Databze Hot News - Rok - vod  2018  2017  2016  2015  2014  2013  - 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  List  - 2018  2017  2016  2015  2014  2013 
Posledn aktualizace v 08.10.2016 14:19:38 

12.11.2016

Bugtraq

Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)

CVE-2016-6809 ?? Arbitrary Code Execution Vulnerability in Apache Tika??s MATLAB Parser 2016-11-10
tallison apache org

Malware

W97M.Empstage

Trojan.Flokibot

Phishing

Wells Fargo Online

11th November 2016

Security Alert: Suspicious
Activity

Apple

11th November 2016

RE: UPDATE YOUR APPLE ID
ACCOUNT INFORMATION !

WELSFARGO

11th November 2016

ACCOUNT SECURITY RESPONSE
REQUIRE

CANADIAN PHARMACY

11th November 2016

DISCOUNT 35%

Vulnerebility

Multiple Huawei HG532 Routers CVE-2015-7254 Directory Traversal Vulnerability
2016-11-12
http://www.securityfocus.com/bid/77506

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94274

PHP 'bzcompress()' Function Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94278

PHP '_php_imap_mail()' Function Integer Overflow Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94277

Docker Multiple Security Bypass Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94272

TYPO3 TC Directmail SQL Injection and Cross Site Scripting Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94276

PHP 'zend_symtable_clean()' Function Out of Bounds Read Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94275

TYPO3 HTML5 Video Player Extension Unspecified Cross Site Scripting Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94273

LibTIFF CVE-2016-9273 Heap Buffer Overflow Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94271

PHP 'gdImageScaleBilinearPalette()' Function Integer Overflow Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94270

Drupal D8 Editor File upload Module Cross Site Scripting Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94267

Drupal Workbench Moderation Module Information Disclosure Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94269

Foreman CVE-2016-8639 Multiple HTML Injection Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94263

Microsoft SQL Server CVE-2016-7250 Privilege Escalation Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94060

Teradata Virtual Machine Community Edition Multiple Security Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94262

IBM Resilient CVE-2016-6062 Unspecified Cross Site Scripting Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94268

PHP 'gdImageAALine()' Function Integer Overflow Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94265

Drupal Views Send Module Cross Site Scripting Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94266

F5 BIG-IP ASM CVE-2016-7472 Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94260

Linux Kernel CVE-2016-8645 Local Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94264

Exponent CMS CVE-2016-9272 SQL Injection Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94261

Computer Associates Service Desk Manager CVE-2016-9148 Cross Site Scripting Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94258

MoinMoin Multiple HTML Injection Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94259

Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94255

CA Unified Infrastructure Management Directory Traversal And Security Bypass Vulnerabilities
2016-11-12
http://www.securityfocus.com/bid/94257

Computer Associates Unified Infrastructure Management Directory Traversal Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94243

libming 'listmp3.c' Memory Corruption Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94254

Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/73407

RETIRED: Palo Alto Networks PAN-OS Denial of Service Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94198

libming 'listmp3.c' Buffer Overflow Vulnerability
2016-11-12
http://www.securityfocus.com/bid/94251

SANS News

 

Threatpost

 

Exploit

 

11.11.2016

Bugtraq

Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)

CVE-2016-6809 ?? Arbitrary Code Execution Vulnerability in Apache Tika??s MATLAB Parser 2016-11-10
tallison apache org

Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)

Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)

WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10
Berend-Jan Wever (berendj nwever nl)

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10
nickyccwu tencent com

MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09
Berend-Jan Wever (berendj nwever nl)

Malware

Exp.CVE-2016-7255

Ransom.Telecrypt

TrojanSpy:MSIL/Omaneat.H!bit 
TrojanDropper:Win32/Sality!rfn 
Backdoor:MSIL/Geravib.A 
TrojanSpy:MSIL/Golroted.F 
TrojanSpy:Win32/Nivdort.DO 

Phishing

USAA

10th November 2016

Urgent - Incoming Payment On
Hold

Bank of America Alert

10th November 2016

Security Alert: Suspicious
Activity

Barclays

10th November 2016

Notification

USAA

10th November 2016

Account Mail Notice

PayPal

9th November 2016

WE'VE DISABLED YOUR ACCOUNT
DUE TO SUSPICIOUS ACTIVITY.

Vulnerebility

MoinMoin Multiple HTML Injection Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94259

Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94255

CA Unified Infrastructure Management Directory Traversal And Security Bypass Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94257

Computer Associates Unified Infrastructure Management Directory Traversal Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94243

libming 'listmp3.c' Memory Corruption Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94254

Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/73407

RETIRED: Palo Alto Networks PAN-OS Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94198

libming 'listmp3.c' Buffer Overflow Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94251

Adobe Reader and Acrobat CVE-2016-4095 Memory Corruption Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94253

libming 'listmp3.c' Divide By Zero Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94252

Multiple I-O DATA Network Camera Products CVE-2016-7814 Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94250

Corega CG-WLBARGMH and CG-WLBARGNL Routers CVE-2016-7808 Cross Site Scripting Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94249

Corega CG-WLR300NX Multiple Security Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94248

Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94247

Dotclear CVE-2016-9268 Arbitrary File Upload Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94246

DokuWiki CVE-2016-7964 SSRF Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94245

MuJS Multiple Security Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94241

OpenSSL CVE-2016-7053 NULL Pointer Dereference Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94244

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94242

RealNetworks RealPlayer CVE-2016-9018 Null Pointer Dereference Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94239

Brocade NetIron OS CVE-2016-8203 Memory Corruption Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94232

F5 BIG-IP LTM Products CVE-2016-5745 Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94240

MuJS CVE-2016-7505 Buffer Overflow Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94231

DokuWiki CVE-2016-7965 Host Address Spoofing Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94237

libcsp Multiple Buffer Overflow Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94226

Micro Focus Rumba CVE-2016-9176 Multiple Local Stack Buffer Overflow Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94236

Bitcoin Knots CVE-2016-8889 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94235

OpenSSL CVE-2016-7054 Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94238

Python Pillow Multiple Security Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94234

Foreman CVE-2016-7077 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94230

DokuWiki CVE-2016-7964 SSRF Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94245

MuJS Multiple Security Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94241

OpenSSL CVE-2016-7053 NULL Pointer Dereference Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94244

Computer Associates Unified Infrastructure Management Directory Traversal Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94243

OpenSSL CVE-2016-7055 Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94242

RealNetworks RealPlayer CVE-2016-9018 Null Pointer Dereference Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94239

Brocade NetIron OS CVE-2016-8203 Memory Corruption Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94232

F5 BIG-IP LTM Products CVE-2016-5745 Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94240

MuJS CVE-2016-7505 Buffer Overflow Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94231

DokuWiki CVE-2016-7965 Host Address Spoofing Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94237

libcsp Multiple Buffer Overflow Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94226

Micro Focus Rumba CVE-2016-9176 Multiple Local Stack Buffer Overflow Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94236

Bitcoin Knots CVE-2016-8889 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94235

OpenSSL CVE-2016-7054 Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94238

Python Pillow Multiple Security Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94234

Foreman CVE-2016-7077 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94230

Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94221

Botan CVE-2016-8871 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94225

Docker CVE-2016-8867 Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94228

Exponent CMS SQL Injection and Security Bypass Vulnerabilities
2016-11-11
http://www.securityfocus.com/bid/94227

Citrix Receiver Desktop CVE-2016-9111 Local Authentication Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94229

MuJS CVE-2016-9136 Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94223

Redhat JBoss Enterprise Application Platform CVE-2016-7061 Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94222

JasPer CVE-2016-9262 Integer Overflow Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94224

perl-Image-Info CVE-2016-9181 XML External Entity Injection Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94220

SparkJava Spark CVE-2016-9177 Directory Traversal Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94218

Linux Kernel 'crypto/lrw.c' Local Denial of Service Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94217

perl-XML-Twig CVE-2016-9180 XML External Entity Injection Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94219

IBM BigFix Platform CVE-2016-0296 Local Information Disclosure Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94213

Python Cryptography CVE-2016-9243 Security Bypass Vulnerability
2016-11-11
http://www.securityfocus.com/bid/94216

SANS News

Benevolent malware? reincarna/Linux.Wifatch

Threatpost

OpenSSL Patches High-Severity Denial-of-Service Bug

BlackNurse Low-Volume DoS Attack Targets Firewalls

Yahoo Tells SEC It Knew About Data Breach in 2014

Siemens Discloses Local Privilege Escalation Bug in SCADA Gear

Signal Audit Reveals Protocol Cryptographically Sound

Exploit

Microsoft Internet Explorer 9-11 MSHTML -...

Microsoft WININET.dll - CHttpHeaderParser::ParseStatusLine Out-of-Bounds Read (M...

vBulletin 4.2.3 - SQL Injection

4Images 1.7.13 - SQL Injection

MyBB 1.8.6 - Cross-Site Scripting

10.11.2016

Bugtraq

WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10
Berend-Jan Wever (berendj nwever nl)

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10
nickyccwu tencent com

MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09
Berend-Jan Wever (berendj nwever nl)

[SECURITY] [DSA 3709-1] libxslt security update 2016-11-08
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution 2016-11-08
security-alert hpe com

URL Redirection Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com

Malware

 

Phishing

USAA

10th November 2016

Account Mail Notice

PayPal

9th November 2016

WE'VE DISABLED YOUR ACCOUNT
DUE TO SUSPICIOUS ACTIVITY.

Apple

9th November 2016

Your iTunes account will be
deactivated .

USAA

9th November 2016

USAA Security Preferences
Message

Vulnerebility

Lynx CVE-2016-9179 URL Redirection Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94215

Linux Kernel CVE-2016-8632 Local Heap Overflow Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94211

Google Nexus Qualcomm Crypto Engine Driver CVE-2016-6738 Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94208

Google Nexus Mediaserver CVE-2016-6747 Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94212

Google Android Qualcomm Bus Driver CVE-2016-3904 Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94210

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/93793

Google Pixel C NVIDIA GPU driver CVE-2016-6746 Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94209

Linux Kernel CVE-2015-8963 Use After Free Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94207

Foreman CVE-2016-8634 HTML Injection Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94206

OpenStack Heat Template URL CVE-2016-9185 Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94205

Google Android CVE-2016-6754 Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94204

Linux Kernel 'tuners/tuner-xc2028.c' Local Use After Free Memory Corruption Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94201

Google Android Kernel ION Subsystem Multiple Remote Privilege Escalation Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94202

Google Nexus Qualcomm Bootloader CVE-2016-6729 Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94203

Linux kernel 'usb/gadget/function/f_fs.c' Use After Free Local Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94197

Palo Alto Networks PAN-OS Cross Site Scripting Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94200

Palo Alto Networks PAN-OS Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94198

Palo Alto Networks PAN-OS Security Bypass Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94199

Google Chrome Multiple Security Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94196

HPE Network Node Manager i (NNMi) Multiple Security vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94195

Moodle CVE-2016-9186 Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94190

Moodle CVE-2016-9187 Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94191

Google Android Bluetooth CVE-2016-6719 Remote Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94179

Exponent CMS CVE-2016-9242 Multiple SQL Injection Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94194

Adobe Flash Player CVE-2016-7020 Use After Free Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94192

IBM BigFix Platform CVE-2016-0214 Unspecified Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94193

Moodle CVE-2016-9188 Multiple Cross Site Scripting Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94189

Linux Kernel CVE-2015-8962 Memory Corruption Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94187

HP Business Service Management Software CVE-2016-4405 Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94183

HP KeyView Multiple Security Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94184
 

HPE Network Node Manager i (NNMi) Multiple Security vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94195

Moodle CVE-2016-9186 Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94190

Moodle CVE-2016-9187 Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94191

Google Android Bluetooth CVE-2016-6719 Remote Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94179

Exponent CMS CVE-2016-9242 Multiple SQL Injection Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94194

Adobe Flash Player CVE-2016-7020 Use After Free Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94192

IBM BigFix Platform CVE-2016-0214 Unspecified Arbitrary File Upload Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94193

Moodle CVE-2016-9188 Multiple Cross Site Scripting Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94189

Linux Kernel CVE-2015-8962 Memory Corruption Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94187

HP Business Service Management Software CVE-2016-4405 Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94183

HP KeyView Multiple Security Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94184

Google Android Input Manager Service CVE-2016-6724 Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94180

Google Android Proxy Auto Config CVE-2016-6723 Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94185

Google Android Mediaserver CVE-2016-6717 Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94178

FortiWLC CVE-2016-8491 Hardcoded Account Security Bypass Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94186

IBM BigFix Platform CVE-2016-0297 Man in the Middle Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94188

Google Nexus Qualcomm Crypto Driver CVE-2016-6725 Remote Code Execution Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94182

SAP Hybris E-commerce Suite VirtualJDBC SQL Injection Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94181

Multiple NVIDIA Products Multiple Local Privilege Escalation Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94177

SAP Message Server HTTP Daemon Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94176

Google Android Account Manager Service CVE-2016-6718 Local Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94175

Multiple NVIDIA Products GPU Display Driver Multiple Local Privilege Escalation Vulnerabilities
2016-11-10
http://www.securityfocus.com/bid/94172

Google Android Framework APIs CVE-2016-6715 Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94173

Google Android AOSP Launcher CVE-2016-6716 Local Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94171

SAP NetWeaver Java AS 'Webdynpro' Component Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94174

Google Android Bluetooth CVE-2014-9908 Denial of Service Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94167

Google Android Download Manager CVE-2016-6710 Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94170

Google Android Conscrypt CVE-2016-6709 Information Disclosure Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94169

Google Android CVE-2016-6708 Local Privilege Escalation Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94166

Google Android Skia CVE-2016-6701 Memory Corruption Vulnerability
2016-11-10
http://www.securityfocus.com/bid/94162

SANS News

November 2016 Microsoft Patch Day

Packet Capture Options

Threatpost

Google to Red Flag Repeat Offender Websites

Locky Targets OPM Breach Victims
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking

Exploit

Microsoft Windows Kernel - win32k Denial of Service (MS16-135)

Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

Adobe Connect 9.5.7 - Cross-Site Scripting

9.11.2016

Bugtraq

Cross-Site Scripting in Calendar WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)

Cross Site Scripting Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com

Malware

Trojan:Win32/Barlaiy.A!dha 
TrojanDropper:Win32/Barlaiy.A!dha 
Win32/SupTab 

Phishing

Santander

8th November 2016

NEW SECURITY PRECAUTIONS

AOL

8th November 2016

Update

Bank of America

8th November 2016

Security Alerts

Paypal Service

8th November 2016

Your account has been limited
Please update Your information

REGIONS

8th November 2016

New 15 Important Message From
REGIONS "howiem@bigfoot.com"

Vulnerebility

Google Android Conscrypt CVE-2016-6709 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94169

Google Android CVE-2016-6708 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94166

Google Android Skia CVE-2016-6701 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94162

Google Android System Server CVE-2016-6707 Remote Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94164

Google Android Runtime Library CVE-2016-6703 Remote Code Execution Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94161

Google Android libjpeg CVE-2016-6702 Remote Code Execution Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94160

Phoenix Contact ILC PLC Authentication Bypass and Information Disclosure Vulnerabilities
2016-11-09
http://www.securityfocus.com/bid/94163

Multiple Siemens Products CVE-2016-7165 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94158

OSIsoft PI System CVE-2016-8365 Local Denial of Service Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94165

Adobe Flash Player Type Confusion Multiple Remote Code Execution Vulnerabilities
2016-11-09
http://www.securityfocus.com/bid/94151

Adobe Flash Player APSB16-37 Multiple Remote Code Execution Vulnerabilities
2016-11-09
http://www.securityfocus.com/bid/94153

Google Android libzipfile CVE-2016-6700 Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94159

Google Android Mediaserver CVE-2016-6699 Remote Code Execution Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94157

Microsoft Edge CVE-2016-7204 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93970

Microsoft Office CVE-2016-7234 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94020

Microsoft Office CVE-2016-7233 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94031

Microsoft Office CVE-2016-7235 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94022

Microsoft Office CVE-2016-7244 Denial of Service Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94029

Microsoft Office CVE-2016-7236 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94025

Microsoft Office CVE-2016-7213 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93993

Microsoft Office CVE-2016-7228 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93994

Microsoft Office CVE-2016-7245 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94026

Microsoft Office CVE-2016-7231 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93996

Microsoft Office CVE-2016-7229 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93995

Microsoft Office CVE-2016-7232 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94005

Microsoft Office CVE-2016-7230 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94006

Microsoft Windows CVE-2016-7226 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94018

Microsoft Windows CVE-2016-7184 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94015

Microsoft Internet Explorer and Edge CVE-2016-7241 Remote Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94055

Microsoft Internet Explorer and Edge CVE-2016-7199 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94057
 

Microsoft Edge CVE-2016-7204 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93970

Microsoft Office CVE-2016-7234 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94020

Microsoft Office CVE-2016-7233 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94031

Microsoft Office CVE-2016-7235 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94022

Microsoft Office CVE-2016-7244 Denial of Service Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94029

Microsoft Office CVE-2016-7236 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94025

Microsoft Office CVE-2016-7213 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93993

Microsoft Office CVE-2016-7228 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93994

Microsoft Office CVE-2016-7245 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94026

Microsoft Office CVE-2016-7231 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93996

Microsoft Office CVE-2016-7229 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/93995

Microsoft Office CVE-2016-7232 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94005

Microsoft Office CVE-2016-7230 Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94006

Microsoft Windows CVE-2016-7226 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94018

Microsoft Windows CVE-2016-7184 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94015

Microsoft Internet Explorer and Edge CVE-2016-7241 Remote Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94055

Microsoft Internet Explorer and Edge CVE-2016-7199 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94057

Microsoft Windows CVE-2016-3343 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94007

Microsoft Internet Explorer and Edge CVE-2016-7227 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94065

Microsoft Internet Explorer and Edge CVE-2016-7198 Remote Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94053

Microsoft Internet Explorer and Edge CVE-2016-7195 Remote Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94052

Microsoft Internet Explorer and Edge CVE-2016-7196 Remote Memory Corruption Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94051

Microsoft Windows CVE-2016-3342 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94013

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-7239 Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94059

Microsoft Windows CVE-2016-7237 Denial of Service Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94040

Microsoft Windows NTLM CVE-2016-7238 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94045

Microsoft Windows Virtual Secure Mode CVE-2016-7220 Local Information Disclosure Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94036

Microsoft Windows CVE-2016-3340 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94010

Microsoft Windows Boot Manager CVE-2016-7247 Local Security Bypass Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94058

Microsoft Windows Kernel CVE-2016-7216 Local Privilege Escalation Vulnerability
2016-11-09
http://www.securityfocus.com/bid/94048

SANS News

November 2016 Microsoft Patch Day

Threatpost

Adobe Patches Nine Code Execution Flaws in Flash Player

Google Releases Supplemental Patch for Dirty Cow Vulnerability

TrickBot Banking Trojan Adds New Browser Manipulation Tools

Exploit

 

8.11.2016

Bugtraq

[SECURITY] [DSA 3707-1] openjdk-7 security update 2016-11-07
Moritz Muehlenhoff (jmm debian org)

[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow 2016-11-07
Pedro Ribeiro (pedrib gmail com)

[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution 2016-11-07
security-alert hpe com

Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)

Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)

Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)

Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07
iedb team gmail com

Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07
iedb team gmail com

WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow 2016-11-05
apparitionsec gmail com/hyp3rlinx

Axessh 4.2.2 Denial Of Service 2016-11-05
apparitionsec gmail com/hyp3rlinx

Rapid PHP Editor CSRF Remote Command Execution 2016-11-05
apparitionsec gmail com/hyp3rlinx

[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting 2016-11-04
security-alert hpe com

Malware

 

Phishing

Bank of America

8th November 2016

Security Alerts

Paypal Service

8th November 2016

Your account has been limited
Please update Your information

REGIONS

8th November 2016

New 15 Important Message From
REGIONS "howiem@bigfoot.com"

service PayPal

7th November 2016

UPDATE REQUIRED : PAYPAL

Root User

7th November 2016

YOU HAVE A PROBLEM WITH YOUR
PAYPAL ACCOUNT (ACCOUNT
LIMITED)

Vulnerebility

Google Android Qualcomm Components Multiple Information Disclosure Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94139

Google Nexus Qualcomm Camera Driver Multiple Privilege Escalation Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94142

Google Android Mediaserver Multiple Information Disclosure Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94143

Google Pixel C NVIDIA GPU Driver Multiple Privilege Escalation Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94140

Google Android Mediaserver Multiple Privilege Escalation Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94134

Google Android Mediaserver Multiple Denial of Service Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94137

GitLab CVE-2016-9086 Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94136

Linux kernel Local Use After Free Multiple Denial of Service Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94135

Google Android 'Qualcomm' components Multiple Unspecified Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94133

Linux Kernel Multiple Information Disclosure Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94138

Google Nexus Synaptics Touchscreen Driver Multiple Privilege Escalation Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94131

Terminology CVE-2015-8971 Arbitrary Command Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94132

Linux Kernel CVE-2016-9191 Local Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94129

Multiple D-Link DIR Routers CVE-2016-6563 Remote Stack Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94130

Dracut CVE-2016-8637 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94128

Multiple Pivotal Products CVE-2016-6657 Unspecified Open Redirection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94126

Exponent CMS Multiple SQL Injection Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94127

GMER CVE-2016-4289 Stack Buffer Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94124

Zabbix CVE-2016-9140 Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94125

Cisco Prime Collaboration Provisioning CVE-2016-6451 Multiple Cross Site Scripting Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93917

Square git-fastclone Multiple Remote Command Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/81433

Exponent CMS CVE-2016-7095 Arbitrary File Upload Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94121

SAP Adaptive Server Enterprise SQL Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/92950

Samsung Mobile Phones CVE-2016-7160 Null Pointer Dereference Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94120

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93849

phpMyAdmin CVE-2016-6610 Full Path Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94118

phpMyAdmin CVE-2016-6611 SQL-Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94117

Adobe Acrobat and Reader CVE-2016-6938 Use-After-Free Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/93016

Apple iOS and macOS CVE-2016-7613 Local Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94116

phpMyAdmin CVE-2016-6613 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94115
 

Linux Kernel CVE-2016-9191 Local Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94129

Multiple D-Link DIR Routers CVE-2016-6563 Remote Stack Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94130

Dracut CVE-2016-8637 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94128

Multiple Pivotal Products CVE-2016-6657 Unspecified Open Redirection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94126

Exponent CMS Multiple SQL Injection Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94127

GMER CVE-2016-4289 Stack Buffer Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94124

Zabbix CVE-2016-9140 Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94125

Cisco Prime Collaboration Provisioning CVE-2016-6451 Multiple Cross Site Scripting Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93917

Square git-fastclone Multiple Remote Command Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/81433

Exponent CMS CVE-2016-7095 Arbitrary File Upload Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94121

SAP Adaptive Server Enterprise SQL Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/92950

Samsung Mobile Phones CVE-2016-7160 Null Pointer Dereference Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94120

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93849

phpMyAdmin CVE-2016-6610 Full Path Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94118

phpMyAdmin CVE-2016-6611 SQL-Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94117

Adobe Acrobat and Reader CVE-2016-6938 Use-After-Free Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/93016

Apple iOS and macOS CVE-2016-7613 Local Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94116

phpMyAdmin CVE-2016-6613 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94115

phpMyAdmin CVE-2016-6609 PHP Code Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94112

phpMyAdmin CVE-2016-6606 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94114

phpMyAdmin CVE-2016-6612 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94113

WebKit CVE-2016-4677 Memory Corruption Vulnerability
2016-11-08
http://www.securityfocus.com/bid/93853

Apple macOS Prior to 10.12.1 Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93852

HP System Management Homepage Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93961

Redis CVE-2016-2121 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94111

Red Hat OpenShift Enterprise CVE-2016-8631 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94110

Ansible CVE-2016-8628 Remote Command Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94109

Ansible CVE-2016-8614 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94108

cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94107

cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94106
 

Linux Kernel CVE-2016-9191 Local Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94129

Multiple D-Link DIR Routers CVE-2016-6563 Remote Stack Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94130

Dracut CVE-2016-8637 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94128

Multiple Pivotal Products CVE-2016-6657 Unspecified Open Redirection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94126

Exponent CMS Multiple SQL Injection Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/94127

GMER CVE-2016-4289 Stack Buffer Overflow Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94124

Zabbix CVE-2016-9140 Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94125

Cisco Prime Collaboration Provisioning CVE-2016-6451 Multiple Cross Site Scripting Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93917

Square git-fastclone Multiple Remote Command Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/81433

Exponent CMS CVE-2016-7095 Arbitrary File Upload Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94121

SAP Adaptive Server Enterprise SQL Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/92950

Samsung Mobile Phones CVE-2016-7160 Null Pointer Dereference Denial of Service Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94120

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93849

phpMyAdmin CVE-2016-6610 Full Path Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94118

phpMyAdmin CVE-2016-6611 SQL-Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94117

Adobe Acrobat and Reader CVE-2016-6938 Use-After-Free Remote Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/93016

Apple iOS and macOS CVE-2016-7613 Local Code Execution Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94116

phpMyAdmin CVE-2016-6613 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94115

phpMyAdmin CVE-2016-6609 PHP Code Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94112

phpMyAdmin CVE-2016-6606 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94114

phpMyAdmin CVE-2016-6612 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94113

WebKit CVE-2016-4677 Memory Corruption Vulnerability
2016-11-08
http://www.securityfocus.com/bid/93853

Apple macOS Prior to 10.12.1 Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93852

HP System Management Homepage Multiple Security Vulnerabilities
2016-11-08
http://www.securityfocus.com/bid/93961

Redis CVE-2016-2121 Local Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94111

Red Hat OpenShift Enterprise CVE-2016-8631 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94110

Ansible CVE-2016-8628 Remote Command Injection Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94109

Ansible CVE-2016-8614 Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94108

cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94107

cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
2016-11-08
http://www.securityfocus.com/bid/94106

SANS News

 

Threatpost

Clever Gmail Hack Let Attackers Take Over Accounts
Microsoft Tears off the Band-Aid with EMET

Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts

Risk of Election Day Cyberattacks Low According To Experts

Exploit

 

7.11.2016

Bugtraq

 

Malware

BrowserModifier:Win32/SupTab 
BrowserModifier:Win32/SupTab!blnk 
Win32/SupTab 
PWS:Win32/Dyzap.X 
TrojanDownloader:Win32/Misfox 
Backdoor:Win32/Kreen.A!bit 
TrojanDropper:Win32/Evotob.AC 
TrojanDropper:Win32/Randrew!rfn 
TrojanDropper:Win32/Randrew.A!bit 

Phishing

Root User

7th November 2016

YOU HAVE A PROBLEM WITH YOUR
PAYPAL ACCOUNT (ACCOUNT
LIMITED)

SUPPORT

6th November 2016

AMAZON ACCOUNT : Failed to
verify your account Amazon
10/29/2016 12:19:35

NET_FLIX

6th November 2016

CHECK YOUR ACCOUNT !

Vulnerebility

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/93849

phpMyAdmin CVE-2016-6611 SQL-Injection Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94117

Adobe Acrobat and Reader CVE-2016-6938 Use-After-Free Remote Code Execution Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93016Apple

macOS Prior to 10.12.1 Multiple Security Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/93852

HP System Management Homepage Multiple Security Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/93961

Redis CVE-2016-2121 Local Information Disclosure Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94111

Red Hat OpenShift Enterprise CVE-2016-8631 Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94110

Ansible CVE-2016-8628 Remote Command Injection Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94109

cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94107

cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94106

cURL/libcURL CVE-2016-8622 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94105

cURL CVE-2016-8620 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94102

cURL/libcURL CVE-2016-8624 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94103

cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94101

cURL CVE-2016-8619 Remote Security Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94100

Gajim OTR Plugin CVE-2016-9107 Information Disclosure Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94099

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93793

cURL/libcURL CVE-2016-8618 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94098

cURL/libcURL CVE-2016-8617 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94097

cURL/libcURL CVE-2016-8615 Cookie Injection Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94096

cURL/libcURL CVE-2016-8616 Remote Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94094

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93964

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93965

QEMU 'hw/9pfs/9p.c' Integer Overflow Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93956

QEMU 'hw/9pfs/9p.c' Information Disclosure Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93955

Schneider Electric ION Power Meter Unspecified Cross Site Request Forgery Vulnerability
2016-11-07
http://www.securityfocus.com/bid/92916

Schneider Electric Magelis HMI Multiple Denial of Service Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/94093

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93962

QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
2016-11-07
http://www.securityfocus.com/bid/93957

IBM AIX CVE-2016-6079 Unspecified Local Privilege Escalation Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94090

Moxa OnCell Series Products Authentication Bypass and OS Command Execution Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/94092

Schneider Electric ION CVE-2016-5815 Series Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94091

OpenStack Compute (Nova) CVE-2016-2140 Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/84277

JPKI Client Software CVE-2016-4902 DLL Loading Remote Code Execution Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94087

I-O DATA DEVICE WFS-SR01 Multiple Security Vulnerabilities
2016-11-07
http://www.securityfocus.com/bid/94089

Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94088

Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94086

mobiGate App CVE-2016-7805 SSL Certificate Validation Security Bypass Vulnerability
2016-11-07
http://www.securityfocus.com/bid/94085

SANS News

Hancitor Maldoc Bypasses Application Whitelisting

Threatpost

 

Exploit

 

5.11.2016

Bugtraq

[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) 2016-11-02
security-alert hpe com

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

VBS.Downloader.B

JS.Downloader.D

Backdoor.Bitral

Phishing

pppaypal

6th November 2016

ACCOUNT NOTIFICATION

PayPal.Service

5th November 2016

PLEASE UPDATE YOUR ACCOUNT
INFORMATION !

Microsoft

4th November 2016

Support

Vulnerebility

cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94106

cURL/libcURL CVE-2016-8622 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94105

cURL CVE-2016-8620 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94102

cURL/libcURL CVE-2016-8624 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94103

cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94101

cURL CVE-2016-8619 Remote Security Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94100

Gajim OTR Plugin CVE-2016-9107 Information Disclosure Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94099

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93793

cURL/libcURL CVE-2016-8618 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94098

cURL/libcURL CVE-2016-8617 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94097

cURL/libcURL CVE-2016-8615 Cookie Injection Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94096

cURL/libcURL CVE-2016-8616 Remote Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94094

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93964

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93965

QEMU 'hw/9pfs/9p.c' Integer Overflow Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93956

QEMU 'hw/9pfs/9p.c' Information Disclosure Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93955

Schneider Electric ION Power Meter Unspecified Cross Site Request Forgery Vulnerability
2016-11-05
http://www.securityfocus.com/bid/92916

Schneider Electric Magelis HMI Multiple Denial of Service Vulnerabilities
2016-11-05
http://www.securityfocus.com/bid/94093

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93962

QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
2016-11-05
http://www.securityfocus.com/bid/93957

IBM AIX CVE-2016-6079 Unspecified Local Privilege Escalation Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94090

Moxa OnCell Series Products Authentication Bypass and OS Command Execution Vulnerabilities
2016-11-05
http://www.securityfocus.com/bid/94092

Schneider Electric ION CVE-2016-5815 Series Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94091

OpenStack Compute (Nova) CVE-2016-2140 Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/84277

JPKI Client Software CVE-2016-4902 DLL Loading Remote Code Execution Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94087

I-O DATA DEVICE WFS-SR01 Multiple Security Vulnerabilities
2016-11-05
http://www.securityfocus.com/bid/94089

Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94088

Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94086

mobiGate App CVE-2016-7805 SSL Certificate Validation Security Bypass Vulnerability
2016-11-05
http://www.securityfocus.com/bid/94085

Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
2016-11-05
http://www.securityfocus.com/bid/93608

SANS News

Full Packet Capture for Dummies

Hancitor Maldoc Bypasses Application Whitelisting

Threatpost

Half of Chrome Pageloads are HTTPS

Commodity Exaspy Spyware Found Targeting High-Level Execs

Inside the RIG Exploit Kit

Exploit

 

4.11.2016

Bugtraq

[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) 2016-11-02
security-alert hpe com

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)

Malware

PUA:Win32/Reimage 

SoftwareBundler:Win32/Techrelinst (

Backdoor:Win32/Buhtrap.A!dha 
SoftwareBundler:Win32/Techrelinst 

Phishing

Microsoft

4th November 2016

Support

Bank of

3rd November 2016

Bank of America Account Update
& Security Maintenance

Wells Fargo

2nd November 2016

Your funds transfer to another
customer

Vulnerebility

cURL/libcURL CVE-2016-8615 Cookie Injection Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94096

cURL/libcURL CVE-2016-8616 Remote Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94094

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93964

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93965

QEMU 'hw/9pfs/9p.c' Integer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93956

QEMU 'hw/9pfs/9p.c' Information Disclosure Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93955

Schneider Electric ION Power Meter Unspecified Cross Site Request Forgery Vulnerability
2016-11-04
http://www.securityfocus.com/bid/92916

Schneider Electric Magelis HMI Multiple Denial of Service Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94093

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93962

QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93957

IBM AIX CVE-2016-6079 Unspecified Local Privilege Escalation Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94090

Moxa OnCell Series Products Authentication Bypass and OS Command Execution Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94092

Schneider Electric ION CVE-2016-5815 Series Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94091

OpenStack Compute (Nova) CVE-2016-2140 Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/84277

JPKI Client Software CVE-2016-4902 DLL Loading Remote Code Execution Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94087

I-O DATA DEVICE WFS-SR01 Multiple Security Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94089

Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94088

Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94086

mobiGate App CVE-2016-7805 SSL Certificate Validation Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94085

Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/93608

Memcached Multiple Integer Overflow Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94083

Multiple Samsung Galaxy Devices CVE-2016-7989 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94082

Samsung Mobile Phones CVE-2016-7988 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94081

Google V8 CVE-2016-5198 Unspecified Security Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94079

Cisco Meeting Server CVE-2016-6448 Buffer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94076

Google Chrome Information Disclosure and Security Bypass Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94078

Cisco Application Policy Infrastructure Controller CVE-2016-6457 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94077

Cisco TelePresence Endpoints CVE-2016-6459 Local Command Injection Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94075

Cisco Meeting Server and Meeting App CVE-2016-6447 Buffer Underflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94073

Cisco AsyncOS CVE-2016-6458 Remote Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94074OpenStack Compute (Nova) CVE-2016-2140 Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/84277

JPKI Client Software CVE-2016-4902 DLL Loading Remote Code Execution Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94087

I-O DATA DEVICE WFS-SR01 Multiple Security Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94089

Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94088

Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94086

mobiGate App CVE-2016-7805 SSL Certificate Validation Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94085

Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/93608

Memcached Multiple Integer Overflow Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94083

Multiple Samsung Galaxy Devices CVE-2016-7989 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94082

Samsung Mobile Phones CVE-2016-7988 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94081

Google V8 CVE-2016-5198 Unspecified Security Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94079

Cisco Meeting Server CVE-2016-6448 Buffer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94076

Google Chrome Information Disclosure and Security Bypass Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/94078

Cisco Application Policy Infrastructure Controller CVE-2016-6457 Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94077

Cisco TelePresence Endpoints CVE-2016-6459 Local Command Injection Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94075

Cisco Meeting Server and Meeting App CVE-2016-6447 Buffer Underflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94073

Cisco AsyncOS CVE-2016-6458 Remote Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94074

Cisco IOS XE Software CVE-2016-6441 Buffer Overflow Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94072

Cisco Prime Home CVE-2016-6452 Authentication Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94070

Cisco StarOS for ASR 5500 Series Routers CVE-2016-6455 Remote Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94071

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-11-04
http://www.securityfocus.com/bid/92630

Django CVE-2016-9013 Hardcoded Password Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94069

Django CVE-2016-9014 Security Bypass Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94068

ISC BIND CVE-2016-8864 Remote Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/94067

Adobe Acrobat and Reader CVE-2016-6937 Memory Corruption Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93014

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
2016-11-04
http://www.securityfocus.com/bid/93496

Oracle Java SE CVE-2016-5568 Use-After-Free Remote Code Execution Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93621

Oracle WebLogic Server CVE-2016-5535 Remote Code Execution Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93692

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/93188

ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability
2016-11-04
http://www.securityfocus.com/bid/92037

SANS News

Extracting Malware Transmitted Via Telnet

If DDOS Attacks are Natural Disasters, is it Time to Update your DR Plan?

Threatpost

Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server

GitLab Patches Command Execution Vulnerability

Outlook Web Access Two-Factor Authentication Bypass Exists

DMCA Exemptions Lift Hacking Restrictions

Exploit

BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow

PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow

PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow

PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow

Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow

IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation

IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation

PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow

Rapid PHP Editor 14.1 - Remote Command Execution

Redaxo 5.2.0 - Cross-Site Request Forgery

nodCMS - Cross-Site Request Forgery

sNews 1.7.1 - Arbitrary File Upload

sNews 1.7.1 - Cross-Site Request Forgery

Axessh 4.2 - Denial Of Service

3.11.2016

Bugtraq

[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) 2016-11-02
security-alert hpe com

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability 2016-11-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)

[slackware-security] php (SSA:2016-305-04) 2016-11-01
Slackware Security Team (security slackware com)

Malware

Ransom:Win32/DMALocker.A 

Backdoor.Bitral

Phishing

Wells Fargo

2nd November 2016

Your funds transfer to another
customer

Citi Bank

2nd November 2016

Your Citi Bank Account Has
Been Temporarily Suspended

Apple.id@icloud.com

2nd November 2016

WE'VE NOTICED THAT SOME OF
YOUR ACCOUNT INFORMATION
APPEARS TO BE MISSING OR
INCORRECT.

Vulnerebility

Google V8 CVE-2016-5198 Unspecified Security Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94079

Cisco Meeting Server CVE-2016-6448 Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94076

Google Chrome Information Disclosure and Security Bypass Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/94078

Cisco Application Policy Infrastructure Controller CVE-2016-6457 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94077

Cisco TelePresence Endpoints CVE-2016-6459 Local Command Injection Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94075

Cisco Meeting Server and Meeting App CVE-2016-6447 Buffer Underflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94073

Cisco AsyncOS CVE-2016-6458 Remote Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94074

Cisco IOS XE Software CVE-2016-6441 Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94072

Cisco Prime Home CVE-2016-6452 Authentication Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94070

Cisco StarOS for ASR 5500 Series Routers CVE-2016-6455 Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94071

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92630

Django CVE-2016-9013 Hardcoded Password Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94069

Django CVE-2016-9014 Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94068

ISC BIND CVE-2016-8864 Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94067

Adobe Acrobat and Reader CVE-2016-6937 Memory Corruption Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93014

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/93496

Oracle Java SE CVE-2016-5568 Use-After-Free Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93621

Oracle WebLogic Server CVE-2016-5535 Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93692

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93188

ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92037

Schneider Electric ConneXium CVE-2016-8352 Remote Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94062

IBHsoftec S7-SoftPLC CVE-2016-8364 Remote Heap Based Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94054

Schneider Electric Unity PRO Insecure File Downloading Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93830

Symantec Norton Mobile Security for Android CVE-2016-6587 Local Information Disclosure Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93858

Symantec Norton Mobile Security for Android CVE-2016-6585 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93900

Symantec Norton Mobile Security for Android CVE-2016-6586 Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93901

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/77278

OpenSSL CVE-2016-6307 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93152

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93150

ABB RobotWare Multiple Security Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/94034

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92630

Django CVE-2016-9013 Hardcoded Password Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94069

Django CVE-2016-9014 Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94068

ISC BIND CVE-2016-8864 Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94067

Adobe Acrobat and Reader CVE-2016-6937 Memory Corruption Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93014

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/93496

Oracle Java SE CVE-2016-5568 Use-After-Free Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93621

Oracle WebLogic Server CVE-2016-5535 Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93692

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93188

ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92037

Schneider Electric ConneXium CVE-2016-8352 Remote Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94062

IBHsoftec S7-SoftPLC CVE-2016-8364 Remote Heap Based Buffer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94054

Schneider Electric Unity PRO Insecure File Downloading Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93830

Symantec Norton Mobile Security for Android CVE-2016-6587 Local Information Disclosure Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93858

Symantec Norton Mobile Security for Android CVE-2016-6585 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93900

Symantec Norton Mobile Security for Android CVE-2016-6586 Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93901

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/77278

OpenSSL CVE-2016-6307 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93152

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93150

ABB RobotWare Multiple Security Vulnerabilities
2016-11-03
http://www.securityfocus.com/bid/94034

NTP CVE-2016-1548 Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/88264

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-11-03
http://www.securityfocus.com/bid/88261

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/88276

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/88226

IBM InfoSphere Information Server CVE-2016-6059 XML External Entity Injection Vulnerability
2016-11-03
http://www.securityfocus.com/bid/94032

OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93177

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92628

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92984

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2016-11-03
http://www.securityfocus.com/bid/93171

SANS News

What Does a Pentest Look Like?

Threatpost

Sundown Exploit Kit Larger Threat Than People Realize

Belkins WeMo Gear Can Hack Android Phones

Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs

Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk

Exploit

Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free

SunellSecurity NVR / Camera - Denial Of Service

Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)

Rapid PHP Editor 14.1 - Remote Command Execution

WinaXe 7.7 'FTP client' - Remote Buffer Overflow

Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass

Memcached 1.4.33 - PoC (3)

Memcached 1.4.33 - PoC (2)

Memcached 1.4.33 - PoC (1)

Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation...

Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass

Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution...

Freefloat FTP Server 1.0 - 'DIR' Command Buffer Overflow

SweetRice 1.5.1 - Cross-Site Request Forgery

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Alienvault OSSIM/USM 5.3.1 - SQL Injection

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

2.11.2016

Bugtraq

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)

[slackware-security] php (SSA:2016-305-04) 2016-11-01
Slackware Security Team (security slackware com)

[slackware-security] mariadb (SSA:2016-305-03) 2016-11-01
Slackware Security Team (security slackware com)

Malware

Trojan.Viotto

Phishing

Apple.id@icloud.com

2nd November 2016

WE'VE NOTICED THAT SOME OF
YOUR ACCOUNT INFORMATION
APPEARS TO BE MISSING OR
INCORRECT.

Apple

1st November 2016

RE: UPDATE YOUR APPLE ID
ACCOUNT INFORMATION !

Money Gram

1st November 2016

Dear Customer

Vulnerebility

Schneider Electric Unity PRO Insecure File Downloading Remote Code Execution Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93830

Symantec Norton Mobile Security for Android CVE-2016-6587 Local Information Disclosure Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93858

Symantec Norton Mobile Security for Android CVE-2016-6585 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93900

Symantec Norton Mobile Security for Android CVE-2016-6586 Security Bypass Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93901

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-11-02
http://www.securityfocus.com/bid/77278

OpenSSL CVE-2016-6307 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93152

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93150

ABB RobotWare Multiple Security Vulnerabilities
2016-11-02
http://www.securityfocus.com/bid/94034

NTP CVE-2016-1548 Security Bypass Vulnerability
2016-11-02
http://www.securityfocus.com/bid/88264

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-11-02
http://www.securityfocus.com/bid/88261

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/88276

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/88226

IBM InfoSphere Information Server CVE-2016-6059 XML External Entity Injection Vulnerability
2016-11-02
http://www.securityfocus.com/bid/94032

OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93177

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92628

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92984

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93171

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-11-02
http://www.securityfocus.com/bid/91319

OpenSSL CVE-2016-6305 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93149

OpenSSL CVE-2016-2180 Local Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92117

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93153

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92630

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2016-11-02
http://www.securityfocus.com/bid/92987

OpenSSL CVE-2016-6308 Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/93151

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-11-02
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-11-02
http://www.securityfocus.com/bid/91081

Microsoft Windows Kernel 'NtSetWindowLongPtr()' Function Local Privilege Escalation Vulnerability
2016-11-02
http://www.securityfocus.com/bid/94024

NVIDIA GPU Driver CVE-2016-8807 Local Stack Buffer Overflow Vulnerability
2016-11-02
http://www.securityfocus.com/bid/94002

NVIDIA GPU Display Driver CVE-2016-8805 Local Privilege Escalation Vulnerability
2016-11-02
http://www.securityfocus.com/bid/94001
SANS News

What Does a Pentest Look Like?

Threatpost

Google to Distrust WoSign, StartCom Certs in 2017

Sundown Exploit Kit Larger Threat Than People Realize

Exploit

MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation

MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race...

1.11.2016

Bugtraq

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01
Berend-Jan Wever (berendj nwever nl)

[slackware-security] php (SSA:2016-305-04) 2016-11-01
Slackware Security Team (security slackware com)

[slackware-security] mariadb (SSA:2016-305-03) 2016-11-01
Slackware Security Team (security slackware com)

CfP and Special Session :: CyberSec2017 2016-11-01
Jackie Blanco (jackie sdiwc info)

[slackware-security] x11 (SSA:2016-305-02) 2016-11-01
Slackware Security Team (security slackware com)

OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) 2016-10-31
Ralf Spenneberg (info os-t de)

[HITB-Announce] HITB2017AMS CFP 2016-10-31
Hafez Kamal (aphesz hackinthebox org)

October 2016 - Crowd - Critical Security Advisory 2016-10-31
David Black (dblack atlassian com)

[SECURITY] [DSA 3691-2] ghostscript regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)

Malware

Win32/Crytes.AA

VBA/TrojanDownloader.Agent.BVO

Win32/Agent.WJS

Phishing

Money Gram

1st November 2016

Dear Customer

Barclays Wealth

1st November 2016

SECURITY NOTICE

USAA

31st October 2016

Urgent - You Have An E-Payment
Transfer Pending

Support

31st October 2016

[Ticket ID: 777345] urgent
notice for steve-scott

Apple

31st October 2016

Your Apple ID Has Been
Discontinued.

Wells Fargo

31st October 2016

Wells Fargo Bank: You Have 1
Unread Security Message Alert

Vulnerebility

NVIDIA GPU Driver CVE-2016-8807 Local Stack Buffer Overflow Vulnerability
2016-11-01
http://www.securityfocus.com/bid/94002

NVIDIA GPU Display Driver CVE-2016-8805 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/94001

NVIDIA GPU Display Driver CVE-2016-8808 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93999

NVIDIA GPU Display Driver CVE-2016-8810 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93997

NVIDIA GPU Display Driver CVE-2016-8809 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93992

Symantec IT Management Suite CVE-2016-6589 Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93951

NVIDIA GPU Display Driver CVE-2016-8806 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93990

NVIDIA GPU Driver CVE-2016-8812 Local Stack Buffer Overflow Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93986

NVIDIA GPU Display Driver CVE-2016-7390 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93984

NVIDIA GPU Display Driver CVE-2016-7391 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93987

NVIDIA GPU Driver CVE-2016-7387 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93985

NVIDIA GPU Driver CVE-2016-7385 Local Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93981

NVIDIA GPU Driver CVE-2016-8811 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93988

NVIDIA GPU Driver CVE-2016-7386 Local Information Disclosure Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93982

NVIDIA GPU Display Driver CVE-2016-7384 Local Privilege Escalation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93983

OpenJPEG CVE-2016-9113 Null Pointer Dereference Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93980

Multiple Huawei Products CVE-2016-6670 Insecure Random Number Generation Vulnerability
2016-11-01
http://www.securityfocus.com/bid/92438

Citrix NetScaler ADC CVE-2016-9028 Open Redirection Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93947

OpenJPEG 'convert.c' CVE-2016-9115 Remote Heap Based Buffer Overflow Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93977

OpenJPEG 'openjp2/pi.c' Divide-By-Zero Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93978

OpenJPEG CVE-2016-9114 Null Pointer Dereference Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93979

OpenJPEG 'convert.c' CVE-2016-9116 Null Pointer Dereference Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93975

OpenJPEG 'convert.c' Remote Heap Based Buffer Overflow Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93976

OpenJPEG 'convert.c' Null Pointer Dereference Denial of Service Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93783

Microfocus Rumba FTP CVE-2016-5764 Stack Buffer Overflow Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93974

Novell NetIQ Identity Manager CVE-2016-1598 Cross Site Scripting Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93833

Novell NetIQ Identity Manager CVE-2016-1592 HTML Injection Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93973

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-11-01
http://www.securityfocus.com/bid/91081

Novell NetIQ Identity Manager CVE-2015-0787 HTML Injection Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93972

Wordpress contus-video-comments Plugin 'save.php' Arbitrary File Upload Vulnerability
2016-11-01
http://www.securityfocus.com/bid/93967

SANS News

SEC505 DFIR capture script: snapshot.ps1

Threatpost

WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing

ShadowBrokers Dumps Lists of Equation Group Hacked Servers

Nymaim Dropper Updates Delivery, Obfuscation Methods

Exploit

MacOS 10.12 - 'task_t' Privilege Escalation

OS X/iOS Kernel - IOSurface Use-After-Free

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues

NVIDIA Driver - NvStreamKms Stack Buffer Overflow in...

NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths...

freeFTPd 1.0.8 - 'mkd' Command Denial Of Service

Micro Focus Rumba 9.4 - Local Denial Of Service

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow

NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to...

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d

NVIDIA Driver - No Bounds Checking in Escape 0x7000194

NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D

NVIDIA Driver - Escape 0x100010b Missing Bounds Check

NVIDIA Driver - No Bounds Checking in Escape 0x7000170

NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027

NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2

NVIDIA Driver - Missing Bounds Check in Escape 0x100009a

NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5

NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014

NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9

PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow

Rumba FTP Client 4.x - Stack buffer overflow (SEH)

S9Y Serendipity 2.0.4 - Cross-Site Scripting

31.10.2016

Bugtraq

October 2016 - Crowd - Critical Security Advisory 2016-10-31
David Black (dblack atlassian com)

[SECURITY] [DSA 3691-2] ghostscript regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3701-2] nginx regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)

Malware

BrowserModifier:Win32/Sasquor 
TrojanDropper:MSIL/Vibes.A 
TrojanDropper:Win32/Strumapine.A 
PWS:Win32/Primarypass.A 
Worm:Win32/Fadok.A 
TrojanDownloader:Win32/Javsisxep.A 
TrojanSpy:Win32/Quasdent.A 
TrojanDropper:VBS/Micwix.A 
TrojanDownloader:Win32/Shelpy.A 

Phishing

Apple

31st October 2016

Your Apple ID Has Been
Discontinued.

