP.x!20951CF0817D
RDN/Generic PUP.x!99920706BF86
RDN/Generic.dx!6DD1446DA6B7
Generic PUP.x!9DEDFCE1277B
Generic Downloader.x!E8605FC052A8
RDN/Generic BackDoor!b2t!BE45946FCB4D
RDN/Generic PUP.x!7CD5B3183FC1
RDN/Generic PUP.x!9682A88AB2BD
RDN/Generic PUP.x!06C0D336DC76
RDN/Generic PUP.x!DA69897C63FD
RDN/Generic PUP.x!9A83CFC86968
RDN/Generic PUP.x!8DBBFDA12D03
Downloader.gen.a!2F28800649B2
RDN/Generic.dx!dhf!FCE52F14C722
RDN/Downloader.a!ty!09CB8DBB3812
Generic PUP.x!D893776612A0
RDN/Downloader.a!ty!5FBF7819D65B
Downloader.gen.a!38BF8B2D2F81

Phishing

Vulnerebility

Exploit

Windows Kerberos - Elevation of Privilege (MS14-068)

Offset2lib: Bypassing Full ASLR On 64bit Linux

PBBoard CMS 3.0.1 - SQL Injection

5.12.2014

Bugtraq

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)

Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)

[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com

[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-12-05
security-alert hp com

[SECURITY] [DSA 3090-1] iceweasel security update 2014-12-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3089-1] jasper security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

[oCERT-2014-009] JasPer input sanitization errors 2014-12-04
Andrea Barisani (lcars ocert org)

[SECURITY] [DSA 3088-1] qemu-kvm security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3087-1] qemu security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)

Re: Slider Revolution/Showbiz Pro shell upload exploit 2014-12-04
assistenz crm-br com

CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn

Malware

RDN/Generic.dx!343CF189A818
Generic PUP.x!4AE63E42B433
RDN/Generic Dropper!vq!35F55097DB42
RDN/Generic BackDoor!b2t!36388B28CFAB
FakeAV-M.bfr!976F9202EEFA
Generic PUP.x!FC10088FEBCA
RDN/Generic PUP.x!cq3!C572EE23AF44
Generic PUP.x!253860E5413C
RDN/Generic Downloader.x!lv!CE5E6E9D2C1C
RDN/Generic PWS.y!520BAAE837CF
Generic PUP.x!67199DE2EE80
Generic Downloader.x!5B8CA093491A
RDN/Generic PUP.x!cq3!964C1D7756C6
Generic.dx!CC8DD1E9A5B8
RDN/Generic PUP.x!cq3!CD66DF1EDFF6
RDN/Generic PUP.x!cq3!6B600649B029
RDN/Generic PUP.x!cq3!1F4366455542
RDN/Generic Downloader.x!lv!CDD4ECE0A925
Generic PUP.x!60123132637F
RDN/Generic Dropper!vq!FA0DA4B0EFB5
RDN/Generic PUP.x!6B2807497B47
Generic.bfr!A60CFBABDE0E
RDN/Generic BackDoor!b2t!7E254702A871
Downloader.gen.a!5F926E2C92CC
RDN/Generic PUP.x!79A3AE4F634B
RemAdm-Gneric!A41FFEDFF6CE
RDN/Generic.bfr!hy!1E2EEAA82CE0
RDN/Generic PUP.x!cq3!6E3033CEB9B7
FakeAV-M.bfr!D0250AA731D6
RDN/Generic.dx!6BFA39C53802

Phishing

Vulnerebility

Exploit

Offset2lib: Bypassing Full ASLR On 64bit Linux

PBBoard CMS 3.0.1 - SQL Injection

Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities

4.12.2014

Bugtraq

CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn

APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 2014-12-03
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3086-1] tcpdump security update 2014-12-03
Salvatore Bonaccorso (carnil debian org)

Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection 2014-12-03
Ewerson GuimarÃ£es (Crash) - Dclabs (crash dclabs com br)

[slackware-security] mozilla-thunderbird (SSA:2014-337-01) 2014-12-03
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)