Wells Fargo

31st October 2016

Wells Fargo Bank: You Have 1
Unread Security Message Alert

USAA

30th October 2016

Your USAA Preference
Verification Required

Vulnerebility

Multiple Huawei Products CVE-2016-6670 Insecure Random Number Generation Vulnerability
2016-10-31
http://www.securityfocus.com/bid/92438

Citrix NetScaler ADC CVE-2016-9028 Open Redirection Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93947

OpenJPEG 'convert.c' CVE-2016-9115 Remote Heap Based Buffer Overflow Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93977

OpenJPEG 'openjp2/pi.c' Divide-By-Zero Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93978

OpenJPEG CVE-2016-9114 Null Pointer Dereference Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93979

OpenJPEG 'convert.c' CVE-2016-9116 Null Pointer Dereference Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93975

OpenJPEG 'convert.c' Remote Heap Based Buffer Overflow Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93976

OpenJPEG 'convert.c' Null Pointer Dereference Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93783

Microfocus Rumba FTP CVE-2016-5764 Stack Buffer Overflow Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93974

Novell NetIQ Identity Manager CVE-2016-1598 Cross Site Scripting Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93833

Novell NetIQ Identity Manager CVE-2016-1592 HTML Injection Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93973

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-31
http://www.securityfocus.com/bid/91081

Novell NetIQ Identity Manager CVE-2015-0787 HTML Injection Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93972

Wordpress contus-video-comments Plugin 'save.php' Arbitrary File Upload Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93967

Moodle CVE-2016-7919 Information Disclosure Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93971

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93153

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-31
http://www.securityfocus.com/bid/92630

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-10-31
http://www.securityfocus.com/bid/91319

SAP Hybris Management Console CVE-2016-6858 HTML Injection Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93966

Joomla! Core CVE-2016-9081 Security Bypass Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93969

HP ThinkPwn UEFI BIOS 'SmmRuntime' Remote Privilege Escalation Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93958

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93964

Cisco AsyncOS CVE-2016-1480 Remote Security Bypass Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93914

HP System Management Homepage Multiple Security Vulnerabilities
2016-10-31
http://www.securityfocus.com/bid/93961

SAP Hybris Management Console CVE-2016-6857 HTML Injection Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93960

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-10-31
http://www.securityfocus.com/bid/93965

PHP CVE-2016-5385 Security Bypass Vulnerability
2016-10-31
http://www.securityfocus.com/bid/91821

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-10-31
http://www.securityfocus.com/bid/91816

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-10-31
http://www.securityfocus.com/bid/89744

SANS News

Volatility Bot: Automated Memory Analysis

Threatpost

 

Exploit

S9Y Serendipity 2.0.4 - Cross-Site Scripting

Micro Focus Rumba 9.4 - Local Denial of Service

freeFTPd 1.0.8 - 'mkd' Command Denial Of Service

30.10.2016

Bugtraq

[SECURITY] [DSA 3701-2] nginx regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows 2016-10-27
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information 2016-10-27
security-alert hpe com

[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege 2016-10-27
HP Security Alert (hp-security-alert hp com)

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)

Malware

Backdoor:Win32/Crugup.B 
Worm:Win32/Dorkbot!ac 
Worm:Win32/Dorkbot.BA!bit 
Ransom:Win32/Stampado.A 
Ransom:Win32/Bartcrypt.A 
BrowserModifier:Win32/Heazycrome 

Trojan.Dunihidrop

Backdoor.Korplug.D

Phishing

omg ex gf

29th October 2016

Watch ex girlfriends videos

USAA

28th October 2016

Account Locked - Your USAA
Preference Verification
Required

CUSTOMER CARE

28th October 2016

About your microsoft devoloper
account !

Vulnerebility

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-30
http://www.securityfocus.com/bid/91081

Novell NetIQ Identity Manager CVE-2015-0787 HTML Injection Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93972

Wordpress contus-video-comments Plugin 'save.php' Arbitrary File Upload Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93967

Moodle CVE-2016-7919 Information Disclosure Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93971

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93153

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-30
http://www.securityfocus.com/bid/92630

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-10-30
http://www.securityfocus.com/bid/91319

SAP Hybris Management Console CVE-2016-6858 HTML Injection Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93966

Joomla! Core CVE-2016-9081 Security Bypass Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93969

HP ThinkPwn UEFI BIOS 'SmmRuntime' Remote Privilege Escalation Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93958

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93964

Cisco AsyncOS CVE-2016-1480 Remote Security Bypass Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93914

HP System Management Homepage Multiple Security Vulnerabilities
2016-10-30
http://www.securityfocus.com/bid/93961

SAP Hybris Management Console CVE-2016-6857 HTML Injection Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93960

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93965

PHP CVE-2016-5385 Security Bypass Vulnerability
2016-10-30
http://www.securityfocus.com/bid/91821

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-10-30
http://www.securityfocus.com/bid/91816

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-10-30
http://www.securityfocus.com/bid/89744

PHP 'snmp.c' Remote Format String Vulnerability
2016-10-30
http://www.securityfocus.com/bid/85800

Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
2016-10-30
http://www.securityfocus.com/bid/91818

QEMU 'hw/9pfs/9p.c' Integer Overflow Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93956

SAP Hybris CVE-2016-6859 Information Disclosure Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93959

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93962

SAP Hybris Management Console CVE-2016-6856 Cross Site Scripting Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93954

QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/93957

PHP 'php_raw_url_encode()' Function Integer Overflow Vulnerability
2016-10-30
http://www.securityfocus.com/bid/85801

PHP 'ext/phar/phar_object.c' Heap Buffer Overflow Vulnerability
2016-10-30
http://www.securityfocus.com/bid/89154

PHP CVE-2016-4539 Remote Denial Of Service Vulnerability
2016-10-30
http://www.securityfocus.com/bid/90174

PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
2016-10-30
http://www.securityfocus.com/bid/90173

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-29
http://www.securityfocus.com/bid/91081

Novell NetIQ Identity Manager CVE-2015-0787 HTML Injection Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93972

Wordpress contus-video-comments Plugin 'save.php' Arbitrary File Upload Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93967

Moodle CVE-2016-7919 Information Disclosure Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93971

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93153

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-29
http://www.securityfocus.com/bid/92630

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-10-29
http://www.securityfocus.com/bid/91319

SAP Hybris Management Console CVE-2016-6858 HTML Injection Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93966

Joomla! Core CVE-2016-9081 Security Bypass Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93969

HP ThinkPwn UEFI BIOS 'SmmRuntime' Remote Privilege Escalation Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93958

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93964

Cisco AsyncOS CVE-2016-1480 Remote Security Bypass Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93914

HP System Management Homepage Multiple Security Vulnerabilities
2016-10-29
http://www.securityfocus.com/bid/93961

SAP Hybris Management Console CVE-2016-6857 HTML Injection Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93960

QEMU 'v9fs_link()' Function Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93965

PHP CVE-2016-5385 Security Bypass Vulnerability
2016-10-29
http://www.securityfocus.com/bid/91821

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-10-29
http://www.securityfocus.com/bid/91816

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-10-29
http://www.securityfocus.com/bid/89744

PHP 'snmp.c' Remote Format String Vulnerability
2016-10-29
http://www.securityfocus.com/bid/85800

Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
2016-10-29
http://www.securityfocus.com/bid/91818

QEMU 'hw/9pfs/9p.c' Integer Overflow Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93956

SAP Hybris CVE-2016-6859 Information Disclosure Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93959

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93962

SAP Hybris Management Console CVE-2016-6856 Cross Site Scripting Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93954

QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/93957

PHP 'php_raw_url_encode()' Function Integer Overflow Vulnerability
2016-10-29
http://www.securityfocus.com/bid/85801

PHP 'ext/phar/phar_object.c' Heap Buffer Overflow Vulnerability
2016-10-29
http://www.securityfocus.com/bid/89154

PHP CVE-2016-4539 Remote Denial Of Service Vulnerability
2016-10-29
http://www.securityfocus.com/bid/90174

PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
2016-10-29
http://www.securityfocus.com/bid/90173

SANS News

Windows "Atom Bombing" Attack

Threatpost

Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back

Google to Make Certificate Transparency Mandatory By 2017

Keen Lab Takes Down iPhone 6S, Nexus 6P at Mobile Pwn2Own


Dyn DDoS Could Have Topped 1 Tbps

Cisco Patches Critical Vulnerability in Facility Events Response System

Apple Patches iTunes, iCloud for Windows, Xcode Server

Exploit

CherryTree 0.36.9 - Memory Corruption (PoC)

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials

InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery

InfraPower PPS-02-S Q213V1 - Multiple XSS

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 - Local File Disclosure

27.10.2016

Bugtraq

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)

[SECURITY] [DSA 3700-1] asterisk security update 2016-10-25
Moritz Muehlenhoff (jmm debian org)

Malware

BrowserModifier:Win32/Heazycrome 

Backdoor.Apimas

Trojan.Dunihi

W32.Dunihi

Phishing

 

Vulnerebility

Iceni Argus 'ipNameAdd()' Function Remote Stack Buffer Overflow Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93936

GNU Tar CVE-2016-6321 Security Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93937

Huawei Mate 8 CVE-2016-8756 Local Denial of Service Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93935

Cisco ACE CVE-2016-6399 Denial of Service Vulnerability
2016-10-27
http://www.securityfocus.com/bid/92867

HP Business Service Management CVE-2016-4392 Cross Site Scripting Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93933

Linux Kernel Vfio Driver CVE-2016-9084 Integer Overflow Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93930

Drupal Tripal BLAST UI Module Remote Code Execution Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93934

Cairo 'cairo-png.c' Integer Overflow Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93931

Linux Kernel CVE-2016-9083 Local Integer Overflow Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93929

Libwebp 'gif2webp.c' Multiple Integer Overflow Vulnerabilities
2016-10-27
http://www.securityfocus.com/bid/93928

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93793

Huawei Smart Phone CVE-2016-8757 Local Information Disclosure Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93932

Yandex Browser CVE-2016-8506 Cross Site Scripting Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93927

Linux Kernel CVE-2015-8950 Information Disclosure Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93318

Candlepin 'subscription-manager' CVE-2016-4455 Insecure File Permissions Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93926

Yandex Browser CVE-2016-8505 Cross Site Scripting Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93925

Yandex Browser CVE-2016-8504 Cross Site Request Forgery Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93924

Yandex Browser CVE-2016-8502 Brute Force Authentication Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93923

Yandex Browser CVE-2016-8503 Brute Force Authentication Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93921

Yandex Browser CVE-2016-8501 Man in the Middle Security Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93920

Cisco Prime Collaboration Provisioning CVE-2016-6451 Multiple Cross Site Scripting Vulnerabilities
2016-10-27
http://www.securityfocus.com/bid/93917

Cisco IP Interoperability and Collaboration System Local Privilege Escalation Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93919

Cisco IP Interoperability and Collaboration System CVE-2016-6429 Cross Site Scripting Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93915

Cisco Hosted Collaboration Mediation Fulfillment Cross Site Request Forgery Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93916

Cisco IP Interoperability and Collaboration System CVE-2016-6397 Authentication Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93913

Multiple Cisco Products CVE-2016-6439 Denial of Service Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93787

Multiple Cisco Products CVE-2016-6360 Denial of Service Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93910

Cisco AsyncOS CVE-2016-1480 Remote Security Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93914

Cisco AsyncOS CVE-2016-6357 Remote Security Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93909

Cisco AsyncOS for Email and Web Security Appliances Remote Security Bypass Vulnerability
2016-10-27
http://www.securityfocus.com/bid/93911

SANS News

Your Bill Is Not Overdue today!

Threatpost

Remote Code Execution Vulnerabilities Plague LibTIFF Library

Joomla Update Fixes Two Critical Issues, 2FA Error

Windows Atom Tables Can Be Abused for Code Injection Attacks

Exploit

Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure

Boonex Dolphin 7.3.2 - Authentication Bypass

Joomla 3.4.4 - 3.6.4 - Account Creation / Privilege Escalation

HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation

GNU GTypist 2.9.5-2 - Local Buffer Overflow

uSQLite 1.0.0 - Denial Of Service

26.10.2016

Bugtraq

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)

[SECURITY] [DSA 3700-1] asterisk security update 2016-10-25
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3701-1] nginx security update 2016-10-25
Florian Weimer (fw deneb enyo de)

Malware

Trojan.Kitkiot

Backdoor:Win32/Plugx.X 
Backdoor:Win32/Plugx.X!lnk 

Phishing

PayPal

26th October 2016

We noticed unusual activity in
your PayPal account

Limited Time Offer

26th October 2016

Get $50 Amazon Gift Card !!
Halloween Offer !!

Bank of

26th October 2016

Bank of America Alert: Account
locked due to unusual
activity.

Dr. William s Watts

25th October 2016

YOUR FUND TRANSFERRED VIA
WESTERN UNION

Vulnerebility

DBD::mysql 'my_login()' Function Use After Free Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/92118

perl-DBD-MySQL CVE-2016-1246 Remote Buffer Overflow Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93337

DBD::mysql CVE-2014-9906 Incomplete Fix Use After Free Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/92149

Xen CVE-2016-7092 Local Privilege Escalation Vulnerability
2016-10-26
http://www.securityfocus.com/bid/92862

QEMU CVE-2016-4439 Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/90760

Xen CVE-2016-4480 Security Bypass Vulnerability
2016-10-26
http://www.securityfocus.com/bid/90710

QEMU '/hw/net/mipsnet.c' Remote Buffer Overflow Vulnerability
2016-10-26
http://www.securityfocus.com/bid/85992

Xen CVE-2016-6258 Privilege Escalation Vulnerability
2016-10-26
http://www.securityfocus.com/bid/92131

Xen CVE-2016-7094 Local Denial of Service Vulnerability
2016-10-26
http://www.securityfocus.com/bid/92864

QEMU 'get_cmd()' Function Denial of Service Vulnerability
2016-10-26
http://www.securityfocus.com/bid/90995

QEMU 'hw/scsi/esp.c' Multiple Remote Code Execution Vulnerabilities
2016-10-26
http://www.securityfocus.com/bid/91079

Xen CVE-2016-3960 NULL pointer Dereference Remote Denial of Service Vulnerability
2016-10-26
http://www.securityfocus.com/bid/86318

QEMU CVE-2016-4441 Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/90762

QEMU CVE-2016-3710 Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/90316

Xen CVE-2016-3159 Information Disclosure Vulnerability
2016-10-26
http://www.securityfocus.com/bid/85716

QEMU 'stellaris_enet_receive()' Function Remote Buffer Overflow Vulnerability
2016-10-26
http://www.securityfocus.com/bid/85976

Xen CVE-2016-3158 Information Disclosure Vulnerability
2016-10-26
http://www.securityfocus.com/bid/85714

QEMU 'vga.c' Information Disclosure Vulnerability
2016-10-26
http://www.securityfocus.com/bid/69654

Quagga Routing Software Suite CVE-2016-4049 Denial Of Service Vulnerability
2016-10-26
http://www.securityfocus.com/bid/88561

OpenSUSE and SUSE Linux Enterprise Server CVE-2016-4036 Local Information Disclosure Vulnerability
2016-10-26
http://www.securityfocus.com/bid/87324

Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93476

HP ThinPro CVE-2016-2246 Local Privilege Escalation Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93904

Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93903

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-26
http://www.securityfocus.com/bid/91081

LibTIFF CVE-2016-5652 Heap Buffer Overflow Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93902

libTIFF CVE-2016-8331 Type Confusion Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93898

LibTIFF 'libtiff/tif_pixarlog.c' Heap Buffer Overflow Vulnerability
2016-10-26
http://www.securityfocus.com/bid/91500

Firejail CVE-2016-9016 Remote Privilege Escalation Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93899

Adobe Flash Player CVE-2016-7855 Use After Free Remote Code Execution Vulnerability
2016-10-26
http://www.securityfocus.com/bid/93861

Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
2016-10-26
http://www.securityfocus.com/bid/72809

SANS News

Critical Flash Player Update APSB16-36

Threatpost

Apple Patches iOS Flaw Exploitable by Malicious JPEG

Following Lull, New Campaigns Pushing Retooled Pumpkin Locky

Lawmakers Asking What ISPs Can Do About DDoS Attacks

Adobe Patches Flash Zero Day Under Attack

Remote Code Execution Vulnerabilities Plague LibTIFF Library

Exploit

Network Scanner 4.0.0 - SEH Local Buffer Overflow

Komfy Switch with Camera DKZ-201S/W - Wifi Password Disclosure

Boonex Dolphin 7.3.2 - Authentication Bypass

SmallFTPd 1.0.3 - 'mkd' Command Denial of Service

25.10.2016

Bugtraq

CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path 2016-10-25
Dennis E. Hamilton (orcmid apache org)

wincvs-2.0.2.4 Privilege Escalation 2016-10-25
apparitionsec gmail com

APPLE-SA-2016-10-24-3 Safari 10.0.1 2016-10-24
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3698-1] php5 security update 2016-10-24
Salvatore Bonaccorso (carnil debian org)

Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com

Malware

Ransom:Win32/Cerber 

Infostealer.Zum

Backdoor:Win32/Plugx.X!lnk 
Backdoor:Win32/Plugx.X 

Backdoor:Win32/Plugx.X!lnk 

Phishing

Nationwide Building Society

24th October 2016

YOUR ONLINE BANKING ACCESS WAS
DENIED

USAA

23rd October 2016

Account Locked - Urgent
Verification Required

Vulnerebility

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93793

AlienVault USM/OSSIM CVE-2016-8583 Multiple Cross Site Scripting Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93863

Multiple AlienVault Products 'widgets/data/gauge.php' SQL Injection Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93866

Alienvault OSSIM/USM CVE-2016-8581 HTML Injection Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93862

libwmf CVE-2016-9011 Memory Corruption Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93860

Foreman CVE-2016-8613 HTML Injection Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93859

WebKit CVE-2016-4677 Multiple Unspecified Memory Corruption Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93853

Apple iOS/tvOS/WatchOS Multiple Information Disclosure Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93854

Apple iOS/tvOS/macOS CVE-2016-7579 Information Disclosure Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93856

Apple macOS Prior to 10.12.1 Multiple Security Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93852

Puppet Enterprise User Enumeration Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93847

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93849

WebKit Multiple Security Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93851

Apple Mac OS X and iOS CVE-2016-4635 Security Bypass Vulnerability
2016-10-25
http://www.securityfocus.com/bid/91829

ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/92037

ISC BIND CVE-2016-6170 Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/91611

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93188

ISC BIND CVE-2016-2088 Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/84290

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/81329

ISC BIND CVE-2015-8705 Remote Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/81314

QEMU CVE-2016-8909 Infinite Loop Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93842

Apple iOS CVE-2016-4686 Security Bypass Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93848

QEMU CVE-2016-8910 Infinite Loop Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93844

Puppet Enterprise CVE-2016-5715 Incomplete Fix Open Redirection Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93846

Puppet Enterprise CVE-2015-6501 Open Redirection Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93845

Ubuntu tracker-extract Package Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93843

Microsoft Windows NDISTAPI CVE-2011-1974 Local Privilege Escalation Vulnerability
2016-10-25
http://www.securityfocus.com/bid/48996

KMail Multiple Security Vulnerabilities
2016-10-25
http://www.securityfocus.com/bid/93360

OpenSSL CVE-2016-8610 Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93841

JasPer CVE-2016-8886 Denial of Service Vulnerability
2016-10-25
http://www.securityfocus.com/bid/93839

SANS News

A few Mirai Updates: MIPS, PPC version; a bit less scanning

Another Day, Another Spam...

Threatpost

Rowhammer Vulnerability Comes to Android

Fake Microsoft Installer Leads to Malware, Support Call Scam

Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS

St. Jude Faces New Claim Heart Implants are Hackable

Find Your Keys, Lose Your Privacy

Election Leaks Failed to Move Needle on Polls

Following Lull, New Campaigns Pushing Retooled Pumpkin Locky

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

Exploit

Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery

EC-CUBE 2.12.6 - Server-Side Request Forgery

Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration...

Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)

24.10.2016

Bugtraq

[SECURITY] [DSA 3698-1] php5 security update 2016-10-24
Salvatore Bonaccorso (carnil debian org)

Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com

Puppet Enterprise Web Interface User Enumeration 2016-10-21
apparitionsec gmail com

Malware

Ransom.SHCLocker

Phishing

USAA

23rd October 2016

Account Locked - Urgent
Verification Required

Community Resource Credit Unio

23rd October 2016

Locked account

Barclays

22nd October 2016

Barclays (8)

Vulnerebility

Joomla! Core 'com_joomlaupdate' Cross Site Request Forgery Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93840

IBM Security Guardium CVE-2016-0240 Man in the Middle Information Disclosure Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93836

JasPer Incomplete Fix Multiple Null Pointer Dereference Denial of Service Vulnerabilities
2016-10-24
http://www.securityfocus.com/bid/93834

Atlassian Crowd CVE-2016-6496 LDAP Injection Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93826

Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91275

Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/88826

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91068

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91067

Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
2016-10-24
http://www.securityfocus.com/bid/85070

Apache Struts CVE-2016-4436 Security Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91280

Apache Struts CVE-2016-3093 Denial of Service Vulnerability
2016-10-24
http://www.securityfocus.com/bid/90961

Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
2016-10-24
http://www.securityfocus.com/bid/86311

Apache Struts CVE-2016-4431 Security Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91284

Apache Struts CVE-2016-4433 Security Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91282

Apache Struts CVE-2016-4465 Denial of Service Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91278

Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91281

Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/90960

Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/87327

Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/85066

IBM Security Guardium Database Activity Monitor CVE-2016-0241 Local Security Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93828

Schneider Electric Unity PRO Insecure File Downloading Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93830

IBM Cognos Disclosure Management CVE-2016-6077 Local Command Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93829

IBM Security Guardium Database Activity Monitor CVE-2016-0239 Authorization Bypass Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93827

Multiple Panda Security Multiple Products DLL Loading Local Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/91465

Cisco WebEx Meetings Player CVE-2016-1464 Remote Code Execution Vulnerability
2016-10-24
http://www.securityfocus.com/bid/92708

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93793

IBM Security Guardium CVE-2016-0242 Information Disclosure Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93825

IBM Rational Quality Manager CVE-2016-0326 Remote Command Injection Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93824

IBM Security Guardium Database Activity Monitor CVE-2016-0236 Remote Command Injection Vulnerability
2016-10-24
http://www.securityfocus.com/bid/93823

Joomla! Huge-IT Slideshow Extension Multiple Security Vulnerabilities
2016-10-24
http://www.securityfocus.com/bid/93822

SANS News

ISC Briefing: Large DDoS Attack Against Dyn

Threatpost

 

Exploit

Zenbership 107 - Multiple Vulnerabilities

Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery

Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)

23.10.2016

Bugtraq

Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com

Puppet Enterprise Web Interface User Enumeration 2016-10-21
apparitionsec gmail com

Puppet Enterprise Web Interface Authentication Redirect 2016-10-21
apparitionsec gmail com

Oracle Netbeans IDE v8.1 Import Directory Traversal 2016-10-21
apparitionsec gmail com

Malware

SupportScam:MSIL/Hicurdismos.A 

Trojan.Sarvdap

Phishing

USAA

21st October 2016

Account Locked - Urgent Action
Required

HSBC Bank

21st October 2016

Please check your account !

service@intl.paypal

21st October 2016

YOU HAVE A PROBLEM WITH YOUR
PAYPAL ACCOUNT

Vulnerebility

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93793

IBM Security Guardium Database Activity Monitor CVE-2016-0236 Remote Command Injection Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93823

Joomla! Huge-IT Slideshow Extension Multiple Security Vulnerabilities
2016-10-23
http://www.securityfocus.com/bid/93822

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
2016-10-23
http://www.securityfocus.com/bid/93496

Joomla! Huge-IT Portfolio Gallery Manager Multiple Security Vulnerabilities
2016-10-23
http://www.securityfocus.com/bid/93821

RETIRED: ISC BIND CVE-2016-2848 Remote Denial of Service Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93809

WordPress hero-maps-pro Plugin 'index.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93815

WordPress hdw-tube Plugin 'mychannel.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93820

WordPress infusionsoft Plugin CVE-2016-1000139 Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93819

WordPress heat-trackr Plugin 'heat-trackr_abtest_add.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93818

WordPress New-year-firework Plugin CVE-2016-1000140 Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93817

ISC BIND CVE-2016-2848 Remote Denial of Service Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93814

WordPress indexisto Plugin 'indexisto-inject.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93816

McAfee Host Intrusion Prevention Services CVE-2016-8007 Local Authentication Bypass Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93813

Mozilla Firefox CVE-2016-5288 Information Disclosure Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93810

Mozilla Firefox CVE-2016-5287 Denial of Service Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93811

Mozilla Firefox Multiple Security Vulnerabilities
2016-10-23
http://www.securityfocus.com/bid/92260

Mozilla Firefox Multiple Security Vulnerabilities
2016-10-23
http://www.securityfocus.com/bid/93049

Nuuo NT-4040 Titan CVE-2016-6553 Insecure Default Password Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93807

Intellian Satellite TV t-Series and v-Series CVE-2016-6551 Insecure Default Password Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93808

Green Packet DX-350 CVE-2016-6552 Insecure Default Password Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93806

Multiple Synology DiskStation Products CVE-2016-6554 Insecure Default Password Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93805

WordPress PhotoXhibit Plugin 'pages/build.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93803

WordPress page-layout-builder Plugin CVE-2016-1000141 Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93804

WordPress parsi-font Plugin 'css.php' Cross Site Scripting Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93802

Hopper Dissassembler CVE-2016-8390 Remote Code Execution Vulnerability
2016-10-23
http://www.securityfocus.com/bid/93801

Oracle MySQL Server CVE-2015-2620 Remote Security Vulnerability
2016-10-23
http://www.securityfocus.com/bid/75837

Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
2016-10-23
http://www.securityfocus.com/bid/75849

Oracle MySQL Server CVE-2015-4767 Remote Security Vulnerability
2016-10-23
http://www.securityfocus.com/bid/75844

Oracle MySQL Server CVE-2015-2643 Remote Security Vulnerability
2016-10-23
http://www.securityfocus.com/bid/75830

SANS News

Request for Packets TCP 4786 - CVE-2016-6385

Threatpost

Serious Dirty Cow Linux Vulnerability Under Attack

Mozilla Turning TLS 1.3 On By Default With Firefox 52

Exploit

TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution...

Just Dial Clone Script - SQL Injection

FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation

Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege...

RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)

Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)

21.10.2016

Bugtraq

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20
EMC Product Security Response Center (Security_Alert emc com)

Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)

Malware

Trojan.Sarvdap

Phishing

service@intl.paypal

21st October 2016

YOU HAVE A PROBLEM WITH YOUR
PAYPAL ACCOUNT

PayPal

21st October 2016

UPDATE ACCOUNT INFORMATION

Stripe

21st October 2016

confirmation of stripe account

Apple Support

21st October 2016

Important Update Required In
Your Account

Eve

21st October 2016

Invalid login attempts on your
Account

PayPal

21st October 2016

Your card has been removed
from your PayPal account

USAA

21st October 2016

NEW USAA ONLINE MESSAGE

Apple

21st October 2016

APPLE ACCOUNT UPDATE

Customer service

21st October 2016

New Message from PayPal Member

Outlook Team

21st October 2016

ID: 133 - Email Security
Alert! (June 2016)�

HSBC

21st October 2016

Suspended Notice

Amazon

21st October 2016

BE AN AMAZONS NEW SMARTPHONE
TESTER

BARCLAYS PLC

21st October 2016

Access Suspended Notification

 

MR. CHRIS JOSEPH

21st October 2016

ATTENTION DEAR BENEFICIARY
OWNER OF THIS ATM VISA
CARD!!!.

WELLSFARGO

21st October 2016

Your Account Untrusted
Authorization

Apple - iTunes Store

21st October 2016

New order

Amazon

21st October 2016

TEST AND KEEP THE AMAZONS NEW
SMARTPHONE

Apple

21st October 2016

Your Apple ID has been
temporarily suspended

Tesco Bank

21st October 2016

TESCO BANK ALERTS: URGENT
VERIFICATION REQUIRED

Chase

21st October 2016

UPDATE YOUR ACCOUNT NOW

hans

21st October 2016

NEW PRODUCTS NEED YOUR REVIEW
IN UK AMAZONï¼KOMMIIï¼?
(TO L H)

Amazon.co.uk

21st October 2016

Verify Your Account.

Service-Amazon

21st October 2016

Account Alert

Paypal Service

21st October 2016

YOUR ACCOUNT HAS BEEN LIMITED
!

Vulnerebility

Mozilla Network Security Services CVE-2014-1492 Security Bypass Vulnerability
2016-10-21
http://www.securityfocus.com/bid/66356

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-10-21
http://www.securityfocus.com/bid/78626

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/75510

Mozilla Network Security Services CVE-2013-5606 Certificate Validation Security Bypass Vulnerability
2016-10-21
http://www.securityfocus.com/bid/63737

Mozilla Network Security Services CVE-2014-1490 Use After Free Memory Corruption Vulnerability
2016-10-21
http://www.securityfocus.com/bid/65335

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/78623

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2016-10-21
http://www.securityfocus.com/bid/70116

Network Security Services Uninitialized Data Read Security Vulnerability
2016-10-21
http://www.securityfocus.com/bid/62966

Motorola Multiple Devices For Android Local Privilege Escalation Vulnerability
2016-10-21
http://www.securityfocus.com/bid/59264

Mozilla Network Security Services CVE-2013-5605 Remote Arbitrary Code Execution Vulnerability
2016-10-21
http://www.securityfocus.com/bid/63738

ISC DHCP Multiple Denial of Service Vulnerabilities
2016-10-21
http://www.securityfocus.com/bid/54665

Xen CVE-2015-2151 Memory Corruption Vulnerability
2016-10-21
http://www.securityfocus.com/bid/73015

Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability
2016-10-21
http://www.securityfocus.com/bid/67975

WordPress wpsolr-search-engine Plugin 'template-my-accounts.php' Cross Site Scripting Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93536

Mozilla Network Security Services CVE-2013-1741 Integer Overflow Vulnerability
2016-10-21
http://www.securityfocus.com/bid/63736

ISC DHCP Multiple Denial of Service Vulnerabilities
2016-10-21
http://www.securityfocus.com/bid/49120

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
2016-10-21
http://www.securityfocus.com/bid/47176

Google Chrome Prior to 54.0.2840.59 Multiple Security Vulnerabilities
2016-10-21
http://www.securityfocus.com/bid/93528

Juniper Junos CVE-2016-4922 Multiple Local Privilege Escalation Vulnerabilities
2016-10-21
http://www.securityfocus.com/bid/93534

Juniper JunosE CVE-2016-4925 Denial of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93533

Juniper Junos J-Web CVE-2016-4923 Cross Site Scripting Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93529

Juniper vMX CVE-2016-4924 Local Security Bypass Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93531

Juniper Junos CVE-2016-4921 Denial of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93532

Multiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities
2016-10-21
http://www.securityfocus.com/bid/93530

Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/73407

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/91453

Apache POI CVE-2012-0213 Denial Of Service Vulnerability
2016-10-21
http://www.securityfocus.com/bid/53487

Multiple F5 Products CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability
2016-10-21
http://www.securityfocus.com/bid/71549

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2016-10-21
http://www.securityfocus.com/bid/69647

Cisco IOS XE Software CVE-2016-6438 Remote Security Bypass Vulnerability
2016-10-21
http://www.securityfocus.com/bid/93518

SANS News

Dyn.com DDoS Attack

How Stolen iOS Devices Are Unlocked

Threatpost

Yahoo Asks DNI to De-Classify Email Scanning Order

Locky Ransomware Learns New Evasive Tricks

iCloud Phishing Campaign Zycode Back From the Dead
 

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

Exploit

Linux Kernel 2.6.22 < 3.9 (x86/x46) - 'Dirty COW' Race Condition Privilege...

MiCasa VeraLite - Remote Code Execution

Hak5 WiFi Pineapple - Preconfiguration Command Injection (Metasploit)

OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)

Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML...

Microsoft Edge - Array.map Heap Overflow (MS16-119)

Microsoft Edge - Array.join Info Leak (MS16-119)

SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service

SAP Adaptive Server Enterprise 16 - Denial of Service

Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds...

Windows win32k.sys - TTF Processing win32k!sbit_Embolden /...

Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in...

Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation...

Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege...

Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation...

20.10.2016

Bugtraq

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20
EMC Product Security Response Center (Security_Alert emc com)

Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)

[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability 2016-10-20
dirtycow dirtcow ninja

Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution 2016-10-19
security-alert hpe com

Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability 2016-10-19
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3695-1] quagga security update 2016-10-18
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3694-1] tor security update 2016-10-18
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Sabresac

Phishing

service@paypal.co.uk

20th October 2016

Reminder: Your account has
been Iimited-Update required.

Barclays Bank PLC

20th October 2016

You have new available
documents available in
Barclays Cloud It

Apple

20th October 2016

Your Apple Order

PayPal.Inc

20th October 2016

Yout Paypal Accounts Has Been
Limited

Apple

20th October 2016

IMPORTANT: APPLE PREVIEWS
MAJOR UPDATE

Service client

20th October 2016

Account Notification

Barclays

20th October 2016

Access to online banking has
been blocked

PayPal.inc

20th October 2016

FWD: [ PAYPAL ] : ACCOUNT
NOTICE !

Mr.Adebayo Adelabu

20th October 2016

Kindly get back to me urgently

Vulnerebility

OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93776

Multiple Cisco Products CVE-2016-6439 Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93787

Node.js CVE-2016-7099 Security Bypass Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93191

Node.js CVE-2016-5325 CRLF Injection Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93483

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93150

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/91081

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2016-10-20
http://www.securityfocus.com/bid/92984

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/92630

EMC Avamar Data Store and Avamar Virtual Edition Local Privilege Escalation Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93788

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/75158

PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability
2016-10-20
http://www.securityfocus.com/bid/79825

Cisco Adaptive Security Appliance (ASA) Software CVE-2016-6431 Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93786

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
2016-10-20
http://www.securityfocus.com/bid/67121

Cisco Meeting Server CVE-2016-6444 Cross Site Request Forgery Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93785

Cisco Adaptive Security Appliance Products CVE-2016-6432 Buffer Overflow Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93784

libarchive Multiple Security Vulnerabilities
2016-10-20
http://www.securityfocus.com/bid/93781

Potrace Multiple Security Vulnerabilities
2016-10-20
http://www.securityfocus.com/bid/93778

Cisco Meeting Server CVE-2016-6446 Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93782

Cisco IOS and IOS XE Software CVE-2015-6289 Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/91322

GraphicsMagick 'memory.c' Memory Corruption Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93779

IBM WebSphere Application Server CVE-2016-5986 Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93013

IBM TRIRIGA Application Platform CVE-2016-5980 Unspecified Cross Site Scripting Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93780

Potrace CVE-2016-8686 Memory Corruption Vulnerability
2016-10-20
http://www.securityfocus.com/bid/93777

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/91453

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-10-20
http://www.securityfocus.com/bid/87940

Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
2016-10-20
http://www.securityfocus.com/bid/83326

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/89746

Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
2016-10-20
http://www.securityfocus.com/bid/83330

Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
2016-10-20
http://www.securityfocus.com/bid/83324

SANS News

Malspam delivers NanoCore RAT

Threatpost

Adult FriendFinder Vulnerability Leaves Millions Exposed

Oracle Fixes 253 Vulnerabilities in Last CPU of 2016

Skyping and Typing the Latest Threat to Privacy

Mobile Applications Leak Device, Location Data

Bypassing ASLR in 60 Milliseconds

Exploit

Oracle Netbeans IDE v8.1 - Import Directory Traversal

Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path...

XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege...

PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted...

Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path...

Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation

Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation

Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege...

Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege...

IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation

19.10.2016

Bugtraq

[SECURITY] [DSA 3695-1] quagga security update 2016-10-18
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3694-1] tor security update 2016-10-18
Moritz Muehlenhoff (jmm debian org)

[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3693-1] libgd2 security update 2016-10-14
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

Google

19th October 2016

Suspected Login

AOL

19th October 2016

Account Alert

Support

19th October 2016

Account Limited

❤BraziliaW0men_Team❤

19th October 2016

JOEY ✉HERE YOU CAN FIND THE
MOST BEAUTIFUL SINGLES FROM
BRAZIL

Wells Fargo Online

19th October 2016

**IMPORTANT NOTICE**
VERIFICATION REQUIRED.

Barclays Bank

19th October 2016

1 NEW MESSAGE

Groupon

18th October 2016

YOU FORGOT TO ACTIVATE YOUR
GIFT CARD

Bank of America

18th October 2016

Account Activity

Vulnerebility

Libav 'get_vlc2()' Function NULL Pointer Dereference Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93468

Potrace 'decompose.c' Memory Corruption Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93470

OpenSSL CVE-2016-2181 Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/92982

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93150

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-19
http://www.securityfocus.com/bid/92630

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2016-10-19
http://www.securityfocus.com/bid/92987

OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2016-10-19
http://www.securityfocus.com/bid/91812

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-10-19
http://www.securityfocus.com/bid/91704

MuPDF 'pdf-object.c' Use After Free Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93127

Evernote for Windows DLL Loading Remote Code Execution Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93572

Linux Kernel 'lib/asn1_decoder.c' Local Memory Corruption Vulnerability
2016-10-19
http://www.securityfocus.com/bid/90626

Quagga CVE-2016-1245 Buffer Overflow Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93775

Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93773

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2016-10-19
http://www.securityfocus.com/bid/75525

OpenSSL CVE-2016-6305 Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93149

SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
2016-10-19
http://www.securityfocus.com/bid/58796

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93171

Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93730

Oracle Siebel CVE-2016-5534 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93757

Oracle MySQL Server CVE-2015-2568 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/74073

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-19
http://www.securityfocus.com/bid/91081

Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
2016-10-19
http://www.securityfocus.com/bid/65768

OpenSSL CVE-2016-6302 Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/92628

Oracle Fusion Middleware CVE-2016-3505 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93708

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-10-19
http://www.securityfocus.com/bid/92557

Oracle Fusion Middleware CVE-2016-8281 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93771

Oracle Fusion Middleware CVE-2016-5536 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93772

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-10-19
http://www.securityfocus.com/bid/91067

Oracle Fusion Middleware CVE-2016-5535 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93692

Oracle Fusion Middleware CVE-2016-5500 Remote Security Vulnerability
2016-10-19
http://www.securityfocus.com/bid/93680

SANS News

Spam Delivered via .ICS Files

Threatpost

VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit

Attackers Hiding Stolen Credit Card Numbers in Images

Mirai Bots More Than Double Since Source Code Release

Exploit

Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)

Windows DFS Client Driver - Arbitrary Drive Mapping Privilege Escalation (MS16-123)

Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege...

Windows DeviceApi CMApi - User Hive Impersonation Privilege Escalation (MS16-124)

LanSpy 2.0.0.155 - Local Buffer Overflow

Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)

ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure

Cgiemail 1.6 - Source Code Disclosure

The Unarchiver 3.11.1 - '.tar.Z' Crash PoC

18.10.2016

Bugtraq

[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3693-1] libgd2 security update 2016-10-14
Moritz Muehlenhoff (jmm debian org)

Malware

Ransom:Win32/Polyglot.A 

W32.Coinbitminer

TrojanDownloader:PowerShell/Ploprolo.A 

Trojan.Trickybot

Phishing

Support ID.

18th October 2016

PAYPAL ALERT : VIEW YOUR
RECENT ACTIVITY.

Paypal

18th October 2016

SOMEONE LOGGED INTO YOUR
ACCOUNT FROM ANOTHER COUNTRY

Update Account

18th October 2016

UPDATE ACCOUNT

customer services

18th October 2016

PayPal : User Agreement
Changed

Bank of America

18th October 2016

Account Alert: irregular
activity

PayPal Intel

18th October 2016

Please update your
inforamtions !

@Paypal Service

18th October 2016

Reminder: Your account will be
Limited (Case ID
PP-703-105-118)

Apple

18th October 2016

IMPORTANT: APPLE PREVIEWS
MAJOR UPDATE

Apple

18th October 2016

YOUR INVOICE FROM APPLE

NatWest

18th October 2016

Your account has been closed

Eve

18th October 2016

Your Account Has Been Locked.

Microsoft

18th October 2016

Representative Inquiry

Mail Administrator

18th October 2016

Account Suspension Notice.

Maura Fleming

18th October 2016

Re: Desperate to H00kup

Merchant Center

18th October 2016

INTUIT PAYMENTS

Account Support

18th October 2016

we will close your account

V.l.S.A. Customer Services

18th October 2016

YOUR CREDIT CARD IS SUSPENDED

Apple

18th October 2016

Action Required : Apple Inc

Vanquis-Credit-Cards

18th October 2016

VANQUIS VISA COULD HELP YOU
BUILD YOUR CREDIT

customerservice

18th October 2016

Message important

Amazon

18th October 2016

IMPORTANT UPDATES FROM AMAZON

AOL

18th October 2016

AOL MAIL

Wells Fargo Online

18th October 2016

Wells Fargo Update Your
Account

Match & More

18th October 2016

A MORRISON GIFT CARD FOR YOU.
ENJOY.

Vulnerebility

Libdwarf 'dwarf_util.c' Heap Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93601

GraphicsMagick CVE-2016-8683 Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93600

GraphicsMagick CVE-2016-8682 Stack Based Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93597

ImageMagick 'pixel-accessor.h' Heap Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93599

ASUS RP-AC52 Access Point Multiple Security Vulnerabilities
2016-10-18
http://www.securityfocus.com/bid/93596

ImageMagick 'coders/tiff.c' Memory Corruption Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93598

Libdwarf 'dwarf_util.c' Heap Based Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93595

PHP LibGD CVE-2016-8670 Stack Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93594

Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/92452

Linux Kernel CVE-2016-6136 Local Information Disclosure Vulnerability
2016-10-18
http://www.securityfocus.com/bid/91558

Linux Kernel CVE-2016-6480 Local Information Disclosure Vulnerability
2016-10-18
http://www.securityfocus.com/bid/92214

QEMU '/hw/char/serial.c' Divide By Zero Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93563

Libdwarf CVE-2016-8681 Heap Based Buffer Overflow Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93592

JasPer CVE-2016-8691 Divide By Zero Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93593

WordPress 'recipes-writer' Plugin Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93589

Linux Kernel 'mm/memory.c' Local Code Execution Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93591

JasPer CVE-2016-8692 Divide By Zero Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93588

JasPer CVE-2016-8690 Null Pointer Dereference Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93590

QEMU 'hw/dma/rc4030.c' Divide By Zero Denial of Service Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93567

JasPer CVE-2016-8693 Double Free Remote Code Execution Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93587

Qemu '/hw/net/rocker/rocker.c' Local Out-of-Bounds Read Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93566

WordPress pondol-carousel Plugin CVE-2016-1000145 Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93586

WordPress PhotoXhibit Plugin CVE-2016-1000144 Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93585

WordPress pondol-formmail Plugin 'admin-mail-info.php' Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93584

WordPress Simplified-Content Plugin CVE-2016-1000150 Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93581

WordPress S3 Video Plugin 'preview_video.php' Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93583

WordPress simpel-reserveren Plugin 'edit.php' Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93582

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2016-10-18
http://www.securityfocus.com/bid/12577

WordPress tera-charts Plugin 'treemap.php' Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93580

WordPress 'tidio-form' Plugin Cross Site Scripting Vulnerability
2016-10-18
http://www.securityfocus.com/bid/93579

SANS News

OpenSSH Protocol Mismatch In Response to SSL Client Hello

Threatpost

Free SSL Providers Spark Unprecedented Growth in Encrypted Traffic

TrickBot Banking Trojan Could Be Dyre Rewrite

Exploit

 

17.10.2016

Bugtraq

[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3693-1] libgd2 security update 2016-10-14
Moritz Muehlenhoff (jmm debian org)

Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14
mehta himanshu21 gmail com

[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13
security-alert hpe com

Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com

Malware

 

Phishing

Apple

17th October 2016

YOUR APPLE ORDER

PayPal

17th October 2016

PAYPAL SUSPICIOUS SIGN-IN

Account Support

17th October 2016

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

Paypal

17th October 2016

SOMEONE LOGGED INTO YOUR
ACCOUNT FROM ANOTHER COUNTRY

Update Account

17th October 2016

UPDATE ACCOUNT

Paypal

17th October 2016

Your Paypal account Has been
limited

Rickert Sparks

17th October 2016

You could make 12k bucks a
week

PayPal Team

17th October 2016

Your account has been Iimited
untiI we hear from you

PayPal

17th October 2016

YOUR LAST CHANCE TO UPDATE
YOUR ACCOUNT INFORMATION.

Apple

17th October 2016

Your invoice No. 949824983

Apple Inc

17th October 2016

Help us protect your account

FedEx SmartPost

17th October 2016

JONA, PROBLEM WITH PARCEL
SHIPPING, ID:0000862354

River Cruise

17th October 2016

River Cruises - the new hot
way to travel

Wells Fargo Online

17th October 2016

Your Transaction(s) Request
Alert

DR. NBONGO MANAGING

17th October 2016

*(GROUPE UBA BANK) Benin
Republic.*
*UBA-BENINREPUBLIC* *Avenue
Jean-Paul II - 08 BP 0879 -
Cotonou - Bnin*

Congratulations

17th October 2016

Someone Has Sent You An Amazon
Gift Card

Vulnerebility

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
2016-10-17
http://www.securityfocus.com/bid/12577

WordPress tera-charts Plugin 'treemap.php' Cross Site Scripting Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93580

WordPress 'tidio-form' Plugin Cross Site Scripting Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93579

Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities
2016-10-17
http://www.securityfocus.com/bid/93576

Magento CMS Flash File Uploader Cross Site Scripting Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93575

Microsoft Internet Explorer and Edge CVE-2016-3382 Remote Memory Corruption Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93386

PHP 'password_verify()' Function Out-of-Bounds Read Denial of Service Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93578

Microsoft Internet Explorer CVE-2016-3383 Remote Memory Corruption Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93396

PHP 'unserialize()' Function Use After Free Remote Code Execution Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93577

Microsoft Internet Explorer CVE-2016-3384 Remote Memory Corruption Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93393

Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
2016-10-17
http://www.securityfocus.com/bid/92452

Linux Kernel CVE-2016-6480 Local Information Disclosure Vulnerability
2016-10-17
http://www.securityfocus.com/bid/92214

Linux Kernel CVE-2016-6136 Local Information Disclosure Vulnerability
2016-10-17
http://www.securityfocus.com/bid/91558

Magento CMS APPSEC-1484 Remote Code Execution Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93573

Microsoft Edge CVE-2016-3386 Scripting Engine Remote Memory Corruption Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93426

Magento CMS Admin Dashboard Remote Code Execution Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93571

Magento CMS Invitations Feature HTML Injection Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93570

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
2016-10-17
http://www.securityfocus.com/bid/93496

Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93472

Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
2016-10-17
http://www.securityfocus.com/bid/83323

Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
2016-10-17
http://www.securityfocus.com/bid/74665

OpenSSL CVE-2016-2178 Side Channel Attack Information Disclosure Vulnerability
2016-10-17
http://www.securityfocus.com/bid/91081

Node.js CVE-2016-5325 CRLF Injection Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93483

OpenSSL CVE-2016-6306 Local Denial of Service Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93153

OpenSSL CVE-2016-6304 Denial of Service Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93150

Node.js CVE-2016-7099 Security Bypass Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93191

OpenSSL CVE-2016-6303 Integer Overflow Vulnerability
2016-10-17
http://www.securityfocus.com/bid/92984

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-10-17
http://www.securityfocus.com/bid/92630

PHP 'zend_virtual_cwd.c' Heap Based Buffer Overflow Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93574

Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
2016-10-17
http://www.securityfocus.com/bid/93476

SANS News

Analyzing Office Maldocs With Decoder.xls

Maldoc VBA Anti-Analysis: Video

Threatpost

US Reps Requesting Further Intel Around Yahoo Surveillance Story

Exploit

Ruby on Rails - Dynamic Render File Upload Remote Code Execution

PHP Telephone Directory - Multiple Vulnerabilities

Spy Emergency 23.0.205 - Unquoted Service Path Privilege Escalation

Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)

Windows x64 - WinExec() Shellcode (93 bytes)

Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes)

16.10.2016

Bugtraq

Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14
mehta himanshu21 gmail com

[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13
security-alert hpe com

Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com

ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12
apparitionsec gmail com

Malware

 

Phishing

Bank Of America

16th October 2016

KINDLY UPDATE YOUR ACCOUNT NOW

Nab Internet Banking

16th October 2016

Customer Satisftaction Survey!

service client

16th October 2016

PROBLEM IN YOUR ACCOUNT ON
8/15/2016

Apple

16th October 2016

CONFIRM YOUR ACCOUNT !

Paypal Service

16th October 2016

Your Paypal Account Will Be
Deactivated

PNC

16th October 2016

New Message From PNC

-...-T.h.a.n.k y.0.u-...-

16th October 2016

AUTOMATIC REPLY: HI JOEY SHOP
BIG WITH A 50 POUND ALDI GIFT
CARD

Dropbox

16th October 2016

DOC(JOEY @AOL.COM)

PayPal

15th October 2016

UNUSUAL ACTIVITY IN YOUR
PAYPAL ACCOUNT

Apple.