Malware

RDN/Generic PUP.x!cqh!D465E754F1BE
Generic PUP.x!899B175F4B8A
RDN/Generic PUP.x!0A2570CF8123
Generic-FAVO!42B5B68762AC
RDN/Generic Dropper!vp!A45BB31A2176
RDN/Generic StartPage!cb!438D4B2CDF5F
RDN/Generic StartPage!cb!D87134986F56
Generic-FAVO!465FCD4E9E58
RDN/Generic BackDoor!b2s!FB58875E93B1
RDN/Generic BackDoor!b2s!A170B88E68EA
W32/Virut.gen!0F43F01EB8A2
Generic PUP.x!E2EC744CB09A
DNSChanger.bfr!8875804EFA93
Generic PUP.x!DDD969DC77DD
Generic-FAVO!6FED865F5E56
Generic PUP.x!1B1FBD382555
Generic.dx!DAB4BC8BEC6D
Generic PUP.x!1E84C66BBA9C
RDN/Qhost-Gen!be!FA6E631924E4
RDN/Generic.bfr!EE999CA4B4BB
RDN/Generic.bfr!hy!2A69217C18B7
RDN/Generic PUP.x!cqh!D3B8BC6A0E40
Generic.dx!1F6051137BAB
RDN/Generic PUP.x!5092B8A6AA7C
RDN/Generic PUP.x!CD58EC23AF66
FakeAV-M.bfr!0F6E5C509E33
Generic PWS.y!C911B724EC01
RDN/Generic.grp!hr!9FA101CE841F
RDN/Generic.dx!dh3!0D585906CE24
RDN/Generic PUP.x!C961774BF2F1

Phishing

Vulnerebility

Exploit

Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities

Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability

3.12.2014

Bugtraq

[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)

F5 BIGIP - (OLD!) Persistent XSS in ASM Module 2014-12-02
jplopezy gmail com

ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress 2014-12-02
Henri Salo (henri nerv fi)

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components 2014-12-02
RedTeam Pentesting GmbH (release redteam-pentesting de)

[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com

Malware

RDN/Generic BackDoor!b2s!07BB07F1111E
RDN/Generic FakeAlert!FC924071FACD
RDN/Downloader.gen.a!69B98C806EE1
RDN/Generic BackDoor!b2s!BFAE6E15F91F
RDN/Generic PUP.x!F6EC39B4D3A7
DNSChanger.bfr!16AF421598CA
RDN/Generic.dx!A942E36830AA
RDN/Generic PUP.x!5B622DD95C38
RDN/Generic PUP.x!064DF4B4176A
RDN/Generic PWS.y!bbw!D6B4B6C8FE1C
RDN/Generic.dx!4C0D5348022D
RDN/Generic Downloader.x!lv!2250B2B7FA61
RDN/Generic Dropper!vp!AED0EF2C4AB0
Generic.dx!1CB526B022E6
Generic PUP.x!7087B861AF99
RDN/Generic PUP.x!48CA2E09A302
RDN/Generic PUP.x!3DAD8B2E3517
Generic StartPage!CA03719731FA
RDN/Generic PUP.x!207E6BDDE7A6
RDN/Generic.bfr!5FA8C8966926
RDN/Generic.dx!dh3!96165A5D2B81
RDN/Generic PUP.x!05E1F69EB946
RDN/Generic PUP.x!cqg!5245A8191005
Generic PUP.x!7E020E35EE9B
RDN/Generic PUP.x!4D7BF7EBB13C
RDN/Generic.bfr!630F3AC6DC67
RDN/Generic PUP.x!58F9F09EE4BA
RDN/Downloader.gen.a!A4E8F0AF9D1B
Downloader.gen.a!C948D623B541
RDN/Generic BackDoor!b2s!7AE2EFA5F3A8

Phishing

Vulnerebility

Exploit

Cart66 Lite WordPress Ecommerce 1.5.1.17 - Blind SQL Injection

Google Document Embedder 2.5.16 - mysql_real_escpae_string bypass SQL Injection

Tincd Post-Authentication Remote TCP Stack Buffer Overflow

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

Prolink PRN2001 - Multiple Vulnerabilities

IPUX Cube Type CS303C IP Camera - (UltraMJCamX.ocx) ActiveX Stack Buffer Overflow

IPUX CL5452/CL5132 IP Camera - (UltraSVCamX.ocx) ActiveX Stack Buffer Overflow

IPUX CS7522/CS2330/CS2030 IP Camera - (UltraHVCamX.ocx) ActiveX Stack Buffer Overflow