15th October 2016

PLEASE UPDATE YOUR APPLE
ACCOUNT !

Account Support

15th October 2016

WE'VE IIMITED ACCESS TO YOUR
PAYPAI ACCOUNT

creditcardservices@natwest.com

15th October 2016

NatWest Credit Card Support.

customercare@support.wmail.com

15th October 2016

rgwalker99@aol.com You have a
new notification

Paypal

15th October 2016

SOMEONE LOGGED INTO YOUR
ACCOUNT FROM ANOTHER COUNTRY

Update Account

15th October 2016

UPDATE ACCOUNT

Vulnerebility

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-10-16
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2016-10-16
http://www.securityfocus.com/bid/77181

Pivotal Cloud Foundry cf-mysql CVE-2016-6653 Information Disclosure Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93480

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-10-16
http://www.securityfocus.com/bid/77164

Intel SSD Toolbox CVE-2016-8101 Local Privilege Escalation Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93482

Webmin Usermin CVE-2016-4897 Multiple Cross Site Scripting Vulnerabilities
2016-10-16
http://www.securityfocus.com/bid/93477

Multiple Toshiba FlashAir Products CVE-2016-4863 Security Bypass Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93479

Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93476

Xen CVE-2016-7777 Security Bypass Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93344

SetucoCMS Multiple Security Vulnerabilities
2016-10-16
http://www.securityfocus.com/bid/93475

Microsoft Windows 'Cryptography API: Next Generation' Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93481

QEMU 'hw/usb/hcd-xhci.c' Infinite Loop Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93469

Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93478

IBM Financial Transaction Manager CVE-2016-3060 Clickjacking Vulnerability
2016-10-16
http://www.securityfocus.com/bid/92633

Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93472

QEMU CVE-2016-8578 Null Pointer Dereference Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93474

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/93473

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-10-16
http://www.securityfocus.com/bid/90865

Mozilla Network Security Services CVE-2016-1938 Weak Encryption Multiple Security Weaknesses
2016-10-16
http://www.securityfocus.com/bid/81955

IBM WebSphere Application Server CVE-2016-0359 HTTP Response Splitting Vulnerability
2016-10-16
http://www.securityfocus.com/bid/91484

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2016-10-16
http://www.securityfocus.com/bid/75919

Jinja2 Incomplete Fix Insecure File Permissions Vulnerability
2016-10-16
http://www.securityfocus.com/bid/64787

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-10-16
http://www.securityfocus.com/bid/90856

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/90864

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-10-16
http://www.securityfocus.com/bid/84992

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-10-16
http://www.securityfocus.com/bid/89854

libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
2016-10-16
http://www.securityfocus.com/bid/85059

Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
2016-10-16
http://www.securityfocus.com/bid/90696

Oracle Java SE CVE-2016-3458 Remote Security Vulnerability
2016-10-16
http://www.securityfocus.com/bid/91945

Oracle Java SE and JRockit CVE-2016-3508 Remote Security Vulnerability
2016-10-16
http://www.securityfocus.com/bid/91972

SANS News

pseudoDarkleech Rig EK

Maldoc VBA Anti-Analysis

Threatpost

Ghost Push Trojan Flourishing Via Malicious Links

Sierra Wireless Warns Cellular Data Gear Targeted by Mirai Malware

Exploit

 

Simple Forum PHP 2.4 - SQL Injection

Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)

YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site...

NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation

15.10.2016

Bugtraq

Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14
mehta himanshu21 gmail com

[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13
security-alert hpe com

Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com

ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12
apparitionsec gmail com

Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability 2016-10-12
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Multiple Vulnerabilities in Plone CMS 2016-10-12
Sebastian Perez (s3bap3 gmail com)

[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities 2016-10-11
security-alert hpe com

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11
Vulnerability Lab (research vulnerability-lab com)

Malware

Ransom.Googo

Exp.CVE-2016-3382

Exp.CVE-2016-7191

Exp.CVE-2016-3383

Exp.CVE-2016-3385

Trojan.Wininfos

Trojan.Groover

Phishing

Peter Sykes

14th October 2016

HELLO M

-...-T.h.a.n.k y.0.u-...-

14th October 2016

AUTOMATIC REPLY: HI JOKEY GET
A A.M.A.Z.O.N GIFT CARD!

Amazn

14th October 2016

$50 Giftcard for Feedback from
your recent purchases at Amazn

Bank Of America

14th October 2016

KINDLY UPDATE YOUR ACCOUNT NOW

security admin

14th October 2016

check out our HUGE line of
security cameras

Nab Internet Banking

14th October 2016

Customer Satisftaction Survey!

NatWest

14th October 2016

Important information about
your account

Apple

14th October 2016

CONFIRM YOUR ACCOUNT !

SunTrust Online.

14th October 2016

New masgge From SunTrust
Online Support

National

13th October 2016

JOB OFFER

Vulnerebility

Siemens Automation License Manager Multiple Security Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93553

OSIsoft PI Web API 2015 R2 CVE-2016-8353 Account Permission Security Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93552

SIMATIC STEP 7 (TIA Portal) Multiple Local Information Disclosure Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93551

Cisco IOS and IOS XE Software CVE-2016-6385 Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93203

Cisco IOS and IOS XE Software Multiple Denial of Service Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93211

Cisco IOS and IOS XE Software CVE-2016-6380 Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93201

Multiple Fatek Automation Products Multiple Remote Code Execution Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93105

Moxa ioLogik E1200 Series Multiple Security Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93550

ZendStudio IDE Local Privilege Escalation Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93546

Kabona AB WDC ICSA-16-287-07 Multiple Security Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93547

Linux Kernel CVE-2016-7042 Local Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93544

Mozilla Firefox Multiple Security Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93049

SAP Adaptive Server Enterprise Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93545

GnuPG and Libgcrypt CVE-2016-6313 Local Predictable Random Number Generator Weakness
2016-10-14
http://www.securityfocus.com/bid/92527

GNU Libgcrypt CVE-2015-7511 Security Bypass Vulnerability
2016-10-14
http://www.securityfocus.com/bid/83253

Libgcrypt CVE-2015-0837 Local Information Disclosure Vulnerability
2016-10-14
http://www.securityfocus.com/bid/73064

libgcrypt Elgamal Decryption 'cipher/elgamal.c' Information Disclosure Vulnerability
2016-10-14
http://www.securityfocus.com/bid/73066

Quagga CVE-2016-2342 Stack Buffer Overflow Vulnerability
2016-10-14
http://www.securityfocus.com/bid/84318

bubblewrap CVE-2016-8659 Local Privilege Escalation Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93542

Juniper Junos Space Multiple Security Vulnerabilities
2016-10-14
http://www.securityfocus.com/bid/93540

PHP CVE-2016-7132 NULL pointer Dereference Remote Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/92767

PHP CVE-2016-7131 NULL pointer Dereference Remote Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/92768

PHP 'ext/gd/gd.c' Information Disclosure Vulnerability
2016-10-14
http://www.securityfocus.com/bid/92757

WordPress Tidio-Gallery Plugin Cross Site Scripting Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93543

Broadcom Wifi Driver 'brcmf_cfg80211_start_ap()' Function Stack Buffer Overflow Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93541

PHP CVE-2016-7412 Heap Based Buffer Overflow Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93005

PHP CVE-2016-7416 Stack Buffer Overflow Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93008

PHP CVE-2016-7413 Use After Free Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93006

PHP CVE-2016-7418 Out-of-Bounds Read Denial of Service Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93011

PHP CVE-2016-7414 Heap Buffer Overflow Vulnerability
2016-10-14
http://www.securityfocus.com/bid/93004

SANS News

New tool: docker-mount.py

Threatpost

Cisco Patches Critical Bug In Video Conferencing Server Hardware

Facebook Bug Bounty Program Pays Out $5 Million in Five Years

Google Handles Record Number of Government Requests for Data

Google Plugs 21 Security Holes in Chrome

Popular Android App Leaks Microsoft Exchange User Credentials

Exploit

Simple Forum PHP 2.4 - SQL Injection

Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)

YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Cross Site Scripting

NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation

Thatware 0.4.6 - SQL Injection

Simple Blog PHP 2.0 - Multiple Vulnerabilities

Simple Blog PHP 2.0 - SQL Injection

Colorful Blog - Stored Cross Site Scripting

Colorful Blog - Cross-Site Request Forgery (Change Admin Password)

14.10.2016

Bugtraq

Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com

ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12
apparitionsec gmail com

Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability 2016-10-12
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Multiple Vulnerabilities in Plone CMS 2016-10-12
Sebastian Perez (s3bap3 gmail com)

[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities 2016-10-11
security-alert hpe com

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11
Vulnerability Lab (research vulnerability-lab com)

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities 2016-10-11
admin@evolution-sec.com (admin evolution-sec com)

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities 2016-10-11
Gergely Eberhardt (gergely eberhardt search-lab hu)

Malware

 

Phishing

Customer service

13th October 2016

New Message from PayPal Member

Root User

13th October 2016

THANK YOU FOR YOUR ORDER

Mail Service

13th October 2016

EMAIL ALERT

❤BraziliaW0men_Team❤

13th October 2016

JOEY ✉HERE YOU CAN FIND THE
MOST BEAUTIFUL SINGLES FROM
BRAZIL

VlSA Online Services

13th October 2016

YOUR CREDITCARD IS SUSPENDED

Apple Security Team

12th October 2016

[ITUNES VERIFICATION]: LAST
REMINDER YOU MUST UPDATE YOUR
APPLE ID INFORMATION

Vulnerebility

Juniper JunosE CVE-2016-4925 Denial of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93533

Juniper Junos J-Web CVE-2016-4923 Cross Site Scripting Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93529

Juniper vMX CVE-2016-4924 Local Security Bypass Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93531

Juniper Junos CVE-2016-4921 Denial of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93532

Multiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities
2016-10-13
http://www.securityfocus.com/bid/93530

Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/73407

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/91453

Apache POI CVE-2012-0213 Denial Of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/53487

Multiple F5 Products CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability
2016-10-13
http://www.securityfocus.com/bid/71549

Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
2016-10-13
http://www.securityfocus.com/bid/69647

Cisco IOS XE Software CVE-2016-6438 Remote Security Bypass Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93518

Cisco Unified Communications Manager CVE-2016-6440 Clickjacking Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93521

Cisco Wide Area Application Services CVE-2016-6437 Remote Denial of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93524

Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
2016-10-13
http://www.securityfocus.com/bid/92100

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/69648

POI CVE-2014-9527 Denial-Of-Service Vulnerability
2016-10-13
http://www.securityfocus.com/bid/77726

Cisco Meeting Server CVE-2016-6445 Authentication Bypass Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93517

IBM Kenexa LMS on Cloud CVE-2016-5939 Unspecified SQL-Injection Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93523

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93522

Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow Vulnerability
2016-10-13
http://www.securityfocus.com/bid/91450

Linux Kernel Local Memory Corruption and Integer Overflow Vulnerabilities
2016-10-13
http://www.securityfocus.com/bid/84305

Google Chrome CVE-2016-7549 Multiple Denial of Service Vulnerabilities
2016-10-13
http://www.securityfocus.com/bid/93160

JGroups CVE-2016-2141 Authorization Bypass Vulnerability
2016-10-13
http://www.securityfocus.com/bid/91481

IBM Kenexa LCMS Premier CVE-2016-5952 Unspecified SQL-Injection Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93520

RETIRED: POI CVE-2014-3529 Remote Security Vulnerability
2016-10-13
http://www.securityfocus.com/bid/78018

VMware Horizon View CVE-2016-7087 Directory Traversal Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93455

Cisco Finesse CVE-2016-6442 Cross Site Request Forgery Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93519

IBM Jazz Foundation CVE-2016-3014 Unspecified Cross-Site Scripting Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93515

IBM Cloud Orchestrator CVE-2016-0204 Unspecified Open Redirection Vulnerability
2016-10-13
http://www.securityfocus.com/bid/93512

Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
2016-10-13
http://www.securityfocus.com/bid/93238

SANS News

 

Threatpost

Gary McGraw on BSIMM7 and Secure Software Development

Disappearing Messages Added to Signal App

Vera Bradley Retail Chain Breached

Android Fragmentation Sinks Patching Gains

Exploit

VOX Music Player 2.8.8 - '.pls' Denail of Service

ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation

InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation

ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation

IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation

Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption

Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption

Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption

Android - Binder Generic ASLR Leak

Subversion 1.6.6 / 1.6.12 - Code Execution

Categorizator 0.3.1 - SQL Injection

NetBilletterie 2.8 - Multiple Vulnerabilities

ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting

OpenCimetiere v3.0.0-a5 - Blind SQL Injection

ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery

13.10.2016

Bugtraq

Multiple Vulnerabilities in Plone CMS 2016-10-12
Sebastian Perez (s3bap3 gmail com)

[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities 2016-10-11
security-alert hpe com

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11
Vulnerability Lab (research vulnerability-lab com)

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities 2016-10-11
admin@evolution-sec.com (admin evolution-sec com)

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities 2016-10-11
Gergely Eberhardt (gergely eberhardt search-lab hu)

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) 2016-10-11
SEC Consult Vulnerability Lab (research sec-consult com)

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-11
matthias deeg syss de

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-10
matthias deeg syss de

Malware

Trojan.Tipsy

Phishing

Tegan Ryan

12th October 2016

LUCKY 247 PRESENTS: LIMITED
TIME BONUS PACKAGE

PayPaL

12th October 2016

Please update your credit card
information

HM Revenue &

12th October 2016

Tax repayments from 2014/2015

Support

12th October 2016

YOUR ACCOUNT STATUS HAS BEEN
CHANGED.

Chase

11th October 2016

UPDATE YOUR ACCOUNT NOW

Tesco Bank

11th October 2016

ONLINE ACCOUNT ALERT

FPC

11th October 2016

GET £15 AMAZON VOUCHER WHEN
YOU TAKE OUT HOME ENERGY PLAN
WITH US

Vulnerebility

Oracle E-Business Suite CVE-2016-3535 Remote Security Vulnerability
2016-10-12
http://www.securityfocus.com/bid/91845

SAP Netweaver CVE-2016-7435 Multiple OS Command Injection Vulnerabilities
2016-10-12
http://www.securityfocus.com/bid/93272

VMware vRealize Operations CVE-2016-7457 Unspecified Remote Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93499

Microsoft Internet Explorer and Edge CVE-2016-3391 Information Disclosure Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93379

MatrixSSL VU#396440 Heap Based Buffer Overflow and Multiple Denial of Service Vulnerabilities
2016-10-12
http://www.securityfocus.com/bid/93498

HarfBuzz CVE-2015-8947 Denial of Service Vulnerability
2016-10-12
http://www.securityfocus.com/bid/92039

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2016-10-12
http://www.securityfocus.com/bid/77211

OpenStack Glance CVE-2016-0757 Security Bypass Vulnerability
2016-10-12
http://www.securityfocus.com/bid/82696

Microsoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure Vulnerabilities
2016-10-12
http://www.securityfocus.com/bid/93392

Microsoft Internet Explorer and Edge CVE-2016-3331 Remote Memory Corruption Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93387

Microsoft Internet Explorer and Edge CVE-2016-3382 Remote Memory Corruption Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93386

Microsoft Internet Explorer and Edge CVE-2016-3390 Remote Memory Corruption Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93383

Microsoft Internet Explorer and Edge CVE-2016-3388 Remote Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93382

Microsoft Windows Graphics Component CVE-2016-3393 Remote Code Execution Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93377

Microsoft Windows Graphics CVE-2016-7182 Remote Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93395

Microsoft Windows Graphics Component CVE-2016-3396 Remote Code Execution Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93380

Microsoft Internet Explorer and Edge CVE-2016-3387 Remote Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93381

Microsoft Windows Graphics Component CVE-2016-3270 Local Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93403

Microsoft Windows Graphics Component CVE-2016-3262 Information Disclosure Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93390

Microsoft Internet Explorer and Edge CVE-2016-3267 Information Disclosure Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93376

Microsoft Windows Graphics Component CVE-2016-3209 Information Disclosure Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93385

Microsoft Windows Graphics Component CVE-2016-3263 Information Disclosure Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93394

Microsoft Office CVE-2016-7193 Memory Corruption Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93372

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3376 Local Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93388

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-7185 Local Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93389

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3266 Local Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93384

Microsoft Transaction Manager CVE-2016-3341 Local Privilege Escalation Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93391

Microsoft Azure Active Directory Passport CVE-2016-7191 Authentication Bypass Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93213

Microsoft Windows CVE-2016-0142 Remote Code Execution Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93378

Microsoft Internet Explorer CVE-2016-3383 Remote Memory Corruption Vulnerability
2016-10-12
http://www.securityfocus.com/bid/93396

SANS News

WiFi Still Remains a Good Attack Vector

Threatpost

StrongPity APT Covets Secrets of Crypto Users

IoT Botnet Uses HTTP Traffic to DDoS Targets

Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash

Microsoft Patches Five Zero Days Under Attack

Exploit

Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit)

Android - 'gpsOneXtra' Data Files Denial of Service

BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery

phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery

AVTECH IP Camera, NVR, and DVR Devices - Multiple Vulnerabilities

RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection

ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting

ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

Minecraft Launcher - Insecure File Permissions Privilege Escalation

sheed AntiVirus - Unquoted Service Path Privilege Escalation

Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)

12.10.2016

Bugtraq

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 2016-10-11
Vulnerability Lab (research vulnerability-lab com)

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities 2016-10-11
admin@evolution-sec.com (admin evolution-sec com)

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities 2016-10-11
Gergely Eberhardt (gergely eberhardt search-lab hu)

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) 2016-10-11
SEC Consult Vulnerability Lab (research sec-consult com)

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-11
matthias deeg syss de

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-10
matthias deeg syss de

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] 2016-10-10
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks 2016-10-10
matthias deeg syss de

Malware

Trojan.Sofluxer

Exp.CVE-2016-0199

Phishing

Tesco Bank

10th October 2016

*** *** Re-activate your
Online Banking

NatWest

10th October 2016

IMPORTANT INFORMATION ABOUT
YOUR ACCOUNT

Tesco Bank

10th October 2016

*** *** Terms and Conditions

TEAM APP

10th October 2016

Warning : Activate Your
Account.

service@paypal.com

10th October 2016

Unusual Activity in your
account

CareerBuilder

10th October 2016

CareerBuilder: We need Agent-
Missed Call

BARCLAYS PLC

10th October 2016

Access Suspended Notification

Account Notification

10th October 2016

VIEW YOUR RECENT ACTIVITY

BigPond

10th October 2016

[Norton Anti]Urgent update!

BANK OF AMERICA

10th October 2016

Bank of America Corporate
Office Headquarters

Wells Fargo

10th October 2016

Wells Fargo Contact
Information Updated

Meridian CU

10th October 2016

[Shaw Suspected Junk Email]
Notification Regarding Your
Meridian Account !

REV. STEVE GRANT

10th October 2016

YOUR URGENT RESPONSE IS HIGHLY
NEEDED

AOL

10th October 2016

i made you a video?

Barclays Bank PLC

10th October 2016

You have new available
documents available in
Barclays Cloud It

Mail Account

10th October 2016

SETTINGS

PayPal

10th October 2016

Your Last Chance To Update
Your Account Paypal
Information.

Barclays

10th October 2016

Access to online banking has
been blocked

Yahoo.com

10th October 2016

[1722008]201612CCAPF2016331-43
[82pqyjh9ab5lkpbna05uj3g3cw6bk
6oxr13j]

VISA

10th October 2016

WE ARE SORRY BUT YOUR
CREDIT/DEBIT CARD IS
SUSPENDED.

PayPal Alert

10th October 2016

PAYPAL SUSPICIOUS SIGN-IN

USAA

10th October 2016

NEW USAA ONLINE MESSAGE

USAA

10th October 2016

Your access to usaa.com will
be restricted

PayPal.inc

10th October 2016

FWD: [ PAYPAL ] : ACCOUNT
NOTICE !

Vulnerebility

Oracle Java SE CVE-2015-4835 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77148

Oracle Java SE CVE-2015-4734 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77192

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77160

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4902 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77241

Oracle Java SE CVE-2015-4806 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77126

Oracle Java SE CVE-2015-4803 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77200

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77194

Oracle Java SE CVE-2015-4882 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77181

Pivotal Cloud Foundry cf-mysql CVE-2016-6653 Information Disclosure Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93480

Oracle Java SE CVE-2015-4844 Remote Security Vulnerability
2016-10-11
http://www.securityfocus.com/bid/77164

Intel SSD Toolbox CVE-2016-8101 Local Privilege Escalation Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93482

Webmin Usermin CVE-2016-4897 Multiple Cross Site Scripting Vulnerabilities
2016-10-11
http://www.securityfocus.com/bid/93477

Multiple Toshiba FlashAir Products CVE-2016-4863 Security Bypass Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93479

Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93476

Xen CVE-2016-7777 Security Bypass Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93344

SetucoCMS Multiple Security Vulnerabilities
2016-10-11
http://www.securityfocus.com/bid/93475

Microsoft Windows 'Cryptography API: Next Generation' Denial of Service Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93481

QEMU 'hw/usb/hcd-xhci.c' Infinite Loop Denial of Service Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93469

Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93478

IBM Financial Transaction Manager CVE-2016-3060 Clickjacking Vulnerability
2016-10-11
http://www.securityfocus.com/bid/92633

Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93472

QEMU CVE-2016-8578 Null Pointer Dereference Denial of Service Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93474

QEMU 'hw/9pfs/9p.c' Denial of Service Vulnerability
2016-10-11
http://www.securityfocus.com/bid/93473

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-10-11
http://www.securityfocus.com/bid/90865

Mozilla Network Security Services CVE-2016-1938 Weak Encryption Multiple Security Weaknesses
2016-10-11
http://www.securityfocus.com/bid/81955

IBM WebSphere Application Server CVE-2016-0359 HTTP Response Splitting Vulnerability
2016-10-11
http://www.securityfocus.com/bid/91484

Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
2016-10-11
http://www.securityfocus.com/bid/75919

Jinja2 Incomplete Fix Insecure File Permissions Vulnerability
2016-10-11
http://www.securityfocus.com/bid/64787

SANS News

 

Threatpost

 

Exploit

Minecraft Launcher - Insecure File Permissions Privilege Escalation

HP Client - Automation Command Injection / Remote Code Execution

Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)

11.10.2016

Bugtraq

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] 2016-10-10
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks 2016-10-10
matthias deeg syss de

[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-10-10
matthias deeg syss de

Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability 2016-10-05
Vulnerability Lab (research vulnerability-lab com)

Clean Master v1.0 - Unquoted Path Privilege Escalation 2016-10-05
Vulnerability Lab (research vulnerability-lab com)

Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability 2016-10-05
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

Win32/SupTab 
Win32/Ghokswa 
Win32/Sasquor 

Phishing

 

Vulnerebility

IBM WebSphere Application Server Liberty Profile CVE-2016-2923 Information Disclosure Vulnerability
2016-10-10
http://www.securityfocus.com/bid/91518

Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
2016-10-10
http://www.securityfocus.com/bid/92100

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-10-10
http://www.securityfocus.com/bid/90865

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/90864

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-10-10
http://www.securityfocus.com/bid/90856

Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
2016-10-10
http://www.securityfocus.com/bid/91501

POI CVE-2014-9527 Denial-Of-Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/77726

POI CVE-2014-3529 Remote Security Vulnerability
2016-10-10
http://www.securityfocus.com/bid/78018

Apache POI CVE-2014-3574 Denial Of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/69648

Apache POI CVE-2012-0213 Denial Of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/53487

Nagios 'process_cgivars()' Function Off-By-One Error Denial Of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/64489

Snoopy CVE-2008-7313 Arbitrary Command Execution Vulnerability
2016-10-10
http://www.securityfocus.com/bid/68776

Icinga Web GUI CVE-2013-7108 Multiple Off-By-One Memory Corruption Vulnerabilities
2016-10-10
http://www.securityfocus.com/bid/64363

Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
2016-10-10
http://www.securityfocus.com/bid/31887

Nagios CVE-2013-4214 Insecure Temporary File Creation Vulnerability
2016-10-10
http://www.securityfocus.com/bid/61747

Snoopy CVE-2014-5009 Arbitrary Command Execution Vulnerability
2016-10-10
http://www.securityfocus.com/bid/68783

Icinga 'cgi/cmd.c' Stack Buffer Overflow Vulnerability
2016-10-10
http://www.securityfocus.com/bid/65605

Snoopy 'exec()' Arbitrary Command Execution Vulnerability
2016-10-10
http://www.securityfocus.com/bid/68419

nginx CVE-2016-4450 Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/90967

nginx Multiple Denial of Service Vulnerabilities
2016-10-10
http://www.securityfocus.com/bid/82230

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-10-10
http://www.securityfocus.com/bid/83423

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/91453

libgit2 CVE-2016-8568 Out-of-Bounds Read Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93466

libgit2 CVE-2016-8569 Null Pointer Dereference Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93465

GraphicsMagick CVE-2016-7997 NULL Pointer Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93467

Qemu 'hcd-ehci.c' Memory Leak Denial of Service Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93454

SPIP Multiple Security Vulnerabilities
2016-10-10
http://www.securityfocus.com/bid/93451

QEMU 'hw/display/virtio-gpu.c' Information Disclosure Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93453

Multiple RedHat JBoss Products CVE-2016-7065 Remote Code Execution Vulnerability
2016-10-10
http://www.securityfocus.com/bid/93462

Cybozu Office Multiple Security Bypass Vulnerabilities
2016-10-10
http://www.securityfocus.com/bid/93461

SANS News

Radare2: rahash2

Threatpost

When DVRs Attack: A Post IoT Attack Analysis

The Ethics and Morality Behind APT Reports

Exploit

miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

PHP Press Release - Cross-Site Request Forgery (Add Admin)

PHP Press Release - Stored Cross Site Scripting

Wacom Consumer Service - Unquoted Service Path Privilege Escalation

Foxit Cloud Update Service - Unquoted Service Path Privilege Escalation

Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation

Fitbit Connect Service - Unquoted Service Path Privilege Escalation

10.10.2016

Bugtraq

 

Malware

 

Phishing

Apple Security'

9th October 2016

[SUPPORT]: SOMEONE HAS
INFILTRATED IN TO YOUR
ACCOUNT, PLEASE RVIEW YOUR
INFORMATION

SANTANDER BANK

9th October 2016

SANTANDER BANK SECURE
NOTIFICATION

Thank You!

9th October 2016

J, PLEASE RESPOND!

Barclays

9th October 2016

Your account might be
compromised

U.S. Bank

9th October 2016

Account information needs to
be update.

Lloyds

9th October 2016

Access To Your Account(s) Has
Been Disabled.

Chase Online

8th October 2016

Important Immediate Action
Required [Chase]

Thank You!

8th October 2016

JO, PLEASE RESPOND!

Steve Katz

8th October 2016

DOORS HAVE BEEN OPENED AND YOU
ARE INVITED

Account Support

8th October 2016

YOUR ACCOUNT IS TEMPORARILY
DISABLED

Vulnerebility

 

SANS News

First Hurricane Matthew related Phish

Unauthorized Change Detected!

Threatpost

Cisco Warns of Critical Flaws in Nexus Switches

The Ethics and Morality Behind APT Reports

Exploit

BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation

Waves Audio Service - Unquoted Service Path Privilege Escalation

7.10.2016

Bugtraq

 

Malware

SoftwareBundler:Win32/Stallmonitz
Win32/SupTab
Exploit:HTML/Meadgive.Y 
Exploit:HTML/Meadgive.W 

Win32/Filecoder.Locky.H

Win32/Filecoder.Locky.C

Trojan.Toshliph

Infostealer.Fastpos

Ransom.HadesLocker

Trojan.Agentemis

Phishing

PayPal

7th October 2016

Your PayPal account has been
closed temporarily!!

Chase Online

7th October 2016

Important Immediate Action
Required [Chase]

Microsoft

7th October 2016

You Have 584 Alert
Notifications

HSBC Credit

7th October 2016

HSBC - Warning message

SunTrust

7th October 2016

1 New Message

American Express

7th October 2016

Confirm your online account

Apple

6th October 2016

APPLE ACCOUNT UPDATE

Survey Rewards

6th October 2016

SPECIAL: TAKE A £50 AMAZON
GIFT CARD!

NatWest

6th October 2016

NatWest - NatWest Secure
Password Reset Confirmation

Microsoft

6th October 2016

IMPORTANT NOTIFICATION!

Amazon

6th October 2016

Your Amazon order "Gift Card -
Email....."

Halifax Bank

6th October 2016

NEW ACCOUNT NOTICE

M&S

6th October 2016

IMPORTANT: YOUR ACCOUNT HAS
RECEIVED A VOUCHER

App Store

4th October 2016

UPDATES TO YOUR APPS AVAILABLE

Vulnerebility

 

SANS News

To report any scams/malware related to Hurricane Matthew, use our contact form: https://isc.sans.edu/contact.html

Threatpost

Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution

Mobile App Collusion Can Bypass Native Android Security

Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites

Free Tool Protects Mac Users from Webcam Surveillance

Exploit

Comodo Dragon Browser - Unquoted Service Path Privilege Escalation

Comodo Chromodo Browser - Unquoted Service Path Privilege Escalation

Billion Router 7700NR4 - Remote Command Execution

Exagate WEBPack Management System - Multiple Vulnerabilities

Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)

Advance MLM Script - SQL Injection

PHP Classifieds Rental Script - Blind SQL Injection

B2B Portal Script - Blind SQL Injection

MLM Unilevel Plan Script 1.0.2 - SQL Injection

Just Dial Clone Script - SQL Injection

BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation

Waves Audio Service - Unquoted Service Path Privilege Escalation

4.10.2016

Bugtraq

Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities 2016-10-04
Vulnerability Lab (research vulnerability-lab com)

AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit 2016-10-04
Vulnerability Lab (research vulnerability-lab com)

TeempIp XSS Cookie Theft 2016-10-03
apparitionsec gmail com

[SECURITY] [DSA 3684-1] libdbd-mysql-perl security update 2016-10-03
Florian Weimer (fw deneb enyo de)

[SECURITY] [DSA 3681-2] wordpress regression update 2016-10-01
Yves-Alexis Perez (corsac debian org)

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-01
Dawid Golunski (dawid legalhackers com)

Multiple exposures in Sophos UTM 2016-09-30
Tim Schughart (t schughart prosec-networks com)

Malware

 

Phishing

App Store

4th October 2016

UPDATES TO YOUR APPS AVAILABLE

Vulnerebility

Sophos UTM Multiple Local Information Disclosure Vulnerabilities
2016-10-04
http://www.securityfocus.com/bid/93266

Linux Kernel CVE-2016-5344 Multiple Integer Overflow Vulnerabilities
2016-10-04
http://www.securityfocus.com/bid/92695

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/91704

Linux Kernel CVE-2016-5342 Local Heap Buffer Overflow Vulnerability
2016-10-04
http://www.securityfocus.com/bid/92693

Google Android CVE-2016-6673 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93321

Linux Kernel CVE-2016-2059 Local Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/90230

Linux Kernel CVE-2016-3860 Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93320

Google Android NVIDIA GPU Driver CVE-2016-6677 Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93319

Linux Kernel CVE-2016-5340 Security Bypass Vulnerability
2016-10-04
http://www.securityfocus.com/bid/92374

Linux Kernel CVE-2015-8950 Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93318

Linux Kernel CVE-2015-8951 Memory Corruption Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93317

Linux Kernel 'lib/asn1_decoder.c' Local Memory Corruption Vulnerability
2016-10-04
http://www.securityfocus.com/bid/90626

Google Android CVE-2016-3922 Remote Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93315

Google Android CVE-2016-6674 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93316

Linux Kernel CVE-2016-3931 Remote Code Execution Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93313

Linux Kernel CVE-2015-8955 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93314

Google Android Mediaserver Multiple Privilege Escalation Vulnerabilities
2016-10-04
http://www.securityfocus.com/bid/93311

Linux Kernel CVE-2015-0572 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93312

Google Android CVE-2016-3923 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93310

Linux Kernel Multiple Information Disclosure Vulnerabilities
2016-10-04
http://www.securityfocus.com/bid/93309

Google Android CVE-2016-3911 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93303

Google Android CVE-2016-3928 Remote Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93308

Google Android Framework Listener CVE-2016-3921 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93307

Google Android CVE-2016-3930 Remote Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93306

Google Nexus Motorola USBNet Driver CVE-2016-6678 Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93305

Linux Kernel CVE-2016-7117 Use-After-Free Remote Code Execution Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93304

Google Nexus CVE-2016-6690 Denial of Service Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93301

Google Android Framework APIs CVE-2016-3912 Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93302

Google Android AOSP Mail CVE-2016-3918 Information Disclosure Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93299

Google Android CVE-2016-3914 Remote Privilege Escalation Vulnerability
2016-10-04
http://www.securityfocus.com/bid/93300

SANS News

Password Buddies: A Better Way To Reset Passwords

Threatpost

Apple To Block WoSign Intermediate Certificates

Hack Crashes Linux Distros with 48 Characters of Code

Exploit

Android - Insufficient Binder Message Verification Pointer Leak

Disk Pulse Enterprise 9.0.34 - Buffer Overflow Exploit

DWebPro 8.4.2 - Multiple Vulnerabilities

Apache Tomcat 8/7/6 (Debian-Based Distros) - Privilege Escalation

Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)

3.10.2016

Bugtraq

[SECURITY] [DSA 3681-2] wordpress regression update 2016-10-01
Yves-Alexis Perez (corsac debian org)

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-01
Dawid Golunski (dawid legalhackers com)

Multiple exposures in Sophos UTM 2016-09-30
Tim Schughart (t schughart prosec-networks com)

[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) 2016-09-30
matthias deeg syss de

Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability 2016-09-29
Mike Kienenberger (mkienenb gmail com)

Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29
Tim Schughart (t schughart prosec-networks com)

Malware

 

Phishing

 

Vulnerebility

Joomla! Huge-IT Catalog Extension CVE-2016-1000125 SQL Injection Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93265

ImageMagick 'MagickCore/profile.c' Memory Corruption Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93264

Ruby OpenSSL Security Bypass Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93031

Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93263

Pacemaker CVE-2016-7797 Remote Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93261

Google Chrome OS Security Bypass and Arbitrary Code Execution Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/93260

C-ares CVE-2016-5180 Out of Bounds Write Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93243

BB&T U CVE-2016-6550 SSL Certificate Validation Security Bypass Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93259

phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/93257

phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/93258

phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/91390

phpMyAdmin CVE-2016-6624 Security Bypass Vulnerability
2016-10-03
http://www.securityfocus.com/bid/92489

QEMU 'megasas_ctrl_get_info()' Information Disclosure Vulnerability
2016-10-03
http://www.securityfocus.com/bid/91097

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/90584

Abus Security Center 'FTP' HTML Injection Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93254

Qemu CVE-2016-6833 Use After Free Memory Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93255

Multiple NVIDIA Products CVE-2016-4959 Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/93256

QEMU CVE-2016-7422 Null Pointer Dereference Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/92996

Multiple NVIDIA Products Local Privilege Escalation and Denial of Service Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/93251

QEMU 'hw/scsi/mptconfig.c' Multiple Local Denial of Service Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/92775

QEMU 'pvscsi_convert_sglist()' Function Local Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/92774

Python Twisted CVE-2016-1000111 Security Bypass Vulnerability
2016-10-03
http://www.securityfocus.com/bid/91820

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-10-03
http://www.securityfocus.com/bid/92444

QEMU File Handling Multiple Directory Traversal Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/92680

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/92446

QEMU 'get_cmd()' Function Denial of Service Vulnerability
2016-10-03
http://www.securityfocus.com/bid/90995

QEMU 'hw/scsi/esp.c' Multiple Remote Code Execution Vulnerabilities
2016-10-03
http://www.securityfocus.com/bid/91079

QEMU 'block/iscsi.c' Heap Based Buffer Overflow Vulnerability
2016-10-03
http://www.securityfocus.com/bid/90948

QEMU CVE-2016-4454 Memory Corruption Vulnerability
2016-10-03
http://www.securityfocus.com/bid/90927

QEMU CVE-2016-4441 Remote Code Execution Vulnerability
2016-10-03
http://www.securityfocus.com/bid/90762

SANS News

The Short Life of a Vulnerable DVR Connected to the Internet

Threatpost

Researchers Break MarsJoke Ransomware Encryption

Mozilla Reduces Threat of Export-Grade Crypto to Firefox

Source Code Released for Mirai DDoS Malware

Exploit

Windows Firewall Control - Unquoted Service Path Privilege Escalation

2.10.2016

Bugtraq

Multiple exposures in Sophos UTM 2016-09-30
Tim Schughart (t schughart prosec-networks com)

[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) 2016-09-30
matthias deeg syss de

Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability 2016-09-29
Mike Kienenberger (mkienenb gmail com)

Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29
Tim Schughart (t schughart prosec-networks com)

[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification 2016-09-29
security-alert hpe com

Malware

Ransom.Xpan

Phishing

 

Vulnerebility

BB&T U CVE-2016-6550 SSL Certificate Validation Security Bypass Vulnerability
2016-10-02
http://www.securityfocus.com/bid/93259

phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/93257

phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/93258

phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/91390

phpMyAdmin CVE-2016-6624 Security Bypass Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92489

QEMU 'megasas_ctrl_get_info()' Information Disclosure Vulnerability
2016-10-02
http://www.securityfocus.com/bid/91097

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/90584

Abus Security Center 'FTP' HTML Injection Vulnerability
2016-10-02
http://www.securityfocus.com/bid/93254

Qemu CVE-2016-6833 Use After Free Memory Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/93255

Multiple NVIDIA Products CVE-2016-4959 Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/93256

QEMU CVE-2016-7422 Null Pointer Dereference Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92996

Multiple NVIDIA Products Local Privilege Escalation and Denial of Service Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/93251

QEMU 'hw/scsi/mptconfig.c' Multiple Local Denial of Service Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/92775

QEMU 'pvscsi_convert_sglist()' Function Local Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92774

Python Twisted CVE-2016-1000111 Security Bypass Vulnerability
2016-10-02
http://www.securityfocus.com/bid/91820

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92444

QEMU File Handling Multiple Directory Traversal Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/92680

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92446

QEMU 'get_cmd()' Function Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90995

QEMU 'hw/scsi/esp.c' Multiple Remote Code Execution Vulnerabilities
2016-10-02
http://www.securityfocus.com/bid/91079

QEMU 'block/iscsi.c' Heap Based Buffer Overflow Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90948

QEMU CVE-2016-4454 Memory Corruption Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90927

QEMU CVE-2016-4441 Remote Code Execution Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90762

QEMU '/hw/net/net_tx_pkt.c' Integer Overflow Vulnerability
2016-10-02
http://www.securityfocus.com/bid/92556

QEMU CVE-2016-4439 Remote Code Execution Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90760

QEMU Out of Bounds Write Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90875

QEMU CVE-2016-4453 Infinite Loop Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90928

QEMU 'megasas_lookup_frame()' Function Out of Bounds Read Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/90874

QEMU 'ne2000.c' CVE-2016-2841 Denial of Service Vulnerability
2016-10-02
http://www.securityfocus.com/bid/84028

QEMU 'stellaris_enet_receive()' Function Remote Buffer Overflow Vulnerability
2016-10-02
http://www.securityfocus.com/bid/85976

SANS News

 

Threatpost

Report a Grim Reminder of State of Critical Infrastructure Security

Academics Put Another Dent in Online Anonymity

Exploit

Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege

30.9.2016

Bugtraq

Multiple exposures in Sophos UTM 2016-09-30
Tim Schughart (t schughart prosec-networks com)

[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) 2016-09-30
matthias deeg syss de

Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability 2016-09-29
Mike Kienenberger (mkienenb gmail com)

Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29
Tim Schughart (t schughart prosec-networks com)

[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification 2016-09-29
security-alert hpe com

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities 2016-09-28
Matteo Beccati (matteo beccati com)

Malware

Win32/Locky 

Phishing

 

Vulnerebility

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-09-30
http://www.securityfocus.com/bid/90584

Multiple NVIDIA Products CVE-2016-4959 Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/93256

QEMU CVE-2016-7422 Null Pointer Dereference Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92996

Multiple NVIDIA Products Local Privilege Escalation and Denial of Service Vulnerabilities
2016-09-30
http://www.securityfocus.com/bid/93251

QEMU 'hw/scsi/mptconfig.c' Multiple Local Denial of Service Vulnerabilities
2016-09-30
http://www.securityfocus.com/bid/92775

QEMU 'pvscsi_convert_sglist()' Function Local Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92774

Python Twisted CVE-2016-1000111 Security Bypass Vulnerability
2016-09-30
http://www.securityfocus.com/bid/91820

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92444

QEMU File Handling Multiple Directory Traversal Vulnerabilities
2016-09-30
http://www.securityfocus.com/bid/92680

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92446

QEMU 'get_cmd()' Function Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90995

QEMU 'hw/scsi/esp.c' Multiple Remote Code Execution Vulnerabilities
2016-09-30
http://www.securityfocus.com/bid/91079

QEMU 'block/iscsi.c' Heap Based Buffer Overflow Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90948

QEMU CVE-2016-4454 Memory Corruption Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90927

QEMU CVE-2016-4441 Remote Code Execution Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90762

QEMU '/hw/net/net_tx_pkt.c' Integer Overflow Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92556

QEMU CVE-2016-4439 Remote Code Execution Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90760

QEMU Out of Bounds Write Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90875

QEMU CVE-2016-4453 Infinite Loop Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90928

QEMU 'megasas_lookup_frame()' Function Out of Bounds Read Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/90874

QEMU 'ne2000.c' CVE-2016-2841 Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/84028

QEMU 'stellaris_enet_receive()' Function Remote Buffer Overflow Vulnerability
2016-09-30
http://www.securityfocus.com/bid/85976

QEMU '/hw/net/mipsnet.c' Remote Buffer Overflow Vulnerability
2016-09-30
http://www.securityfocus.com/bid/85992

QEMU CVE-2016-4020 Information Disclosure Vulnerability
2016-09-30
http://www.securityfocus.com/bid/86067

phpMyAdmin CVE-2016-6630 Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92501

phpMyAdmin CVE-2016-6626 URL Redirect Protection Security Bypass Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92490

phpMyAdmin CVE-2016-6633 Remote Code Execution Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92500

phpMyAdmin CVE-2016-6631 Remote Code Execution Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92496

phpMyAdmin CVE-2016-6632 Denial of Service Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92497

phpMyAdmin CVE-2016-6629 Security Bypass Vulnerability
2016-09-30
http://www.securityfocus.com/bid/92493

SANS News

Another Day, Another Malicious Behaviour

Threatpost

Zerodium Triples its iOS 10 Bounty to $1.5 Million

Backdoored D-Link Router Should be Trashed, Researcher Says

Exploit

KeepNote 0.7.8 - Command Execution

Netgear Genie 2.4.32 - Unquoted Service Path Elevation of Privilege

29.9.2016

Bugtraq

Persistent XSS in Abus Security Center - CVSS 8.0 2016-09-29
Tim Schughart (t schughart prosec-networks com)

[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification 2016-09-29
security-alert hpe com

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities 2016-09-28
Matteo Beccati (matteo beccati com)

Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) 2016-09-28
Pierre Kim (pierre kim sec gmail com)

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 2016-09-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[slackware-security] bind (SSA:2016-271-01) 2016-09-27
Slackware Security Team (security slackware com)

Malware

Downloader.Quanader

Ransom.Nagini

Phishing

 

Vulnerebility

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-09-29
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-09-29
http://www.securityfocus.com/bid/89746

ImageMagick CVE-2014-9907 Multiple Denial of Service Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/93231

ImageMagick CVE-2016-7539 Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93232

VLC Media Player Unspecified Buffer Overflow Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93227

ImageMagick CVE-2016-7540 Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93228

KDE kdesu CVE-2016-7787 Command Execution Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93224

ImageMagick 'coders/viff.c' Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93226

ImageMagick CVE-2016-7536 Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93225

ClamAV CVE-2016-1371 Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93222

ImageMagick 'MagickCore/memory.c' Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93220

systemd 'manager_invoke_notify_message()' Function Local Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93223

ClamAV CVE-2016-1372 Multiple Denial of Service Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/93221

RETIRED: FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability
2016-09-29
http://www.securityfocus.com/bid/92790

Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/93101

FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability
2016-09-29
http://www.securityfocus.com/bid/92664

Red Hat JBoss BPMS CVE-2016-5398 HTML Injection Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93219

libgd 'gd_webp.c' Integer Overflow Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93184

HP Network Automation CVE-2016-4386 Local Security Bypass Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93218

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93188

MuJS Multiple Heap Based Buffer Overflow Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/93075

baserCMS Multiple HTML Injection and Cross Site Request Forgery Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/93217

ManageEngine ServiceDesk Plus CVE-2016-4890 Security Bypass Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93216

ManageEngine ServiceDesk Plus CVE-2016-4889 Privilage Escalation Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93215

ManageEngine ServiceDesk Plus CVE-2016-4888 HTML Injection Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93214

Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
2016-09-29
http://www.securityfocus.com/bid/92966

App Container docker2aci Directory Traversal Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93194

OpenSSL 'BN_bn2dec()' Function Out of Bounds Write Denial of Service Vulnerability
2016-09-29
http://www.securityfocus.com/bid/92557

OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
2016-09-29
http://www.securityfocus.com/bid/92987

Microsoft Azure Active Directory Passport CVE-2016-7191 Authentication Bypass Vulnerability
2016-09-29
http://www.securityfocus.com/bid/93213

SANS News

SNMP Pwn3ge

Threatpost

Congressional Leaders Demand Answers on Yahoo Breach

ISC Patches Critical Error Condition in BIND

Microsoft Unveils Cloud-Based Fuzz-Testing Service

Vendetta Brothers Cyber Crooks Adopt Real World Tactics

Cisco Warns of Critical Flaw in Email Security Appliances

Exploit

VLC Media Player 2.2.1 - Buffer Overflow

KeepNote 0.7.8 - Remote Command Execution

28.9.2016

Bugtraq

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 2016-09-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities 2016-09-28
Matteo Beccati (matteo beccati com)

Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) 2016-09-28
Pierre Kim (pierre kim sec gmail com)

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 2016-09-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[slackware-security] bind (SSA:2016-271-01) 2016-09-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3680-1] bind9 security update 2016-09-27
Florian Weimer (fw deneb enyo de)

ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability 2016-09-27
EMC Product Security Response Center (Security_Alert emc com)

[SECURITY] [DSA 3679-1] jackrabbit security update 2016-09-27
Florian Weimer (fw deneb enyo de)

Malware

BrowserModifier:Win32/Qiwmonk 
BrowserModifier:Win32/Qiwmonk!blnk 

MSIL/Spy.Agent.APY

Java/JSP.E

Win32/Runner.NCA

Python/SeaDuke.A

Win32/Spy.Delf.OZI

Phishing

 

Vulnerebility

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91068

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91067

IBM Spectrum Scale and IBM GPFS Local Command Execution Vulnerability
2016-09-28
http://www.securityfocus.com/bid/92408

ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
2016-09-28
http://www.securityfocus.com/bid/93188

libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
2016-09-28
http://www.securityfocus.com/bid/79811

ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability
2016-09-28
http://www.securityfocus.com/bid/92037

QEMU CVE-2016-5403 Denial of Service Vulnerability
2016-09-28
http://www.securityfocus.com/bid/92148

Samba CVE-2016-2119 Man in the Middle Security Bypass Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91700

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-09-28
http://www.securityfocus.com/bid/83329

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-09-28
http://www.securityfocus.com/bid/90856

libarchive 'archive_read_support_format_zip.c' Heap Buffer Overflow Vulnerability
2016-09-28
http://www.securityfocus.com/bid/89355

libarchive 'archive_read_extract.c' Information Disclosure Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91340

Oracle Fusion Middleware CVE-2016-3595 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91940

libarchive CVE-2015-8930 Denial of Service Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91339

Oracle Fusion Middleware CVE-2016-3596 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91942

Oracle Fusion Middleware CVE-2016-3593 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91908

Oracle Fusion Middleware CVE-2016-3594 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91939

Oracle Fusion Middleware CVE-2016-3592 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91937

Oracle Fusion Middleware CVE-2016-3583 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91934

Oracle Fusion Middleware CVE-2016-3590 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91935

Oracle Fusion Middleware CVE-2016-3591 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91936

Oracle Fusion Middleware CVE-2016-3582 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91933

Oracle Fusion Middleware CVE-2016-3580 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91929

Oracle Fusion Middleware CVE-2016-3577 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91924

QEMU CVE-2016-3710 Remote Code Execution Vulnerability
2016-09-28
http://www.securityfocus.com/bid/90316

Oracle Fusion Middleware CVE-2016-3574 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91914

Oracle Fusion Middleware CVE-2016-3579 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91927

Libarchive CVE-2015-8933 Local Denial of Service Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91421

Oracle Fusion Middleware CVE-2016-3581 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91931

Oracle Fusion Middleware CVE-2016-3576 Remote Security Vulnerability
2016-09-28
http://www.securityfocus.com/bid/91923

SANS News

Rig Exploit Kit from the Afraidgate Campaign

Threatpost

Signal Adds iPhone Access to Desktop App

Germany Orders Facebook to Stop Collecting Data on WhatsApp Users


Microsoft Edge Adds App Guard Browser Security

Exploit

Symantec Messaging Gateway 10.6.1 - Directory Traversal

Android 5.0 <= 5.1.1 - Stagefright .MP4 tx3g Integer Overflow (Metasploit)

Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit)

FreePBX < 13.0.188 - Remote Command Execution (Metasploit)

NetMan 204 - Backdoor Account

TP-Link Archer CR-700 - Cross-Site Scripting

27.9.2016

Bugtraq

[SECURITY] [DSA 3679-1] jackrabbit security update 2016-09-27
Florian Weimer (fw deneb enyo de)

[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS) 2016-09-26
security-alert hpe com

[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities 2016-09-26
security-alert hpe com

[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities 2016-09-26
security-alert hpe com

[SECURITY] [DSA 3678-1] python-django security update 2016-09-26
Florian Weimer (fw deneb enyo de)

[slackware-security] openssl (SSA:2016-270-01) 2016-09-26
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) 2016-09-26
security-alert hpe com

OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10) 2016-09-24
Ralf Spenneberg (info os-t de)

Malware

BrowserModifier:Win32/Qiwmonk 

Ransom.MarsJoke

Exp.CVE-2016-4282

Phishing

 

Vulnerebility

GNU Bash CVE-2016-7543 Local Command Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/93183

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-09-27
http://www.securityfocus.com/bid/89752

libxml2 'HTMLparser.c' Out of Bounds Read Denial of Service Vulnerability
2016-09-27
http://www.securityfocus.com/bid/85267

libxml2 CVE-2015-8806 Denial of Service Vulnerability
2016-09-27
http://www.securityfocus.com/bid/82071

Multiple IBM Products CVE-2013-0513 Local Privilege Escalation Vulnerability
2016-09-27
http://www.securityfocus.com/bid/58691

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-09-27
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/91918

Django CVE-2016-7401 Cross Site Request Forgery Vulnerability
2016-09-27
http://www.securityfocus.com/bid/93182

ImageMagick 'coders/sgi.c' Remote Buffer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/93181

LibTIFF 'libtiff/tif_next.c' Memory Corruption Vulnerability
2016-09-27
http://www.securityfocus.com/bid/73438

LibTIFF CVE-2015-8668 Heap Buffer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/79696

LibTIFF CVE-2016-3990 Heap Buffer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/86000

LibTIFF CVE-2016-3945 Arbitrary Command Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/85960

LibTIFF 'tif_getimage.c' Out of Bounds Read Denial of Service Vulnerability
2016-09-27
http://www.securityfocus.com/bid/79718

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/83423

libTIFF CVE-2016-5320 Remote Code Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/91195

LibTIFF '_TIFFVGetField()' Function Arbitrary Command Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/85953

LibTIFF 'tif_write.c' Denial of Service Vulnerability
2016-09-27
http://www.securityfocus.com/bid/72353

LibTIFF 'NeXTDecode()' Function Out of Bounds Write Memory Corruption Vulnerability
2016-09-27
http://www.securityfocus.com/bid/81696

LibTIFF 'tools/bmp2tiff.c' Out of Bounds Read Integer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/71789

LibTIFF CVE-2015-8665 Out Of Bounds Read Denial of Service Vulnerability
2016-09-27
http://www.securityfocus.com/bid/79728

LibTIFF 'tiffcrop.c' Heap Buffer Overflow Vulnerability
2016-09-27
http://www.securityfocus.com/bid/85996

LibTIFF CVE-2015-7554 Invalid Write Memory Corruption Vulnerability
2016-09-27
http://www.securityfocus.com/bid/79699

LibTIFF CVE-2014-9655 Multiple Memory Corruption Vulnerabilities
2016-09-27
http://www.securityfocus.com/bid/73441

LibTIFF Multiple Out of Bounds Memory Corruption Vulnerabilities
2016-09-27
http://www.securityfocus.com/bid/81730

LibTIFF CVE-2014-8127 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2016-09-27
http://www.securityfocus.com/bid/72323

LibTIFF CVE-2014-8129 Out of Bounds Read and Write Multiple Remote Denial of Service Vulnerabilities
2016-09-27
http://www.securityfocus.com/bid/72352

IBM AIX CVE-2016-6038 Directory Traversal Vulnerability
2016-09-27
http://www.securityfocus.com/bid/93180

Adobe Digital Editions CVE-2016-6980 Unspecified Use After Free Remote Code Execution Vulnerability
2016-09-27
http://www.securityfocus.com/bid/93179

libssh2 CVE-2016-0787 Security Bypass Vulnerability
2016-09-27
http://www.securityfocus.com/bid/83389

SANS News

 

Threatpost

Questions Mount Around Yahoo Breach

Sofacy APT Targeting OS X Machines with Komplex Trojan

New Google Tools Help Devs Improve Content Security Policy Protection

Facebook Debuts Open Source Detection Tool for Windows


Signal Adds iPhone Access to Desktop App

Exploit

Joomla! Component Event Booking 2.10.1 - SQL Injection

Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)

Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive...