Wordpress Nextend Facebook Connect Plugin 1.4.59 - XSS Vulnerability

EntryPass N5200 - Credentials Exposure

TYPO3 ke DomPDF Extension - Remote Code Execution

2.12.2014

Bugtraq

[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com

[SECURITY] [DSA 3081-1] libvncserver security update 2014-11-29
Luciano Bello (luciano debian org)

[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 2014-11-30
Pedro Ribeiro (pedrib gmail com)

Malware

Generic PUP.x!E41709B9B1FC
RDN/Generic PUP.x!590485900AED
Generic.dx!DF72EA725B65
RDN/Generic.dx!DEA5F9A60B57
Generic PUP.x!9218911A9FDF
RDN/Generic.dx!DDD7E8D6F019
RDN/Generic.dx!DDCE64D63FC5
Generic PUP.x!0A5BA1B1685F
Generic PUP.x!67DBCC7ABD59
RDN/Generic PUP.x!BBDCD75B4BAA
RDN/Generic.bfr!DF20845E1F40
Generic.bfr!9CED1AE8A6A9
RDN/Generic.bfr!hy!E906BDF5528B
RDN/Generic.dx!DDB099D74746
RDN/Generic PUP.x!87B7E9C36BA3
RDN/Generic PUP.x!AE5D9EFA46F1
RDN/Generic PUP.x!cqf!DEFDADBC1573
RDN/Spybot.bfr!o!93453FBA8DE4
RDN/Generic.dx!DE3E3E7C6D11
RDN/Generic.dx!DD7322E81D8B
RDN/Generic Downloader.x!lv!EF777F531ED6
RDN/Generic PUP.x!DE920A989D74
RDN/Generic.dx!DDABB1A8EC49
RDN/Generic BackDoor!830DA0D2003E
RDN/Generic.dx!DD420F1472DD
RDN/Generic PUP.x!cqf!DE746FD836B4
RDN/Generic BackDoor!A843119C8DAC
RDN/Generic PWS.y!bbw!DE6DC637BF01
RDN/Generic PUP.x!A17B579837C7
RDN/Generic.dx!DD09A81B4BF1

Phishing

Yahoo.com	29th November 2014
Atn Dear Customer,

Vulnerebility

Exploit

1.12.2014

Bugtraq

[SECURITY] [DSA 3080-1] openjdk-7 security update 2014-11-29
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3079-1] ppp security update 2014-11-29
Sebastien Delafond (seb debian org)

WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) 2014-11-29
john secureli com

[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com

Malware

RDN/Generic BackDoor!b2s!74490E7396D0
RDN/Generic Dropper!vp!88FFF8924E55
RDN/Generic BackDoor!b2s!0B072A4189E0
RDN/Generic BackDoor!b2s!79046CEB2E5B
Generic PUP.x!5D5F99B10DF6
RDN/Generic.dx!dhc!9BFD27B1EE51
Generic.dx!9423FB506267
RDN/Downloader.gen.a!0055BAA9A6F5
RDN/Downloader.gen.a!01D601993AEA
RDN/Generic PUP.x!2F12D9B8B66D
Generic Downloader.x!A7F5027B7E98
RDN/Generic PUP.x!cqf!F2DF1E7F9B7A
RDN/Generic StartPage!cb!CF5C52A7E908
RDN/Generic PWS.y!bbw!51FB66AA10EF
RDN/Generic.bfr!hy!F5DBF6D8F1D4
RDN/Generic StartPage!cb!6043E7958526
Generic PUP.x!B7DBE0761D56
Generic PUP.x!AC21AA7493F9
RDN/Downloader.a!tv!4B1AA1978701
RDN/Generic.hra!cc!E74A68564D03
RDN/Generic.dx!dhc!9F6B8004B1C9
RDN/Spybot.bfr!CDAA35954DCD
Trojan-FFHL
RDN/Generic BackDoor!b2s!87399E1F75BB
RDN/Generic.bfr!BB09E0EFEC43
Generic PUP.x!59543FE1C821
RDN/Generic PUP.x!03FF0C9B8705
RDN/Generic PUP.x!cqf!F6BDA8C6F920
RDN/Generic.dx!66BD1EFED291
RDN/Generic StartPage!cb!F0A732C70AB9