Macro Expert 4.0 - Multiple Privilege Escalations

Iperius Remote 1.7.0 - Unquoted Service Path Privilege Escalation

MSI - NTIOLib.sys / WinIO.sys Local Privilege Escalation

Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation

NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation

26.9.2016

Bugtraq

[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) 2016-09-26
security-alert hpe com

OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10) 2016-09-24
Ralf Spenneberg (info os-t de)

[slackware-security] php (SSA:2016-267-01) 2016-09-23
Slackware Security Team (security slackware com)

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability 2016-09-23
EMC Product Security Response Center (Security_Alert emc com)

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22
cfpbrussels2017 recon cx

[SECURITY] [DSA 3674-1] firefox-esr security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3673-1] openssl security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)

IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)

Malware

TrojanDownloader:Win32/BitMiner 

Ransom:Win32/Mambretor.A 

Phishing

 

Vulnerebility

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-09-26
http://www.securityfocus.com/bid/91067

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/91453

IBM Spectrum Scale and IBM GPFS CVE-2016-2984 Local Command Execution Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92410

Libxml2 'xmlsave.c' Denial of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/90013

IBM WebSphere Application Server CVE-2016-5986 Information Disclosure Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93013

IBM WebSphere Application Server Liberty CVE-2016-3040 Open Redirect Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92986

IBM WebSphere Application Server Liberty Profile CVE-2016-3042 Cross Site Scripting Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92985

OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2016-09-26
http://www.securityfocus.com/bid/84427

OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2016-09-26
http://www.securityfocus.com/bid/84314

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2016-09-26
http://www.securityfocus.com/bid/76317

Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability
2016-09-26
http://www.securityfocus.com/bid/84275

IBM WebSphere Application Server CVE-2016-0377 Information Disclosure Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92514

IBM Security Access Manager CVE-2016-3025 Security Bypass Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93178

OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93177

IBM Security Access Manager CVE-2016-3028 Remote Command Injection Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93176

Moodle CVE-2016-7038 Security Bypass Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93174

libstorage CVE-2016-5746 Insecure File Permissions Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93169

Red Hat Undertow CVE-2016-7046 Remote Denial of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93173

OpenSSL CVE-2016-7052 Denial of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93171

IBM Connections CVE-2016-3001 Unspecified Cross Site Scripting Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93172

Google Nexus CVE-2016-3857 Privilege Escalation Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92234

IBM WebSphere Application Server CVE-2016-0385 Security Bypass Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92505

IBM WebSphere Application Server CVE-2016-2960 Denial of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/92354

IBM WebSphere Application Server Liberty CVE-2016-0378 Information Disclosure Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93143

IBM Connections CVE-2016-3000 Denial of Service Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93166

libarchive CVE-2016-5418 Arbitrary File Write Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93165

IBM Connections CVE-2016-3007 Cross Site Request Forgery Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93168

IBM Connections CVE-2016-3006 Unspecified Cross Site Scripting Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93167

Atlassian HipChat Plugin CVE-2016-6668 Information Disclosure Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93159

IBM Connections CVE-2016-3003 Unspecified Cross Site Scripting Vulnerability
2016-09-26
http://www.securityfocus.com/bid/93161

SANS News

Defining Threat Intelligence Requirements

VBA and P-code

Threatpost

MarsJoke Ransomware Targets .EDU, .GOV Agencies

Hancitor Downloader Abusing APIs, PowerShell Commands

Exploit

 

25.9.2016

Bugtraq

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22
cfpbrussels2017 recon cx

[SECURITY] [DSA 3674-1] firefox-esr security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3673-1] openssl security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)

IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)

[slackware-security] irssi (SSA:2016-265-03) 2016-09-21
Slackware Security Team (security slackware com)

[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities 2016-09-21
security-alert hpe com

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com

[slackware-security] pidgin (SSA:2016-265-01) 2016-09-21
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3672-1] irssi security update 2016-09-21
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

Ransom:Win32/Tovicrypt.A 

W32.Oldigork

Phishing

 

Vulnerebility

Geeklog IVYWE CVE-2016-4875 Multiple Cross Site Scripting Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93123

ImageMagick CVE-2016-7513 Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93121

Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93119

Google Chrome Logic Error Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93113

ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93122

ImageMagick 'coders/rle.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93120

Cisco Email Security Appliance CVE-2016-6406 Privilege Escalation Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93116

VLAN VLC 'mp4.c' Divide-By-Zero Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93118

Google Chrome Protocol Handler Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93117

Siemens Scalance M-800 / S615 CVE-2016-7090 Information Disclosure Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93115

Red Hat Enterprise Linux CVE-2016-3699 Local Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93114

ipywidgets Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93112

PHP 'ext/spl/spl_array.c' Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/91401

PHP unserialize() Function Type Confusion Security Vulnerability
2016-09-23
http://www.securityfocus.com/bid/68237

PHP CVE-2015-0231 Incomplete Fix Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/72539

PHP 'ext/zip/php_zip.c' Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/91397

PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/76649

PHP 'process_nested_data()' Function Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/71791

OpenJPEG Multiple Security Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93111

Mozilla Firefox Multiple Security Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93049

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/77283

Network Time Protocol CVE-2015-7705 Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/77284

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/77287

HP Network Automation Java Deserialization CVE-2016-4385 Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93109

Kerio Control Prior to 9.1.3 Multiple Security Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93110

Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93108

Joomla! Huge-IT Video Gallery Extension CVE-2016-1000123 SQL Injection Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93107

OpenStack Glance CVE-2016-4383 Remote Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93106

Fatek Automation PM Designer Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93105

SANS News

The era of big DDOS?

.PUB Analysis

Threatpost

Drupal Patches Three Vulnerabilities in Core Engine

Researchers Find Severe Password Security Hole with iOS 10 Backups

Exploit

Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation

Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege...

Adobe Flash - Crash When Freeing Memory After AVC decoding

Adobe Flash - Video Decompression Memory Corruption

Linux - SELinux W+X Protection Bypass via AIO

23.9.2016

Bugtraq

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability 2016-09-23
EMC Product Security Response Center (Security_Alert emc com)

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22
cfpbrussels2017 recon cx

[SECURITY] [DSA 3674-1] firefox-esr security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3673-1] openssl security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)

IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)

[slackware-security] irssi (SSA:2016-265-03) 2016-09-21
Slackware Security Team (security slackware com)

[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities 2016-09-21
security-alert hpe com

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com

Malware

Ransom:Win32/Tovicrypt.A 

W32.Oldigork

Phishing

 

Vulnerebility

IBM Tealeaf Customer Experience CVE-2016-5976 Information Disclosure Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93134

ImageMagick Multiple Heap Overflow Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93131

IBM Security Guardium CVE-2016-0248 Man in the Middle Information Disclosure Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93137

Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/58073

ImageMagick 'viff.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93129

ImageMagick 'coders/sun.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93130

ImageMagick 'coders/pict.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93128

MuPDF 'pdf-object.c' Use After Free Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93127

Cisco IOS and Cisco IOS XE Software CVE-2014-2146 Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93126

ImageMagick CVE-2015-8957 Remote Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93125

ImageMagick 'coders/sun.c' Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93124

Geeklog IVYWE CVE-2016-4875 Multiple Cross Site Scripting Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93123

ImageMagick CVE-2016-7513 Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93121

Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93119

Google Chrome Logic Error Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93113

ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93122

ImageMagick 'coders/rle.c' Heap Buffer Overflow Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93120

Cisco Email Security Appliance CVE-2016-6406 Privilege Escalation Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93116

VLAN VLC 'mp4.c' Divide-By-Zero Denial of Service Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93118

Google Chrome Protocol Handler Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93117

Siemens Scalance M-800 / S615 CVE-2016-7090 Information Disclosure Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93115

Red Hat Enterprise Linux CVE-2016-3699 Local Security Bypass Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93114

ipywidgets Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/93112

PHP 'ext/spl/spl_array.c' Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/91401

PHP unserialize() Function Type Confusion Security Vulnerability
2016-09-23
http://www.securityfocus.com/bid/68237

PHP CVE-2015-0231 Incomplete Fix Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/72539

PHP 'ext/zip/php_zip.c' Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/91397

PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/76649

PHP 'process_nested_data()' Function Use After Free Remote Code Execution Vulnerability
2016-09-23
http://www.securityfocus.com/bid/71791

OpenJPEG Multiple Security Vulnerabilities
2016-09-23
http://www.securityfocus.com/bid/93111

SANS News

The era of big DDOS?

Threatpost

Drupal Patches Three Vulnerabilities in Core Engine

Researchers Find Severe Password Security Hole with iOS 10 Backups

Exploit

Matrimonial Website Script 1.0.2 - SQL Injection

Kerio Control Unified Threat Management 9.1.0 build 1087, 9.1.1 build 1324 -...

Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection

JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal

22.9.2016

Bugtraq

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)

IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)

[slackware-security] irssi (SSA:2016-265-03) 2016-09-21
Slackware Security Team (security slackware com)

[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities 2016-09-21
security-alert hpe com

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com

[slackware-security] pidgin (SSA:2016-265-01) 2016-09-21
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3672-1] irssi security update 2016-09-21
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2016-09-20-6 tvOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

Malware

W32.Oldigork

Phishing

 

Vulnerebility

PHP 'ext/spl/spl_array.c' Use After Free Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/91401

PHP unserialize() Function Type Confusion Security Vulnerability
2016-09-22
http://www.securityfocus.com/bid/68237

PHP CVE-2015-0231 Incomplete Fix Use After Free Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/72539

PHP 'ext/zip/php_zip.c' Use After Free Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/91397

PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/76649

PHP 'process_nested_data()' Function Use After Free Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/71791

OpenJPEG Multiple Security Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/93111

Mozilla Firefox Multiple Security Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/93049

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/77283

Network Time Protocol CVE-2015-7705 Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/77284

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2016-09-22
http://www.securityfocus.com/bid/77287

HP Network Automation Java Deserialization CVE-2016-4385 Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93109

Kerio Control Prior to 9.1.3 Multiple Security Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/93110

Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93108

Joomla! Huge-IT Video Gallery Extension CVE-2016-1000123 SQL Injection Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93107

OpenStack Glance CVE-2016-4383 Remote Security Bypass Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93106

Fatek Automation PM Designer Remote Code Execution Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93105

WordPress W3 Total Cache Plugin 'admin.php' Cross Site Scripting Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93104

Irssi Heap Buffer Overflow and Denial of Service Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/93103

JCraft JSch CVE-2016-5725 Directory Traversal Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93100

Libav 'libavcodec/aacsbr.c' Divide-By-Zero Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93102

Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities
2016-09-22
http://www.securityfocus.com/bid/93101

OpenStack Nova Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93068

Libav 'ff_put_pixels8_xy2_mmx()' Function NULL Pointer Dereference Denial of Service Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93042

Multiple IBM Products CVE-2016-5947 Clickjacking Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93085

Multiple IBM Products CVE-2016-5945 Arbitrary File Upload Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93082

Multiple IBM Products CVE-2016-5944 Cross Site Scripting Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93087

Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93098

Cisco Application Policy Infrastructure Controller Local Privilege Escalation Vulnerability
2016-09-22
http://www.securityfocus.com/bid/93089

SANS News

Those never-ending waves of Locky malspam

OpenSSL Update Released

Threatpost

iSpy Keylogger Targets Passwords, Skype, Webcams

SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool

Malware Evades Detection with Novel Technique

DHS Announces Intent to Draft IoT Security Framework

Cisco Warns of Command Injection Flaw in Cloud Platform

Exploit

Exponent CMS 2.3.9 - Blind SQL Injection

Microix Timesheet Module - SQL Injection

AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation

Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101)

21.9.2016

Bugtraq

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2016-09-20-6 tvOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-09-20-5 watchOS 3 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-09-20-4 macOS Server 5.2 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-09-20-3 iOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-09-20-2 Safari 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)

ESA-2016-093: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2016-09-20
EMC Product Security Response Center (Security_Alert emc com)

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)

Malware

 

Phishing

 

Vulnerebility

file 'readelf.c' Out-of-Bounds Read Vulnerability
2016-09-21
http://www.securityfocus.com/bid/72516

IBM WebSphere Application Server Liberty CVE-2016-3040 Open Redirect Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92986

file CVE-2014-8117 Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/71692

PHP 'donote()' Function Out-of-Bounds Read Vulnerability
2016-09-21
http://www.securityfocus.com/bid/70807

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/69325

file CVE-2014-8116 Multiple Denial of Service Vulnerabilities
2016-09-21
http://www.securityfocus.com/bid/71700

file 'src/readelf.c' Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/71715

PHP Fileinfo Component Incomplete Fix Remote Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/68348

Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
2016-09-21
http://www.securityfocus.com/bid/72809

Multiple Rockwell Automation RSLogix Products CVE-2016-5814 Local Buffer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92983

PCRE CVE-2016-3191 Buffer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/84810

PCRE 'compile_regex()' Function Heap Buffer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/74934

PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/79825

PCRE 'pcre_jit_compile.c' Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/85570

PCRE 'compile_regex()' Function Stack Buffer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/74924

Adobe Flash Player APSB16-29 Multiple Unspecified Memory Corruption Vulnerabilities
2016-09-21
http://www.securityfocus.com/bid/92930

libvirt CVE-2015-5313 Local Directory Traversal Vulnerability
2016-09-21
http://www.securityfocus.com/bid/90913

libvirt CVE-2016-5008 Local Security Bypass Vulnerability
2016-09-21
http://www.securityfocus.com/bid/91562

Adobe Flash Player APSB16-29 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-09-21
http://www.securityfocus.com/bid/92927

Microsoft Edge CVE-2016-3377 Scripting Engine Remote Memory Corruption Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92797

Microsoft Internet Explorer and Edge CVE-2016-3247 Remote Memory Corruption Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92828

GraphicsMagick Multiple Security Vulnerabilities
2016-09-21
http://www.securityfocus.com/bid/83241

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-09-21
http://www.securityfocus.com/bid/91990

PHP 'ext/spl/spl_array.c' Use After Free Remote Code Execution Vulnerability
2016-09-21
http://www.securityfocus.com/bid/91401

Mozilla Firefox Multiple Security Vulnerabilities
2016-09-21
http://www.securityfocus.com/bid/92260

PHP 'zip_stream.c' Integer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92099

PHP CVE-2016-6294 Local Information Disclosure Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92115

PHP 'session.c' Use After Free Remote Code Execution Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92097

PHP 'exif.c' NULL Pointer Dereference Denial of Service Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92078

PHP 'zend_virtual_cwd.c' Integer Overflow Vulnerability
2016-09-21
http://www.securityfocus.com/bid/92074

SANS News

Those never-ending waves of Locky malspam

Windows Events log for IR/Forensics ,Part 2

Threatpost

Mamba Ransomware Encrypts Hard Drives Rather Than Files

Apple Squashes 68 Security Bugs With Sierra Release

Mozilla Patches Certificate Pinning Vulnerability in Firefox


RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware

Exploit

Microsoft Office PowerPoint 2010 - Invalid Pointer Reference

Symantec rar Decomposer Engine (Multiple Products) - Out-of-Bounds Read /...

Dolphin 7.3.0 - Error-Based SQL Injection

VegaDNS 0.13.2 - Remote Command Injection

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

20.9.2016

Bugtraq

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)

Malware

Win32/Spy.Agent.OWY

Backdoor.Batel

Win32/Spy.Agent.OWY

Phishing

 

Vulnerebility

Expat CVE-2016-4472 Incomplete Fix Remote Code Execution Vulnerability
2016-09-20
http://www.securityfocus.com/bid/91528

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-09-20
http://www.securityfocus.com/bid/91068

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/90864

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-09-20
http://www.securityfocus.com/bid/89854

NTP 'ntpd/ntp_config.c' Remote Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/76474

EMC RSA Adaptive Authentication CVE-2016-0925 HTML Injection Vulnerability
2016-09-20
http://www.securityfocus.com/bid/93025

Money Forward Apps for Android CVE-2016-4839 Security Vulnerability
2016-09-20
http://www.securityfocus.com/bid/93035

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-09-20
http://www.securityfocus.com/bid/91067

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2016-09-20
http://www.securityfocus.com/bid/75525

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2016-09-20
http://www.securityfocus.com/bid/76317

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/84992

NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/77274

Network Time Protocol 'ntpq.c' Memory Corruption Vulnerability
2016-09-20
http://www.securityfocus.com/bid/77288

NTP CVE-2015-7701 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/77281

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/88226

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-09-20
http://www.securityfocus.com/bid/77278

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-09-20
http://www.securityfocus.com/bid/88261

NTP CVE-2016-1548 Security Bypass Vulnerability
2016-09-20
http://www.securityfocus.com/bid/88264

NTP CVE-2015-7702 Incomplete Fix Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/77286

NTP CVE-2015-5219 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/76473

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/88276

NTP CVE-2015-7977 NULL Pointer Dereference Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/81815

NTP CVE-2015-5194 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/76475

NTP CVE-2015-7978 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/81962

NTP CVE-2015-7979 Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/81816

NTP CVE-2015-7692 Incomplete Fix Denial of Service Vulnerability
2016-09-20
http://www.securityfocus.com/bid/77285

Microsoft Internet Explorer and Edge CVE-2016-3295 Remote Memory Corruption Vulnerability
2016-09-20
http://www.securityfocus.com/bid/92830

Microsoft Internet Explorer CVE-2016-3292 Remote Privilege Escalation Vulnerability
2016-09-20
http://www.securityfocus.com/bid/92808

Microsoft Edge CVE-2016-3294 Remote Memory Corruption Vulnerability
2016-09-20
http://www.securityfocus.com/bid/92789

Microsoft Office CVE-2016-3365 Memory Corruption Vulnerability
2016-09-20
http://www.securityfocus.com/bid/92804

SANS News

 

Threatpost

Spyware Targeting Overseas Travelers Removed from Google Play

Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K

Mozilla Patching Firefox Certificate Pinning Vulnerability

Android Banking Trojan First to Gain Root Privileges

Exploit

ZineBasic 1.1 - Arbitrary File Disclosure

MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities

MyBB 1.8.6 - SQL Injection

SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation

Docker Daemon - Privilege Escalation (Metasploit)

SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation

VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions

VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow

19.9.2016

Bugtraq

Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)

Malware

 

Phishing

 

Vulnerebility

Huawei AR Routers Multiple Information Disclosure Vulnerabilities
2016-09-19
http://www.securityfocus.com/bid/76897

Multiple Huawei USG Products Buffer Overflow Vulnerability
2016-09-19
http://www.securityfocus.com/bid/92962

Adobe Acrobat and Reader CVE-2016-6937 Unspecified Memory Corruption Vulnerability
2016-09-19
http://www.securityfocus.com/bid/93014

Multiple IBM DB2 Products CVE-2016-5995 Local Privilege Escalation Vulnerability
2016-09-19
http://www.securityfocus.com/bid/93012

PHP CVE-2016-7418 Out-of-Bounds Read Denial of Service Vulnerability
2016-09-19
http://www.securityfocus.com/bid/93011

Huawei AnyOffice Remote Denial of Service Vulnerability
2016-09-19
http://www.securityfocus.com/bid/93010

Trend Micro Smart Protection Server Multiple Security Vulnerabilities
2016-09-16
http://www.securityfocus.com/bid/92778

Splunk Web Unspecified Open Redirection Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92603

Splunk Web Unspecified Cross Site Scripting Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92184
 

SANS News

Does it Matter If You Cover Your Webcam?

Windows Events log for IR/Forensics ,Part 1

Threatpost

Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack

Exploit

Kajona 4.7 - Cross-Site Scripting / Directory Traversal

WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure

Docker Daemon - Privilege Escalation (Metasploit)

SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation

EKG Gadu 1.9~pre+r2855-3+b1 - Local Buffer Overflow

PHP 5.0.0 - 'tidy_parse_file()' Buffer Overflow

18.9.2016

Bugtraq

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)

[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

Malware

Ransom.HDDCryptor

Phishing

 

Vulnerebility

Trend Micro Smart Protection Server Multiple Security Vulnerabilities
2016-09-16
http://www.securityfocus.com/bid/92778

Splunk Web Unspecified Open Redirection Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92603

Splunk Web Unspecified Cross Site Scripting Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92184

Splunk Web Unspecified Open Redirection Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92183

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-09-16
http://www.securityfocus.com/bid/91453

libssh2 CVE-2016-0787 Security Bypass Vulnerability
2016-09-16
http://www.securityfocus.com/bid/83389

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92630

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-09-16
http://www.securityfocus.com/bid/86449

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-09-16
http://www.securityfocus.com/bid/91068

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-09-16
http://www.securityfocus.com/bid/91067

RETIRED: Apple iOS CVE-2016-4655 Local Information Disclosure Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92965

Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92651

GNOME glib Multiple Out of Bounds Denial of Service Vulnerabilities
2016-09-16
http://www.securityfocus.com/bid/93002

OpenStack manila CVE-2016-6519 HTML Injection Vulnerability
2016-09-16
http://www.securityfocus.com/bid/93001

GNU Bash CVE-2016-0634 Local Code Execution Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92999

QEMU Infinite Loop CVE-2016-7421 Denial of Service Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92998

QEMU CVE-2016-7423 Denial of Service Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92997

QEMU CVE-2016-7422 Null Pointer Dereference Denial of Service Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92996

EMC RSA BSAFE Micro Edition Suite Security Weakness and Information Disclosure Vulnerabilities
2016-09-16
http://www.securityfocus.com/bid/92994

Splunk Enterprise and Splunk Lite CVE-2016-4856 HTML Injection Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92990

Crypto++ CVE-2016-7420 Information Disclosure Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92988

IBM WebSphere Application Server Liberty Profile CVE-2016-3042 Cross Site Scripting Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92985

ABB DataManagerPro CVE-2016-4526 DLL Loading Local Code Execution Vulnerability
2016-09-16
http://www.securityfocus.com/bid/92980

IBM WebSphere Application Server Liberty Profile CVE-2016-2923 Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91518

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/89746

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91816

NTP CVE-2015-7702 Incomplete Fix Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77286

NTP CVE-2015-7692 Incomplete Fix Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77285

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-09-15
http://www.securityfocus.com/bid/77278

SANS News

Multiple Cisco Products affected by IKEv1 Vulnerability

Threatpost

FBI Encouraging Ransomware Victims To Report Infections
Snowden Slammed in House Committee Report

Exploit

Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass

AnoBBS 1.0.1 - Remote File Inclusion

Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)

16.9.2016

Bugtraq

[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3669-1] tomcat7 security update 2016-09-15
Moritz Muehlenhoff (jmm debian org)

ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities 2016-09-15
EMC Product Security Response Center (Security_Alert emc com)

Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com

Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com

APPLE-SA-2016-09-14-1 iOS 10.0.1 2016-09-14
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3666-1] mysql-5.5 security update 2016-09-14
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com

Malware

 

Phishing

 

Vulnerebility

IBM WebSphere Application Server Liberty Profile CVE-2016-2923 Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91518

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/89746

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91816

libssh2 CVE-2016-0787 Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/83389

NTP CVE-2015-7702 Incomplete Fix Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77286

NTP CVE-2015-7692 Incomplete Fix Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77285

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-09-15
http://www.securityfocus.com/bid/77278

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/88261

NTP CVE-2015-7701 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77281

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/88276

NTP CVE-2016-1548 Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/88264

NTP CVE-2015-5194 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/76475

NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/77274

NTP CVE-2015-7979 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/81816

NTP CVE-2015-7977 NULL Pointer Dereference Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/81815

NTP 'ntpd/ntp_config.c' Remote Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/76474

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/88226

NTP CVE-2015-7978 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/81962

NTP CVE-2015-5219 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/76473

IBM Spectrum Scale and IBM GPFS CVE-2016-2984 Local Command Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/92410

IBM Spectrum Scale and IBM GPFS Local Command Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/92408

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2016-09-15
http://www.securityfocus.com/bid/76317

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/75525

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-09-15
http://www.securityfocus.com/bid/83423

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/90979

Oracle Java SE and JRockit CVE-2016-3508 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91972

Oracle Java SE CVE-2016-3587 Remote Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91904

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3498 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91956

SANS News

In Need of a OTP Manager Soon?

Is "2 out of 3" good enough for Anti-Malware?

Threatpost

Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions

Bugs in Signal Messaging App Corrupt Attachments, Crash App


FBI Encouraging Ransomware Victims To Report Infections

 

Cisco Patches Critical WebEx Meetings Server Vulnerability
 

Microsoft Shuts Down Zero Day Used in AdGholas Malvertising Campaigns

Attack Leverages Windows Safe Mode

Neverquest Trojan Gets Big Summer Update
 

Exploit

Cisco ASA 9.2(3) - Authentication Bypass (EXTRABACON Module)

Cisco EPC 3925 - Multiple Vulnerabilities

Apache Mina 2.0.13 - Remote Command Execution

NetBSD mail.local - Privilege Escalation (Metasploit)

AnoBBS 1.0.1 - Remote File Inclusion

15.9.2016

Bugtraq

Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com

Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com

APPLE-SA-2016-09-14-1 iOS 10.0.1 2016-09-14
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3666-1] mysql-5.5 security update 2016-09-14
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com

[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure 2016-09-13
security-alert hpe com

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

Malware

BrowserModifer:Win32/Clodaconas 

Backdoor:Linux/Luabot.A 

Phishing

 

Vulnerebility

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-09-15
http://www.securityfocus.com/bid/83423

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/90979

Oracle Java SE and JRockit CVE-2016-3508 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91972

Oracle Java SE CVE-2016-3587 Remote Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91904

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3498 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91956

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/90864

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91918

Oracle Java SE CVE-2016-3610 Remote Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91930

Oracle Java SE CVE-2016-3552 Local Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/92000

Oracle Java SE CVE-2016-3458 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91945

Oracle Java SE CVE-2016-3503 Local Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91996

Oracle Java SE CVE-2016-3550 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91951

Oracle Java SE CVE-2016-3606 Remote Code Execution Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91912

Microsoft Internet Explorer and Edge CVE-2016-3351 Information Disclosure Vulnerability
2016-09-15
http://www.securityfocus.com/bid/92788

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-09-15
http://www.securityfocus.com/bid/90865

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-09-15
http://www.securityfocus.com/bid/89854

Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
2016-09-15
http://www.securityfocus.com/bid/90696

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-09-15
http://www.securityfocus.com/bid/84992

libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
2016-09-15
http://www.securityfocus.com/bid/85059

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-09-15
http://www.securityfocus.com/bid/90856

Oracle MySQL CVE-2016-3452 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91999

Oracle MySQL CVE-2016-3521 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91932

Oracle MySQL CVE-2016-3477 Local Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91902

Oracle MySQL CVE-2016-5444 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91987

Oracle MySQL CVE-2016-0666 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/86509

Oracle MySQL CVE-2016-0650 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/86496

Oracle MySQL CVE-2016-3615 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91960

Oracle MySQL CVE-2016-0646 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/86436

Oracle MySQL CVE-2016-5440 Remote Security Vulnerability
2016-09-15
http://www.securityfocus.com/bid/91953

SANS News

Is "2 out of 3" good enough for Anti-Malware?

Threatpost

Snowden Makes Case for a Presidential Pardon

Phony Pokmon GO Android App Gave Attackers Root Access

DualToy Windows Trojan Attacks Android, iOS Devices

Exploit

Apache Mina 2.0.13 - Remote Command Execution

PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure

Android - getpidcon Usage binder Service Replacement Race Condition

14.9.2016

Bugtraq

[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com

[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure 2016-09-13
security-alert hpe com

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released 2016-09-13
Brian Demers (bdemers apache org)

Malware

Ransom.Kawaii

Trojan.Dualtoy

Ransom.Kawaii

Ransom:Win32/Milicry.A 
Win32/NightClick 
Trojan:Win32/Xadupi 
Win32/Xadupi 

Phishing

 

Vulnerebility

Oracle MySQL CVE-2016-6663 Unspecified Security Vulnerability
2016-09-14
http://www.securityfocus.com/bid/92911

Oracle MySQL CVE-2016-6662 Remote Code Execution Vulnerability
2016-09-14
http://www.securityfocus.com/bid/92912

Multiple Cisco Products CVE-2015-6358 Man in the Middle Information Disclosure Vulnerability
2016-09-14
http://www.securityfocus.com/bid/78047

Microsoft ASP.NET Core MVC Multiple Privilege Escalation Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92943

Google Chrome Prior to 53.0.2785.113 Multiple Security Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92942

Multiple VMware Workstation Products CVE-2016-7086 Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92941

Multiple VMware Workstation Products CVE-2016-7085 DLL Loading Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92940

VMware Tools Multiple Local Privilege Escalation Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92938

AVer Information EH6108H+ hybrid DVR VU#667480 Multiple Security Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92936

Multiple VMware Workstation Products CVE-2016-7081 Heap Based Buffer Overflow Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92935

Multiple VMware Workstation Products Multiple Memory Corruption Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92934

Apple watchOS CVE-2016-4719 Information Disclosure Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92933

Apple iOS Prior to 10 Multiple Security Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92932

Apple Xcode Multiple Local Memory Corruption Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92931

Adobe Digital Editions APSB16-28 Multiple Unspecified Memory Corruption Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92928

Adobe AIR SDK & Compiler CVE-2016-6936 Remote Security Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92926

Adobe Digital Editions CVE-2016-4263 Unspecified Use After Free Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92925

Open-Xchange AppSuite CVE-2016-5740 Multiple Cross Site Scripting Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92922

Libosip Multiple Denial of Service Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92921

Open-Xchange OX Guard Multiple Cross Site Scripting Vulnerabilities
2016-09-13
http://www.securityfocus.com/bid/92920

TYPO3 Frontend User Registration Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92918

Microsoft Office CVE-2016-0141 Information Disclosure Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92903

Microsoft Windows SMB Server CVE-2016-3345 Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92859

Microsoft Windows Kernel CVE-2016-3344 Local Information Disclosure Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92855

Microsoft Windows CVE-2016-3302 Local Privilege Escalation Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92853

Microsoft Windows CVE-2016-3352 Information Disclosure Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92852

Microsoft Windows CVE-2016-3369 Denial of Service Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92850

Microsoft Windows CVE-2016-3368 Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92847

Microsoft Windows CVE-2016-3346 Local Privilege Escalation Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92846

Microsoft Windows PDF Library CVE-2016-3370 Remote Code Execution Vulnerability
2016-09-13
http://www.securityfocus.com/bid/92839

SANS News

Exploit Attempts for Drupal RESTWS .x Module Vulnerability

Apple iOS 10 and 10.0.1 Released

Microsoft Patch Tuesday Analysis

Threatpost

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Tor Joins Movement Against Expanding Hacking Powers

Adobe Back With New Flash Player Security Update
 

iOS 10 Security Updates Move to HTTPS

Microsoft Patches 47 Vulnerabilities with September Patch Tuesday

Exploit

Windows x86 - Password Protected TCP Bind Shell (637 bytes)

Microsoft Internet Explorer 11.0.9600.18482 - Use After Free

Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation

Cherry Music 0.35.1 - Arbitrary File Disclosure

wdCalendar 2 - SQL Injection

Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change

Open-Xchange App Suite 7.8.2 - Cross Site Scripting

Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting

ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change

COMTREND ADSL Router CT-5367 C01_R12, CT-5624 C01_R03 - Unauthenticated DNS Change

Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change

PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change

PIKATEL 96338WS, 96338L-2M-8M - Unauthenticated DNS Change

Inteno EG101R1 VoIP Router - Unauthenticated DNS Change

13.9.2016

Bugtraq

Multiple DoS vulnerabilities in libosip2-4.1.0 2016-09-13
bshastry sec t-labs tu-berlin de

Open-Xchange Security Advisory 2016-09-13 (2) 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)

Open-Xchange Security Advisory 2016-09-13 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)

AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)

[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)

Malware

Trojan:Win32/Xadupi 
Win32/Xadupi 
Win32/NightClick 
Win32/Suweezy 
Trojan:Win32/Suweezy
Ransom:Win32/HydraCrypt.A

Ransom.Kawaii

Phishing

 

Vulnerebility

libarchive CVE-2016-4809 Denial Of Service Vulnerability
2016-09-12
http://www.securityfocus.com/bid/91813

Oracle MySQL CVE-2016-6662 Remote Code Execution Vulnerability
2016-09-12
http://www.securityfocus.com/bid/92912

Oracle MySQL CVE-2016-6663 Unspecified Security Vulnerability
2016-09-12
http://www.securityfocus.com/bid/92911

EMC Documentum D2 CVE-2016-6644 Authentication Bypass Vulnerability
2016-09-12
http://www.securityfocus.com/bid/92906

QEMU CVE-2016-7170 Denial of Service Vulnerability
2016-09-12
http://www.securityfocus.com/bid/92904

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-09-10
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83755

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-09-10
http://www.securityfocus.com/bid/79684

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-09-10
http://www.securityfocus.com/bid/83265

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-09-10
http://www.securityfocus.com/bid/83763

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83754

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0798 Memory Leak Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83705

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/78622

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-09-10
http://www.securityfocus.com/bid/82237

GNU glibc CVE-2014-9761 Stack Buffer Overflow Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83306

Autotrace CVE-2016-7392 Heap Based Buffer Overflow Vulnerability
2016-09-10
http://www.securityfocus.com/bid/92907

Libav CVE-2016-7393 Stack Based Buffer Overflow Vulnerability
2016-09-10
http://www.securityfocus.com/bid/92902

Wireshark Multiple Denial of Service Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/92889

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-09-09
http://www.securityfocus.com/bid/82244

GNU glibc CVE-2015-1781 Multiple Buffer Overflow Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/74255

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-09-09
http://www.securityfocus.com/bid/83275

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75158

Supermicro IPMI 'close_window.cgi' Multiple Buffer Overflow Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/63775

OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71935

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71942

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2016-09-09
http://www.securityfocus.com/bid/71939

AlienVault Unified Security Management 'get_directive_kdb.php' SQL Injection Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92892

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75161

SANS News

If it's Free, YOU are the Product

Threatpost

Critical MySQL Vulnerability Disclosed

FDA, DHS Investigating St. Jude Device Vulnerabilities

New Windows Patch Policy At Odds With Acceptable Risk

Exploit

MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege...

Cherry Music 0.35.1 - Arbitrary File Disclosure

Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation

12.9.2016

Bugtraq

AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)

[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanClicker:Win32/Toubaom.A!bit 
Worm:VBS/Asept.B!bit 
TrojanClicker:Win32/Cookster!rfn 
TrojanDownloader:Win32/Cutdown!rfn 
Backdoor:VBS/Tirabot!rfn 
Backdoor:Win32/Bafruz!rfn 
TrojanDropper:Win32/Favorcopy!rfn 
TrojanDownloader:Win32/Nurjax!rfn 
TrojanDownloader:Win32/Kishop!rfn 
TrojanDownloader:Win32/BitMiner 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-09-10
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83755

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-09-10
http://www.securityfocus.com/bid/79684

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-09-10
http://www.securityfocus.com/bid/83265

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-09-10
http://www.securityfocus.com/bid/83763

SANS News

Getting Ready for macOS Sierra: Upgrade Securely

Threatpost

 

Exploit

 

11.9.2016

Bugtraq

AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)

[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)

CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com

Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com

[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com

[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)

Malware

Linux.Luabot

Phishing

 

Vulnerebility

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2016-09-10
http://www.securityfocus.com/bid/78622

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-09-10
http://www.securityfocus.com/bid/82237

GNU glibc CVE-2014-9761 Stack Buffer Overflow Vulnerability
2016-09-10
http://www.securityfocus.com/bid/83306

Wireshark Multiple Denial of Service Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/92889

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-09-09
http://www.securityfocus.com/bid/82244

GNU glibc CVE-2015-1781 Multiple Buffer Overflow Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/74255

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-09-09
http://www.securityfocus.com/bid/83275

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75158

Supermicro IPMI 'close_window.cgi' Multiple Buffer Overflow Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/63775

OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71935

OpenSSL CVE-2014-3572 Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71942

OpenSSL CVE-2014-3570 Unspecified Security Weakness
2016-09-09
http://www.securityfocus.com/bid/71939

AlienVault Unified Security Management 'get_directive_kdb.php' SQL Injection Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92892

OpenSSL CVE-2015-1791 Race Condition Security Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75161

OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75156

OpenSSL CMS CVE-2015-1792 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/75154

OpenSSL '/evp/encode.c' Remote Memory Corruption Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73228

SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/74733

OpenSSL CVE-2015-0209 Remote Memory Corruption Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73239

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73232

OpenSSL CVE-2015-0288 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73237

OpenSSL 'tasn_dec.c' Remote Memory Corruption Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73227

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
2016-09-09
http://www.securityfocus.com/bid/91787

OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71936

OpenSSL CVE-2015-0205 Man in the Middle Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71941

OpenSSL 'ASN1_TYPE_cmp()' Function Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/73225

OpenSSL 'ssl23_get_client_hello()' Function NULL Pointer Dereference Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/71934

OpenSSL 'no-ssl3' Build Option Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/70585

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/69079

OpenSSL Session Ticket Memory Leak Remote Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/70586

SANS News

Ongoing IMAP Scan, Anyone Else?

Threatpost

White House Hires First Federal CISO

Exploit

LamaHub 0.0.6.2 - Buffer Overflow

Airmail 3.0.2 - Cross-Site Scripting

Vodafone Mobile Wifi - Reset Admin Password

9.9.2016

Bugtraq

AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)

[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)

CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com

Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com

Malware

Ransom.Flyper

Phishing

 

Vulnerebility

Xen CVE-2016-7092 Local Privilege Escalation Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92862

Xen CVE-2016-7093 Local Privilege Escalation Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92865

Xen CVE-2016-7094 Local Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92864

OpenSSH 'session.c' Local Security Bypass Vulnerability
2016-09-09
http://www.securityfocus.com/bid/86187

OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2016-09-09
http://www.securityfocus.com/bid/91812

OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92212

Xen CVE-2016-7154 Local Denial of Service Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92863

Apple iOS CVE-2016-4654 Memory Corruption Vulnerability
2016-09-09
http://www.securityfocus.com/bid/92338

NTP CVE-2016-1551 Remote Security Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88219

NTP CVE-2016-4953 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/91010

PHP CVE-2015-8835 NULL Pointer Dereference Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/84426

PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/90173

PHP 'ext/wddx/wddx.c' Use After Free Remote Code Execution Vulnerability
2016-09-08
http://www.securityfocus.com/bid/84271

PHP 'php_raw_url_encode()' Function Integer Overflow Vulnerability
2016-09-08
http://www.securityfocus.com/bid/85801

PHP 'ext/standard/file.c' Multiple Denial of Service Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/90861

PHP 'soap/php_http.c' Type Confusion Remote Denial Of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/84307

PHP 'php_zip.c' Directory Traversal Vulnerability
2016-09-08
http://www.securityfocus.com/bid/76652

PHP 'php_filter_full_special_chars()' Function Integer Overflow Vulnerability
2016-09-08
http://www.securityfocus.com/bid/92144

PHP 'ext/exif/exif.c' Multiple Heap Based Buffer Overflow Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/89844

PostgreSQL Integer Overflow and Privilege Escalation Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/83184

PHP 'libxml_disable_entity_loader()' CVE-2015-8866 XML External Entity Injection Vulnerability
2016-09-08
http://www.securityfocus.com/bid/87470

PHP 'php_html_entities()' Function Integer Overflow Vulnerability
2016-09-08
http://www.securityfocus.com/bid/90857

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88276

NTP CVE-2016-2517 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88189

NTP CVE-2016-2519 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88204

NTP CVE-2016-4955 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/91007

NTP CVE-2015-7974 Symmetric Key Encryption Authentication Security Bypass Vulnerability
2016-09-08
http://www.securityfocus.com/bid/81960

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88261

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/88226

Google Nexus Qualcomm Sound Driver Multiple Privilege Escalation Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/91046

SANS News

Curious SNMP Traffic Spike

Collecting Users Credentials from Locked Devices

Threatpost

 

Exploit

Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow

Windows x86 - Bind Shell TCP Shellcode

Zabbix 2.0 - 3.0.3 - SQL Injection

Jobberbase 2.0 - Multiple Vulnerabilities

Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure

Adobe Flash - Method Calls Use-After-Free

Adobe Flash - Transform.colorTranform Getter Info Leak

8.9.2016

Bugtraq

PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)

CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)

CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com

Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com

[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com

[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)

Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)

[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)

Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)

Malware

Adware:Win32/Adposhel 

BrowserModifier:Win32/Soctuseer 

Phishing

 

Vulnerebility

Google Nexus Qualcomm Sound Driver Multiple Privilege Escalation Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/91046

Linux Kernel CVE-2015-2922 Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/74315

Linux Kernel Multiple Remote Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/75510

Linux Kernel 'sk_dst_get()' Denial of Service Vulnerability
2016-09-08
http://www.securityfocus.com/bid/72435

Linux Kernel Multiple Local Memory Corruption Vulnerabilities
2016-09-08
http://www.securityfocus.com/bid/91451

Linux Kernel CVE-2015-8839 Local Security Bypass Vulnerability
2016-09-08
http://www.securityfocus.com/bid/85798

HTTPS CVE-2016-7152 Information Disclosure Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92769

Linux Kernel 'keys/gc.c' Local Memory Corruption Vulnerability
2016-09-07
http://www.securityfocus.com/bid/71880

Linux kernel CVE-2013-7446 Use After Free Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/77638

Linux Kernel Local Memory Corruption and Integer Overflow Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/84305

Linux Kernel CVE-2016-2059 Local Privilege Escalation Vulnerability
2016-09-07
http://www.securityfocus.com/bid/90230

Linux Kernel CVE-2016-3951 Null Pointer Deference Local Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/91028

Linux kernel 'key_reject_and_link()' Function Local Use After Free Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/91211

Huawei eSpace IAD Remote Information Disclosure Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92313

Linux Kernel CVE-2016-5340 Security Bypass Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92374

QEMU '/scsi/vmw_pvscsi.c' Local Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92772

HTTP/2 CVE-2016-7153 Information Disclosure Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92773

QEMU 'pvscsi_convert_sglist()' Function Local Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92774

QEMU 'hw/scsi/mptconfig.c' Multiple Local Denial of Service Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92775

Fortinet FortiWAN VU#724487 Multiple Security Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92779

Fortinet FortiWAN CVE-2016-4966 Authentication Bypass Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92781

Trend Micro Control Manager Multiple Security Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92363

Google Android CVE-2016-3876 Local Privilege Escalation Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92819

Google Android Mediaserver Multiple Denial of Service Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92821

DEXIS Imaging Suite CVE-2016-6532 Hardcoded Credentials Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92823

Cisco Firepower Management Center and FireSIGHT System Software Cross Site Scripting Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92824

Cisco Firepower Management Center and Cisco FireSIGHT System Software Session Fixation Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92825

Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92826

WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92841

Drupal Flag Lists Module HTML Injection Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92843

SANS News

Updated DShield Blocklist

Threatpost

DHS Urges Vigilance in Protecting Networking Gear

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware

Google Shares Android Nougat, Safe Browsing Security Enhancements

St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters

Data-Stealing Mac OS X Backdoor Uncovered

Critical Flaws Found in Network Management Systems

Exploit

Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure

Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit)

Adobe ColdFusion < 11 Update 10 - XML External Entity Injection

Freepbx 13.0.x < 13.0.154 - Remote Command Execution

CumulusClips 2.4.1 - Multiple Vulnerabilities

Multiple Applications - Local Credentials Disclosure

TeamViewer 11.0.65452 (64 bit) - Local Credentials Disclosure

7.9.2016

Bugtraq

CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com

Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com

[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com

[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)

Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)

[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)

Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)

Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

Ransom:Win32/Cerber.D 

Win32/HoudRat.A

Ransom.Cry

Phishing

 

Vulnerebility

QEMU 'pvscsi_convert_sglist()' Function Local Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92774

QEMU 'hw/scsi/mptconfig.c' Multiple Local Denial of Service Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92775

Huawei eSpace IAD Remote Information Disclosure Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92313

Fortinet FortiWAN VU#724487 Multiple Security Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92779

QEMU '/scsi/vmw_pvscsi.c' Local Denial of Service Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92772

Trend Micro Control Manager Multiple Security Vulnerabilities
2016-09-07
http://www.securityfocus.com/bid/92363

FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability
2016-09-07
http://www.securityfocus.com/bid/92790

Multiple IBM DB2 Products CVE-2016-0211 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/85979

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-09-06
http://www.securityfocus.com/bid/83423

Multiple IBM DB2 Products CVE-2014-0919 Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/74217

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/89760

Siemens EN100 Ethernet Module CVE-2016-7112 Authentication Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92747

Siemens EN100 Ethernet Module CVE-2016-7113 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92748

Siemens EN100 Ethernet Module CVE-2016-7114 Authentication Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92745

NTP CVE-2016-1551 Remote Security Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88219

NTP CVE-2016-1550 Local Security Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88261

NTP CVE-2016-2518 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88226

NTP CVE-2016-1547 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88276

NTP CVE-2016-2517 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88189

NTP CVE-2016-4953 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/91010

NTP CVE-2015-7974 Symmetric Key Encryption Authentication Security Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/81960

NTP CVE-2016-4955 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/91007

NTP CVE-2016-2519 Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/88204

Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability
2016-09-06
http://www.securityfocus.com/bid/84275

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92630

cURL/libcURL CVE-2016-5420 Certificate Validation Security Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92309

Inspircd SSL Certificate Spoofing Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92737

Infoblox Network Automation Multiple Cross Site Scripting Vulnerabilities
2016-09-06
http://www.securityfocus.com/bid/92802

Infoblox Network Automation CVE-2016-6484 HTTP Response Splitting Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92794

Fortinet FortiWAN CVE-2016-4966 Authentication Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92781

SANS News

How to Set Up Your Own Malware Trap

Threatpost

Cry Ransomware Uses UDP, Imgur, Google Maps

Exploit

 

6.9.2016

Bugtraq

Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)

[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)

Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)

Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com

Malware

Linux.Umreon

Phishing

 

Vulnerebility

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92630

cURL/libcURL CVE-2016-5420 Certificate Validation Security Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92309

Inspircd SSL Certificate Spoofing Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92737

HTTP/2 CVE-2016-7153 Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92773

QEMU '/scsi/vmw_pvscsi.c' Local Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92772

Multiple Kaspersky Products CVE-2016-4329 Local Denial of Service Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92771

HTTPS CVE-2016-7152 Information Disclosure Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92769

Red Hat JBoss BPMS CVE-2016-7033 Multiple HTML Injection Vulnerabilities
2016-09-06
http://www.securityfocus.com/bid/92762

Red Hat JBoss BPMS CVE-2016-7034 Cross Site Request Forgery Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92760

cURL/libcURL CVE-2016-7141 Certificate Validation Security Bypass Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92754

ADOdb CVE-2016-4855 Cross Site Scripting Vulnerability
2016-09-06
http://www.securityfocus.com/bid/92753

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-09-05
http://www.securityfocus.com/bid/89744

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-09-05
http://www.securityfocus.com/bid/91918

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-09-05
http://www.securityfocus.com/bid/89757

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-09-05
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-09-05
http://www.securityfocus.com/bid/89746

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-09-05
http://www.securityfocus.com/bid/89760

PHP 'ext/exif/exif.c' Information Disclosure Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92564

PHP 'ext/session/session.c' Remote Code Injection Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92552

PHP CVE-2016-7134 Heap Based Buffer Overflow Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92766

Plone Multiple Security vulnerabilities
2016-09-05
http://www.securityfocus.com/bid/92752

Siemens EN100 Ethernet Module CVE-2016-7113 Denial of Service Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92748

Siemens EN100 Ethernet Module CVE-2016-7112 Authentication Bypass Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92747

Siemens EN100 Ethernet Module CVE-2016-7114 Authentication Bypass Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92745

Jose-PHP CVE-2016-5430 remote security Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92741

BMC BladeLogic Server Automation CVE-2016-4322 Information Disclosure Vulnerability
2016-09-05
http://www.securityfocus.com/bid/92736

UnrealIRCd CVE-2016-7144 SSL Certificate Spoofing Vulnerability
2016-09-04
http://www.securityfocus.com/bid/92763

Charybdis CVE-2016-7143 SSL Certificate Spoofing Vulnerability
2016-09-04
http://www.securityfocus.com/bid/92761

Jose-PHP Multiple Information Disclosure Vulnerabilities
2016-09-03
http://www.securityfocus.com/bid/92743

Malware Information Sharing Platform CVE-2015-5719 Insecure Temporary File Creation Vulnerability
2016-09-03
http://www.securityfocus.com/bid/92740

SANS News

Malware Delivered via '.pub' Files

Threatpost

Adding CIA to DNA

Yelp Launches Public Bug Bounty

Google Patches Quadrooter Vulnerabilities in Android

Exploit

glibc - getaddrinfo Stack Based Buffer Overflow

WIN-911 7.17.00 - Multiple Vulnerabilities

Navicat Premium 11.2.11 (64bit) - Local Database Password Disclosure

PHPIPAM 1.2.1 - Multiple Vulnerabilities

WordPress RB Agency Plugin 2.4.7 - Local File Disclosure

Navicat Premium 11.2.11 (64bit) - Local Database Password Disclosure

ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege...

MySQL 5.5.45 (64bit) - Local Credentials Disclosure

Windows x86 - Persistent Reverse Shell TCP (494 Bytes)

4.9.2016

Bugtraq

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)

Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com

Malware

Exploit-SWF.bd

HTML/Iframe.gen.w

HTML/Neutrino.e

Ransom.Serpico

Ransom.Fsociety

Phishing

 

Vulnerebility

WordPress WassUp Plugin 'main.php' Cross Site Scripting Vulnerability
2016-09-02
http://www.securityfocus.com/bid/73931

SAP Netweaver CVE-2016-1910 Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/80920

RETIRED: Dnsmasq CVE-2015-1859 Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/74310

Google Chrome Prior to 51.0.2704.63 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/90876

RETIRED:Adobe Flash Player and AIR CVE-2016-4121 Unspecified Remote Code Execution Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90797

RETIRED:Linux Kernel CVE­-2016-­2062 Local Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90238

RETIRED: Moodle CVE-2016-3732 Access Bypass Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90700

RETIRED: OpenJPEG 'opj_free()' Function Remote Heap Based Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/84333

RETIRED: Multiple EC-CUBE Plugins CVE-2016-1205 Unspecified Cross Site Scripting Vulnerability
2016-09-02
http://www.securityfocus.com/bid/88872

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/89854

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90856

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90865

Libxml2 'xmlsave.c' Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90013

Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/90696

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/84992

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90864

libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/85059

Adobe ColdFusion CVE-2016-4264 XML External Entity Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92684

PostgreSQL CVE-2016-5424 Multiple Local Privilege Escalation Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/92435

PostgreSQL CVE-2016-5423 NULL Pointer Dereference Remote Code Execution Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92433

FreeIPA CVE-2016-5404 Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92525

Huawei P8 Multiple Local Buffer Overflow Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/91735

Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/92717

Bitdefender Antivirus Plus avc3 Kernel Drive Local Privilege Escalation Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92727

WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92653

Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92651

Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92652

GNU Mailman CVE-2016-7123 Cross Site Request Forgery Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92732

GNU Mailman CVE-2016-6893 Cross Site Request Forgery Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92731

RETIRED:Apple tvOS CVE-2016-4607 Multiple Memory Corruption Vulnerabilities
2016-09-01
http://www.securityfocus.com/bid/91833

SANS News

Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program

Threatpost

 

Exploit

 

2.9.2016

Bugtraq

FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)

Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com

Malware

Ransom.Serpico

Phishing

 

Vulnerebility

Google Chrome Prior to 51.0.2704.63 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/90876

RETIRED:Adobe Flash Player and AIR CVE-2016-4121 Unspecified Remote Code Execution Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90797

RETIRED:Linux Kernel CVE­-2016-­2062 Local Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90238

RETIRED: Moodle CVE-2016-3732 Access Bypass Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90700

RETIRED: OpenJPEG 'opj_free()' Function Remote Heap Based Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/84333

RETIRED: Multiple EC-CUBE Plugins CVE-2016-1205 Unspecified Cross Site Scripting Vulnerability
2016-09-02
http://www.securityfocus.com/bid/88872

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-09-02
http://www.securityfocus.com/bid/89854

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90856

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90865

Libxml2 'xmlsave.c' Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90013

Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/90696

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/84992

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/90864

libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/85059

Adobe ColdFusion CVE-2016-4264 XML External Entity Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92684

PostgreSQL CVE-2016-5424 Multiple Local Privilege Escalation Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/92435

PostgreSQL CVE-2016-5423 NULL Pointer Dereference Remote Code Execution Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92433

FreeIPA CVE-2016-5404 Denial of Service Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92525

Huawei P8 Multiple Local Buffer Overflow Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/91735

Apple iOS/WatchOS/tvOS Security Bypass and Memory Corruption Vulnerabilities
2016-09-01
http://www.securityfocus.com/bid/84425

RETIRED: Multiple Dell SonicWALL Products CVE-2016-2397 Remote Code Execution Vulnerability
2016-09-01
http://www.securityfocus.com/bid/84882

RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
2016-09-01
http://www.securityfocus.com/bid/89326

RETIRED:Adobe Flash Player and AIR CVE-2016-4120 Unspecified Memory Corruption Vulnerability
2016-09-01
http://www.securityfocus.com/bid/90795

RETIRED:Multiple Huawei OceanStor Products CVE-2016-5722 Information Disclosure Vulnerability
2016-09-01
http://www.securityfocus.com/bid/91469

RETIRED:Apple tvOS CVE-2016-4607 Multiple Memory Corruption Vulnerabilities
2016-09-01
http://www.securityfocus.com/bid/91833

Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92651

Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92652

WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92653

Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
2016-09-02
http://www.securityfocus.com/bid/92717

Bitdefender Antivirus Plus avc3 Kernel Drive Local Privilege Escalation Vulnerability
2016-09-02
http://www.securityfocus.com/bid/92727

SANS News

Apple Patches "Trident" Vulnerabilities in OS X / Safari

Threatpost

Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down

Apple Patches Trident Vulnerabilities in OS X, Safari

Android Patch Fixes Nexus 5X Critical Vulnerability

Exploit

FortiClient SSLVPN 5.4 - Credentials Disclosure

1.9.2016

Bugtraq

Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com

[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information 2016-08-30
security-alert hpe com

[slackware-security] kernel (SSA:2016-242-01) 2016-08-30
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information 2016-08-29
security-alert hpe com

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)

Malware

Ransom:MSIL/Fantomcrypt.A 

Backdoor:Win32/ATMRippery.A 

Phishing

 

Vulnerebility

Joomla JS Jobs Extension 'index.php' SQL Injection Vulnerability
2016-09-01
http://www.securityfocus.com/bid/92720

Docker Local Denial of Service Vulnerability
2016-09-01
http://www.securityfocus.com/bid/92718

Multiple Huawei Products Information Disclosure Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92503

Huawei FusionAccess HTTP Header Injection Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92502

QEMU File Handling Multiple Directory Traversal Vulnerabilities
2016-08-31
http://www.securityfocus.com/bid/92680

WebKit CVE-2016-1864 Information Disclosure Vulnerability
2016-08-31
http://www.securityfocus.com/bid/91358

Red Hat JBoss Operations Network CVE-2016-5422 Remote Privilege Escalation Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92722

Drupal Flag Module Access Bypass Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92721

DotNetNuke CVE-2016-7119 Cross-Site Scripting Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92719

Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
2016-08-31
http://www.securityfocus.com/bid/92717

Cisco Wireless LAN Controller CVE-2016-6376 Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92716

Cisco Virtual Media Packager CVE-2016-6377 Unauthorized Access Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92715

Red Hat JBoss BPMS CVE-2016-6344 Information Disclosure Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92714

Cisco Small Business 220 Series Smart Plus Switches CVE-2016-1471 Cross Site Scripting Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92713

Cisco Wireless LAN Controller CVE-2016-6375 Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92712

Cisco WebEx Meetings Player CVE-2016-1415 Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92711

Cisco Small Business 220 Series Smart Plus Switches CVE-2016-1473 Unauthorized Access Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92710

Cisco Small Business 220 Series Smart Plus Switches Cross Site Request Forgery Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92709

Cisco WebEx Meetings Player CVE-2016-1464 Remote Code Execution Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92708

Cisco Small Business 220 Series Smart Plus Switches CVE-2016-1472 Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92707

Cisco Small Business SPA300 and SPA500 Series IP Phones Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92706

Cisco Hosted Collaboration Mediation Fulfillment CVE-2016-6371 Directory Traversal Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92705

Cisco Hosted Collaboration Mediation Fulfillment CVE-2016-6370 Directory Traversal Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92704

CryptWare CryptoPro Secure Disk for Bitlocker Multiple Local Security Bypass Vulnerabilities
2016-08-31
http://www.securityfocus.com/bid/92702

Multiple AKABEi SOFT2 Games CVE-2016-4853 OS Command Injection Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92700

MAC-Telnet 'mactelnet.c' Buffer Overflow Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92699

Linux Kernel 'fs/fcntl.c' Local Denial of Service Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92697

Multiple Pulse Secure Products CVE-2016-2408 Local Privilege Escalation Vulnerability
2016-08-31
http://www.securityfocus.com/bid/92692

Linux kernel 'key_reject_and_link()' Function Local Use After Free Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91211

Oracle Java SE CVE-2016-3550 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91951

SANS News

Maxmind.com (Ab)used As Anti-Analysis Technique

Threatpost

Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short

OneLogin SecureNotes Breach Exposed Data in Cleartext


SWIFT Warns Banks Of More Cyberattacks

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

Patched ColdFusion Flaw Exposes Applications to Attack

Exploit

FortiClient SSLVPN 5.4 - Credentials Disclosure

ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution

ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation

ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation

PHP 5.0.0 - snmpwalkoid() Local Denial of Service

PHP 5.0.0 - fbird_[p]connect() Local Denial of Service

PHP 5.0.0 - snmpwalk() Local Denial of Service

31.8.2016

Bugtraq

[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information 2016-08-30
security-alert hpe com

[slackware-security] kernel (SSA:2016-242-01) 2016-08-30
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information 2016-08-29
security-alert hpe com

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

Malware

Ransom:MSIL/Fantomcrypt.A 

Infostealer.Atesla

Trojan.Odinaff

Trojan.Atmoripper

Ransom.Domino

Phishing

 

Vulnerebility

Linux kernel 'key_reject_and_link()' Function Local Use After Free Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91211

Oracle Java SE CVE-2016-3550 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91951

Linux Kernel CVE-2016-2117 Remote Buffer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/84500

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92261

Oracle Java SE CVE-2016-3610 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91930

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3606 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91912

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92258

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91918

Oracle Java SE and JRockit CVE-2016-3508 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91972

Oracle Java SE CVE-2016-3458 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91945

Huawei UMA Multiple Command Injection Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92617

Huawei UMA Security Bypass and Information Disclosure Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92619

Multiple Kaspersky Products Out of Bounds Read Multiple Local Information Disclosure Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92657

LibTIFF 'libtiff/tif_next.c' Memory Corruption Vulnerability
2016-08-30
http://www.securityfocus.com/bid/73438

LibTIFF Multiple Out of Bounds Memory Corruption Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/81730

QEMU CVE-2016-5403 Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/92148

LibTIFF 'tif_write.c' Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/72353

Oracle Java SE CVE-2016-3587 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91904

LibTIFF CVE-2014-8129 Out of Bounds Read and Write Multiple Remote Denial of Service Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/72352

mod_fcgid CVE-2016-1000104 Security Bypass Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91822

LibTIFF 'tools/bmp2tiff.c' Out of Bounds Read Integer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/71789

LibTIFF CVE-2015-8665 Out Of Bounds Read Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/79728

LibTIFF CVE-2014-8127 Out of Bounds Read Multiple Remote Denial of Service Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/72323

LibTIFF CVE-2015-8668 Heap Buffer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/79696

Adobe Flash Player and AIR APSB16-08 Multiple Use After Free Remote Code Execution Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/84312

LibTIFF 'tif_getimage.c' Out of Bounds Read Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/79718

Nessus Multiple Unspecified HTML injection Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92134

Joomla! Huge-IT Slider Extension SQL Injection and Cross Site Scripting Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92160

Joomla! Huge-IT Image Gallery Extension SQL Injection and Cross Site Scripting Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/92102

SANS News

Today's Locky Variant Arrives as a Windows Script File

Threatpost

FBI Warned State Election Board Systems of Hacks

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

BASHLITE Family Of Malware Infects 1 Million IoT Devices

Exploit

 

30.8.2016

Bugtraq

[slackware-security] kernel (SSA:2016-242-01) 2016-08-30
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information 2016-08-29
security-alert hpe com

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

Malware

 

Phishing

 

Vulnerebility

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/90979

Oracle Java SE CVE-2016-3587 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91904

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/83423

Oracle Java SE CVE-2016-3550 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91951

Oracle Java SE CVE-2016-3606 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91912

Oracle Java SE CVE-2016-3610 Remote Code Execution Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91930

Linux Kernel CVE-2016-2117 Remote Buffer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/84500

OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2016-08-30
http://www.securityfocus.com/bid/75525

Oracle MySQL CVE-2016-0641 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86470

OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2016-08-30
http://www.securityfocus.com/bid/76317

Oracle MySQL CVE-2016-0640 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86427

GO CVE-2016-5386 Security Bypass Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91815

Oracle MySQL CVE-2016-3452 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91999

Oracle MySQL CVE-2016-5440 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91953

Oracle MySQL CVE-2016-5444 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91987

Linux Kernel CVE-2016-2143 Local Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/88945

Oracle MySQL CVE-2016-0666 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86509

Oracle MySQL CVE-2016-3477 Local Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91902

Oracle MySQL CVE-2016-3615 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91960

Oracle MySQL CVE-2016-0650 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86496

Oracle MySQL CVE-2016-3521 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/91932

Oracle MySQL CVE-2016-0647 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86495

Oracle MySQL CVE-2016-0644 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86442

Oracle MySQL CVE-2016-0646 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86436

Oracle MySQL CVE-2016-0648 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86457

Oracle MySQL CVE-2016-0643 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86486

QEMU 'block/iscsi.c' Heap Based Buffer Overflow Vulnerability
2016-08-30
http://www.securityfocus.com/bid/90948

Oracle MySQL CVE-2016-0649 Remote Security Vulnerability
2016-08-30
http://www.securityfocus.com/bid/86498

Xen CVE-2016-6258 Privilege Escalation Vulnerability
2016-08-30
http://www.securityfocus.com/bid/92131

Xen CVE-2016-2270 Denial of Service Vulnerability
2016-08-30
http://www.securityfocus.com/bid/83188

SANS News

Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs

Today's Locky Variant Arrives as a Windows Script File

Threatpost

RIPPER ATM Malware Uses Malicious EVM Chip

1.7 Million Opera Browser Users Told To Reset Passwords

FBI Warned State Election Board Systems of Hacks

Exploit

INTELLINET IP Camera INT-L100M20N - Unauthorized admin Credential Change

PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure

HelpDeskZ 1.0.2 - Unauthenticated Shell Upload

FreePBX 13.0.35 - Remote Command Execution

FreePBX 13.0.35 - SQL Injection

NScan 0.9.1 - (Target) Buffer Overflow

PHP 5.0.0 - domxml_open_file() Local Denial of Service

PHP 7.0 - Object Cloning Local Denial of Service

PHP 5.0.0 - simplexml_load_file() Local Denial of Service

PHP 5.0.0 - xmldocfile() Local Denial of Service

Adobe Flash - Selection.setFocus Use-After-Free

Goron Webserver 2.0 - Multiple Vulnerabilities

Adobe Flash - BitmapData.copyPixels Use-After-Free

Adobe Flash - Stage.align Setter Use-After-Free

Adobe Flash - Use-After-Free When Returning Rectangle

Adobe Flash - MovieClip Transform Getter Use-After-Free

29.8.2016

Bugtraq

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)

Necroscan <= v0.9.1 Buffer Overflow 2016-08-26
hyp3rlinx lycos com

Malware

 

Phishing

 

Vulnerebility

Linux Kernel Local Security Bypass Vulnerability
2016-08-29
http://www.securityfocus.com/bid/92659

Subrion CMS ' front/actions.php ' Arbitrary File Deletion Vulnerability
2016-08-29
http://www.securityfocus.com/bid/92672

Multiple F5 BIG-IP Products CVE-2016-5023 Denial of Service Vulnerability
2016-08-29
http://www.securityfocus.com/bid/92670

Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92652

Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92651

WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92653

SANS News

Spam with Obfuscated Javascript

Threatpost

Dropbox Forces Password Reset for Older Users

Exploit

 

28.8.2016

Bugtraq

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)

Necroscan <= v0.9.1 Buffer Overflow 2016-08-26
hyp3rlinx lycos com

Malware

Worm:Win32/Kalockan.A 

Phishing

 

Vulnerebility

Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92652

Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92651

WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
2016-08-27
http://www.securityfocus.com/bid/92653

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-08-26
http://www.securityfocus.com/bid/91704

Cisco Adaptive Security Appliance Products CVE-2016-6366 Buffer Overflow Vulnerability
2016-08-26
http://www.securityfocus.com/bid/92521

Apple Mac OS X/watchOS/iOS/tvOS Incomplete Fix Multiple Buffer Overflow Vulnerabilities
2016-08-26
http://www.securityfocus.com/bid/92663

Accellion Kiteworks Multiple Security Vulnerabilities
2016-08-26
http://www.securityfocus.com/bid/92662

NECROSOFT NScan Local Buffer Overflow Vulnerability
2016-08-26
http://www.securityfocus.com/bid/92660

Linux Kernel 'ovl_copy_up_locked()' Local Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92611

Linux Kernel Local Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92575

Sudo Local Information Disclosure Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92615

SANS News

Another Day - Another Ransomware Sample

Threatpost

Pacemaker Hacking Fears Rise With Critical Research Report

Exploit

 

26.8.2016

Bugtraq

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org

[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)

Necroscan <= v0.9.1 Buffer Overflow 2016-08-26
hyp3rlinx lycos com

[SECURITY] [DSA 3652-1] imagemagick security update 2016-08-25
Moritz Muehlenhoff (jmm debian org)

APPLE-SA-2016-08-25-1 iOS 9.3.5 2016-08-25
Apple Product Security (product-security-noreply lists apple com)

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise 2016-08-25
SEC Consult Vulnerability Lab (research sec-consult com)

WebKitGTK+ Security Advisory WSA-2016-0005 2016-08-25
Carlos Alberto Lopez Perez (clopez igalia com)

Malware

TrojanSpy:MSIL/Omaneat.F!bit 
TrojanSpy:Win32/Bholog.C!bit 

Ransom.Tearhide

Ransom.Purge

Phishing

 

Vulnerebility

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-08-26
http://www.securityfocus.com/bid/91704

Cisco Adaptive Security Appliance Products CVE-2016-6366 Buffer Overflow Vulnerability
2016-08-26
http://www.securityfocus.com/bid/92521

NECROSOFT NScan Local Buffer Overflow Vulnerability
2016-08-26
http://www.securityfocus.com/bid/92660

Linux Kernel 'ovl_copy_up_locked()' Local Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92611

Linux Kernel Local Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92575

Sudo Local Information Disclosure Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92615

libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
2016-08-25
http://www.securityfocus.com/bid/79811

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-25
http://www.securityfocus.com/bid/83763

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-25
http://www.securityfocus.com/bid/86449

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-25
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-25
http://www.securityfocus.com/bid/89746

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-25
http://www.securityfocus.com/bid/89757

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-25
http://www.securityfocus.com/bid/89752

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-25
http://www.securityfocus.com/bid/89744

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-25
http://www.securityfocus.com/bid/83755

Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/91453

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-25
http://www.securityfocus.com/bid/83423

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-08-25
http://www.securityfocus.com/bid/90856

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-08-25
http://www.securityfocus.com/bid/90864

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-08-25
http://www.securityfocus.com/bid/90865

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-08-25
http://www.securityfocus.com/bid/91067

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-08-25
http://www.securityfocus.com/bid/91068

IBM WebSphere Application Server CVE-2016-0385 Security Bypass Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92505

Multiple Kaspersky Products Out of Bounds Read Local Information Disclosure Vulnerability
2016-08-25
http://www.securityfocus.com/bid/92657

SANS News

Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities

Threatpost

Tor Update Fixes ReachableAddresses Problem

VMware Patches Flaws in Identity and Cloud Products

Keystroke Recognition Uses Wi-Fi Signals To Snoop

Exploit

 

25.8.2016

Bugtraq

 

Malware

Hacktool.Equation

W32.Rexdrup

Trojan.Shakstiler

Ransom.AlmaLocker

Phishing

 

Vulnerebility

Foxit Reader and Foxit PhantomPDF Out of Bounds Read and Write Remote Code Execution Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92360

Foxit Reader and Foxit PhantomPDF Out of Bounds Read Information Disclosure Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92362

libgd 'read_image_tga' Function Heap Buffer Overflow Vulnerability
2016-08-23
http://www.securityfocus.com/bid/91743

Foxit Reader and Foxit PhantomPDF Out of Bounds Multiple Remote Code Execution Vulnerabilities
2016-08-23
http://www.securityfocus.com/bid/92364

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-23
http://www.securityfocus.com/bid/89752

Simple Chat CVE-2016-4851 Unspecified Cross-Site Scripting Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92597

IBM BigFix Platform CVE-2016-0293 Unspecified Cross Site Scripting Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92593

lshell Multiple Security Bypass Vulnerabilities
2016-08-23
http://www.securityfocus.com/bid/92591

PHP 'php_url_encode()' Function Integer Overflow Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92589

PHP 'php_quot_print_encode()' Function Integer Overflow Vulnerability
2016-08-23
http://www.securityfocus.com/bid/92588

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86449

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86421

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2016-08-22
http://www.securityfocus.com/bid/84213

Oracle Java SE CVE-2016-3422 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86488

Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86482

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-22
http://www.securityfocus.com/bid/83423

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-08-22
http://www.securityfocus.com/bid/91918

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/91990

Cybozu Garoon CVE-2016-1219 Unspecified Authentication Bypass Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92598

Cybozu Garoon CVE-2016-1213 Open Redirection Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92596

Red Hat mod_cluster CVE-2016-3110 Local Denial of Service Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92584

PHP 'zend_virtual_cwd()' Function NULL Pointer Dereference Denial of Service Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92582

Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92577

Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92568

Linux Kernel Local Denial of Service Vulnerability
2016-08-21
http://www.securityfocus.com/bid/92575

WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability
2016-08-20
http://www.securityfocus.com/bid/92572

MatrixSSL Multiple Information Disclosure Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/91488

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-08-19
http://www.securityfocus.com/bid/90856

Facebook HHVM Multiple Integer Overflow and Denial of Service Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/92415

Apple iOS/tvOS/Safari Multiple Security Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/91830

SANS News

Voice Message Notifications Deliver Ransomware

Threatpost

Juniper Acknowledges Equation Group Targeted ScreenOS

Hancitor Downloader Shifts Attack Strategy

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones

Exploit

 

23.8.2016

Bugtraq

[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities 2016-08-20
security-alert hpe com

Path traversal vulnerability in WordPress Core Ajax handlers 2016-08-20
Summer of Pwnage (lists securify nl)

Horizontal Privilege Escalation/Code Injection in ownCloud??s Windows Client 2016-08-19
Florian Bogner (florian bogner sh)

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-08-18
Justin Bull (me justinbull ca)

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

Malware

TrojanDownloader:Win32/Tijcont!rfn 
TrojanDropper:Win32/Maptrepol.A 
Backdoor:Win32/Grahilla.A 
TrojanDownloader:Win32/Tearspear 
TrojanDownloader:Win32/Dryanonis.A 
TrojanDownloader:Win32/Ollexos.A 

Phishing

 

Vulnerebility

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86449

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86421

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2016-08-22
http://www.securityfocus.com/bid/84213

Oracle Java SE CVE-2016-3422 Remote Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86488

Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
2016-08-22
http://www.securityfocus.com/bid/86482

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-22
http://www.securityfocus.com/bid/83423

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-08-22
http://www.securityfocus.com/bid/91918

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-08-22
http://www.securityfocus.com/bid/91990

Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92577

Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability
2016-08-22
http://www.securityfocus.com/bid/92568

Linux Kernel Local Denial of Service Vulnerability
2016-08-21
http://www.securityfocus.com/bid/92575

WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability
2016-08-20
http://www.securityfocus.com/bid/92572

SANS News

Red Team Tools Updates: hashcat and SpiderFoot

Cisco ASA SNMP Remote Code Execution Vulnerability

Threatpost

 

Exploit

Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR - Local File Disclosure

JVC IP-Camera VN-T216VPRU - Local File Disclosure

Honeywell IP-Camera HICC-1100PT - Local File Disclosure

VideoIQ Camera - Local File Disclosure

Sakai 10.7 - Multiple Vulnerabilities

WordPress 4.5.3 - Directory Traversal / Denial of Service

ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities

20.8.2016

Bugtraq

Horizontal Privilege Escalation/Code Injection in ownCloud??s Windows Client 2016-08-19
Florian Bogner (florian bogner sh)

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-08-18
Justin Bull (me justinbull ca)

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

Malware

Trojan.Kwampirs

Phishing

 

Vulnerebility

MatrixSSL Multiple Information Disclosure Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/91488

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
2016-08-19
http://www.securityfocus.com/bid/90856

Facebook HHVM Multiple Integer Overflow and Denial of Service Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/92415

Apple iOS/tvOS/Safari Multiple Security Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/91830

Libxml2 'xmlLoadEntityContent()' Function CVE-2016-4449 Security Bypass Vulnerability
2016-08-19
http://www.securityfocus.com/bid/90865

Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability
2016-08-19
http://www.securityfocus.com/bid/90864

libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/85059

Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/90696

Libxml2 'malloc.c' CVE-2016-3627 Denial of Service Vulnerability
2016-08-19
http://www.securityfocus.com/bid/84992

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-08-19
http://www.securityfocus.com/bid/89854

Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92520

Navis WebAccess Unspecified SQL Injection Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92526

SAP HANA CVE-2016-6142 Security Bypass Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92566

QEMU '/hw/net/net_tx_pkt.c' Integer Overflow Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92556

CHICKEN Buffer Overflow and Information Disclosure Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/92550

Linux Kernel CVE-2016-6327 Null Pointer Deference Local Denial of Service Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92549

slock CVE-2016-6866 NULL Pointer Dereference Denial of Service Vulnerability
2016-08-19
http://www.securityfocus.com/bid/92546

Geeklog IVYWE CVE-2016-4849 Multiple Cross Site Scripting Vulnerabilities
2016-08-19
http://www.securityfocus.com/bid/92545

Libav 'resample.c' Heap Based Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92451

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92444

QEMU 'vmxnet_tx_pkt_parse_headers()' Function Remote Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92443

Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92452

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92446

Crowbar Openstack Insecure Default Password Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92476

Samsung 'fimg2d' Driver Null Pointer Deference Local Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92349

Expat CVE-2016-0718 Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/90729

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2016-08-18
http://www.securityfocus.com/bid/52379

PCRE CVE-2016-3191 Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/84810

Siemens SINEMA Server CVE-2016-6486 Local Privilege Escalation Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92254

Cisco Smart Call Home Transport Gateway CVE-2016-6359 Cross Site Scripting Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92516

SANS News

Data Classification For the Masses

What are YOU doing to give back to the security community?

Threatpost
OIG Report Finds Vulnerabilities in Medicaid Services Agency

EFF Blasts Microsoft Over Malicious Windows 10 Rollout Tactics

Multiple Vulnerabilities Identified in Utterly Broken BHU Routers

New Brazilian Banking Trojan Uses Windows PowerShell Utility

Exploit

Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)

WatchGuard Firewalls - ifconfig Privilege Escalation (ESCALATEPLOWMAN)

Cisco ASA / PIX - Privilege Escalation (EPICBANANA)

TOPSEC Firewalls - Remote Exploit (ELIGIBLEBACHELOR)

SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download

Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR - Credentials Disclosure

JVC IP-Camera VN-T216VPRU - Credentials Disclosure

C2S DVR Management IRDOME-II-C2S, IRBOX-II-C2S, DVR - Credentials Disclosure / Authentication Bypass

TOSHIBA IP-Camera IK-WP41A - Auth Bypass / Configuration Download

MESSOA IP-Camera NIC990 - Auth Bypass / Configuration Download

ZYCOO IP Phone System - Remote Command Execution

TOPSEC Firewalls - Remote Code Execution (ELIGIBLECONTESTANT)

TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE)

TOPSEC Firewalls - Remote Code Execution (ELIGIBLEBOMBSHELL)

Fortigate Firewalls - Remote Code Execution (EGREGIOUSBLUNDER)

MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change

tcPbX - (tcpbx_lang) Local File Inclusion

19.8.2016

Bugtraq

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-055] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de

[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite 2016-08-18
bugtraq nerz syss de

[SYSS-2016-052] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de

Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access 2016-08-18
Andrew Klaus (andrewklaus gmail com)

[SECURITY] [DSA 3650-1] libgcrypt20 security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3649-1] gnupg security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Malware

PHP/Filecoder.D

Phishing

 

Vulnerebility

Libav 'resample.c' Heap Based Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92451

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92444

QEMU 'vmxnet_tx_pkt_parse_headers()' Function Remote Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92443

Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92452

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92446

Crowbar Openstack Insecure Default Password Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92476

Samsung 'fimg2d' Driver Null Pointer Deference Local Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92349

Expat CVE-2016-0718 Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/90729

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2016-08-18
http://www.securityfocus.com/bid/52379

PCRE CVE-2016-3191 Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/84810

Siemens SINEMA Server CVE-2016-6486 Local Privilege Escalation Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92254

Cisco Smart Call Home Transport Gateway CVE-2016-6359 Cross Site Scripting Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92516

AVG Internet Security Multiple Local Privilege Escalation Vulnerabilities
2016-08-18
http://www.securityfocus.com/bid/92540

Samsung Security Manager Multiple Remote Command Execution and Denial of Service Vulnerabilities
2016-08-18
http://www.securityfocus.com/bid/92539

IBM MQ Appliance CVE-2016-5879 Local Command Execution Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92538

ClipBucket CVE-2016-4848 Cross Site Scripting Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92537

OSSEC Web UI CVE-2016-4847 Unspecified Cross Site Scripting Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92536

GNU glibc CVE-2016-6323 Infinite Loop Denial of Service Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92532

Drupal Hosting Module Access Bypass Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92524

Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92520

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/91704

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78626

Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83323

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83328

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83423

IBM Connections CVE-2016-3008 Unspecified Cross Site Scripting Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92541

IBM Maximo Asset Management CVE-2016-5902 Cross Site Scripting Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92535

IBM Tivoli Storage Manager HSM for Windows CVE-2016-5918 Local Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92534

ABB DataManagerPro Local Privilege Escalation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92531

SANS News

Data Classification For the Masses

Threatpost

GPG Patches 18-Year-Old Libgcrypt RNG Bug

OIG Report Finds Vulnerabilities in Medicaid Services Agency

EFF Blasts Microsoft Over Malicious Windows 10 Rollout Tactics

Exploit

Cisco ASA 8.x - Authentication Bypass (EXTRABACON)

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change

Honeywell IP-Camera HICC-1100PT - Credentials Disclosure

Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)

18.8.2016

Bugtraq

Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access 2016-08-18
Andrew Klaus (andrewklaus gmail com)

[SECURITY] [DSA 3650-1] libgcrypt20 security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3649-1] gnupg security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) 2016-08-17
Micha Borrmann (micha borrmann syss de)

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC ?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)

Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com

Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com

Malware

Trojan:PowerShell/Certor.A 

Trojan:JS/Certor.A 

PHP/Filecoder.D

Phishing

 

Vulnerebility

PCRE CVE-2016-3191 Buffer Overflow Vulnerability
2016-08-18
http://www.securityfocus.com/bid/84810

Siemens SINEMA Server CVE-2016-6486 Local Privilege Escalation Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92254

Cisco Smart Call Home Transport Gateway CVE-2016-6359 Cross Site Scripting Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92516

Drupal Hosting Module Access Bypass Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92524

Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability
2016-08-18
http://www.securityfocus.com/bid/92520

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/91704

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78626

Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83323

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83328

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83423

Drupal Panelizer Module Access Bypass Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92529

Drupal Panels Module Multiple Security Bypass Vulnerabilities
2016-08-17
http://www.securityfocus.com/bid/92528

Navis WebAccess Unspecified SQL Injection Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92526

FreeIPA CVE-2016-5404 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92525

Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92523

MantisBT CVE-2016-6837 Cross Site Scripting Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92522

Cisco Adaptive Security Appliance Products CVE-2016-6366 Buffer Overflow Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92521

Cisco WebEx Meetings Server CVE-2016-1484 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92519

Cisco Identity Services Engine CVE-2016-1485 Cross Site Scripting Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92518

Cisco Unified Communications Manager CVE-2016-6364 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92517

Cisco IP Phone 8800 Series CVE-2016-1479 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92515

Cisco Aironet Access Points CVE-2016-6362 Local Privilege Escalation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92513

Cisco Firepower Management Center CVE-2016-1458 Privilege Escalation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92512

Cisco Aironet Access Points CVE-2016-6363 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92511

Cisco Firepower Management Center CVE-2016-6365 Cross Site Scripting Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92510

Cisco Firepower Management Center CVE-2016-1457 Remote Code Execution Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92509

Cisco Aironet Access Points CVE-2016-6361 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92508

Cisco APIC-EM CVE-2016-1365 Remote Code Execution Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92507

Multple Huawei Access Controllers CVE-2016-6824 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92506

SANS News

1 compromised site - 2 campaigns

Threatpost

Browser Address Bar Spoofing Vulnerability Disclosed

Unsecured DNSSEC Easily Weaponized, Researchers Warn

Exploit

SIEMENS IP-Camera CVMS2025-IR, CCMS2025 - Credentials Disclosure

Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)

Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)

Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overflow (MS16-097)

17.8.2016

Bugtraq

[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) 2016-08-17
Micha Borrmann (micha borrmann syss de)

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC ?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)

Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com

Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com

[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2016-08-15
security-alert hpe com

[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution 2016-08-15
security-alert hpe com

[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information 2016-08-15
security-alert hpe com

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)

Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)

Malware

Trojan.Ransomcrypt.BH

RANSOM_POGOTEAR.A

Ransom:Win32/Hyptkript.A 

Phishing

 

Vulnerebility

Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/91704

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/78626

Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83323

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83328

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-17
http://www.securityfocus.com/bid/83423

Huawei FusionAccess HTTP Header Injection Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92502

The Installer of PhishWall Client Internet Explorer DLL Loading Code Execution Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92498

phpMyAdmin CVE-2016-6631 Remote Code Execution Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92496

NetApp MetroCluster Tiebreaker for clustered Data CVE-2016-6820 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92495

phpMyAdmin CVE-2016-6627 Information Disclosure Vulnerability
2016-08-17
http://www.securityfocus.com/bid/92494

Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86438

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86421

IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability
2016-08-16
http://www.securityfocus.com/bid/89192

IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability
2016-08-16
http://www.securityfocus.com/bid/85895

Oracle Java SE CVE-2016-0687 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86459

Oracle Java SE CVE-2016-3422 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86488

Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86482

Oracle Java SE CVE-2016-0636 Remote Security Bypass Vulnerability
2016-08-16
http://www.securityfocus.com/bid/85376

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86449

Oracle Java SE and JRockit CVE-2016-3425 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86434

Oracle Java SE CVE-2016-3449 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86485

Oracle Java SE CVE-2016-0686 Remote Security Vulnerability
2016-08-16
http://www.securityfocus.com/bid/86473

OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2016-08-16
http://www.securityfocus.com/bid/84427

OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2016-08-16
http://www.securityfocus.com/bid/84314

PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability
2016-08-16
http://www.securityfocus.com/bid/79825

ReadyDesk Multiple Security Vulnerabilities
2016-08-16
http://www.securityfocus.com/bid/92487

WordPress Google Maps Plugin 'id' Parameter Cross Site Scripting Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92486

WSO2 Identity Server Cross Site Request Forgery and Information Disclosure Vulnerabilities
2016-08-16
http://www.securityfocus.com/bid/92485

SAP Hybris E-commerce Suite Default Credentials Authentication Bypass Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92482

SANS News

522 Error Code for the Win

Threatpost

Vawtrak Banking Trojan Adds DGA, SSL Pinning

VeraCrypt Audit Under Way; Email Mystery Cleared Up

Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations

ShadowBrokers Leak Has Strong Connection to Equation Group

Exploit

Microsoft Office Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)

Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV

Windows x86 - MessageBoxA Shellcode (242 bytes)

Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities

WSO2 Carbon 4.4.5 - Local File Inclusion

WSO2 Carbon 4.4.5 - Stored XSS

WSO2 Carbon 4.4.5 - (Denial of Service) CSRF

Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal

Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection

Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist

Nagios Log Server 1.4.1 - Multiple Vulnerabilities

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities

16.8.2016

Bugtraq

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC ?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)

Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com

Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com

[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2016-08-15
security-alert hpe com

[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution 2016-08-15
security-alert hpe com

[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information 2016-08-15
security-alert hpe com

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)

Malware

Trojan:VBS/Kalhine.A 

Win32/Agent.RWB

Win32/Agent.RVQ

MSIL/Tixiker.A

MSIL/IRPlan.A

Win32/Spy.Shiz.NCT

Phishing

 

Vulnerebility

OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2016-08-16
http://www.securityfocus.com/bid/84427

OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2016-08-16
http://www.securityfocus.com/bid/84314

PCRE CVE-2016-1283 Heap Buffer Overflow Vulnerability
2016-08-16
http://www.securityfocus.com/bid/79825

Enpass DLL Loading Local Code Execution Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92477

IBM Forms Experience Builder CVE-2016-0370 Unspecified Cross Site Scripting Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92471

IBM BixFix Platform CVE-2016-0397 Man in the Middle Information Disclosure Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92467

Cybozu Mailwise CVE-2016-4844 Clickjacking Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92462

Cybozu Mailwise CVE-2016-4843 Information Disclosure Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92461

Cybozu Mailwise CVE-2016-4842 Information Disclosure Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92460

Cybozu Mailwise CVE-2016-4841 Email Header Injection Vulnerability
2016-08-16
http://www.securityfocus.com/bid/92459

jQuery 'location.hash' Cross Site Scripting Vulnerability
2016-08-15
http://www.securityfocus.com/bid/58458

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-15
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-15
http://www.securityfocus.com/bid/83755

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89752

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89744

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89757

SANS News

 

Threatpost

Latest Windows UAC Bypass Permits Code Execution

TCP Flaw in Linux Extends to 80 Percent of Android Devices

Vawtrak Banking Trojan Adds DGA, SSL Pinning

$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered

Exploit

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities

WSO2 Carbon 4.4.5 - Local File Inclusion

WSO2 Carbon 4.4.5 - Stored XSS

WSO2 Carbon 4.4.5 - (Denial of Service) CSRF

GitLab - 'impersonate' Feature Privilege Escalation

Zabbix 2.2.x, 3.0.x - SQL Injection

Microsoft Office Word 2013,2016 - sprmSdyaTop Denial of Service (MS16-099)

15.8.2016

Bugtraq

Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass 2016-08-15
reggie dodd30 gmail com

PayPal Inc BB #127 - 2FA Bypass Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)

Stash v1.0.3 CMS - SQL Injection Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)

Linksys E2500 and E1200 (Unauth Command Injection) 2016-08-14
samhuntley84 gmail com

Linksys E1200 and E2500 (Missing authorization on parental control) 2016-08-14
samhuntley84 gmail com

Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 2016-08-15
tal argoni (talargoni gmail com)

OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com

OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com

OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com

WSO2-CARBON v4.4.5 CSRF / DOS 2016-08-13
hyp3rlinx lycos com

WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT 2016-08-13
hyp3rlinx lycos com

Malware

Ransom:Win32/Hiptkript.A 

Trojan.Ransomcrypt.BG

Trojan.Ransomcrypt.BF

Trojan.Zombrari

Phishing

 

Vulnerebility

jQuery 'location.hash' Cross Site Scripting Vulnerability
2016-08-15
http://www.securityfocus.com/bid/58458

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-15
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-15
http://www.securityfocus.com/bid/83755

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89752

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89744

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89757

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-15
http://www.securityfocus.com/bid/87940

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83328

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83329

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83423

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2016-08-12
http://www.securityfocus.com/bid/84213

IBM Tririga Application Platform CVE-2016-0346 Cross Site Request Forgery Vulnerability
2016-08-12
http://www.securityfocus.com/bid/85864

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-12
http://www.securityfocus.com/bid/86421

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89746

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-15
http://www.securityfocus.com/bid/89760

IBM Cognos Business Intelligence Server CVE-2016-0221 Unspecified Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/91542

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-08-12
http://www.securityfocus.com/bid/91816

Microsoft Internet Explorer CVE-2016-3288 Remote Memory Corruption Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92321

Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
2016-08-15
http://www.securityfocus.com/bid/92452

Fortinet FortiVoice Multiple HTML Injection Vulnerabilities
2016-08-15
http://www.securityfocus.com/bid/92455

Fortinet FortiCloud Multiple HTML Injection Vulnerabilities
2016-08-15
http://www.securityfocus.com/bid/92457

IBM WebSphere Portal CVE-2016-0243 Unspecified Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83488

Apache OpenMeetings CVE-2016-3089 Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92442

QEMU 'vmxnet_tx_pkt_parse_headers()' Function Remote Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92443

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92444

QEMU 'hw/net/vmxnet3.c' Denial of Service Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92445

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92446

FFmpeg CVE-2016-6671 Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92447

vRealize Log Insight CVE-2016-5332 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92448

ZModo ZP-NE14-S DVR and ZP-IBH-13W Cameras Multiple Security Bypass Vulnerabilities
2016-08-12
http://www.securityfocus.com/bid/92449

SANS News

MS Office 2013 - New Macro Controls - Sorta ...