Phishing

Yahoo.com	29th November 2014
Atn Dear Customer,
Support Paypal	28th November 2014
[NOTICE] YOU HAVE TO UPDATE YOUR INFORMATION FOR SECURITY REASON WITHIN 24 HOURS

Vulnerebility

Exploit

WordPress <=4.0 Denial of Service Exploit

Wordpress < 4.0.1 - Denial of Service

Drupal < 7.34 - Denial of Service

29.11.2014

Bugtraq

[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com

[ MDVSA-2014:236 ] file 2014-11-28
security mandriva com

[ MDVSA-2014:235 ] perl-Plack 2014-11-28
security mandriva com

[ MDVSA-2014:234 ] libksba 2014-11-28
security mandriva com

Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com

Malware

RDN/Generic PUP.x!cq3!15565B91F56E
RDN/Generic.bfr!hy!5BA0A2D6ED32
RDN/FakeAV-N.bfr!52E9CC5D2870
Generic PUP.x!7405E11AF1C0
RDN/Generic StartPage!cb!7989FBB3BEF4
Generic PUP.x!2BC1F99A47D0
RDN/Generic PUP.x!cq3!011786CA9528
Generic PUP.x!4FCF6B06FD19
Generic PUP.x!647E9F6A5A01
Generic PUP.x!1A23E3312B74
Generic Downloader.x!D74EBE96CDF5
Generic PUP.x!8D3B4842D02A
Generic PUP.x!BDB5CC596C5E
RDN/Generic PUP.x!cq3!398A17AD226E
RDN/Generic PUP.x!cq3!9FD20ABA6D9D
RDN/Generic PUP.x!cq3!861A5D57D022
Generic PUP.x!6FEE550800B4
Generic PUP.x!DEC0686B367C
RDN/Generic PUP.x!cq3!11D8B44C0520
RDN/Generic.grp!B95C18C7F7AC
RDN/Generic PUP.x!25E628597B6B
RDN/Generic PUP.x!cq3!8AD9D1E145A0
DNSChanger.bfr!32CD531C2A6F
Generic PUP.x!40C497980AB4
FakeAV-M.bfr!3250F44FE9CC
RDN/Generic PUP.x!8D2445F510F5
RDN/Generic PUP.x!6ACE1F717466
Generic PUP.x!266BB7286C3B
RDN/Generic PUP.x!B8DF00D860BD
Generic PUP.x!95E7E5F1D367

Phishing

Yahoo.com	29th November 2014
Atn Dear Customer,
Support Paypal	28th November 2014
[NOTICE] YOU HAVE TO UPDATE YOUR INFORMATION FOR SECURITY REASON WITHIN 24 HOURS
RBS	28th November 2014
RBS Bank Notification!

Vulnerebility

Exploit

CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation

28.11.2014

Bugtraq

Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com

[ MDVSA-2014:233 ] wordpress 2014-11-27
security mandriva com

[SECURITY] [DSA 3078-1] libksba security update 2014-11-27
Salvatore Bonaccorso (carnil debian org)

[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability 2014-11-27
Egidio Romano (research karmainsecurity com)

[ MDVSA-2014:232 ] glibc 2014-11-27
security mandriva com

[ MDVSA-2014:231 ] icecast 2014-11-27
security mandriva com

[ MDVSA-2014:230 ] kernel 2014-11-27
security mandriva com

[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-11-26
security-alert hp com

Malware

RDN/Generic Dropper!vp!0966355D25F1
RDN/Generic BackDoor!b2q!89C07A29E26D
RDN/Generic BackDoor!b2q!87711DC84BCC
RDN/Generic Dropper!vp!68EF168DBFD2
RDN/Generic BackDoor!b2q!7E064C15EEB0
RDN/Spybot.bfr!o!EA4ACFFAC969
Generic PUP.x!58DD81061015
4shared!B626165E7922
4shared!FBD103925983
4shared!87320DF0D600
Downloader.gen.a!8CD9BE143174
RDN/Generic BackDoor!50246D16D37B
RDN/Generic BackDoor!b2q!7570CCA9DEE0
Generic PUP.x!142F43270344
RDN/Generic PUP.x!A1E22C549DC8
Generic.dx!0B6D00076F98
W32/Spybot.bfr!733E623D5A0D
RDN/Generic.bfr!hx!F359F599A536
Generic PWS.y!0972F56FA445
RDN/Generic Dropper!vp!6CC8387767BF
RDN/Generic.dx!dhc!FC60D85E027F
RDN/Generic.tfr!ef!4C03EBAD16C1
RDN/PWS-Banker!CAC3CF81E0D9
Generic PUP.x!F6B6763BC9E1
RDN/Generic.dx!dhc!19E2C74EFBAC
RDN/Downloader.a!tv!C315E45DEDC0
RDN/Downloader.a!tv!42BD8B8BCF22
Generic PUP.x!7BF189BFA748
Generic PUP.x!158822026500
4shared!16DC6B91A1F6