Threatpost

Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware

Exploit

Samsung Smart Home Camera SNH-P-6410 - Command Injection

14.8.2016

Bugtraq

[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-08-12
security-alert hpe com

[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) 2016-08-12
security-alert hpe com

[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12
Maxim Solodovnik (solomax666 gmail com)

[SECURITY] [DSA 3647-1] icedove security update 2016-08-11
Moritz Muehlenhoff (jmm debian org)

Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11
Salvatore Bonaccorso (carnil debian org)

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)

QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)

Malware

 

Phishing

 

Vulnerebility

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-12
http://www.securityfocus.com/bid/86421

Microsoft Internet Explorer CVE-2016-3288 Remote Memory Corruption Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92321

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83329

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-12
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89744

Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83423

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89746

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83328

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89757

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-12
http://www.securityfocus.com/bid/89752

IBM Cognos Business Intelligence Server CVE-2016-0221 Unspecified Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/91542

IBM Tririga Application Platform CVE-2016-0346 Cross Site Request Forgery Vulnerability
2016-08-12
http://www.securityfocus.com/bid/85864

Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
2016-08-12
http://www.securityfocus.com/bid/91816

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2016-08-12
http://www.securityfocus.com/bid/84213

IBM WebSphere Portal CVE-2016-0243 Unspecified Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/83488

vRealize Log Insight CVE-2016-5332 Directory Traversal Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92448

FFmpeg CVE-2016-6671 Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92447

QEMU '/hw/net/net_tx_pkt.c' Packet Fragmentation Denial of Service Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92446

QEMU 'hw/net/vmxnet3.c' Denial of Service Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92445

QEMU 'Transmit(tx) Queue' Processing Information Disclosure Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92444

QEMU 'vmxnet_tx_pkt_parse_headers()' Function Remote Buffer Overflow Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92443

Apache OpenMeetings CVE-2016-3089 Cross Site Scripting Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92442

IBM Connections CVE-2016-0310 Host Header Injection Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92437

Moxa SoftCMS CVE-2016-5792 SQL Injection Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92262

Microsoft Internet Explorer and Edge CVE-2016-3289 Remote Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92285

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3308 Local Privilege Escalation Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92295

Microsoft Internet Explorer and Edge CVE-2016-3326 Information Disclosure Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92287

Microsoft Office CVE-2016-3318 Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92308

Microsoft Internet Explorer and Edge CVE-2016-3322 Remote Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92282

SANS News

 

Threatpost

Academics Devise New Way to Steal Data from Air-Gapped Computers

Undocumented SNMP String Exposes Rockwell PLCs to Remote Attacks

EU Struggles to Determine Growing Cost of Cyberattacks

Exploit

FreePBX 13 / 14 - Remote Code Execution

Samsung Smart Home Camera SNH-P-6410 - Command Injection

12.8.2016

Bugtraq

[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12
Maxim Solodovnik (solomax666 gmail com)

[SECURITY] [DSA 3647-1] icedove security update 2016-08-11
Moritz Muehlenhoff (jmm debian org)

Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11
Salvatore Bonaccorso (carnil debian org)

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)

QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)

Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)

 

Malware

Linux.Leydiwon

Exp.CVE-2016-3304

Phishing

 

Vulnerebility

IBM Connections CVE-2016-0310 Host Header Injection Vulnerability
2016-08-12
http://www.securityfocus.com/bid/92437

Moxa SoftCMS CVE-2016-5792 SQL Injection Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92262

Microsoft Internet Explorer and Edge CVE-2016-3289 Remote Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92285

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3308 Local Privilege Escalation Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92295

Microsoft Internet Explorer and Edge CVE-2016-3326 Information Disclosure Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92287

Microsoft Office CVE-2016-3318 Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92308

Microsoft Internet Explorer and Edge CVE-2016-3322 Remote Memory Corruption Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92282

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3309 Local Privilege Escalation Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92297

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-11
http://www.securityfocus.com/bid/86449

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83755

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-11
http://www.securityfocus.com/bid/86421

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/90584

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/83763

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-11
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83754

Multiple IBM Products CVE-2016-0341 Local Information Disclosure Vulnerability
2016-08-11
http://www.securityfocus.com/bid/89859

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/83265

GNU glibc CVE-2014-9761 Stack Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83306

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83275

GNU glibc CVE-2015-8777 Local Security Bypass Vulnerability
2016-08-11
http://www.securityfocus.com/bid/81469

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/82244

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/91787

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83329

Microsoft Windows Kerberos CVE-2016-3237 Security Bypass Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92290

PostgreSQL CVE-2016-5423 NULL Pointer Dereference Remote Code Execution Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92433

Action View CVE-2016-6316 Cross Site Scripting Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92430

Rockwell Automation MicroLogix 1400 Products CVE-2016-5645 Remote Privilege Escalation Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92428

Multiple D-Link Routers CVE-2016-5681 Stack Based Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92427

Lexmark Perceptive Document Filters CVE-2016-4335 Stack Based Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92425

Facebook HHVM Multiple Integer Overflow and Denial of Service Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/92415

SANS News

Looking for the insider: Forensic Artifacts on iOS Messaging App

Threatpost

Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable

New Gmail Alerts Warn of Unauthenticated Senders

Exploit

ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal

11.8.2016

Bugtraq

QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)

[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)

Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)

Nagios NA v2.2.1 XSS 2016-08-09
hyp3rlinx lycos com

Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com

Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com

Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)

Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com

Malware

Boot.Cryptolocker.AU

Backdoor.Cartcapa

Python/Agent.B

Win32/Urelas.U

Win32/Urelas.AD

Java/Ratty.A

JS/Filecoder.RAA.A

MSIL/Spy.Agent.AOC

Win32/Agent.YCZ

Phishing

 

Vulnerebility

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3309 Local Privilege Escalation Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92297

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-11
http://www.securityfocus.com/bid/86449

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83755

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-11
http://www.securityfocus.com/bid/86421

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/90584

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/83763

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-11
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83754

Multiple IBM Products CVE-2016-0341 Local Information Disclosure Vulnerability
2016-08-11
http://www.securityfocus.com/bid/89859

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/83265

GNU glibc CVE-2014-9761 Stack Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83306

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83275

GNU glibc CVE-2015-8777 Local Security Bypass Vulnerability
2016-08-11
http://www.securityfocus.com/bid/81469

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-08-11
http://www.securityfocus.com/bid/82244

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
2016-08-11
http://www.securityfocus.com/bid/91787

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-11
http://www.securityfocus.com/bid/83329

Microsoft Windows Kerberos CVE-2016-3237 Security Bypass Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92290

IBM Spectrum Scale and IBM GPFS Local Command Execution Vulnerability
2016-08-11
http://www.securityfocus.com/bid/92408

Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/75973

Expat CVE-2016-0718 Buffer Overflow Vulnerability
2016-08-10
http://www.securityfocus.com/bid/90729

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/52379

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/92260

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91918

IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/85895

IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/89192

Oracle Java SE CVE-2016-0636 Remote Security Bypass Vulnerability
2016-08-10
http://www.securityfocus.com/bid/85376

OpenStack Nova CVE-2015-8749 Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/80189

OpenStack Cinder And Nova Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/75192

OpenStack Compute (Nova) 'imagebackend.py' Incomplete Fix Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/80176

SANS News

Profiling SSL Clients with tshark

Threatpost

Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability

vBulletin Patches Serious Flaw in Forum Software

Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable

Microsoft Mistakenly Leaks Secure Boot Key

Exploit

Nagios Network Analyzer 2.2.1 - Multiple CSRF

vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)

EyeLock nano NXT 3.5 - Local File Disclosure

EyeLock nano NXT 3.5 - Remote Root Exploit

WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation

Microsoft Office Word 2007,2010,2013,2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)

SAP SAPCAR - Multiple Vulnerabilities

Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)

Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)

10.8.2016

Bugtraq

Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)

Nagios NA v2.2.1 XSS 2016-08-09
hyp3rlinx lycos com

Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com

Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com

Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)

Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com

[SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09
Michael Gilbert (mgilbert debian org)

[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08
Pedro Ribeiro (pedrib gmail com)

ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08
Salvatore Bonaccorso (carnil debian org)

Malware

SoftwareBundler:Win32/ICLoader 

Phishing

 

Vulnerebility

Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/75973

Expat CVE-2016-0718 Buffer Overflow Vulnerability
2016-08-10
http://www.securityfocus.com/bid/90729

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/52379

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/92260

Oracle Java SE CVE-2016-3511 Local Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91990

Oracle Java SE CVE-2016-3598 Remote Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91918

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/86449

IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/85895

IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability
2016-08-10
http://www.securityfocus.com/bid/89192

Oracle Java SE CVE-2016-0636 Remote Security Bypass Vulnerability
2016-08-10
http://www.securityfocus.com/bid/85376

OpenStack Nova CVE-2015-8749 Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/80189

OpenStack Cinder And Nova Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/75192

OpenStack Compute (Nova) 'imagebackend.py' Incomplete Fix Information Disclosure Vulnerability
2016-08-10
http://www.securityfocus.com/bid/80176

giflib CVE-2016-3977 Heap Based Buffer Overflow Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88103

NTP CVE-2016-4956 Incomplete Fix Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91009

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-10
http://www.securityfocus.com/bid/83763

NTP CVE-2016-4955 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91007

OpenSSL CVE-2016-0798 Memory Leak Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/83705

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-10
http://www.securityfocus.com/bid/89757

NTP CVE-2016-2517 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88189

NTP CVE-2016-2519 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88204

NTP CVE-2016-4953 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/91010

NTP CVE-2016-2516 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88180

NTP CVE-2016-1551 Remote Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88219

NTP CVE-2015-8158 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/81814

NTP CVE-2015-8140 Security Bypass Vulnerability
2016-08-10
http://www.securityfocus.com/bid/82102

NTP CVE-2016-1549 Remote Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/88200

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-08-10
http://www.securityfocus.com/bid/77312

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-08-10
http://www.securityfocus.com/bid/77280

Oracle Java SE and JRockit CVE-2016-0695 Remote Security Vulnerability
2016-08-10
http://www.securityfocus.com/bid/86438

SANS News

Microsoft Patch Tuesday, August 2016

Threatpost

A Month Without Adobe Flash Player Patches

Windows PDF Library Flaw Puts Edge Users at Risk for RCE

Windows 10 Attack Surface Grows with Linux Support in Anniversary Update

Exploit

 

9.8.2016

Bugtraq

Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com

Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)

AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com

Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)

Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com

[SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09
Michael Gilbert (mgilbert debian org)

[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08
Pedro Ribeiro (pedrib gmail com)

ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08
Salvatore Bonaccorso (carnil debian org)

phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08
Vulnerability Lab (research vulnerability-lab com)

vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08
Dawid Golunski (dawid legalhackers com)

Malware

MSIL/Spy.Agent.AES

Win32/Spy.Agent.OSD

MSIL/PSW.Agent.PUU

Win32/Inexsmar.F

Backdoor.Misogow

Trojan.Ransomlock.AT

Backdoor.Cartcapa

Boot.Cryptolocker.AU

Phishing

 

Vulnerebility

Foxit Reader and Foxit PhantomPDF Use-After-Free Remote Code Execution Vulnerability
2016-08-09
http://www.securityfocus.com/bid/92361

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/83754

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-08
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-08
http://www.securityfocus.com/bid/89752

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-08
http://www.securityfocus.com/bid/83755

OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/92212

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-08
http://www.securityfocus.com/bid/89746

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/89744

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0704 Information Disclosure Vulnerability
2016-08-08
http://www.securityfocus.com/bid/83764

OpenSSL CVE-2016-0798 Memory Leak Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/83705

OpenSSL CVE-2016-0703 Information Disclosure Vulnerability
2016-08-08
http://www.securityfocus.com/bid/83743

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-08
http://www.securityfocus.com/bid/83763

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/89757

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-08-08
http://www.securityfocus.com/bid/82237

OpenSSL CVE-2016-0701 Security Bypass Vulnerability
2016-08-08
http://www.securityfocus.com/bid/82233

FortiAnalyzer and FortiManager 'Filenames' HTML Injection Vulnerability
2016-08-08
http://www.securityfocus.com/bid/92265

Multiple Citrix Products CVE-2016-6493 Memory Permission Security Weakness
2016-08-08
http://www.securityfocus.com/bid/92316

RETIRED: Google Nexus CVE-2016-3843 Privilege Escalation Vulnerability
2016-08-08
http://www.securityfocus.com/bid/92250

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/91319

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-08-08
http://www.securityfocus.com/bid/77278

NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77274

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-7848 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77275

Network Time Protocol 'authkeys.c' Use After Free Memory Corruption Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77276

Network Time Protocol CVE-2015-7850 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77279

Network Time Protocol 'ntpq.c' Memory Corruption Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77288

Network Time Protocol 'ntp_control.c' Directory Traversal Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77282

NTP CVE-2015-7701 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77281

SANS News

Microsoft Patch Tuesday, August 2016

Threatpost

Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk

Breach Forces Password Change on Oracle MICROS PoS Customers

Exploit

Navis WebAccess - SQL Injection

phpCollab CMS 2.5 - (emailusers.php) SQL Injection

WordPress Add From Server Plugin < 3.3.2 - (File Upload) CSRF

Microsoft Windows Group Policy - Privilege Escalation (MS16-072)

8.8.2016

Bugtraq

phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08
Vulnerability Lab (research vulnerability-lab com)

vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08
Dawid Golunski (dawid legalhackers com)

[slackware-security] openssh (SSA:2016-219-03) 2016-08-06
Slackware Security Team (security slackware com)

[slackware-security] curl (SSA:2016-219-01) 2016-08-06
Slackware Security Team (security slackware com)

[slackware-security] stunnel (SSA:2016-219-04) 2016-08-06
Slackware Security Team (security slackware com)

[slackware-security] mozilla-firefox (SSA:2016-219-02) 2016-08-06
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3643-1] kde4libs security update 2016-08-06
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3642-1] lighttpd security update 2016-08-06
Sebastien Delafond (seb debian org)

Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability 2016-08-05
Summer of Pwnage (lists securify nl)

DLL side loading vulnerability in VMware Host Guest Client Redirector 2016-08-05
Securify B.V. (lists securify nl)

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

Malware

BrowserModifier:Win32/Prifou 

Phishing

 

Vulnerebility

OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/91319

NTP Multiple Arbitrary File Overwrite Vulnerabilities
2016-08-08
http://www.securityfocus.com/bid/77278

NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77274

Network Time Protocol CVE-2015-7704 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77280

Network Time Protocol CVE-2015-7848 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77275

Network Time Protocol 'authkeys.c' Use After Free Memory Corruption Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77276

Network Time Protocol CVE-2015-7850 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77279

Network Time Protocol 'ntpq.c' Memory Corruption Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77288

Network Time Protocol 'ntp_control.c' Directory Traversal Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77282

NTP CVE-2015-7701 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77281

Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77287

Network Time Protocol CVE-2015-7855 Denial of Service Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77283

Network Time Protocol CVE-2015-7854 Buffer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77277

Network Time Protocol CVE-2015-7853 Local Buffer Overflow Vulnerability
2016-08-08
http://www.securityfocus.com/bid/77273

Cisco Meeting Server CVE-2016-1451 HTML Injection Vulnerability
2016-08-08
http://www.securityfocus.com/bid/91784

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/89746

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-05
http://www.securityfocus.com/bid/89744

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/89760

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-05
http://www.securityfocus.com/bid/89757

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-05
http://www.securityfocus.com/bid/89752

IBM Security AppScan CVE-2016-0288 XML External Entity Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/90735

RETIRED: cURL/libcURL CVE-2016-5419 Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/92319

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/84169

Linux Kernel CVE-2016-4482 Local Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/90029

Linux Kernel CVE-2014-9904 Incomplete Fix Local Integer Overflow Vulnerability
2016-08-05
http://www.securityfocus.com/bid/91510

Linux Kernel 'iov_iter_init()' Function Security Bypass Vulnerability
2016-08-05
http://www.securityfocus.com/bid/73286

Linux Kernel CVE-2016-3672 ASLR Implementation Local Security Weakness
2016-08-05
http://www.securityfocus.com/bid/85884

Linux Kernel 'sound/core/timer.c' Local Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/90347

Linux Kernel CVE-2016-2544 Use After Free Local Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/83380

SANS News

 

Threatpost

PLC-Blaster Worm Targets Industrial Control Systems

iOS 9.3.4 Patches Critical Code Execution Flaw

Exploit

 

6.8.2016

Bugtraq

Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability 2016-08-05
Summer of Pwnage (lists securify nl)

DLL side loading vulnerability in VMware Host Guest Client Redirector 2016-08-05
Securify B.V. (lists securify nl)

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de

Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05
Tim Kretschmann (tim kretschmann pallas com)

Malware

 

Phishing

 

Vulnerebility

 

SANS News

rtfdump

Stop calling it a ransomware "attack"

Threatpost

 

Exploit

NUUO NVRmini 2 3.0.8 - Remote Root Exploit

NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF

NUUO NVRmini 2 3.0.8 - Local File Disclosure

NUUO NVRmini 2 3.0.8 - Local File Disclosure

NUUO NVRmini 2 3.0.8 - ShellShock Remote Code Execution

NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion

NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access

NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillance Application -...

ntop 2.3 <= 2.5 - Multiple Vulnerabilities

Subrion CMS 4.0.5 - SQL Injection

PHP Power Browse 1.2 - Directory Traversal

Davolink DV-2051 - Multiple Vulnerabilities

WordPress Count per Day Plugin 3.5.4 - Stored Cross-Site Scripting

NASdeluxe NDL-2400r 2.01.09 - OS Command Injection

zFTP Client 20061220 - (Connection Name) Local Buffer Overflow

5.8.2016

Bugtraq

Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05
Tim Kretschmann (tim kretschmann pallas com)

Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05
Tim Kretschmann (tim kretschmann pallas com)

Subrion v4.0.5 CMS - SQL Injection Vulnerability 2016-08-05
Vulnerability Lab (research vulnerability-lab com)

FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities 2016-08-05
Vulnerability Lab (research vulnerability-lab com)

Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability 2016-08-05
Vulnerability Lab (research vulnerability-lab com)

[0day] net2ftp multiple XSS on unauthenticated users 2016-08-05
Jacobo Avariento (jacobo sofistic com)

Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)

Cross-Site Scripting in Count per Day WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)

Cross-Site Scripting in FormBuilder WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)

Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin 2016-08-04
Summer of Pwnage (lists securify nl)

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04
Pedro Ribeiro (pedrib gmail com) (1 replies)

Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04
Pedro Ribeiro (pedrib gmail com)

Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability 2016-08-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3641-1] openjdk-7 security update 2016-08-04
Moritz Muehlenhoff (jmm debian org)

[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection 2016-08-04
klaus eisentraut syss de

FortiManager (Series) - (Bookmark) Persistent Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)

FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanDropper:O97M/Tobfy 
BrowserModifier:Win32/Neobar 

Trojan.Trawlmernib

Backdoor.Remvio

Phishing

 

Vulnerebility

Linux Kernel CVE-2016-4482 Local Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/90029

Linux Kernel CVE-2014-9904 Incomplete Fix Local Integer Overflow Vulnerability
2016-08-05
http://www.securityfocus.com/bid/91510

Linux Kernel 'iov_iter_init()' Function Security Bypass Vulnerability
2016-08-05
http://www.securityfocus.com/bid/73286

Linux Kernel CVE-2016-3672 ASLR Implementation Local Security Weakness
2016-08-05
http://www.securityfocus.com/bid/85884

Linux Kernel 'sound/core/timer.c' Local Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/90347

Linux Kernel CVE-2016-2544 Use After Free Local Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/83380

Linux Kernel ASLR CVE-2015-1593 Integer Overflow Vulnerability
2016-08-05
http://www.securityfocus.com/bid/72607

Linux Kernel CVE-2016-2546 Use After Free Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/83384

Linux Kernel CVE-2016-4578 Multiple Local Information Disclosure Vulnerabilities
2016-08-05
http://www.securityfocus.com/bid/90535

Linux Kernel CVE-2014-9903 Local Information Disclosure Vulnerability
2016-08-05
http://www.securityfocus.com/bid/91511

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-05
http://www.securityfocus.com/bid/84169

VMware Tools CVE-2016-5330 DLL Loading Remote Code Execution Vulnerability
2016-08-05
http://www.securityfocus.com/bid/92323

Apple tvOS/Mac OS X/iOS CVE-2016-1801 Information Disclosure Vulnerability
2016-08-04
http://www.securityfocus.com/bid/90697

Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
2016-08-04
http://www.securityfocus.com/bid/92053

Docker Swarmkit Local Denial of Service Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92195

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-04
http://www.securityfocus.com/bid/92260

Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92320

NUUO and Netgear Network Multiple Products Multiple Security Vulnerabilities
2016-08-04
http://www.securityfocus.com/bid/92318

Cisco IOS Software CVE-2016-1478 Remote Denial of Service Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92317

Multiple Citrix Products CVE-2016-6493 Memory Permission Security Weakness
2016-08-04
http://www.securityfocus.com/bid/92316

Python HPACK CVE-2016-6581 Remote Denial of Service Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92315

Coordinate Plus App CVE-2016-4840 SSL Certificate Validation Security Bypass Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92314

Python priority CVE-2016-6580 Remote Denial of Service Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92311

NASdeluxe NDL-2400r Product Remote Command Injection Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92310

ImageMagick 'MagickCore/enhance.c' Remote Buffer Overflow Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92252

Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
2016-08-03
http://www.securityfocus.com/bid/87327

OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/83733

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-08-03
http://www.securityfocus.com/bid/83265

Liferay Portal 'barebone.jsp' Directory Traversal Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92215

cURL/libcURL CVE-2016-5419 Information Disclosure Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92319

SANS News

Odd Packet: Any ideas where this comes from?

Threatpost

Never Trust a Found USB Drive, Black Hat Demo Shows Why

How Bugs Lead to a Better Android

Lack of Encryption Leads to Large Scale Cookie Exposure

Exploit

 

4.8.2016

Bugtraq

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04
Pedro Ribeiro (pedrib gmail com) (1 replies)

Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04
Pedro Ribeiro (pedrib gmail com)

Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability 2016-08-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3641-1] openjdk-7 security update 2016-08-04
Moritz Muehlenhoff (jmm debian org)

[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection 2016-08-04
klaus eisentraut syss de

FortiManager (Series) - (Bookmark) Persistent Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)

FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)

Cross-Site Scripting in WordPress Landing Pages Plugin 2016-08-03
Summer of Pwnage (lists securify nl)

Cross-Site Scripting in Activity Log WordPress Plugin 2016-08-03
Summer of Pwnage (lists securify nl)

Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin 2016-08-03
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 3640-1] firefox-esr security update 2016-08-03
Moritz Muehlenhoff (jmm debian org)

Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability 2016-08-03
Secunia Research (remove-vuln secunia com)

[security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF) 2016-08-03

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox Multiple Security Vulnerabilities
2016-08-04
http://www.securityfocus.com/bid/92260

NASdeluxe NDL-2400r Product Remote Command Injection Vulnerability
2016-08-04
http://www.securityfocus.com/bid/92310

Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
2016-08-03
http://www.securityfocus.com/bid/92053

ImageMagick 'MagickCore/enhance.c' Remote Buffer Overflow Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92252

Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
2016-08-03
http://www.securityfocus.com/bid/87327

OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/83733

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-08-03
http://www.securityfocus.com/bid/83265

Liferay Portal 'barebone.jsp' Directory Traversal Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92215

cURL/libcURL CVE-2016-5420 Local Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92309

cURL/libcurl CVE-2016-5421 Local Use After Free Denial of Service Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92306

cURL/libcURL CVE-2016-5419 Remote Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92292

Cisco Prime Infrastructure CVE-2016-1474 Cross Frame Scripting Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92278

BusyBox 'networking/ntpd.c' Remote Denial of Service Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92277

Google Chrome Prior to 52.0.2743.116 Multiple Security Vulnerabilities
2016-08-03
http://www.securityfocus.com/bid/92276

Cisco RV180 and RV180W VPN Routers CVE-2016-1430 Remote Command Injection Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92275

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92274

Multiple Cisco Routers CVE-2015-6397 Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92273

Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92271

Cisco Multiple Routers CVE-2016-1429 Unauthorized Access Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92270

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/82237

Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83324

Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83327

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83328

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83329

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83754

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/84169

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/86421

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89746

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89760

Multiple Cisco Products CVE-2015-6396 Local Command Injection Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92269

SANS News

Surge in Exploit Attempts for Netis Router Backdoor (UDP/53413)

Threatpost

Joshua Drake on Android Security Post-Stagefright

Fixing This Internet Before It Breaks Again

Oracle EBusiness Suite Massive Attack Surface Assessed

Researchers Bypass Chip-and-Pin Protections at Black Hat

Exploit

 

3.8.2016

Bugtraq

[SECURITY] [DSA 3638-1] curl security update 2016-08-03
Alessandro Ghedini (ghedo debian org)

WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5 2016-08-03
Maria Lemos (marialemos72 gmail com)

Arbitrary File Content Disclosure in Atutor 2016-08-02
High-Tech Bridge Security Research (advisory htbridge ch)

Cross-Site Scripting in WangGuard WordPress Plugin 2016-08-02
Summer of Pwnage (lists securify nl)

Cross-Site Scripting in Uji Countdown WordPress Plugin 2016-08-02
Summer of Pwnage (lists securify nl)

WinSaber - Unquoted Service Path Privilege Escalation 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Malware

Backdoor.Remsec

Exp.CVE-2016-4226

Backdoor.Remvio

Phishing

 

Vulnerebility

Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
2016-08-03
http://www.securityfocus.com/bid/87327

OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
2016-08-03
http://www.securityfocus.com/bid/83733

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-08-03
http://www.securityfocus.com/bid/83265

Liferay Portal 'barebone.jsp' Directory Traversal Vulnerability
2016-08-03
http://www.securityfocus.com/bid/92215

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83754

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/84169

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89760

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/82237

Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83327

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83329

Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83324

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89746

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83328

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/86421

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83755

HP Release Control Software CVE-2016-1999 Remote Code Execution Vulnerability
2016-08-02
http://www.securityfocus.com/bid/90778

Oracle Java SE CVE-2016-0448 Remote Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/81123

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-08-02
http://www.securityfocus.com/bid/77304

OpenSSL CVE-2016-0703 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83743

Sendmail File Descriptor Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/67791

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/79684

libpng 'pngwutil.c' Underflow Read Remote Code Execution Vulnerability
2016-08-02
http://www.securityfocus.com/bid/80592

Oracle Java SE CVE-2016-0402 Remote Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/81096

libpng CVE-2015-8472 Incomplete Fix Heap Based Buffer Overflow Vulnerability
2016-08-02
http://www.securityfocus.com/bid/78624

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-08-02
http://www.securityfocus.com/bid/83763

libpng CVE-2015-8126 Multiple Heap Based Buffer Overflow Vulnerabilities
2016-08-02
http://www.securityfocus.com/bid/77568

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89757

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89744

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/87940

OpenStack Cinder And Nova Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/75192

SANS News

The Dark Side of Certificate Transparency

Threatpost

Unmasking xDedics Black Market for Servers and PCs

Bug Hunting Cyber Bots Set to Square Off at DEF CON

Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web

Exploit

Open Upload 0.4.2 - (Add Admin) CSRF

Wireshark 1.12.0 to 1.12.12 - NDS Dissector Denial of Service

Wireshark 2.0.0 to 2.0.4 - MMSE, WAP, WBXML, and WSP Dissectors Denial of Service

Wireshark 2.0.0 to 2.0.4 - CORBA IDL Dissectors Denial of Service

Wireshark 2.0.0 to 2.0.4 - CORBA IDL Dissectors Denial of Service

Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - PacketBB Dissector Denial of Service

Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - WSP Dissector Denial of Service

Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - RLC Dissector Denial of Service

2.8.2016

Bugtraq

WinSaber - Unquoted Service Path Privilege Escalation 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

FortiManager (Series) - Multiple Web Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-08-01
security-alert hpe com

[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information 2016-08-01
security-alert hpe com

[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c 2016-08-01
wpengfeinudt gmail com

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) 2016-08-01
David Coomber (davidcoomber infosec gmail com)

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)

Malware

 

Phishing

 

Vulnerebility

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/82237

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/84169

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-08-02
http://www.securityfocus.com/bid/83755

OpenSSL CVE-2016-2176 Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89746

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89760

OpenStack Cinder And Nova Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/75192

OpenStack Compute (Nova) 'imagebackend.py' Incomplete Fix Information Disclosure Vulnerability
2016-08-02
http://www.securityfocus.com/bid/80176

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-08-02
http://www.securityfocus.com/bid/86421

Wireshark CORBA IDL Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92162

Wireshark 'epan/dissectors/packet-packetbb.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92163

Wireshark WSP Dissector 'epan/dissectors/packet-wsp.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92165

Wireshark RLC Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92166

Wireshark NDS Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92164

Wireshark 'add_capabilities()' Function Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92174

Wireshark WBXML Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92172

Wireshark LDSS Dissector 'epan/dissectors/packet-ldss.c' Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92168

Wireshark MMSE Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92167

Wireshark OpenFlow dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92169

Wireshark RLC Dissector Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/92173

OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2016-08-02
http://www.securityfocus.com/bid/91812

OpenSSH 'session.c' Local Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/86187

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
2016-08-02
http://www.securityfocus.com/bid/91067

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
2016-08-02
http://www.securityfocus.com/bid/91068

Google Chrome Prior to 50.0.2661.102 Multiple Security Vulnerabilities
2016-08-02
http://www.securityfocus.com/bid/90584

OpenSSL CVE-2016-2108 ASN.1 Encoder Remote Memory Corruption Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89752

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-08-02
http://www.securityfocus.com/bid/87940

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89744

OpenSSL CVE-2016-2105 Buffer Overflow Vulnerability
2016-08-02
http://www.securityfocus.com/bid/89757

Nettle RSA Code Information Disclosure Vulnerability
2016-08-01
http://www.securityfocus.com/bid/92192

SANS News

Windows 10 Anniversary Update Available

Threatpost

 

Exploit

WordPress Booking Calendar Plugin 6.2 - SQL Injection

WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS

WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF

Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC

1.8.2016

Bugtraq

[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information 2016-08-01
security-alert hpe com

[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c 2016-08-01
wpengfeinudt gmail com

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)

Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) 2016-08-01
David Coomber (davidcoomber infosec gmail com)

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)

Cross-Site Scripting in Contact Bank WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)

SQL injection vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)

[SECURITY] [DSA 3637-1] chromium-browser security update 2016-07-31
Michael Gilbert (mgilbert debian org)

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA 2016-07-31
Summer of Pwnage (lists securify nl)

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin 2016-07-31
Summer of Pwnage (lists securify nl)

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP 2016-07-31
Summer of Pwnage (lists securify nl)

Huawei eSpace IAD Remote Information Disclosure Vulnerability 2016-07-30
ak47464659484 gmail com

[SECURITY] [DSA 3634-1] redis security update 2016-07-30
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3636-1] collectd security update 2016-07-30
Sebastien Delafond (seb debian org)

Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492) 2016-07-30
unlimitsec gmail com

Malware

Win32/Fleercivet.AC

Infostealer.Rultazo

Exp.CVE-2016-3244

Phishing

 

Vulnerebility

Xen CVE-2015-4105 Local Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/74948

Xen CVE-2015-4106 Local Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/74949

QEMU CVE-2016-5403 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/92148

Xen CVE-2015-2756 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/72577

Xen CVE-2015-4103 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/74947

Xen CVE-2015-4104 Local Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/74950

Xen CVE-2015-4163 Local Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/75141

Oracle MySQL CVE-2016-3521 Remote Security Vulnerability
2016-07-29
http://www.securityfocus.com/bid/91932

Oracle MySQL CVE-2016-3615 Remote Security Vulnerability
2016-07-29
http://www.securityfocus.com/bid/91960

Oracle MySQL CVE-2016-3477 Local Security Vulnerability
2016-07-29
http://www.securityfocus.com/bid/91902

Oracle MySQL CVE-2016-5440 Remote Security Vulnerability
2016-07-29
http://www.securityfocus.com/bid/91953

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-07-29
http://www.securityfocus.com/bid/83763

Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
2016-07-29
http://www.securityfocus.com/bid/53798

OpenSSL CVE-2016-2106 Integer Overflow Vulnerability
2016-07-29
http://www.securityfocus.com/bid/89744

cURL/libcURL 'tailmatch()' Function Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/59058

OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
2016-07-29
http://www.securityfocus.com/bid/51036

OpenLDAP CVE-2015-6908 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/76714

ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/76092

Xen CVE-2015-8555 Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/79543

Red Hat Sos CVE-2012-2664 Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/54116

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/87940

Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/58203

libgcrypt RSA Secret Keys Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/61464

ISC DHCP Multiple Denial of Service Vulnerabilities
2016-07-29
http://www.securityfocus.com/bid/54665

Mozilla Network Security Services CVE-2014-1492 Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/66356

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
2016-07-29
http://www.securityfocus.com/bid/56562

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/58207

Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/62741

ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/81329

OpenSSH Login Handling Security Bypass Weakness
2016-07-29
http://www.securityfocus.com/bid/75990

SANS News

Are you getting I-CANNED ?

Threatpost

Google Patches Dozens of Critical Qualcomm Components Flaws

New Technique Checks Mitigation Bypasses Earlier

WPAD Flaws Leak HTTPS URLs

Exploit

 

29.7.2016

Bugtraq

[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de

[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de

[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de

[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) 2016-07-29
matthias deeg syss de

[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de

[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de

[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de

[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de

[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de

ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities 2016-07-29
Vulnerability Lab (research vulnerability-lab com)

[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting 2016-07-29
S21sec Vulnerability Research (vulns s21sec com)

Vicon Network Cameras - Authentication Bypass 2016-07-28
reggie dodd30 gmail com

Malware

 

Phishing

 

Vulnerebility

OpenSSL Padding Oracle Incomplete Fix Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/89760

libarchive 'archive_read_support_format_zip.c' Heap Buffer Overflow Vulnerability
2016-07-29
http://www.securityfocus.com/bid/89355

libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/58926

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/77528

Todd Miller Sudo Insecure Temporary File Creation Vulnerability
2016-07-29
http://www.securityfocus.com/bid/54868

Mozilla Network Security Services CVE-2013-5605 Remote Arbitrary Code Execution Vulnerability
2016-07-29
http://www.securityfocus.com/bid/63738

Mozilla Network Security Services CVE-2013-1620 Information Disclosure Vulnerability
2016-07-29
http://www.securityfocus.com/bid/57777

Mozilla Network Security Services CVE-2015-2721 Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/83398

Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability
2016-07-29
http://www.securityfocus.com/bid/67975

Mozilla Network Security Services CVE-2014-1490 Use After Free Memory Corruption Vulnerability
2016-07-29
http://www.securityfocus.com/bid/65335

Mozilla Network Security Services Use After Free CVE-2016-1979 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/84221

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/70116

Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability
2016-07-29
http://www.securityfocus.com/bid/84275

QEMU CVE-2016-3710 Remote Code Execution Vulnerability
2016-07-29
http://www.securityfocus.com/bid/90316

OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/83733

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-07-29
http://www.securityfocus.com/bid/82237

Xen CVE-2016-2270 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/83188

Xen 'pt-msi.c' Heap Memory Corruption Vulnerability
2016-07-29
http://www.securityfocus.com/bid/79579

RPM Multiple Denial of Service Vulnerabilities
2016-07-29
http://www.securityfocus.com/bid/52865

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
2016-07-29
http://www.securityfocus.com/bid/77524

Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability
2016-07-29
http://www.securityfocus.com/bid/65997

Mozilla Network Security Services Memory Corruption and Heap Buffer Overflow Vulnerabilities
2016-07-29
http://www.securityfocus.com/bid/77416

Mozilla Network Security Services CVE-2016-1950 Heap Buffer Overflow Vulnerability
2016-07-29
http://www.securityfocus.com/bid/84223

Mozilla Firefox/Thunderbird CVE-2014-1544 Use After Free Memory Corruption Vulnerability
2016-07-29
http://www.securityfocus.com/bid/68816

QEMU 'hw/net/pcnet.c' Heap Based Buffer Overflow Vulnerability
2016-07-29
http://www.securityfocus.com/bid/78227

cURL/libcURL 'curl_easy_unescape()' Heap Memory Corruption Vulnerability
2016-07-29
http://www.securityfocus.com/bid/60737

Mozilla Netscape Portable Runtime CVE-2015-7183 Integer Overflow Vulnerability
2016-07-29
http://www.securityfocus.com/bid/77415

RPM CVE-2013-6435 Remote Code Execution Vulnerability
2016-07-29
http://www.securityfocus.com/bid/71558

dbus-glib CVE-2013-0292 Local Privilege Escalation Vulnerability
2016-07-29
http://www.securityfocus.com/bid/57985

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
2016-07-28
http://www.securityfocus.com/bid/89854

SANS News

Malicious RTF Files

Threatpost

 

Exploit

 AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector

Wordpress Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection

VUPlayer 2.49 - (.pls) Stack Buffer Overflow (DEP Bypass)

mySCADAPro 7 - Local Privilege Escalation

Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)

28.7.2016

Bugtraq

Saveya Bounty #1 - Bypass & Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)

Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities 2016-07-28
Vulnerability Lab (research vulnerability-lab com)

Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)

Zortam Media Studio 20.60 - Buffer Overflow Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3633-1] xen security update 2016-07-27
Moritz Muehlenhoff (jmm debian org)

CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal 2016-07-27
Grebovich, Dragan \(Dragan\) (dgrebovich avaya com)

[SECURITY] [DSA 3632-1] mariadb-10.0 security update 2016-07-27
Salvatore Bonaccorso (carnil debian org)

VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com) (1 replies)

RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Wick, Ryan \(US - Chicago\) (rwick deloitte com)

VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

Malware

Win32/Cerber 
Ransom:Win32/Locky.A 
Win32/Locky 
TrojanDownloader:JS/Locky.A 
TrojanDownloader:BAT/Locky.A 
Ransom:Win32/Cerber.A 
Ransom:Win32/Cerber.HVT 
Ransom:Win32/Cerber.B 
TrojanDownloader:JS/Swabfex.Z 
Worm:Win32/Spraxeth.A 

Phishing

 

Vulnerebility

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2016-0799 Remote Format String Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83755

Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability
2016-07-28
http://www.securityfocus.com/bid/79684

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-07-28
http://www.securityfocus.com/bid/83763

Mozilla Network Security Services Use After Free CVE-2016-1979 Denial of Service Vulnerability
2016-07-28
http://www.securityfocus.com/bid/84221

Mozilla Network Security Services Use After Free CVE-2016-1978 Remote Code Execution Vulnerability
2016-07-28
http://www.securityfocus.com/bid/84275

Mozilla Firefox Multiple Security Vulnerabilities
2016-07-28
http://www.securityfocus.com/bid/84219

Mozilla Firefox Multiple Security Vulnerabilities
2016-07-28
http://www.securityfocus.com/bid/84218

Graphite2 library Multiple Security Vulnerabilities
2016-07-28
http://www.securityfocus.com/bid/84222

Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83329

OpenSSL 'crypto/bio/b_print.c' Denial of Service Vulnerability
2016-07-28
http://www.securityfocus.com/bid/84169

Samba CVE-2015-7560 Information Disclosure Vulnerability
2016-07-28
http://www.securityfocus.com/bid/84267

Oracle Java SE CVE-2016-3426 Remote Security Vulnerability
2016-07-28
http://www.securityfocus.com/bid/86449

Oracle Java SE and JRockit CVE-2016-3427 Remote Security Vulnerability
2016-07-28
http://www.securityfocus.com/bid/86421

Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83326

Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83327

Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83324

Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83328

Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83330

Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
2016-07-28
http://www.securityfocus.com/bid/83323

PHP 'exif_process_IFD_in_MAKERNOTE' Out of Bounds Read Information Disclosure Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92073

PHP 'snmp.c' Denial of Service Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92094

PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92095

PHP CVE-2016-6294 Local Information Disclosure Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92115

PHP 'exif.c' NULL Pointer Dereference Denial of Service Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92078

PHP 'zip_stream.c' Integer Overflow Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92099

PHP 'zend_virtual_cwd.c' Integer Overflow Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92074

PHP 'session.c' Use After Free Remote Code Execution Vulnerability
2016-07-28
http://www.securityfocus.com/bid/92097

PHP CVE-2016-5385 Security Bypass Vulnerability
2016-07-28
http://www.securityfocus.com/bid/91821

Bomgar Remote Support CVE-2015-0935 Arbitrary PHP Code Execution Vulnerability
2016-07-28
http://www.securityfocus.com/bid/74460

SANS News

Verifying SSL/TLS certificates manually

Critical Xen PV guests vulnerabilities

Threatpost

 

Exploit

Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)

27.7.2016

Bugtraq

VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3631-1] php5 security update 2016-07-26
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3630-1] libgd2 security update 2016-07-26
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
2016-07-27
http://www.securityfocus.com/bid/85070

Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
2016-07-27
http://www.securityfocus.com/bid/85066

Siemens SIMATIC NET PC-Software CVE-2016-5874 Remote Denial of Service Vulnerability
2016-07-27
http://www.securityfocus.com/bid/92110

Siemens SINEMA Remote Connect Server CVE-2016-6204 Cross Site Scripting Vulnerability
2016-07-27
http://www.securityfocus.com/bid/92114

SIMATIC WinCC CVE-2016-5744 Arbitrary File Read Vulnerability
2016-07-27
http://www.securityfocus.com/bid/92116

Multiple Siemens Products Remote Code Execution Vulnerability
2016-07-27
http://www.securityfocus.com/bid/92112

libarchive 'archive_write_set_format_iso9660.c' Integer Overflow Vulnerability
2016-07-27
http://www.securityfocus.com/bid/92036

ImageMagick CVE-2016-5118 Remote Command Execution Vulnerability
2016-07-27
http://www.securityfocus.com/bid/90938

ImageMagick 'PNG' File Denial of Service Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91030

Little CMS CVE-2013-7455 Double Free Remote Code Execution Vulnerability
2016-07-27
http://www.securityfocus.com/bid/89945

Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
2016-07-27
http://www.securityfocus.com/bid/84213

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
2016-07-27
http://www.securityfocus.com/bid/69075

OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability
2016-07-27
http://www.securityfocus.com/bid/67901

OpenSSL DTLS CVE-2014-3506 Remote Denial of Service Vulnerability
2016-07-27
http://www.securityfocus.com/bid/69076

Network Time Protocol CVE-2015-5300 Man in the Middle Security Bypass Vulnerability
2016-07-27
http://www.securityfocus.com/bid/77312

Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
2016-07-27
http://www.securityfocus.com/bid/90979

IBM WebSphere Application Server Liberty Profile CVE-2016-2923 Information Disclosure Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91518

IBM WebSphere Application Server CVE-2016-0359 HTTP Response Splitting Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91484

libpng CVE-2015-8126 Multiple Heap Based Buffer Overflow Vulnerabilities
2016-07-27
http://www.securityfocus.com/bid/77568

libpng 'png_convert_to_rfc1123()' Function Out Of Bounds Read Memory Corruption Vulnerability
2016-07-27
http://www.securityfocus.com/bid/77304

ImageMagick CVE-2016-5239 Command Injection Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91018

ImageMagick CVE-2015-8896 Integer Overflow Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91027

ImageMagick CVE-2015-8898 Denial of Service Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91039

GraphicsMagick Multiple Denial of Service Vulnerabilities
2016-07-27
http://www.securityfocus.com/bid/89348

ImageMagick 'coders/icon.c' Integer Overflow Vulnerability
2016-07-27
http://www.securityfocus.com/bid/91025

Oracle Fusion Middleware CVE-2016-3416 Remote Security Vulnerability
2016-07-27
http://www.securityfocus.com/bid/86461

Oracle Fusion Middleware CVE-2016-0638 Remote Security Vulnerability
2016-07-27
http://www.securityfocus.com/bid/86440

Oracle Fusion Middleware CVE-2016-0700 Remote Security Vulnerability
2016-07-27
http://www.securityfocus.com/bid/86453

Oracle Fusion Middleware CVE-2016-0675 Remote Security Vulnerability
2016-07-27
http://www.securityfocus.com/bid/86450

Oracle Fusion Middleware CVE-2016-0696 Remote Security Vulnerability
2016-07-27
http://www.securityfocus.com/bid/86443

SANS News

Analyze of a Linux botnet client source code

Threatpost

 

Exploit

 

26.7.2016

Bugtraq

Dropbox 6.4.14 DLL Hijacking Vulnerability 2016-07-26
mehta himanshu21 gmail com

Huawei ISM Professional XSS Vulnerability 2016-07-26
ak47464659484 gmail com

Crashing Browsers Remotely via Insecure Search Suggestions 2016-07-26
research nightwatchcybersecurity com

MySQL 0days followup (CVE-2016-3477) CVSS 8.1 2016-07-26
lem nikolas gmail com

July 2016 - Bamboo Server - Critical Security Advisory 2016-07-26
David Black (dblack atlassian com)

[SECURITY] [DSA 3629-1] ntp security update 2016-07-25
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-07-25
security-alert hpe com

Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)

Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)

FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch 2016-07-25
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3628-1] perl security update 2016-07-25
Salvatore Bonaccorso (carnil debian org)

XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-07-25
Larry W. Cashdollar (larry0 me com)

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr 2016-07-25
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 3627-1] phpmyadmin security update 2016-07-24
Thijs Kinkhorst (thijs debian org)

Cross-Site Scripting in Code Snippets WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)

Neoscreen v4.5 Cross-site scripting 2016-07-24
alex_haynes outlook com

Neoscreen v4.5 Blind SQL injection 2016-07-24
alex_haynes outlook com

Neoscreen v4.5 Authentication bypass 2016-07-24
alex_haynes outlook com

[SECURITY] [DSA 3626-1] openssh security update 2016-07-24
Salvatore Bonaccorso (carnil debian org)

Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 2016-07-23
mgill c0ffee me

Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design 2016-07-23
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking 2016-07-23
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] bind (SSA:2016-204-01) 2016-07-22
Slackware Security Team (security slackware com)

Cross-Site Scripting in Contact Form to Email WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)

CA20160721-01: Security Notice for CA eHealth 2016-07-22
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example 2016-07-22
Tim Allison (tallison apache org)

MySQL zero-day vulnerabilities (July 2016 CPU) 2016-07-22
lem nikolas gmail com

[SECURITY] [DSA 3625-1] squid3 security update 2016-07-22
Sebastien Delafond (seb debian org)

Dreammail 5 mail client XSS Vulnerability 2016-07-22
wwiinngd gmail com

[slackware-security] gimp (SSA:2016-203-01) 2016-07-21
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Juniper Junos CVE-2016-1276 Multiple Denial of Service Vulnerabilities
2016-07-26
http://www.securityfocus.com/bid/91764

cURL/libcURL NTLM Connection CVE-2016-0755 Remote Security Bypass Vulnerability
2016-07-26
http://www.securityfocus.com/bid/82307

GNU glibc CVE-2015-8777 Local Security Bypass Vulnerability
2016-07-26
http://www.securityfocus.com/bid/81469

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-07-26
http://www.securityfocus.com/bid/83265

GNU glibc 'misc/hsearch_r.c' Integer Overflow Vulnerability
2016-07-26
http://www.securityfocus.com/bid/83275

GNU glibc CVE-2014-9761 Stack Buffer Overflow Vulnerability
2016-07-26
http://www.securityfocus.com/bid/83306

GNU glibc CVE-2015-8779 Stack Buffer Overflow Vulnerability
2016-07-26
http://www.securityfocus.com/bid/82244

XStream CVE-2016-3674 XML External Entity Multiple Information Disclosure Vulnerabilities
2016-07-26
http://www.securityfocus.com/bid/85381

OpenSSL CVE-2016-0797 Multiple Integer Overflow Vulnerabilities
2016-07-26
http://www.securityfocus.com/bid/83763

OpenSSL CVE-2015-3194 Denial of Service Vulnerability
2016-07-26
http://www.securityfocus.com/bid/78623

OpenSSL CVE-2015-3196 Denial of Service Vulnerability
2016-07-26
http://www.securityfocus.com/bid/78622

OpenSSL CVE-2015-3195 Information Disclosure Vulnerability
2016-07-26
http://www.securityfocus.com/bid/78626

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2016-07-26
http://www.securityfocus.com/bid/83754

OpenSSL CVE-2015-3197 Security Bypass Vulnerability
2016-07-26
http://www.securityfocus.com/bid/82237

QEMU 'hw/scsi/esp.c' Remote Code Execution Vulnerability
2016-07-26
http://www.securityfocus.com/bid/92119

Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
2016-07-25
http://www.securityfocus.com/bid/92053

PHP 'zip_stream.c' Integer Overflow Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92099

PHP '/xmlrpc/libxmlrpc/simplestring.c' Heap Buffer Overflow Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92095

PHP 'snmp.c' Denial of Service Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92094

PHP 'exif.c' NULL Pointer Dereference Denial of Service Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92078

PHP 'exif_process_IFD_in_MAKERNOTE' Out of Bounds Read Information Disclosure Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92073

PHP 'session.c' Use After Free Remote Code Execution Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92097

PHP 'zend_virtual_cwd.c' Integer Overflow Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92074

Reprise License Manager '/goform/activate_doit' Stack Buffer Overflow Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92120

DBD::mysql 'my_login()' Function Use After Free Remote Code Execution Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92118

SIMATIC WinCC CVE-2016-5744 Arbitrary File Read Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92116

Novell Filr Multiple Security Vulnerabilities
2016-07-25
http://www.securityfocus.com/bid/92113

Autobahn Python Security Bypass Vulnerability
2016-07-25
http://www.securityfocus.com/bid/92109

PHP 'php_url_prase_ex()' Function Memory Corruption Vulnerability
2016-07-24
http://www.securityfocus.com/bid/92111

Neoscreen Multiple Security Vulnerabilities
2016-07-24
http://www.securityfocus.com/bid/92106

SANS News

Command and Control Channels Using "AAAA" DNS Records

Threatpost

 

Exploit

Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)

Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)

Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)

CodoForum 3.2.1 - SQL Injection

GRR Système de Gestion et de Rservations de Ressources 3.0.0-RC1 - Arbitrary File Upload

PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution

Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities

Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities

Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Rapid7 AppSpider 6.12 - Local Privilege Escalation

MediaCoder 0.8.43.5852 - .m3u SEH Exploit

CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)

PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write

19.5.2016

Bugtraq

[ERPSCAN-16-011] SAP NetWeaver AS JAVA ?? SQL injection vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-010] SAP NetWeaver AS JAVA ?? information disclosure vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)

TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4 2016-05-19
mandy madison-gurkha com

[SECURITY] [DSA 3583-1] swift-plugin-s3 security update 2016-05-18
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information 2016-05-18
security-alert hpe com

Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com

[security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com

Malware

Trojan.Ransomlock.AS

Phishing

Microsoft

19th May 2016

[[PayPall]] You Must Update
Your information

Vulnerebility

2016-0306
2016-0323
2016-2189
2016-3627
2016-3674
2016-3705
2016-3719
2016-3721
2016-3722
2016-3723
2016-3724
2016-3725
2016-3726
2016-3727
2016-4425

2015-8838

SANS News

Resources: Windows Auditing & Monitoring, Linux 2FA

Threatpost

Scope of Gaping Android Security Hole Grows

Ubiquiti Networks Gear Targeted By Worm

Android Qualcomm Vulnerability Impacts 60 Percent of Devices

Exploit

Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File

SAP NetWeaver AS JAVA 7.1 - 7.5 - SQL Injection

SAP NetWeaver AS JAVA 7.1 - 7.5 - Information Disclosure

VirIT Explorer Lite & Pro 8.1.68 - Local Privilege Escalation

Apple Quicktime - MOV File Parsing Memory Corruption Vulnerability

4digits 1.1.4 - Local Buffer Overflow

18.5.2016

Bugtraq

Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com

[security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com

[SECURITY] [DSA 3582-1] expat security update 2016-05-18
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg 2016-05-17
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd 2016-05-17
FreeBSD Security Advisories (security-advisories freebsd org)

[security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information 2016-05-17
security-alert hpe com

WSO2 SOA Enablement Server - Reflected Cross-Site Scripting 2016-05-17
Etnies (kuba25101990 gmail com)

[security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-17
security-alert hpe com

[SECURITY] [DSA 3581-1] libndp security update 2016-05-17
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2016-05-16-6 iTunes 12.4 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-5 Safari 9.1.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-3 watchOS 2.2.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-2 iOS 9.3.2 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

Malware

 

Phishing

 

Vulnerebility

2015-2346

SANS News

Resources: Windows Auditing & Monitoring, Linux 2FA

VMWare Security Advisories VMSA-2016-0005

CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation

Threatpost

Academics Make Theoretical Breakthrough in Random Number Generation

Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June

Scope of Gaping Android Security Hole Grows

Exploit

Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)

Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)

Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via...

Symantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Meteocontrol WEBlog - Admin Password Disclosure

SAP xMII 15.0 - Directory Traversal

Adobe Flash - JXR Processing Out-of-Bounds Read

Adobe Flash - Out-of-Bounds Read when Placing Object

Adobe Flash - Overflow in Processing Raw 565 Textures

Adobe Flash - Heap Overflow in ATF Processing (Image Reading)

Adobe Flash - MP4 File Stack Corruption

Adobe Flash - Type Confusion in FileReference Constructor

Adobe Flash - addProperty Use-After-Free

Adobe Flash - SetNative Use-After-Free

17.5.2016

Bugtraq

[SECURITY] [DSA 3581-1] libndp security update 2016-05-17
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2016-05-16-6 iTunes 12.4 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-5 Safari 9.1.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-3 watchOS 2.2.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-2 iOS 9.3.2 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-05-16-1 tvOS 9.2.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)

Security advisory for Bugzilla 5.0.3 and 4.4.12 2016-05-16
LpSolit gmail com

[SECURITY] [DSA 3580-1] imagemagick security update 2016-05-16
Luciano Bello (luciano debian org)

[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet 2016-05-16
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3579-1] xerces-c security update 2016-05-16
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Ransomcrypt.AQ

Trojan.Cryptolocker.AP

Trojan.Ransomcrypt.AR

Phishing

 

Vulnerebility

2011-5326
2014-0236
2014-9742
2014-9762
2014-9763
2014-9764
2014-9771
2015-3152
2015-3411
2015-3412
2015-4116
2015-4598
2015-4599
2015-4600
2015-4601
2015-4602
2015-4603
2015-4604
2015-4605
2015-4642
2015-4643
2015-4644
2015-5589
2015-5726
2015-5727
2015-6834
2015-6835
2015-6837
2015-6838
2015-7827
2015-8099
2015-8156
2015-8312
2015-8530
2015-8835
2015-8838
2015-8873
2015-8874
2016-0341
2016-0381
2016-0390
2016-1206
2016-1207
2016-1208
2016-1209
2016-1399
2016-1578
2016-1580
2016-1660
2016-1661
2016-1662
2016-1663
2016-1664
2016-1665
2016-1666
2016-1667
2016-1668
2016-1669
2016-1670
2016-1671
2016-2015
2016-2016
2016-2099
2016-2194
2016-2195
2016-2196
2016-2296
2016-2297
2016-2298
2016-2554
2016-2849
2016-2850
2016-2860
2016-3185
2016-3993
2016-3994
2016-4024
2016-4325
2016-4536

1999-1462
2001-0771
2001-0775
2001-0780
2001-0781
2001-0789
2004-0220
2004-2592
2004-2596
2005-1795
2005-2806
2005-3065
2006-0042
2006-0323
2006-0442
2006-0966
2006-0967
2006-1403
2006-1746
2007-0259
2007-1693
2007-3805
2009-0228
2009-0714
2012-4561
2015-1498
2016-1646
2016-1647
2016-1649
2016-1653
2016-1654
2016-1655
2016-1659
2016-3679

SANS News

Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability

An oldie but a goodie - 419 Death Scam

Threatpost

Microsoft Quietly Kills Controversial Wi-Fi Sense Feature

Giving Red-Teamers the Blues

Exploit

Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow

Web interface for DNSmasq / Mikrotik - SQL Injection 

Meteocontrol WEBlog - Admin Password Disclosure

eXtplorer 2.1.9 - Archive Path Traversal

Web2py 2.14.5 - Multiple Vulnerabilities

Multiples Nexon Games - Unquoted Path Privilege Escalation

Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation

Microsoft Excel 2010 - Crash PoC

16.5.2016

Bugtraq

[SECURITY] [DSA 3580-1] imagemagick security update 2016-05-16
Luciano Bello (luciano debian org)

[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet 2016-05-16
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3579-1] xerces-c security update 2016-05-16
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3578-1] libidn security update 2016-05-14
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3577-1] jansson security update 2016-05-14
Alessandro Ghedini (ghedo debian org)

dns_dhcp Web Interface SQL Injection 2016-05-14
hyp3rlinx lycos com

eXtplorer v2.1.9 Archive Path Traversal 2016-05-14
hyp3rlinx lycos com

[SECURITY] [DSA 3576-1] icedove security update 2016-05-13
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities 2016-05-13
security-alert hpe com

May 2016 - HipChat Server - Critical Security Advisory 2016-05-13
David Black (dblack atlassian com)

[security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

[security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

Malware

 

Phishing

Tesco

15th May 2016

Notice

Alert Notification

15th May 2016

SOMEONE CAN ACCESS YOUR PAYPAI
ACCOUNT, PLEASE CONFIRM YOUR
IDENTITY TO PROTECT YOUR
ACCOUNT.

Survey Rewards

15th May 2016

SPECIAL: TAKE A £50 AMAZON
GIFT CARD!

USAA

14th May 2016

Notification !!! URGENT USAA
ACCOUNT UPDATE

Vulnerebility

 

SANS News

Python Malware - Part 1

An oldie but a goodie - 419 Death Scam

Threatpost

Chrome Defaults to HTML5 over Adobe Flash Starting in Q4

Info on 500K Users Doxxed in Hacking Forum Dump

Exploit

CakePHP Framework 3.2.4 - IP Spoofing

15.5.2016

Bugtraq

[SECURITY] [DSA 3576-1] icedove security update 2016-05-13
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities 2016-05-13
security-alert hpe com

May 2016 - HipChat Server - Critical Security Advisory 2016-05-13
David Black (dblack atlassian com)

[security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

Malware

 

Phishing

USAA

14th May 2016

Notification !!! URGENT USAA
ACCOUNT UPDATE

PayPal Online Security

14th May 2016

SECURITY MEASURES INCREASED

SunTrust

12th May 2016

You have a new security
message

Vulnerebility

2010-5326

SANS News

INetSim as a Basic Honeypot

Threatpost

Latest Petya Ransomware Strain Comes with a Failsafe: Mischa

SWIFT Warns of Second Bank Attack via PDF Malware

Tumblr Accounts Must Reset Passwords

Cerber Ransomware On The Rise, Fueled By Dridex Botnets

Exploit

 

13.5.2016

Bugtraq

[security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities 2016-05-13
security-alert hpe com

May 2016 - HipChat Server - Critical Security Advisory 2016-05-13
David Black (dblack atlassian com)

[security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

[security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

[SECURITY] [DSA 3575-1] libxstream-java security update 2016-05-12
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com

[slackware-security] mozilla-thunderbird (SSA:2016-132-01) 2016-05-12
Slackware Security Team (security slackware com)

[security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass 2016-05-11
security-alert hpe com

[security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-11
security-alert hpe com

[security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification 2016-05-11
security-alert hpe com

Re: [slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11
U2ME236 GMAIL COM

Malware

Ransom:Win32/Bucbi.A 
Ransom:Win32/Bucbi 

Phishing

SunTrust

12th May 2016

You have a new security
message

eBay

12th May 2016

eBay Registration Suspension -
Section 9

Vodafone

12th May 2016

YOUR SERVICE IS SCHEDULED FOR
DISCONNECTION.

Barclays Bank

12th May 2016

Notice From Barclays Bank

Inc PayPal

12th May 2016

Required Action From Paypal
Support !

Vulnerebility

2016-1236
2016-1393
2016-3710
2016-3712
2016-4496
2016-4497
2016-4498
2016-4499

SANS News

MISP - Malware Information Sharing Platform

Threatpost

Motion Filed Asking FBI To Disclose Tor Browser Zero Day

Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters

Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip

Exploit

 

12.5.2016

Bugtraq

Re: [slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11
U2ME236 GMAIL COM

[security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities 2016-05-11
security-alert hpe com

[security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-11
security-alert hpe com

[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update 2016-05-11
Sebastien Delafond (seb debian org)

BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities 2016-05-10
Onur Yilmaz (onur netsparker com)

[slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11
Slackware Security Team (security slackware com)

[security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure 2016-05-10
security-alert hpe com

[security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2016-05-10
security-alert hpe com

[SECURITY] [DSA 3574-1] libarchive security update 2016-05-10
Salvatore Bonaccorso (carnil debian org)

Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution 2016-05-10
support thegrideon com

Malware

Win32/Filecoder.Enigma.A

Win32/Filecoder.Cerber.A

Win32/LockScreen.BNN

Python/CoinBot.A

Win32/Gpcode.NAI

Android.Cepsohord

Phishing

Inc PayPal

12th May 2016

Required Action From Paypal
Support !

 

Santander

11th May 2016

*** *** Santander
Notification!!!

 

Barclays

11th May 2016

Barclays - Important document
for you

 

PayPal

10th May 2016

Your account information needs
to be updated !

Vulnerebility

2016-0126
2016-0140
2016-0149
2016-0152
2016-0168
2016-0169
2016-0170
2016-0171
2016-0173
2016-0174
2016-0175
2016-0176
2016-0178
2016-0179
2016-0180
2016-0181
2016-0182
2016-0183
2016-0184
2016-0185
2016-0186
2016-0187
2016-0188
2016-0189
2016-0190
2016-0191
2016-0192
2016-0193
2016-0194
2016-0195
2016-0196
2016-0197
2016-0198
2016-1037
2016-1038
2016-1039
2016-1040
2016-1041
2016-1042
2016-1043
2016-1044
2016-1045
2016-1046
2016-1047
2016-1048
2016-1049
2016-1050
2016-1051
2016-1052
2016-1053
2016-1054
2016-1055
2016-1056
2016-1057
2016-1058
2016-1059
2016-1060
2016-1061
2016-1062
2016-1063
2016-1064
2016-1065
2016-1066
2016-1067
2016-1068
2016-1069
2016-1070
2016-1071
2016-1072
2016-1073
2016-1074
2016-1075
2016-1076
2016-1077
2016-1078
2016-1079
2016-1080
2016-1081
2016-1082
2016-1083
2016-1084
2016-1085
2016-1086
2016-1087
2016-1088
2016-1090
2016-1092
2016-1093
2016-1094
2016-1095
2016-1096
2016-1097
2016-1098
2016-1099
2016-1100
2016-1101
2016-1102
2016-1103
2016-1104
2016-1105
2016-1106
2016-1107
2016-1108
2016-1109
2016-1110
2016-1112
2016-1113
2016-1114
2016-1115
2016-1116
2016-1117
2016-1118
2016-1119
2016-1120
2016-1121
2016-1122
2016-1123
2016-1124
2016-1125
2016-1126
2016-1127
2016-1128
2016-1129
2016-1130
2016-4088
2016-4089
2016-4090
2016-4091
2016-4092
2016-4093
2016-4094
2016-4096
2016-4097
2016-4098
2016-4099
2016-4100
2016-4101
2016-4102
2016-4103
2016-4104
2016-4105
2016-4106
2016-4107
2016-4108
2016-4109
2016-4110
2016-4111
2016-4112
2016-4113
2016-4114
2016-4115
2016-4116
2016-4117
2016-4553
2016-4554
2016-4555
2016-4556
2016-4561

2013-0485
2013-4580
2014-1683
2014-3612
2014-4506
2015-6524

SANS News

Another Day, Another Wave of Phishing Emails

Threatpost

Attackers Targeting Critical SAP Flaw Since 2013

Viking Horde Malware Co-Ops Android Devices for Ad Fraud

Microsoft Zero Day Exposes 100 Companies to PoS Attack

Exploit

Microsoft Windows Media Center .MCL File Processing Remote Code Execution (MS16-059)

TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe

11.5.2016

Bugtraq

[security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-11
security-alert hpe com

[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update 2016-05-11
Sebastien Delafond (seb debian org)

BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities 2016-05-10
Onur Yilmaz (onur netsparker com)

[slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11
Slackware Security Team (security slackware com)

[security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure 2016-05-10
security-alert hpe com

[security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2016-05-10
security-alert hpe com

[SECURITY] [DSA 3574-1] libarchive security update 2016-05-10
Salvatore Bonaccorso (carnil debian org)

Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution 2016-05-10
support thegrideon com

Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)

Stanford University - Multiple SQL Injection Vulnerabilities 2016-05-10
Vulnerability Lab (research vulnerability-lab com)

Notes v4.5 iOS - Arbitrary File Upload Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)

Skype Manager - (Email Change) Filter Bypass Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files 2016-05-09
security-alert hpe com

[SECURITY] [DSA 3573-1] qemu security update 2016-05-09
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Ransomcrypt.AP

Trojan.Ranscrypt.AP!gm

Win32/LockScreen.BNN

Win32/Gpcode.NAI

Phishing

PayPal

10th May 2016

Your account information needs
to be updated !

USAA

10th May 2016

NOTIFICATION !!! URGENT USAA
ACCOUNT UPDATE

michael swartz

10th May 2016

EXECUTIVE CAREERS

PayPal Online Security

9th May 2016

ACCOUNT NOTIFICATION

Vulnerebility

2015-5207
2015-5208
2016-3105
2016-4350

2015-4000

SANS News

Microsoft Patch Tuesday Summary for May 2016

Threatpost

Outdated, Unpatched Software Rampant in Businesses

IBMs Watson Supercomputer Takes On Security

Adobe Warns of Flash Zero Day, Patches Acrobat, Reader

Exploit

Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities

Microsoft Windows 7 - WebDAV Privilege Escalation Exploit (MS16-016) (2)

All Windows Null-Free Shellcode - Functional Keylogger to File - 601 (0x0259) bytes

FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation

Intuit QuickBooks Desktop 2007 - 2016 - Arbitrary Code Execution

Android Broadcom Wi-Fi Driver - Memory Corruption

CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC

10.5.2016

Bugtraq

[security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files 2016-05-09
security-alert hpe com

[SECURITY] [DSA 3573-1] qemu security update 2016-05-09
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3572-1] websvn security update 2016-05-09
Salvatore Bonaccorso (carnil debian org)

WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS 2016-05-09
mail michaelhelwig de

[SECURITY] [DSA 3571-1] ikiwiki security update 2016-05-08
Moritz Muehlenhoff (jmm debian org)

ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif sensepost com) (1 replies)

Malware

Backdoor:Win32/Kreen!dha 

Phishing

PayPal Online Security

9th May 2016

ACCOUNT NOTIFICATION

Natwest

9th May 2016

New Account Precautions.

Amazon

8th May 2016

YOUR AMAZON ORDER OF "GIFT
CARD - EMAIL ..."

ToolzVilla.Us

8th May 2016

PERFECT MONEY DIRECT PAYMENT
NOW ACCEPTED

Vulnerebility

2013-7455
2015-0569
2015-0570
2015-0571
2015-0857
2015-0858
2015-6550
2015-6551
2015-6552
2015-8863
2015-8868
2016-0900
2016-0901
2016-0902
2016-1541
2016-2009
2016-2010
2016-2011
2016-2012
2016-2013
2016-2014
2016-2060
2016-2094
2016-2350
2016-2351
2016-2352
2016-2353
2016-2428
2016-2429
2016-2430
2016-2431
2016-2432
2016-2434
2016-2435
2016-2436
2016-2437
2016-2438
2016-2439
2016-2440
2016-2441
2016-2442
2016-2443
2016-2444
2016-2445
2016-2446
2016-2447
2016-2448
2016-2449
2016-2450
2016-2451
2016-2452
2016-2453
2016-2454
2016-2456
2016-2457
2016-2458
2016-2459
2016-2460
2016-2461
2016-2462
2016-4074
2016-4422
2016-4476
2016-4477

2013-4473 
2013-4474 
2014-0230 
2015-1805 
2016-0705 
2016-0774

SANS News

Performing network forensics with Dshell. Part 1: Basic usage

Threatpost

Bucbi Ransomware Gets a Big Makeover

Police Allege SWIFT Technicians Left Bangladesh Bank Vulnerable

Exploit

Dell SonicWall Scrutinizer <= 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution

Ruby on Rails Development Web Console (v2) Code Execution

Ajaxel CMS 8.0 - Multiple Vulnerabilities

ZeewaysCMS - Multiple Vulnerabilities

i.FTP 2.21 - Host Address / URL Field SEH Exploit

Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation

Microsoft Windows 7 - WebDAV Privilege Escalation Exploit (MS16-016) (2)

ImageMagick Delegate Arbitrary Command Execution

ASUS Memory Mapping Driver (ASMMAP/ASMMAP64): Physical Memory Read/Write

RPCScan 2.03 - Hostname/IP Field SEH Overwrite PoC

9.5.2016

Bugtraq

WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS 2016-05-09
mail michaelhelwig de

[SECURITY] [DSA 3571-1] ikiwiki security update 2016-05-08
Moritz Muehlenhoff (jmm debian org)

ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif sensepost com) (1 replies)

Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif elsherei com)

Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05
bhadresh patel helpag com

[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05
security-alert hpe com

[SECURITY] [DSA 3570-1] mercurial security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3569-1] openafs security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3568-1] libtasn1-6 security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-16:17.openssl 2016-05-04
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

W97M.Downloader.I

Backdoor.Duuzer.B

Backdoor.Tronariv

Win32/TrojanDownloader.Nymaim.BA

Phishing

Amazon

8th May 2016

YOUR AMAZON ORDER OF "GIFT
CARD - EMAIL ..."

ToolzVilla.Us

8th May 2016

PERFECT MONEY DIRECT PAYMENT
NOW ACCEPTED

Vulnerebility

 

SANS News

 

Threatpost

Old Exploits Die Hard, Says Microsoft Report

Twitter Turns Off Fire Hose For Intelligence Community

Exploit

 

8.5.2016

Bugtraq

ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif sensepost com) (1 replies)

Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif elsherei com)

Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05
bhadresh patel helpag com

[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05
security-alert hpe com

[SECURITY] [DSA 3570-1] mercurial security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

Malware

Trojan.Jakubot

Backdoor.Tronariv

Backdoor.Duuzer.B

Phishing

caroltranslate

8th May 2016

Hi Jackie

Woolworths rewards

8th May 2016

Customer Satisfaction Survey!
Win 100$

service@paypaI.co.uk

7th May 2016

ACCOUNT IOCKED LD REFERENCE
#PP-337-849-320-246

paypal

7th May 2016

YOUR ACCOUNT HAS BEEN LIMITED
!

PayPal Online Security

7th May 2016

SECURITY MEASURES INCREASED

Memberinfo

6th May 2016

INCOMING E-MAIL

Vulnerebility

2016-1368
2016-1369
2016-1373
2016-1387
2016-1392
2016-2059
2016-2062

2016-1200

2000-1254
2016-2105
2016-2106
2016-2107
2016-2108
2016-2109
2016-2167
2016-2168
2016-2176
2016-3714
2016-3715
2016-3716
2016-3717
2016-3718
2016-4008
2016-4351
2016-4534
2016-4535

2015-2667

SANS News

Guest Diary: Linux Capabilities - A friend and foe

Threatpost

PwnedList Shutdown Unrelated to Recent Vulnerability

Exploit

 

6.5.2016

Bugtraq

ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif sensepost com) (1 replies)

Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif elsherei com)

Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05
bhadresh patel helpag com

[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05
security-alert hpe com

[SECURITY] [DSA 3570-1] mercurial security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3569-1] openafs security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3568-1] libtasn1-6 security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-16:17.openssl 2016-05-04
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

Trojan:BAT/Qhost!gen 
HackTool:Win32/Oylecann.A 
BrowserModifier:Win32/Shopperz 

Win32/LockScreen.BNR

Exploit:Java/CVE-2013-1489.A 
TrojanDownloader:JS/Locky.A 

Phishing

Memberinfo

6th May 2016

INCOMING E-MAIL

Yahoo.com

5th May 2016

[0123322]20162016331-43[t7n0d9
dw48gi78o3phzamevz4zpcmsgr6xrp
oa]

Apple Inc

5th May 2016

YOUR APPLE ACCOUNT HAS BEEN
DISABLED !

DR. MRS ROBIN SANDER

5th May 2016

URGENT ATTENTION REQUIRED

CHASE

5th May 2016

New Update Regarding Your
BIlling Information

Anz Bank

5th May 2016

Your account has been
suspended .

Vulnerebility

2016-0892
2016-0893
2016-0894
2016-0895

SANS News

Microsoft BITS Used to Download Payloads

Threatpost

Criminals Peddling Affordable AlphaLocker Ransomware

Five-Year-Old Android Flaw Exposes SMS, Call History

New Security Flaw Found in Lenovo Solution Center Software

PwnedList Shutdown Unrelated to Recent Vulnerability

Exploit

Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing

DotNetNuke 07.04.00 - Administration Authentication Bypass

ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities

RPCScan 2.03 - Hostname/IP Field Crash PoC

CIScan 1.00 - Hostname/IP Field Crash PoC

Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts

Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free

Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing

5.5.2016

Bugtraq

Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05
bhadresh patel helpag com

[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05
security-alert hpe com

[SECURITY] [DSA 3570-1] mercurial security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3569-1] openafs security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3568-1] libtasn1-6 security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)

FreeBSD Security Advisory FreeBSD-SA-16:17.openssl 2016-05-04
FreeBSD Security Advisories (security-advisories freebsd org)

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

ESA-2016-051: Patch 14 for RSA Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities 2016-05-04
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3567-1] libpam-sshauth security update 2016-05-04
Salvatore Bonaccorso (carnil debian org)

APPLE-SA-2016-05-03-1 Xcode 7.3.1 2016-05-04
Apple Product Security (product-security-noreply lists apple com)

Malware

PHP.Fioesrat

Win32/LockScreen.BNR

Phishing

DR. MRS ROBIN SANDER

5th May 2016

URGENT ATTENTION REQUIRED

CHASE

5th May 2016

New Update Regarding Your
BIlling Information

Anz Bank

5th May 2016

Your account has been
suspended .

Important News

4th May 2016

CREATE YOUR FREE TRADING
ACCOUNT WITH SIGMAOPTION IN
JUST 3 MINUTES.

E-Mail Info

4th May 2016

VERIFY NOTICE!!

Dropbox Inc!

4th May 2016

RE: IMPORTANT DOCUMENT

Vulnerebility

2016-0892
2016-0893
2016-0894
2016-0895

SANS News

ImageTragick: Another Vulnerability, Another Nickname

Threatpost

Apple Updates Xcodes Git Implementation

Identity Thieves Used Leaked PII to Steal ADP Payroll Info

Five-Year-Old Android Flaw Exposes SMS, Call History

Diary of a Ransomware Victim

Exploit

Linux Kernel 4.4.x (Ubuntu 16.04) - Use-After-Free via double-fdput() in...

ImageMagick < 6.9.3-9 - Multiple Vulnerabilities

OpenSSL Padding Oracle in AES-NI CBC MAC Check

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)

Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps

4.5.2016

Bugtraq

Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)

CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning 2016-05-04
Lab I-Tracing (lab i-tracing com)

[slackware-security] openssl (SSA:2016-124-01) 2016-05-03
Slackware Security Team (security slackware com)

Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting 2016-05-03
Julien Ahrens (info rcesecurity com)

LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability 2016-05-03
LSE-Advisories (advisories lsexperts de)

[SECURITY] [DSA 3566-1] openssl security update 2016-05-03
Alessandro Ghedini (ghedo debian org)

NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-03
bhadresh patel helpag com

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection 2016-05-03
Timo Juhani Lindfors (timo lindfors iki fi)

[slackware-security] mercurial (SSA:2016-123-01) 2016-05-02
Slackware Security Team (security slackware com)

ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities 2016-05-02
Security Alert (Security_Alert emc com)

Malware

Win32/Locky 
MSIL/Filecoder.Samas.A

Win32/Agent.XWY

Win32/Filecoder.HydraCrypt.A

MSIL/Immirat.C

Win32/Lowzones.NBA

Win32/Spy.Usteal.L

Win32/Votwup.V

Trojan.Ransomcrypt.AM

Ransom:Win32/Exxroute.A 

Phishing

Service

3rd May 2016

WARNING : ACCOUNT NOTIFICATION

Chase

2nd May 2016

=?utf-8?B?UkXvvJpwZXRyb2NoZW1p
Y2FsIHBsYW50IHByb2plY3Q=?=

Service

2nd May 2016

WARNING : ACCOUNT NOTIFICATION

Vulnerebility

 

SANS News

Neutrino exploit kit sends Cerber ransomware

Threatpost

Linux Foundation Badge Program to Boost Open Source Security

Google Expands Default HTTPS to Blogspot

Exploit

Alibaba Clone B2B Script - Admin Authentication Bypass

CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning

Acunetix WP Security Plugin 3.0.3 - XSS

NetCommWireless HSPA 3G10WVE Wireless Router Multiple Vulnerabilities

IPFire < 2.19 Core Update 101 - Remote Command Execution

TRN Threaded USENET News Reader 3.6-23 - Local Stack-Based Overflow

3.5.2016

Bugtraq

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection 2016-05-03
Timo Juhani Lindfors (timo lindfors iki fi)

[slackware-security] mercurial (SSA:2016-123-01) 2016-05-02
Slackware Security Team (security slackware com)

ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities 2016-05-02
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3565-1] botan1.10 security update 2016-05-02
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3564-1] chromium-browser security update 2016-05-02
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3563-1] poppler security update 2016-05-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3562-1] tardiff security update 2016-05-01
Salvatore Bonaccorso (carnil debian org)

Exploit-DB Captcha Bypass 2016-05-01
Rahul Pratap Singh (techno rps gmail com)

[slackware-security] subversion (SSA:2016-121-01) 2016-04-30
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-120-02) 2016-04-29
Slackware Security Team (security slackware com)

[slackware-security] ntp (SSA:2016-120-01) 2016-04-29
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-04-29
security-alert hpe com

Malware

Backdoor:Win32/Rifelku.A 
Backdoor:Win32/Kirts.A 
Backdoor:Python/Raywa.A 
TrojanDownloader:VBS/Noidopi.A 
Worm:Win32/Pemtaka.A 
TrojanSpy:Win32/Exodilod.A 
TrojanSpy:Win32/Nivdort.DZ 
TrojanSpy:Win32/Yokumlog.A 
TrojanSpy:Win32/Nivdort.DY 
VirTool:Win32/Ursnif.B 

Phishing

Chase

2nd May 2016

=?utf-8?B?UkXvvJpwZXRyb2NoZW1p
Y2FsIHBsYW50IHByb2plY3Q=?=

Service

2nd May 2016

WARNING : ACCOUNT NOTIFICATION

eBay

1st May 2016

THIS £500 EBAY VOUCHER HAS
YOUR NAME ON IT

Vulnerebility

 

SANS News

Lean Threat Intelligence

OpenSSL Updates

Threatpost

FBI Reaffirms Stance Not to Pay Ransomware Attackers

Privacy Watchdogs Vow to Fight Dystopian Rule 41

Exploit

Acunetix WVS 10 - Remote Command Execution (System)

Apache Struts Dynamic Method Invocation Remote Code Execution

WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download

QSEE - PRDiag* Commands Privilege Escalation Exploit

.Net Framework Execute Native x86 Shellcode

2.5.2016

Bugtraq

[SECURITY] [DSA 3565-1] botan1.10 security update 2016-05-02
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3564-1] chromium-browser security update 2016-05-02
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3563-1] poppler security update 2016-05-01
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3562-1] tardiff security update 2016-05-01
Salvatore Bonaccorso (carnil debian org)

Exploit-DB Captcha Bypass 2016-05-01
Rahul Pratap Singh (techno rps gmail com)

[slackware-security] subversion (SSA:2016-121-01) 2016-04-30
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-120-02) 2016-04-29
Slackware Security Team (security slackware com)

[slackware-security] ntp (SSA:2016-120-01) 2016-04-29
Slackware Security Team (security slackware com)

[security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-04-29
security-alert hpe com

Malware

Trojan:Win32/Antivirusxp (

VirTool:Win32/Ursnif.B 
Worm:Win32/Morto.A 
Trojan:Win32/Antivirusxp 

Phishing

Service

2nd May 2016

WARNING : ACCOUNT NOTIFICATION

eBay

1st May 2016

THIS £500 EBAY VOUCHER HAS
YOUR NAME ON IT

Vulnerebility

 

SANS News

Fake Chrome update for Android

Threatpost

 

Exploit

WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download

1.5.2016

Bugtraq

[SECURITY] [DSA 3561-1] subversion security update 2016-04-29
Salvatore Bonaccorso (carnil debian org)

SQL Injection in GLPI 2016-04-29
High-Tech Bridge Security Research (advisory htbridge ch)

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-29
Vulnerability Lab (research vulnerability-lab com)

Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream 2016-04-28
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) 2016-04-28
security-alert hpe com

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28
Hans Jerry Illikainen (hji dyntopia com)

[SECURITY] [DSA 3560-1] php5 security update 2016-04-27
Salvatore Bonaccorso (carnil debian org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (ajh158 gmail com)

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

[SECURITY] [DSA 3559-1] iceweasel security update 2016-04-27
Moritz Muehlenhoff (jmm debian org)

Malware

Trojan.Ransomlock.AQ

Trojan.Ransomcrypt.AL

Phishing

Esther Laboso

30th April 2016

GOOD DAY TO YOU MY BELOVED ONE

Kingston

30th April 2016

KO SPECIAL SUNGLASSES DEALS
80% OFF!! GREETINGS FROM
KINGSTON FDB XJPEV

Barclays Bank

30th April 2016

Online Access Suspended

Vulnerebility

 

SANS News

New release of PCI DSS (version 3.2) is available

Threatpost

Phony Google Update Spreads Data-Stealing Android Malware

Google Patches 9 Security Flaws in New Chrome Browser Build

Exploit

Observium 0.16.7533 - Cross Site Request Forgery

Observium 0.16.7533 - Authenticated Arbitrary Command Execution

Merit Lilin IP Cameras - Multiple Vulnerabilities

GLPi 0.90.2 - SQL Injection

Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash

Wireshark - dissect_2008_16_security_4 Stack-Based Buffer Overflow

Wireshark - alloc_address_wmem Assertion Failure

Wireshark - ett_zbee_zcl_pwr_prof_enphases Static Out-of-Bounds Read

29.4.2016

Bugtraq

[SECURITY] [DSA 3561-1] subversion security update 2016-04-29
Salvatore Bonaccorso (carnil debian org)

SQL Injection in GLPI 2016-04-29
High-Tech Bridge Security Research (advisory htbridge ch)

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-29
Vulnerability Lab (research vulnerability-lab com)

Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream 2016-04-28
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) 2016-04-28
security-alert hpe com

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28
Hans Jerry Illikainen (hji dyntopia com)

[SECURITY] [DSA 3560-1] php5 security update 2016-04-27
Salvatore Bonaccorso (carnil debian org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (ajh158 gmail com)

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

[SECURITY] [DSA 3559-1] iceweasel security update 2016-04-27
Moritz Muehlenhoff (jmm debian org)

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27
Securify B.V. (lists securify nl)

Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanDownloader:Win32/Nurjax.B 
TrojanDownloader:Win32/Banload.BGK 
TrojanDownloader:Win32/Banload.ARJ 
TrojanDownloader:VBS/Banload.BM 
TrojanDownloader:MSIL/Banload.AT 
Ransom:Win32/Rokku.A 

MSIL/Filecoder.Samas.A

Win32/TrojanDownloader.Nymaim.BA

Trojan.Ransomcrypt.AL

Phishing

 

Vulnerebility

 

SANS News

New release of PCI DSS (version 3.2) is available

Threatpost

Scourge of Android Overlay Malware on Rise

Unskilled Pro-ISIS Hackers A Growing Threat

Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle

Exploit

Windows Kernel - win32k.sys TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)

28.4.2016

Bugtraq

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28
Hans Jerry Illikainen (hji dyntopia com)

[SECURITY] [DSA 3560-1] php5 security update 2016-04-27
Salvatore Bonaccorso (carnil debian org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (ajh158 gmail com)

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)

[SECURITY] [DSA 3559-1] iceweasel security update 2016-04-27
Moritz Muehlenhoff (jmm debian org)

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27
Securify B.V. (lists securify nl)

Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-117-01) 2016-04-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3558-1] openjdk-7 security update 2016-04-26
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3557-1] mysql-5.5 security update 2016-04-26
Salvatore Bonaccorso (carnil debian org)

Sophos XG Firewall (SF01V) - Persistent Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

Malware

Win32/Galaxy.A

Win32/TrojanDownloader.Small.PTT

Win32/Rootkit.Agent.OBC

Win32/Poxters.H

Win32/Lethic.AF

Trojan.Pekelog

Ransom:Win32/Rokku.A 

Phishing

PayPal

28th April 2016

[ PayPaI Inc. ] : Update Your
Account Information

PayPal

27th April 2016

[ PayPaI Inc. ] : Update Your
Account Information

paypal

26th April 2016

Your account has been Iimited
untiI we hear from you

Vulnerebility

 

SANS News

DNS and DHCP Recon using Powershell

Threatpost

Steam Patches Broken Crypto in Wake of Replay, Padding Oracle Attacks

Firefox 46 Patches Critical Memory Vulnerabilities

Exploit

EMC ViPR SRM - Cross-Site Request Forgery

Multiple Vendors (RomPager <= 4.34) - Misfortune Cookie Router Authentication Bypass

Mach Race OS X Local Privilege Escalation Exploit

Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)

PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow

Windows Kernel - win32k.sys TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)

27.4.2016

Bugtraq

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27
Securify B.V. (lists securify nl)

Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27
Vulnerability Lab (research vulnerability-lab com)

[slackware-security] mozilla-firefox (SSA:2016-117-01) 2016-04-27
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3558-1] openjdk-7 security update 2016-04-26
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3557-1] mysql-5.5 security update 2016-04-26
Salvatore Bonaccorso (carnil debian org)

Sophos XG Firewall (SF01V) - Persistent Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

Trend Micro (Account) - Email Spoofing Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) 2016-04-25
security-alert hpe com

Malware

Win32/TrojanDownloader.Small.PTT

Backdoor.Etumbot

Trojan.Adupihan

Trojan.Pekelog

Phishing

PayPal

27th April 2016

[ PayPaI Inc. ] : Update Your
Account Information

paypal

26th April 2016

Your account has been Iimited
untiI we hear from you

Vulnerebility

 

SANS News

Kippos Cousin Cowrie

An Introduction to Mac memory forensics

Threatpost

New Decryptor Unlocks CryptXXX Ransomware

Empty DDoS Threats Still Net Attackers $100,000

Exploit

libgd 2.1.1 - Signedness Heap Overflow

Yasr Screen Reader 0.6.9 - Local Buffer Overflow

ImpressCMS 1.3.9 - SQL Injection

26.4.2016

Bugtraq

Sophos XG Firewall (SF01V) - Persistent Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

Trend Micro (Account) - Email Spoofing Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) 2016-04-25
security-alert hpe com

Negin Group CMS - (v) Multiple Web Vulnerabilities 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

UBNT Bug Bounty #2 - XML External Entity Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

C & C++ for OS - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Telisca IPS Lock 2 Vulnerability 2016-04-25
karim reda Fakhir (karim fakhir gmail com)

[SECURITY] [DSA 3556-1] libgd2 security update 2016-04-24
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3555-1] imlib2 security update 2016-04-23
Alessandro Ghedini (ghedo debian org)

Unlimited Pop-Ups WordPress Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Easy Social Share Buttons for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Google SEO Pressor Snippet Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Malware

TrojanSpy:Win32/Mrophine.A!bit 
Worm:MSIL/Zolu.A 

Win32/Filecoder.Coverton.A

MSIL/Steamlocker.C

Win32/Prikormka.AJ

Win32/TrojanDownloader.Dagozill.A

Win32/Jbosser.A

PWS:Win32/Ldpinch.DE 
TrojanDownloader:Win32/Ratecki.A 
TrojanClicker:Win32/Rubalotalow.A 
PWS:Win32/Stimilina.C!bit 
Backdoor:MSIL/IRCbot!rfn 
Backdoor:Win32/Mocbot!rfn 
Backdoor:Win32/Oztratz!rfn 
Backdoor:Win32/Wondufi!rfn 
DDoS:Linux/Zanich!rfn 
Backdoor:MSIL/Aataki!rfn 

Phishing

paypal

26th April 2016

Your account has been Iimited
untiI we hear from you

Tesco

25th April 2016

Tesco Alert, Security Update
Required

Top Debt Companies

25th April 2016

ELIMINATE YOUR DEBT IN 24 TO
48 MONTHS

Vulnerebility

 

SANS News

 

Threatpost

Attackers Behind GozNym Trojan Set Sights on Europe

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits

Exploit

PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (MSF)

Totemomail 4.x and 5.x - Persistent XSS

C/C++ Offline Compiler and C For OS - Persistent XSS

Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (MSF)

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (MSF)

NationBuilder Multiple Stored XSS Vulnerabilities

CompuSource Systems - Real Time Home Banking - Local Privilege Escalation

Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC

Linux x64 - Bind Shell Shellcode Generator

25.4.2016

Bugtraq

Negin Group CMS - (v) Multiple Web Vulnerabilities 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

UBNT Bug Bounty #2 - XML External Entity Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

C & C++ for OS - Filter Bypass & Persistent Vulnerability 2016-04-25
Vulnerability Lab (research vulnerability-lab com)

Telisca IPS Lock 2 Vulnerability 2016-04-25
karim reda Fakhir (karim fakhir gmail com)

[SECURITY] [DSA 3556-1] libgd2 security update 2016-04-24
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3555-1] imlib2 security update 2016-04-23
Alessandro Ghedini (ghedo debian org)

Unlimited Pop-Ups WordPress Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Easy Social Share Buttons for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Google SEO Pressor Snippet Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Echosign Plugin for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Tweet-wheel XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

CM-AD-Changer XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Persian-woocommerce-sms XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Malware

Backdoor:Win32/Xtrat.R 

Trojan.Exedapan

Exp.CVE-2016-0127

Exp.CVE-2016-0147

Trojan.Cryptolocker.AO

Phishing

Top Debt Companies

25th April 2016

ELIMINATE YOUR DEBT IN 24 TO
48 MONTHS

First-AccessVisaCard

25th April 2016

APPLY FOR A GENUINE FIRST
ACCESS VISA CREDIT CARD

Medications Drugstore

24th April 2016

FIX YOUR LIFE WITHOUT HAVING
TO TRY HARD, L H.

PayPal

22nd April 2016

Reminder : Your account will
be limited until we hear from
you

Vulnerebility

 

SANS News

Highlights from the 2016 HPE Annual Cyber Threat Report

Threatpost

 

Exploit

 

24.4.2016

Bugtraq

[SECURITY] [DSA 3556-1] libgd2 security update 2016-04-24
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3555-1] imlib2 security update 2016-04-23
Alessandro Ghedini (ghedo debian org)

Unlimited Pop-Ups WordPress Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Easy Social Share Buttons for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Google SEO Pressor Snippet Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Echosign Plugin for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Tweet-wheel XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

CM-AD-Changer XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Persian-woocommerce-sms XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109) 2016-04-23
david vieira-kurz immobilienscout24 de

Malware

 

Phishing

Medications Drugstore

24th April 2016

FIX YOUR LIFE WITHOUT HAVING
TO TRY HARD, L H.

PayPal

22nd April 2016

Reminder : Your account will
be limited until we hear from
you

Paypal Service

22nd April 2016

NOTICE : YOUR ACCOUNT HAS BEEN
LIMITED AND YOU MUST UPDATE
ACCOUNT

Vulnerebility

 

SANS News

Angler Exploit Kit, Bedep, and CryptXXX

Threatpost

Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout

MIT Launches Experimental Bug Bounty Program

Exploit

 

22.4.2016

Bugtraq

[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information 2016-04-22
security-alert hpe com

[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information 2016-04-22
security-alert hpe com

SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator 2016-04-22
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app 2016-04-22
SEC Consult Vulnerability Lab (research sec-consult com)

[SECURITY] [DSA 3553-1] varnish security update 2016-04-22
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3554-1] xen security update 2016-04-21
Salvatore Bonaccorso (carnil debian org)

CVE-2016-3074: libgd: signedness vulnerability 2016-04-21
Hans Jerry Illikainen (hji dyntopia com)

exploit CVE-2016-2203 2016-04-21
karim reda Fakhir (karim fakhir gmail com)

OpenTSDB RCE 2016-04-21
gsoc gsoc se

Webutler CMS 3.2 - Cross-Site Request Forgery 2016-04-21
displaymyname gmail com

Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

RCE via CSRF in phpMyFAQ 2016-04-20
High-Tech Bridge Security Research (advisory htbridge ch)

shell.com vulnerable TLS 2016-04-20
shell shell com

Malware

Ransom:Win32/Exxroute.A 

JS.Ransomcrypt

Trojan.Phytob

Trojan.Exedapan

Phishing

HM Birthday

22nd April 2016

LIMITED EDITION QUEEN
ELIZABETH II 90TH BIRTHDAY
COIN

Jeniffer Smith

21st April 2016

THE FILES FOR TOMORROW

Your Order

21st April 2016

YI: YOUR SUNGLASSES IS GETTING
READY FOR YOU,ORDER NO.557444

PayPal

20th April 2016

[ ACCOUNT ALERT ] : ACCOUNT
LIMITED NOTIFICATION . œ #PP

Vulnerebility

 

SANS News

Honeyports, powershell script

Threatpost

Adobe Patches DOM-XSS Flaw in Analytics AppMeasurement for Flash Library

PoS Attacks Net Crooks 20 Million Stolen Bank Cards

Exploit

Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation (x32/x64)...

Linux/x86_64 - bindshell (Port 5600) - 86 bytes

21.4.2016

Bugtraq

CVE-2016-3074: libgd: signedness vulnerability 2016-04-21
Hans Jerry Illikainen (hji dyntopia com)

exploit CVE-2016-2203 2016-04-21
karim reda Fakhir (karim fakhir gmail com)

OpenTSDB RCE 2016-04-21
gsoc gsoc se

Webutler CMS 3.2 - Cross-Site Request Forgery 2016-04-21
displaymyname gmail com

Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)

RCE via CSRF in phpMyFAQ 2016-04-20
High-Tech Bridge Security Research (advisory htbridge ch)

shell.com vulnerable TLS 2016-04-20
shell shell com

*.Shell.com Port 443 DROWN decryption attack 2016-04-20
shell shell com

PHPBack v1.3.0 SQL Injection 2016-04-20
apparitionsec gmail com

[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information 2016-04-19
security-alert hpe com

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities 2016-04-19
Security Alert (Security_Alert emc com)

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 2016-04-19
research@rv3lab.org (research rv3lab org)

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) ?? XSS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)

Malware

Win32/Tescrypt 
Ransom:Win32/DMALocker 
Ransom:Win32/Locky.A 
Ransom:MSIL/JigsawLocker.A 

Phishing

Your Order

21st April 2016

YI: YOUR SUNGLASSES IS GETTING
READY FOR YOU,ORDER NO.557444

PayPal

20th April 2016

[ ACCOUNT ALERT ] : ACCOUNT
LIMITED NOTIFICATION . œ #PP
=

USAA

20th April 2016

Re: Important Notification

Vulnerebility

 

SANS News

Decoding Pseudo-Darkleech (#1)

Decoding Pseudo-Darkleech (Part #2)

Threatpost

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

Viber Heats Up Crypto Debate: Adds Encryption to 711 Million Users

Exploit

phpLiteAdmin 1.9.6 - Multiple Vulnerabilities

Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure

PHPBack 1.3.0 - SQL Injection

Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)

Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow

20.4.2016

Bugtraq

shell.com vulnerable TLS 2016-04-20
shell shell com

*.Shell.com Port 443 DROWN decryption attack 2016-04-20
shell shell com

PHPBack v1.3.0 SQL Injection 2016-04-20
apparitionsec gmail com

[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information 2016-04-19
security-alert hpe com

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities 2016-04-19
Security Alert (Security_Alert emc com)

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 2016-04-19
research@rv3lab.org (research rv3lab org)

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) ?? XSS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-005] SAP HANA hdbxsengine JSON ?? DoS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)

Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege 2016-04-18
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-18
security-alert hpe com

[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges 2016-04-18
security-alert hpe com

CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) 2016-04-18
klaus eisentraut syss de

[SECURITY] [DSA 3552-1] tomcat7 security update 2016-04-17
Moritz Muehlenhoff (jmm debian org)

Malware

Backdoor:Win32/Etumbot.G!dha 
Backdoor:MSIL/Noancooe.F 
Backdoor:MSIL/Golroted.B 
Backdoor:Java/Jrat.D 
Adware:Win32/Adposhel 
TrojanDownloader:Win32/Upatre.BS 
TrojanDownloader:Win32/Upatre.BR 
TrojanDownloader:Win32/Upatre.BT 
TrojanDownloader:Win32/Upatre.BU 
TrojanDownloader:Win32/Upatre.BV 

Phishing

AOL

19th April 2016

Urgent

uk.hmrc.notify.refund.secue.em

19th April 2016

Att : Tax Refund Notice

Vulnerebility

 

SANS News

Oracle critical updates released

Threatpost

Range of Mousejack Attack More Than Doubles

BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack

Generic Ransomware Detection Comes to OS X

Exploit

modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection

19.4.2016

Bugtraq

[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information 2016-04-19
security-alert hpe com

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities 2016-04-19
Security Alert (Security_Alert emc com)

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 2016-04-19
research@rv3lab.org (research rv3lab org)

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) ?? XSS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-005] SAP HANA hdbxsengine JSON ?? DoS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)

Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege 2016-04-18
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-18
security-alert hpe com

[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges 2016-04-18
security-alert hpe com

CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) 2016-04-18
klaus eisentraut syss de

[SECURITY] [DSA 3552-1] tomcat7 security update 2016-04-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3551-1] fuseiso security update 2016-04-16
Florian Weimer (fw deneb enyo de)

Ahrare Andeysheh Cms Multiple Vulnerabilities 2016-04-16
iesb team gmail com

Malware

Win32/Spy.Agent.OWE

Win32/Trustezeb.K

Trojan.Kotver.B

W97M.Downloader.H

Trojan.Ransomcrypt.AK

Infostealer.Naibe

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

New MIT Scanner Finds Web App Flaws in a Minute

Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly

Exploit

modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection

Novell ServiceDesk Authenticated File Upload

WordPress leenk.me Plugin 2.5.0 - CSRF/XSS

WordPress Kento Post View Counter Plugin 2.8 - CSRF/XSS

pfSense Community Edition 2.2.6 - Multiple Vulnerabilities

TH692 Outdoor P2P HD Waterproof IP Camera - Hard Coded Credentials

18.4.2016

Bugtraq

[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-18
security-alert hpe com

[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges 2016-04-18
security-alert hpe com

CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) 2016-04-18
klaus eisentraut syss de

[SECURITY] [DSA 3552-1] tomcat7 security update 2016-04-17
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3551-1] fuseiso security update 2016-04-16
Florian Weimer (fw deneb enyo de)

Ahrare Andeysheh Cms Multiple Vulnerabilities 2016-04-16
iesb team gmail com

[CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android 2016-04-16
urikanonov gmail com

[slackware-security] samba (SSA:2016-106-02) 2016-04-15
Slackware Security Team (security slackware com)

[slackware-security] mozilla-thunderbird (SSA:2016-106-01) 2016-04-15
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3550-1] openssh security update 2016-04-15
Moritz Muehlenhoff (jmm debian org)

Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability 2016-04-15
Sandro Poppi (spoppi sec gmail com)

[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)

Malware

TrojanSpy:MSIL/Siplog 
TrojanSpy:MSIL/Siplog.A 
Backdoor:Win32/Oztratz.A 
TrojanDownloader:Win32/Wacpengi.A 
Ransom:MSIL/Tarocrypt.B 
Ransom:MSIL/Tarocrypt.A 
Ransom:Win32/Cryproto.A 
Ransom:Win32/Pottieq.A 
Ransom:Win32/Rackcrypt.A 
TrojanDownloader:MSIL/Gurim.A 

Phishing

 

Vulnerebility

 

SANS News

Retefe is back in town

VBS + VBE

Threatpost

VMware Patches Critical Session-Handling Vulnerability

Short URLs a Big Problem for Cloud Collaboration, Stored Data

Exploit

 

17.4.2016

Bugtraq

[SECURITY] [DSA 3550-1] openssh security update 2016-04-15
Moritz Muehlenhoff (jmm debian org)

Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability 2016-04-15
Sandro Poppi (spoppi sec gmail com)

[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)

[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)

[SECURITY] [DSA 3549-1] chromium-browser security update 2016-04-15
Michael Gilbert (mgilbert debian org)

AST-2016-005: TCP denial of service in PJProject 2016-04-14
Asterisk Security Team (security asterisk org)

Malware

 

Phishing

Chase

15th April 2016

Recent Suspicious Activity On
Your Online Account

Anita Garg

15th April 2016

1ST PAGE ON GOOGLE WITH
GUARANTEED !!

Vulnerebility

 

SANS News

Windows Command Line Persistence?

Uninstall QuickTime For Windows Today

Reminder: Fair Use of Our Data

Threatpost

 

Exploit

AirOS 6.x - Arbitrary File Upload

Exim "perl_startup" Privilege Escalation

Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use After Free

Linux/x86_64 - Read /etc/passwd - 65 bytes

15.4.2016

Bugtraq

[SECURITY] [DSA 3549-1] chromium-browser security update 2016-04-15
Michael Gilbert (mgilbert debian org)

AST-2016-005: TCP denial of service in PJProject 2016-04-14
Asterisk Security Team (security asterisk org)

AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk 2016-04-14
Asterisk Security Team (security asterisk org)

NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin 2016-04-14
VMware Security Response Center (security vmware com)

ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability 2016-04-14
Security Alert (Security_Alert emc com)

Securing Android Applications from Screen Capture 2016-04-14
research nightwatchcybersecurity com

Mybb Cms (private.php Page) Denial Of Service Vulnerability 2016-04-14
iedb team gmail com

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-14
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3548-2] samba regression update 2016-04-14
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3548-1] samba security update 2016-04-13
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Mybb Cms (create forum and edit) Cross-Site Script Vulnerability 2016-04-13
iedb team gmail com

Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13
Vulnerability Lab (research vulnerability-lab com)

Vbulletin Cms (Sendmessage.php Page) 0Day Exploit 2016-04-13
iedb team gmail com

[SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12
Security Explorations (contact security-explorations com)

CAM UnZip v5.1 Archive Directory Traversal 2016-04-12
hyp3rlinx lycos com

.NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12
Securify B.V. (lists securify nl)

Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com

Malware

Win32/Filecoder.MaktubLocker.A

Packed.Generic.500

Exp.CVE-2016-0157

Exp.CVE-2016-0158

Worm:Win32/Bagsak.A 
Backdoor:Win32/Temratanam.A 
TrojanDownloader:MSIL/Stubdy.A 

PWS:AutoIt/Passup.A 

Phishing

Anita Garg

15th April 2016

1ST PAGE ON GOOGLE WITH
GUARANTEED !!