Phishing

Admin	27th November 2014
Automatic Email Update Needed. howiem@bigfoot.com
BT	27th November 2014
Your account has been frozen temporarily
Halifax	27th November 2014
SECURE YOUR ACCESS !
PayPal	26th November 2014
Now check the account
BT at home	26th November 2014
BT.com Important Account Notice
Halifax UK	26th November 2014
Secure Online Banking
BT	26th November 2014
BT Internet unable to process your recent payment of bill

Vulnerebility

Exploit

27.11.2014

Bugtraq

[ MDVSA-2014:230 ] kernel 2014-11-27
security mandriva com

[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-11-26
security-alert hp com

[SECURITY] [DSA 3077-1] openjdk-6 security update 2014-11-26
Moritz Muehlenhoff (jmm debian org)

[ MDVSA-2014:229 ] libvncserver 2014-11-26
security mandriva com

CVE-2014-5439 - Root shell on Sniffit [with exploit] 2014-11-26
Hector Marco (hecmargi upv es)

Ð¡ross-Site Request Forgery (CSRF) in xEpan 2014-11-26
High-Tech Bridge Security Research (advisory htbridge com)

Malware

Generic PUP.x!2E11E4319FEA
Generic PUP.x!F384F57FED1B
RDN/Generic PUP.x!4A30470DF689
RDN/Generic PUP.x!cq3!5AF9A75019E8
RDN/Generic.bfr!hx!642F3C3A8DC7
Generic PUP.x!8996416C09FB
Generic PUP.x!AAE1CC9C1A39
RDN/Spybot.bfr!A3CAAC93B376
RDN/Generic.bfr!hx!2300E314ADF7
RDN/Generic.bfr!hx!471EB2B8ECF3
Generic PUP.x!62486BA681F5
Generic PUP.x!DC465AFB6965
Generic PUP.x!4CADC97BE705
Generic BackDoor!DEED3C81A7EC
Generic PUP.x!76BCFA2F04FE
RDN/Generic PUP.x!1AE0648239CB
Generic PUP.x!7BB5E11BB2D6
Generic PUP.x!0F66AFC663B8
Generic PUP.x!C123480C3730
Generic PUP.x!9F777BCFC0D1
Generic PUP.x!259867925D9C
Generic PUP.x!556E43A8CF48
RDN/Generic PUP.x!cq3!732A3CA1EB61
Generic PUP.x!3E056F4AE1AF
Generic PUP.x!F78B628407B4
RDN/Generic PUP.x!cq3!D5C163F636F0
Generic PUP.x!5EBF3663762D
RDN/Generic PUP.x!cq3!653CD70FC69C
Generic PUP.x!E02FABEF6E62
Generic PUP.x!A4F693DD0F2A

Phishing

Halifax	27th November 2014
SECURE YOUR ACCESS !
PayPal	26th November 2014
Now check the account
BT at home	26th November 2014
BT.com Important Account Notice
Halifax UK	26th November 2014
Secure Online Banking
BT	26th November 2014
BT Internet unable to process your recent payment of bill
Tom Holder	25th November 2014
Important Document

Vulnerebility

Exploit

Pandora FMS SQLi Remote Code Execution

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow

WordPress HTML 5 MP3 Player with Playlist Plugin - Full Path Disclosure

xEpan 1.0.1 - CSRF Vulnerability

Device42 WAN Emulator 2.3 Traceroute Command Injection

Device42 WAN Emulator 2.3 Ping Command Injection

Slider Revolution/Showbiz Pro Shell Upload Exploit

Elipse E3 HTTP Denial of Service

Android WAPPushManager - SQL Injection