MR.JACK PETERSEN

15th April 2016

Your Pending funds with
Clydesdale Bank Plc!!!

Vulnerebility

 

SANS News

HTTP Public Key Pinning: How to do it right

Threatpost

Latest Chrome Update Addresses Two High-Severity Vulnerabilities

Apple Deprecates QuickTime For Windows, Wont Patch New Flaws

Exploit

 

14.4.2016

Bugtraq

[SECURITY] [DSA 3548-2] samba regression update 2016-04-14
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3548-1] samba security update 2016-04-13
Salvatore Bonaccorso (carnil debian org)

Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Mybb Cms (create forum and edit) Cross-Site Script Vulnerability 2016-04-13
iedb team gmail com

Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13
Vulnerability Lab (research vulnerability-lab com)

Vbulletin Cms (Sendmessage.php Page) 0Day Exploit 2016-04-13
iedb team gmail com

[SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12
Security Explorations (contact security-explorations com)

CAM UnZip v5.1 Archive Directory Traversal 2016-04-12
hyp3rlinx lycos com

.NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12
Securify B.V. (lists securify nl)

Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com

Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3485-2] didiwiki security update 2016-04-12
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3547-1] imagemagick security update 2016-04-11
Luciano Bello (luciano debian org)

ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11
Security Alert (Security_Alert emc com)

Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)

[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)

Malware

Ransom:MSIL/JigsawLocker.A 

Phishing

Job Admiration

14th April 2016

L: APPLICANTS WANTED

Ban Ki-moon

13th April 2016

Notification of your payment
via our corresponding Bank

Nick Madsen

13th April 2016

PHARMACY-ONLINE

NatWest

13th April 2016

Customer Notice

localhost

13th April 2016

Important Notice

Service

13th April 2016

UPDATE YOUR ACCOUNT
INFORMATION

BARCLAYS PLC

12th April 2016

Confirm your Barclays account

TESCO BANK

11th April 2016

TESCO ALERT, SECURITY UPDATE
REQUIRED

中å½å¹³å

11th April 2016

åå的è¯上æœå¹³å
å¹³åº通æ?å险
ºæ¿?å¹³å

Vulnerebility

 

SANS News

Updated PFSense Client

Threatpost

Decryption Tool Stifles Jigsaw Ransomware

Qbot Malware Morphs Quickly to Evade Detection

Broken IBM Java Patch Prompts Another Disclosure

Exploit

Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042)

Internet Explorer 9, 10, 11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)

pfSense Firewall <= 2.2.6 - Services CSRF

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

Dell KACE K1000 File Upload

Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass and Arbitrary File...

Texas Instrument Emulator 3.03 - Local Buffer Overflow

13.4.2016

Bugtraq

Mybb Cms (create forum and edit) Cross-Site Script Vulnerability 2016-04-13
iedb team gmail com

Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13
Vulnerability Lab (research vulnerability-lab com)

Vbulletin Cms (Sendmessage.php Page) 0Day Exploit 2016-04-13
iedb team gmail com

[SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12
Security Explorations (contact security-explorations com)

CAM UnZip v5.1 Archive Directory Traversal 2016-04-12
hyp3rlinx lycos com

.NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12
Securify B.V. (lists securify nl)

Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com

Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3485-2] didiwiki security update 2016-04-12
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3547-1] imagemagick security update 2016-04-11
Luciano Bello (luciano debian org)

ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11
Security Alert (Security_Alert emc com)

Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)

[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)

Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com

Malware

Trojan:Win32/Chopper.A 
Win32/Spursint 
Ransom:Win32/Cerber.A 
Ransom:Win32/Locky.A 
TrojanDownloader:BAT/Locky.A 
TrojanDownloader:JS/Locky.A 

MSIL/Pyrrawn.A

Win32/TrojanDownloader.Small.AJM

Win32/Prux.H

Win32/Filecoder.HydraCrypt.C

Trojan.Zbot.D

Phishing

localhost

13th April 2016

Important Notice

Service

13th April 2016

UPDATE YOUR ACCOUNT
INFORMATION

BARCLAYS PLC

12th April 2016

Confirm your Barclays account

TESCO BANK

11th April 2016

TESCO ALERT, SECURITY UPDATE
REQUIRED

中å½å¹³å

11th April 2016

åå的è¯上æœå¹³å
å¹³åº通æ?å险
ºæ¿?å¹³å

Pharmacy-Discounter

11th April 2016

KEEPING YOUR MAN'S HOSE STEEL
IS NO PROBLEM WHEN YOU'RE
DEALING WITH US, L H...

Vulnerebility

 

SANS News

Microsoft Patch Tuesday Summary for April 2016

Threatpost

ZeuS Banking Trojan Resurfaces As Atmos Variant

Inside the Latest Apple iMessage Bug

Meet The Cryptoworm, The Future of Ransomware

Exploit

Ovidentia troubleticketsModule 7.6 - Remote File Inclusion

12.4.2016

Bugtraq

Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com

Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3485-2] didiwiki security update 2016-04-12
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3547-1] imagemagick security update 2016-04-11
Luciano Bello (luciano debian org)

ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11
Security Alert (Security_Alert emc com)

Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)

[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)

Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com

OpenCart json_decode function Remote PHP Code Execution 2016-04-09
r3s34rch3r yahoo com

Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-09
iedb team gmail com

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

Malware

Trojan:Win32/Chopper.A 
Backdoor:MSIL/Soybalek 

Win32/Filecoder.HydraCrypt.C

Win32/Prux.H

Win32/TrojanDownloader.Small.AJM

Trojan.Ransomcrypt.AJ

Infostealer.Orcalata

Downloader.Orcalata

Phishing

 

Vulnerebility

 

SANS News

Tool Released to Decrypt Petya Ransomware Infected Disks

Threatpost

 

Exploit

Hikvision Digital Video Recorder - Cross-Site Request Forgery

WPN-XM Serverstack 0.8.6 - Cross Site Request Forgery

OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution

Axis Network Cameras - Multiple Vulnerabilities

Novell Service Desk 7.1.0, 7.0.3 and 6.5 - Multiple Vulnerabilities

CAM UnZip 5.1 - Archive Path Traversal

Android - IOMX getConfig/getParameter Information Disclosure

Android - IMemory Native Interface is Insecure for IPC Use

Linux/x86_64 - bindshell (PORT: 5600) - 81 bytes

11.4.2016

Bugtraq

Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)

[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)

Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com

OpenCart json_decode function Remote PHP Code Execution 2016-04-09
r3s34rch3r yahoo com

Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-09
iedb team gmail com

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com

WPN-XM Serverstack v0.8.6 XSS 2016-04-09
hyp3rlinx lycos com

Malware

Trojan.Karus

Phishing

TESCO BANK

11th April 2016

TESCO ALERT, SECURITY UPDATE
REQUIRED

 

中å½å¹³å

11th April 2016

åå的è¯上æœå¹³å
å¹³åº通æ?å险
ºæ¿?å¹³å

Pharmacy-Discounter

11th April 2016

KEEPING YOUR MAN'S HOSE STEEL
IS NO PROBLEM WHEN YOU'RE
DEALING WITH US, L H..

CBN

11th April 2016

RE:YOUR OVER DUE PAYMENT

Account Notification

11th April 2016

WARNING : UPDATE YOUR ACCOUNT
INFORMATION

E-mail TEAM

10th April 2016

UPDATE!

Mail Administrator

10th April 2016

VERIFY YOUR ACCOUNT!

Vulnerebility

 

SANS News

Handling Malware Samples

Threatpost

 

Exploit

 

10.4.2016

Bugtraq

JAWS Weak Service Permissions leads to Privilege Escalation 2016-04-08
Heimbuecher003 connect wcsu edu

AccelSite Content Manager v1.0 - SQL Injection Vulnerability 2016-04-08
Vulnerability Lab (research vulnerability-lab com)

Malware

Trojan.Karus

W97M.Downloader.G

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

op5 7.1.9 - Remote Command Execution

Express Zip <= 2.40 - Path Traversal

Apple Intel HD 3000 Graphics driver 10.0.0 - Local Privilege Escalation

8.4.2016

Bugtraq

JAWS Weak Service Permissions leads to Privilege Escalation 2016-04-08
Heimbuecher003 connect wcsu edu

AccelSite Content Manager v1.0 - SQL Injection Vulnerability 2016-04-08
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3546-1] optipng security update 2016-04-07
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3545-1] cgit security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3544-1] python-django security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection 2016-04-07
security-alert hpe com

Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) 2016-04-06
security-alert hpe com

[security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-06
security-alert hpe com

Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

CVE-2016-3672 - Unlimiting the stack not longer disables ASLR 2016-04-06
Hector Marco-Gisbert (hecmargi upv es)

Malware

Win32/Takabum 

Infostealer.Poslit

Phishing

Pay-Pal

8th April 2016

Notice of Policy Updates œ

Your Confirmation(tm)

7th April 2016

RE JENNIFER , YOU'RE
PRE-APPROVED FOR $28.5OO !
100% ACCEPTED.

Vulnerebility

 

SANS News

 

Threatpost

Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now

Exploit

 

7.4.2016

Bugtraq

[SECURITY] [DSA 3545-1] cgit security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3544-1] python-django security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection 2016-04-07
security-alert hpe com

Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

[security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) 2016-04-06
security-alert hpe com

[security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-06
security-alert hpe com

Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)

CVE-2016-3672 - Unlimiting the stack not longer disables ASLR 2016-04-06
Hector Marco-Gisbert (hecmargi upv es)

Malware

Trojan.Cryptolocker.AL

Backdoor.Perper

Phishing

 

Vulnerebility

 

SANS News

YAFP (Yet Another Flash Patch)

Security Features Nobody Implements

Threatpost

Ubuntu Patches Kernel Vulnerabilities

Exploit

PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities

Mess Emulator 0.154-3.1 - Local Buffer Overflow

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities

SocialEngine 4.8.9 - SQL Injection

Panda Security URL Filtering < 4.3.1.9 - Privilege Escalation

Panda Endpoint Administration Agent < 7.50.00 - Privilege Escalation

Linux x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited

6.4.2016

Bugtraq

SQL Injection in SocialEngine 2016-04-06
High-Tech Bridge Security Research (advisory htbridge ch)

[slackware-security] subversion (SSA:2016-097-01) 2016-04-06
Slackware Security Team (security slackware com)

op5 v7.1.9 Remote Command Execution 2016-04-06
apparitionsec gmail com

CA20160405-01: Security Notice for CA API Gateway 2016-04-05
Kotas, Kevin J (Kevin Kotas ca com)

[SECURITY] [DSA 3543-1] oar security update 2016-04-05
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3542-1] mercurial security update 2016-04-05
Salvatore Bonaccorso (carnil debian org)

Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability 2016-04-05
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3541-1] roundcube security update 2016-04-05
Sebastien Delafond (seb debian org)

[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-04
security-alert hpe com

[slackware-security] mozilla-thunderbird (SSA:2016-095-01) 2016-04-04
Slackware Security Team (security slackware com)

Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit 2016-04-04
lists@exploits4coins.com (lists exploits4coins com)

ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability 2016-04-04
Security Alert (Security_Alert emc com)

[SE-2012-01] Broken security fix in IBM Java 7/8 2016-04-04
Security Explorations (contact security-explorations com) (1 replies)

Re: [SE-2012-01] Broken security fix in IBM Java 7/8 2016-04-05
Security Explorations (contact security-explorations com)

Malware

Win32/TrojanDownloader.Small.PTC

Infostealer.Fakepude

Trojan.Cryptolocker.AK

Phishing

 

Vulnerebility

 

SANS News

New Features for Microsoft Patch Data

Threatpost

Locky Variant Changes C2 Communication, Found in Nuclear EK

BREACH Attacks Revived to Steal Private Messages from Gmail, Facebook

Exploit

Easy File Sharing HTTP Server 7.2 SEH Overflow

PCMAN FTP Server Buffer Overflow - PUT Command

ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities

Windows Kernel Win32k.sys Privilege Escalation Exploit (MS14-058)

Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)

5.4.2016

Bugtraq

[SECURITY] [DSA 3541-1] roundcube security update 2016-04-05
Sebastien Delafond (seb debian org)

[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-04
security-alert hpe com

[slackware-security] mozilla-thunderbird (SSA:2016-095-01) 2016-04-04
Slackware Security Team (security slackware com)

Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit 2016-04-04
lists@exploits4coins.com (lists exploits4coins com)

ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability 2016-04-04
Security Alert (Security_Alert emc com)

[SE-2012-01] Broken security fix in IBM Java 7/8 2016-04-04
Security Explorations (contact security-explorations com)

CVE-2016-2191: optipng: invalid write 2016-04-04
Hans Jerry Illikainen (hji dyntopia com)

ManageEngine Password Manager Pro Multiple Vulnerabilities 2016-04-04
Sebastian Perez (s3bap3 gmail com)

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Bugcrowd CSV injection vulnerability 2016-04-04
Hack Ex (hackexfan gmail com)

[SECURITY] [DSA 3540-1] lhasa security update 2016-04-03
Moritz Muehlenhoff (jmm debian org)

Malware

MSIL/Spy.POSCardStealer.A

PHP.Ransomcrypt.B

W32.Ransomlock.AP

Phishing

Natwest Bank

5th April 2016

ACCOUNT SUSPENDED

Paypal Service

3rd April 2016

CASE ID NUMBER:
PP-151-253-172-331

CASSEY MITCHEL

3rd April 2016

I found u

Vulnerebility

 

SANS News

 

Threatpost

Cisco High Severity Flaw Lets Malware Bypass FirePower Firewall

Surreptitious Sharing Android API Flaw Leaks Data, Private Keys

Exploit

PQI Air Pen Express 6W51-0000R2 and 6W51-0000R2XXX - Multiple Vulnerabilities

Hexchat IRC Client 2.11.0 - Directory Traversal

Xion Audio Player <= 1.5 (build 160) - .mp3 Crash PoC

Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow

4.4.2016

Bugtraq

ManageEngine Password Manager Pro Multiple Vulnerabilities 2016-04-04
Sebastian Perez (s3bap3 gmail com)

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Bugcrowd CSV injection vulnerability 2016-04-04
Hack Ex (hackexfan gmail com)

[SECURITY] [DSA 3540-1] lhasa security update 2016-04-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3539-1] srtp security update 2016-04-02
Salvatore Bonaccorso (carnil debian org)

Open-Xchange Security Advisory 2016-04-02 2016-04-02
Martin Heiland (martin heiland lists open-xchange com)

[security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS) 2016-04-02
security-alert hpe com

[slackware-security] mercurial (SSA:2016-092-01) 2016-04-01
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-092-02) 2016-04-01
Slackware Security Team (security slackware com)

[security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2016-04-01
security-alert hpe com

[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files 2016-04-01
security-alert hpe com

[security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-01
security-alert hpe com

[security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files 2016-04-01
HP Security Alert (hp-security-alert hp com)

APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 2016-03-31
Apple Product Security (product-security-noreply lists apple com)

Malware

Backdoor:Win32/Fynloski.SK 
Ransom:MSIL/Nojocrypt.A 
Ransom:MSIL/Manamecrypt.A 
Virus:Win32/Begseabug.A 
TrojanSpy:MSIL/Golroted.E 

Win32/Diskcoder.Petya.B

RANSOM_PETYA.D

RANSOM_PETYA.A

Phishing

Paypal Service

3rd April 2016

CASE ID NUMBER:
PP-151-253-172-331

CASSEY MITCHEL

3rd April 2016

I found u

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

3.4.2016

Bugtraq

 

Malware

Trojan.Huntpos

W32.Woniore

Phishing

Tesco Bank

1st April 2016

YOUR ACCOUNT HAS BEEN
DEACTIVATED

Paypal œ

1st April 2016

UNUSUAL ACTIVITY ON YOUR
ACCOUNT. œ

PAYPAL œ

31st March 2016

Unusual activity on your
account. œ

Vulnerebility

 

SANS News

Tips for Stopping Ransomware

Why Can't We Be Friends?

Threatpost

 

Exploit

 Windows Kernel - Bitmap Use-After-Free

Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read

Adobe Flash - URLStream.readObject Use-After-Free

Adobe Flash - TextField.maxChars Use-After-Free

Android - ih264d_process_intra_mb Memory Corruption

Adobe Flash - Color.setTransform Use-After-Free

PHP 5.5.33 - Invalid Memory Write

1.4.2016

Bugtraq

APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 2016-03-31
Apple Product Security (product-security-noreply lists apple com)

WebKitGTK+ Security Advisory WSA-2016-0003 2016-03-31
Carlos Alberto Lopez Perez (clopez igalia com)

Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Docker UI v0.10.0 - Multiple Persistent Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Dorsa Web CMS - Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Hi Technology & Services CMS - SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Patron Info System - SQL Injection Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3538-1] libebml security update 2016-03-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3537-1] imlib2 security update 2016-03-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3536-1] libstruts1.2-java security update 2016-03-31
Sebastien Delafond (seb debian org)

Malware

W32.Woniore

Trojan.Huntpos

Ransom:MSIL/Ryzerlo 

Phishing

Tesco Bank

1st April 2016

YOUR ACCOUNT HAS BEEN
DEACTIVATED

Paypal œ

1st April 2016

UNUSUAL ACTIVITY ON YOUR
ACCOUNT. œ

PAYPAL œ

31st March 2016

Unusual activity on your
account. œ

Tesco Bank

31st March 2016

YOUR ACCOUNT HAS BEEN
DEACTIVATED

Wells Fargo

31st March 2016

Update Important Security
Alert

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit

31.3.2016

Bugtraq

Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Docker UI v0.10.0 - Multiple Persistent Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Dorsa Web CMS - Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Hi Technology & Services CMS - SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Patron Info System - SQL Injection Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3538-1] libebml security update 2016-03-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3537-1] imlib2 security update 2016-03-31
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3536-1] libstruts1.2-java security update 2016-03-31
Sebastien Delafond (seb debian org)

Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability 2016-03-30
Cisco Systems Product Security Incident Response Team (psirt cisco com) (1 replies)

RE: Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability 2016-03-30
Murray, Mike (MMurray csuchico edu)

[CVE-2016-0784] Apache OpenMeetings ZIP file path traversal 2016-03-30
Maxim Solodovnik (solomax666 gmail com)

Multiple Vulnerabilities in CubeCart 2016-03-30
High-Tech Bridge Security Research (advisory htbridge ch)

CVE-2016-2385 Kamailio SEAS module heap buffer overflow 2016-03-30
Stelios Tsampas (stelios census-labs com)

Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities 2016-03-30
kyle Lovett (krlovett gmail com)

[SECURITY] [DSA 3535-1] kamailio security update 2016-03-29
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Tagak.O

MSIL/Mozifox.C

MSIL/Hakopsbot.A

Trojan.Cryptolocker.AJ

Trojan.Annieco

Backdoor:PHP/Shell.O 

Phishing

Tesco Bank

31st March 2016

YOUR ACCOUNT HAS BEEN
DEACTIVATED

Wells Fargo

31st March 2016

Update Important Security
Alert

Apple

29th March 2016

Vi informiamo che il vostro
account Apple scadrà tra meno
di 24 ore.

service

29th March 2016

YOUR ACCOUNT HAS BEEN IIMITED

Vulnerebility

 

SANS News

What to watch with your FIM?

Threatpost

Root Servers Were Not Targets of 2015 DDoS Attack

Exploit

Apache Jetspeed Arbitrary File Upload

MOBOTIX Video Security Cameras - CSRF Add Admin Exploit

Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal

Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read

ATutor 2.2.1 Directory Traversal / Remote Code Execution

Metaphor - Stagefright Exploit with ASLR Bypass

CubeCart 6.0.10 - Multiple Vulnerabilities

Kamailio 4.3.4 - Heap-Based Buffer Overflow

30.3.2016

Bugtraq

Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability 2016-03-30
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CVE-2016-0784] Apache OpenMeetings ZIP file path traversal 2016-03-30
Maxim Solodovnik (solomax666 gmail com)

Multiple Vulnerabilities in CubeCart 2016-03-30
High-Tech Bridge Security Research (advisory htbridge ch)

CVE-2016-2385 Kamailio SEAS module heap buffer overflow 2016-03-30
Stelios Tsampas (stelios census-labs com)

Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities 2016-03-30
kyle Lovett (krlovett gmail com)

[SECURITY] [DSA 3535-1] kamailio security update 2016-03-29
Moritz Muehlenhoff (jmm debian org)

[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information 2016-03-29
security-alert hpe com

[SECURITY] [DSA 3534-1] dhcpcd security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)

Fireware XTM Web UI - Open Redirect 2016-03-29
Manuel Mancera (mmancera a2secure com)

[SECURITY] [DSA 3533-1] openvswitch security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)

BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543) 2016-03-28
appsec (appsec bmc com)

Malware

JS/Nemucod

Linux/Remaiten 

MSIL/Hakopsbot.A

Trojan.Annieco

Phishing

Apple

29th March 2016

Vi informiamo che il vostro
account Apple scadrà tra meno
di 24 ore.

service

29th March 2016

YOUR ACCOUNT HAS BEEN IIMITED

support2c171

28th March 2016

Get paid $25 for each email
you process

Vulnerebility

 

SANS News

SOC Resources for System Management

Threatpost

 

Exploit

LShell <= 0.9.15 - Remote Code Execution

CubeCart 6.0.10 - Multiple Vulnerabilities

Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1

Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2

Apple Quicktime < 7.7.79.80.95 - PSD File Parsing Memory Corruption

29.3.2016

Bugtraq

Fireware XTM Web UI - Open Redirect 2016-03-29
Manuel Mancera (mmancera a2secure com)

[SECURITY] [DSA 3533-1] openvswitch security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)

BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543) 2016-03-28
appsec (appsec bmc com)

BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542) 2016-03-28
appsec (appsec bmc com)

Validation Bypass in C2Box application : CVE - 2015-4626 2016-03-28
harish ramadoss helpag com

[SECURITY] [DSA 3532-1] quagga security update 2016-03-27
Salvatore Bonaccorso (carnil debian org)

TrendMicro DDI Cross Site Request Forgerys 2016-03-26
hyp3rlinx lycos com

[SECURITY] [DSA 3531-1] chromum-browser security update 2016-03-26
Michael Gilbert (mgilbert debian org)

Malware

Trojan.Cryptolocker.AJ

Phishing

service

29th March 2016

YOUR ACCOUNT HAS BEEN IIMITED

support2c171

28th March 2016

Get paid $25 for each email
you process

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

Adobe Flash - Object.unwatch Use-After-Free Exploit

Liferay Portal 5.1.2 - Persistent XSS

FireEye - Privilege Escalation to root from Malware Input Processor (uid=mip)

Cogent Datahub <= 7.3.9 Gamma Script Elevation of Privilege

TallSoft SNMP TFTP Server 1.0.0 - Denial of Service

Android One mt_wifi IOCTL_GET_STRUCT Privilege Escalation

28.3.2016

Bugtraq

BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542) 2016-03-28
appsec (appsec bmc com)

Validation Bypass in C2Box application : CVE - 2015-4626 2016-03-28
harish ramadoss helpag com

[SECURITY] [DSA 3532-1] quagga security update 2016-03-27
Salvatore Bonaccorso (carnil debian org)

TrendMicro DDI Cross Site Request Forgerys 2016-03-26
hyp3rlinx lycos com

[SECURITY] [DSA 3531-1] chromum-browser security update 2016-03-26
Michael Gilbert (mgilbert debian org)

[slackware-security] mozilla-thunderbird (SSA:2016-085-02) 2016-03-25
Slackware Security Team (security slackware com)

[slackware-security] libevent (SSA:2016-085-01) 2016-03-25
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3530-1] tomcat6 security update 2016-03-25
Moritz Muehlenhoff (jmm debian org)

[CVE-2016-2163] Stored Cross Site Scripting in Event description 2016-03-25
Maxim Solodovnik (solomax apache org)

[CVE-2016-2164] Arbitrary file read via SOAP API 2016-03-25
Maxim Solodovnik (solomax apache org)

[CVE-2016-0783] Predictable password reset token 2016-03-25
Maxim Solodovnik (solomax apache org)

Malware

Infostealer.Thumbthief

Trojan:Win32/Varpes.I!cl 
Trojan:Win32/Varpes.A!cl 
Trojan:Win32/Varpes.C!cl 
Trojan:Win32/Varpes.H!cl 
Trojan:Win32/Varpes.G!cl 
Trojan:Win32/Varpes.F!cl 
Trojan:Win32/Varpes.E!cl 
Win32/Varpes 
Trojan:Win32/Varpes.J!cl 
Trojan:Win32/Varpes.K!cl 

Phishing

Apple Validation

25th March 2016

Login From Unrecognized Device

PayPal

25th March 2016

Important : Your account
status change (Case ID
#PL-003-603-205-892)

Vulnerebility

 

SANS News

Improving Bash Forensics Capabilities

Threatpost

Fileless PowerWare Ransomware Found on Healthcare Network

Exploit

Liferay Portal 5.1.2 - Persistent XSS

Linux/x86_x64 - execve(/bin/sh) - 25 bytes

Linux/x86_x64 - execve(/bin/bash) - 33 bytes

25.3.2016

Bugtraq

[CVE-2016-2163] Stored Cross Site Scripting in Event description 2016-03-25
Maxim Solodovnik (solomax apache org)

[CVE-2016-2164] Arbitrary file read via SOAP API 2016-03-25
Maxim Solodovnik (solomax apache org)

[CVE-2016-0783] Predictable password reset token 2016-03-25
Maxim Solodovnik (solomax apache org)

[security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information 2016-03-25
security-alert hpe com

[security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-24
security-alert hpe com

[SYSS-2016-016] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de

[SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts 2016-03-24
sven freund syss de

[SYSS-2016-017] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de

[SECURITY] [DSA 3527-1] inspircd security update 2016-03-24
Sebastien Delafond (seb debian org)

XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section 2016-03-24
netizen01k gmail com

[SECURITY] [DSA 3529-1] redmine security update 2016-03-23
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3528-1] pidgin-otr security update 2016-03-23
Sebastien Delafond (seb debian org)

Malware

Trojan.Ransomlock.AN

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

24.3.2016

Bugtraq

[SYSS-2016-016] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de

[SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts 2016-03-24
sven freund syss de

[SYSS-2016-017] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de

[SECURITY] [DSA 3527-1] inspircd security update 2016-03-24
Sebastien Delafond (seb debian org)

XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section 2016-03-24
netizen01k gmail com

[SECURITY] [DSA 3529-1] redmine security update 2016-03-23
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3528-1] pidgin-otr security update 2016-03-23
Sebastien Delafond (seb debian org)

Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Hardcoded root password in Zyxel MAX3XX series Wimax CPEs 2016-03-23
Gianni Carabelli (giannicarabelli gmail com)

Malware

SoftwareBundler:Win32/Dowadmin 
Trojan:Win32/Tulim.B!cl 
Trojan:Win32/Peals.D!cl 

Trojan.Cryptolocker.AI

Infostealer.Olymvis

Phishing

PayPal Inc

23rd March 2016

Your Account Will Be Closed !!

Huizhong Lee

22nd March 2016

SEA FREIGHT ORDER FOR 2X40'GP
FROM CHINA. H@AOL.COM

Microsoft

22nd March 2016

[PayPal INC]

Vulnerebility

 

SANS News

The importance of ongoing dialog

Threatpost

Locky Ransomware Causes Internal State of Emergency at Kentucky Hospital

Exploit

Linux/x86_x64 - execve(/bin/sh) - 26 bytes

23.3.2016

Bugtraq

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Hardcoded root password in Zyxel MAX3XX series Wimax CPEs 2016-03-23
Gianni Carabelli (giannicarabelli gmail com)

CA20160323-01: Security Notice for CA Single Sign-On Web Agents 2016-03-23
Kotas, Kevin J (Kevin Kotas ca com)

CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported 2016-03-23
Ken Giusti (kgiusti redhat com)

[SECURITY] [DSA 3526-1] libmatroska security update 2016-03-23
Sebastien Delafond (seb debian org)

Remote Code Execution in DVR affecting over 70 different vendors 2016-03-23
rotem kerner (nullfield gmail com)

[SECURITY] [DSA 3525-1] pixman security update 2016-03-22
Salvatore Bonaccorso (carnil debian org)

[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2 2016-03-22
RedTeam Pentesting GmbH (release redteam-pentesting de)

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-6 Safari 9.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-3 tvOS 9.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-7 OS X Server 5.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-4 Xcode 7.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

Malware

SoftwareBundler:Win32/Dowadmin 
Trojan:Win32/Tulim.B!cl 
Trojan:Win32/Peals.D!cl 
Exploit:Win32/Taro.H

Phishing

 

Vulnerebility

 

SANS News

Getting Ready for Badlock

Abusing Oracles

Threatpost

 

Exploit

Comodo Antivirus Forwards Emulated API Calls to the Real API During Scans

Avira - Heap Underflow Parsing PE Section Headers

Comodo - PackMan Unpacker Insufficient Parameter Validation

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents

Wireshark - dissect_ber_integer Static Out-of-Bounds Write

Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation

Comodo Antivirus - Heap Overflow in LZX Decompression

OS X Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

Adobe Flash - Shape Rendering Crash

Adobe Flash - Zlib Codec Heap Overflow

Adobe Flash - Sprite Creation Use-After-Free

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix

Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix

Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix

OS X Kernel - AppleKeyStore Use-After-Free

OS X Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method...

OS X Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver

MiCollab 7.0 - SQL Injection Vulnerability  

OS X / iOS Suid Binary Logic Error Kernel Code Execution

Multiple CCTV-DVR Vendors - Remote Code Execution

22.3.2016

Bugtraq

[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2 2016-03-22
RedTeam Pentesting GmbH (release redteam-pentesting de)

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-6 Safari 9.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-3 tvOS 9.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-7 OS X Server 5.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-4 Xcode 7.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-2 watchOS 2.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2016-03-21-1 iOS 9.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com

[security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com

[security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-21
security-alert hpe com

AbsoluteTelnet 10.14 DLL Hijack Code Exec 2016-03-21
hyp3rlinx lycos com

Malware

Win32/Spy.KeyLogger.PDD

MSIL/ChadowTek.E

Win32/Dipeok.A

Phishing

Microsoft

22nd March 2016

[PayPal INC]

no1handmadeshoes

21st March 2016

FW: FASHIONABLE FOOTWEAR BY
AMAZONSES

Bank Of America

21st March 2016

DÐar Valueԁ Member,
918690654

Paypal Service

21st March 2016

YOUR ACCOUNT HAS BEEN IIMITED

Support

20th March 2016

WIN HUGE PRIZES, MAKE YOUR
DREAMS COME TRUE!

Vulnerebility

 

SANS News

Apple Updates Everything (Again)

Why Users Fall For Ransomware

IP Addresses Triage

Threatpost

 

Exploit

Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit

21.3.2016

Bugtraq

[security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com

[security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-21
security-alert hpe com

AbsoluteTelnet 10.14 DLL Hijack Code Exec 2016-03-21
hyp3rlinx lycos com

[SECURITY] [DSA 3524-1] activemq security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3523-1] iceweasel security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3522-1] squid3 security update 2016-03-20
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3521-1] git security update 2016-03-19
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass 2016-03-19
HP Security Alert (hp-security-alert hp com)

[SECURITY] [DSA 3520-1] icedove security update 2016-03-18
Moritz Muehlenhoff (jmm debian org)

SQL Injection and RCE in WebsiteBaker 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Malware

Win32/Dipeok.A

Exp.CVE-2016-0124

Exp.CVE-2016-0112

Exp.CVE-2016-0113

Exp.CVE-2016-0105

Exp.CVE-2016-0021

Trojan:Win32/Skeeyah.C!cl 
Trojan:Win32/Skeeyah.B!cl 
Trojan:Win32/Hucnak.A!cl 
Trojan:Win32/Hucnak.B!cl 
Trojan:Win32/Hucnak.C!cl 
Trojan:Win32/Hucnak.D!cl 
Trojan:Win32/Spallowz.A!cl 
Trojan:Win32/Tulim.B!cl 
Trojan:Win32/Peals.D!cl 
Trojan:Win32/Varpes.K!cl 

Phishing

Bank Of America

21st March 2016

DÐar Valueԁ Member,
918690654

Paypal Service

21st March 2016

YOUR ACCOUNT HAS BEEN IIMITED

Support

20th March 2016

WIN HUGE PRIZES, MAKE YOUR
DREAMS COME TRUE!

Chase

20th March 2016

New Message From Chase Online
(SM)

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

WordPress eBook Download Plugin 1.1 - Directory Traversal

WordPress Import CSV Plugin 1.0 - Directory Traversal

WordPress Abtest Plugin - Local File Inclusion

Disc ORGanizer - DORG - Multiple Vulnerabilities

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

Xoops 2.5.7.2 - Arbitrary User Deletions CSRF

Xoops 2.5.7.2 - Directory Traversal Bypass

WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure

Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass

Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow RCE Exploit

Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)

20.3.2016

Bugtraq

[security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass 2016-03-19
HP Security Alert (hp-security-alert hp com)

[SECURITY] [DSA 3520-1] icedove security update 2016-03-18
Moritz Muehlenhoff (jmm debian org)

SQL Injection and RCE in WebsiteBaker 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ? ?-2016-2324 and ? ???2016??2315) 2016-03-18
LaÃl Cellier (lael cellier laposte net)

Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18
hyp3rlinx lycos com

Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18
hyp3rlinx lycos com

[slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3519-1] xen security update 2016-03-17
Moritz Muehlenhoff (jmm debian org)

[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17
contact securifera com

Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)

CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

Malware

Win32/Delf.NBW

Win32/Bancteian.A

Trojan.Acedeceiver

Phishing

Chase

20th March 2016

New Message From Chase Online
(SM)

PAYPAL

18th March 2016

Your Account Has Been Blocked
, Until We Here From You

Vulnerebility

 

SANS News

Call for some logs and/or packets for requests to a2billing/customer/templates/default/header.tpl

Threatpost

 

Exploit

 

18.3.2016

Bugtraq

SQL Injection and RCE in WebsiteBaker 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)

Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ? ?-2016-2324 and ? ???2016??2315) 2016-03-18
LaÃl Cellier (lael cellier laposte net)

Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18
hyp3rlinx lycos com

Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18
hyp3rlinx lycos com

[slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3519-1] xen security update 2016-03-17
Moritz Muehlenhoff (jmm debian org)

[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17
contact securifera com

Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)

CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

Multiple (persistent) XSS in ProjectSend 2016-03-17
mail michaelhelwig de

FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:14.openssh 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

 

Phishing

Support

18th March 2016

PLEASE LOGIN TO POST AND
UPDATE INFORMATION NOWœ

Management

18th March 2016

America Online

David Andrew

17th March 2016

CURE FOR DIABETES HAS BEEN
DISCOVERED

Chase

16th March 2016

New Message From Chase Online
(SM)

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

 

17.3.2016

Bugtraq

Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)

CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)

Multiple (persistent) XSS in ProjectSend 2016-03-17
mail michaelhelwig de

FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)

FreeBSD Security Advisory FreeBSD-SA-16:14.openssh 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)

[CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
CORE Advisories Team (advisories coresecurity com) (1 replies)

Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
jungle Boogie (jungleboogie0 gmail com)

[security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information 2016-03-16
security-alert hpe com

[SECURITY] [DSA 3518-1] spip security update 2016-03-16
Sebastien Delafond (seb debian org)

Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS 2016-03-16
rsrathoreravi gmail com

[slackware-security] seamonkey (SSA:2016-075-02) 2016-03-16
Slackware Security Team (security slackware com)

[slackware-security] git (SSA:2016-075-01) 2016-03-16
Slackware Security Team (security slackware com)

[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases 2016-03-15
Romain Manni-Bucau (rmannibucau apache org)

Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing 2016-03-15
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15
security-alert hpe com

Re: oss-2016-15: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15
vdronov redhat com

Re: oss-2016-13: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15
vdronov redhat com

Malware

 

Phishing

Chase

16th March 2016

New Message From Chase Online
(SM)

Service .

16th March 2016

[PAYPAL] : VERIFICATION
REQUIRED

Vulnerebility

 

SANS News

Security Pros Love Python? and So Do Malware Authors!

Threatpost

 

Exploit

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

Zenphoto 1.4.11 - Remote File Inclusion

PivotX 2.3.11 - Directory Traversal

16.3.2016

Bugtraq

[CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
CORE Advisories Team (advisories coresecurity com)

[security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information 2016-03-16
security-alert hpe com

[SECURITY] [DSA 3518-1] spip security update 2016-03-16
Sebastien Delafond (seb debian org)

Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS 2016-03-16
rsrathoreravi gmail com

[slackware-security] seamonkey (SSA:2016-075-02) 2016-03-16
Slackware Security Team (security slackware com)

[slackware-security] git (SSA:2016-075-01) 2016-03-16
Slackware Security Team (security slackware com)

[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases 2016-03-15
Romain Manni-Bucau (rmannibucau apache org)

Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing 2016-03-15
Stefan Kanthak (stefan kanthak nexgo de)

[security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15
security-alert hpe com

Re: oss-2016-15: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15
vdronov redhat com

Re: oss-2016-13: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15
vdronov redhat com

Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-15
vdronov redhat com

Re: oss-2016-17: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-15
vdronov redhat com

Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-15
vdronov redhat com

Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-15
vdronov redhat com

Re: OS-S 2016-08 Linux mct_u232 Nullpointer Dereference 2016-03-15
vdronov redhat com

Re: OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference 2016-03-15
vdronov redhat com

Malware

Win32/PSW.Lineage.BQZ

PWS:HTML/Phish.HP 

Phishing

Service .

16th March 2016

[PAYPAL] : VERIFICATION
REQUIRED

NatWest

15th March 2016

Your account has been closed

Tesco Bank

15th March 2016

NEW TESCO BANK REVIEW.

Vulnerebility

 

SANS News

What is this "/smoke/" about?

Threatpost

 

Exploit

Kaltura Community Edition <=11.1.0-2 - Multiple Vulnerabilities

Cisco UCS Manager 2.1(1b) - Shellshock Exploit

OpenSSH <= 7.2p1 - xauth Injection

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow

15.3.2016

Bugtraq

[security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15
security-alert hpe com

Re: oss-2016-15: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15
vdronov redhat com

Re: oss-2016-13: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15
vdronov redhat com

Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-15
vdronov redhat com

Re: oss-2016-17: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-15
vdronov redhat com

Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-15
vdronov redhat com

Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-15
vdronov redhat com

Re: OS-S 2016-08 Linux mct_u232 Nullpointer Dereference 2016-03-15
vdronov redhat com

Re: OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference 2016-03-15
vdronov redhat com

Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference 2016-03-15
vdronov redhat com

[security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information 2016-03-14
security-alert hpe com

[security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information 2016-03-14
security-alert hpe com

Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)

Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)

ChitaSoft (Web-Application) - SQL Injection Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)

Reflected Cross-Site Scripiting in CuteEditor 2016-03-14
adrmm outlook com

Malware

Win32/Filecoder.NFY

Win32/Weleglot.H

Win32/Zonebac.AA

MSIL/Lemoner.A

Win32/Shell.E

Win32/PSW.Legendmir.QL

Win32/PSW.Legendmir.AX

Win32/PSW.Lineage

Phishing

Tesco Bank

15th March 2016

NEW TESCO BANK REVIEW.

Support

14th March 2016

Paypal:Notification.receipt
No.7948404416

Service .

14th March 2016

[PAYPAL] : VERIFICATION
REQUIRED

michael swartz

13th March 2016

Executive Careers

David & Carol Martin

12th March 2016

Giving back to the community
program; Enclosed Is A
Congratulatory Note.

Vulnerebility

 

SANS News

Dockerized DShield SSH Honeypot

Threatpost

 

Exploit

 

14.3.2016

Bugtraq

Reflected Cross-Site Scripiting in CuteEditor 2016-03-14
adrmm outlook com

ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability 2016-03-14
Security Alert (Security_Alert emc com)

Re: oss-2016-17: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-14
amaris redhat com

Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-14
amaris redhat com

Re: oss-2016-15: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-14
amaris redhat com

Re: oss-2016-13: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-14
amaris redhat com

[SECURITY] [DSA 3516-1] wireshark security update 2016-03-13
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3515-1] graphite2 security update 2016-03-13
Moritz Muehlenhoff (jmm debian org)

Soundy Background Music XSS Vulnerability 2016-03-12
Rahul Pratap Singh (techno rps gmail com)

[SECURITY] [DSA 3514-1] samba security update 2016-03-12
Salvatore Bonaccorso (carnil debian org)

WebKitGTK+ Security Advisory WSA-2016-0002 2016-03-11
Carlos Alberto Lopez Perez (clopez igalia com)

DW Question Answer Stored XSS Vulnerability 2016-03-11
Rahul Pratap Singh (techno rps gmail com)

[slackware-security] openssh (SSA:2016-070-01) 2016-03-11
Slackware Security Team (security slackware com)

oss-2016-18: Multiple Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-10
Ralf Spenneberg (info os-t de)

oss-2016-17: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-10
Ralf Spenneberg (info os-t de)

oss-2016-16: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver) 2016-03-10
Ralf Spenneberg (info os-t de)

Malware

 

Phishing

michael swartz

13th March 2016

Executive Careers

David & Carol Martin

12th March 2016

Giving back to the community
program; Enclosed Is A
Congratulatory Note.

Email Administrator

12th March 2016

YOUR WEB-EMAIL (H@AOL.COM)
WILL EXPIRE IN 24 HOURS!

Henry George

12th March 2016

RE: COMMUNICATE HIM WITH YOUR
FULL INFORMATION

Vulnerebility

 

SANS News

SSH Honeypots (Ab)used as Proxy

Threatpost

 

Exploit

RHEL 7.1 Kernel - snd-usb-audio Crash PoC

RHEL 7.1 Kernel - iowarrior driver Crash PoC

Windows Kernel ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026)

Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026)

Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)

Zortam Mp3 Media Studio 20.15 - SEH Overflow DoS

Wordpress Site Import Plugin 1.0.1 - Local and Remote File Inclusion

TeamPass 2.1.24 - Multiple Vulnerabilities

13.3.2016

Bugtraq

 

Malware

Java/Adwind.UA

Backdoor.Pepperat

Phishing

 

Vulnerebility

 

SANS News

A Look at the Mandiant M-Trends 2016 Report

Forensicating Docker, Part 1

Recent example of KaiXin exploit kit

Threatpost

Marcher Trojan Morphs, Now Targets Porn Sites

Patrick Wardle on OS X Malware With a Possible Hacking Team Connection

Exploit

PHP Utility Belt Remote Code Execution

WordPress Best Web Soft Captcha Plugin <= 4.1.5 - Multiple Vulnerabilities

WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS

Exim < 4.86.2 - Local Root Privilege Escalation

Nitro Pro <= 10.5.7.32 & Nitro Reader <= 5.5.3.1 - Heap Memory Corruption

10.3.2016

Bugtraq

[CORE-2016-0003] - Samsung SW Update Tool MiTM 2016-03-09
CORE Advisories Team (advisories coresecurity com)

[SECURITY] [DSA 3509-1] rails security update 2016-03-09
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3510-1] iceweasel security update 2016-03-09
Moritz Muehlenhoff (jmm debian org)

Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability 2016-03-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[CORE-2016-0004] - SAP Download Manager Password Weak Encryption 2016-03-09
CORE Advisories Team (advisories coresecurity com)

Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr" 2016-03-09
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

[SECURITY] [DSA 3509-1] rails security update 2016-03-09
Luciano Bello (luciano debian org)

[SECURITY] [DSA 3509-1] rails security update 2016-03-09
Luciano Bello (luciano debian org)

Cisco Security Advisory: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability 2016-03-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability 2016-03-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability 2016-03-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-09
Ralf Spenneberg (ralf os-t de)

Malware

VBA/TrojanDropper.Agent.FY

Win32/Crastic.A

Phishing

service paypal

9th March 2016

YOUR PAYMENT HAS BEEN SENT!

Microsoft

8th March 2016

RE: Personal Donation

NatWest

8th March 2016

Your account has been
suspended

Apple Inc

8th March 2016

Know your customer
verification

Notice

8th March 2016

ACCOUNT NOTIFICATION
 

Vulnerebility

 

SANS News

Powershell Malware - No Hard drive, Just hard times

Threatpost

 

Exploit

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

WordPress SiteMile Project Theme 2.0.9.5 - Multiple Vulnerabilities

exim <= 4.84-3 - Local Root Exploit

Adobe Digital Editions <= 4.5.0 - .pdf Critical Memory Corruption

Linux Kernel - digi_acceleport Nullpointer Dereference

Linux Kernel - Wacom Multiple Nullpointer Dereferences

Linux Kernel - visor (treo_attach) Nullpointer Dereference

Linux Kernel - visor clie_5_attach Nullpointer Dereference

Linux Kernel - cypress_m8 Nullpointer Dereference

Linux Kernel - mct_u232 Nullpointer Dereference

Linux Kernel - cdc_acm Nullpointer Dereference

Linux Kernel - aiptek Nullpointer Dereference

Linux Kernel - aiptek Nullpointer Dereference

9.3.2016

Bugtraq

OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-10 Linux visor (treo_attach) Nullpointer Dereference CVE-2016-2782 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-08 Linux mct_u232 Nullpointer Dereference 2016-03-09
Ralf Spenneberg (info os-t de)

Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference 2016-03-09
abdyfhie gmail com

OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference 2016-03-09
Ralf Spenneberg (info os-t de)

OS-S 2016-06 Linux cdc_acm Nullpointer Dereference 2016-03-09
Ralf Spenneberg (ralf os-t de)

OS-S 2016-05 Linux aiptek Nullpointer Dereference CVE-2015-7515 2016-03-09
Ralf Spenneberg (info os-t de)

LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities 2016-03-09
LSE-Advisories (advisories lsexperts de)

Thomson TWG850 Wireless Router Multiple Vulnerabilities 2016-03-09
Sebastian Perez (s3bap3 gmail com)

[slackware-security] mozilla-firefox (SSA:2016-068-01) 2016-03-08
Slackware Security Team (security slackware com)

Malware

Win32/Cerber 

Downloader.Poshedo

Linux.Tsunami

Phishing

service paypal

9th March 2016

YOUR PAYMENT HAS BEEN SENT!

Microsoft

8th March 2016

RE: Personal Donation

NatWest

8th March 2016

Your account has been
suspended

Apple Inc

8th March 2016

Know your customer
verification

Notice

8th March 2016

ACCOUNT NOTIFICATION

paypal

8th March 2016

PAYPAL SUPPORT:[UPDATE YOUR
ACCOUNT INFORMATION]

Vulnerebility

 

SANS News

A Wall Against Cryptowall? Some Tips for Preventing Ransomware

Threatpost

 

Exploit

 

8.3.2016

Bugtraq

[slackware-security] php (SSA:2016-067-01) 2016-03-08
Slackware Security Team (security slackware com)

ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability 2016-03-07
Security Alert (Security_Alert emc com)

Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Dubbju gmail com

Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Vulnerability Lab (research vulnerability-lab com) (1 replies)

Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Edsel Adap (edsel adap org)

[SECURITY] [DSA 3508-1] jasper security update 2016-03-06
Salvatore Bonaccorso (carnil debian org)

Malware

Exploit:HTML/Pangimop 
Backdoor:Win32/Mokes.A

Android/Spy.Agent.SI

OSX.Keranger

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

Apple: Court Order Turns Back Clock on iPhone Security

Amazon Backtracks On Encryption Removal, Mum On Why

Exploit

ATutor LMS install_modules.php CSRF Remote Code Execution Vulnerability

Microsoft Windows - AFD.SYS Privilege Escalation (MS14-040) Win7x64

McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass

7.3.2016

Bugtraq

Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Dubbju gmail com

Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Vulnerability Lab (research vulnerability-lab com) (1 replies)

Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) 2016-03-07
Edsel Adap (edsel adap org)

[SECURITY] [DSA 3508-1] jasper security update 2016-03-06
Salvatore Bonaccorso (carnil debian org)

Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager 2016-03-06
mail michaelhelwig de

[SECURITY] [DSA 3507-1] chromium-browser security update 2016-03-05
Michael Gilbert (mgilbert debian org)

Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege 2016-03-06
Stefan Kanthak (stefan kanthak nexgo de)

Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege 2016-03-06
Stefan Kanthak (stefan kanthak nexgo de)

McAfee VirusScan Enterprise security restrictions bypass 2016-03-04
Agazzini Maurizio (inode mediaservice net)

[SECURITY] [DSA 3504-1] bsh security update 2016-03-04
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3505-1] wireshark security update 2016-03-04
Moritz Muehlenhoff (jmm debian org)

Malware

TrojanDownloader:JS/Swabfex.P

Phishing

NatWest

7th March 2016

TAX REFUND NEW MESSAGE
ALERT!#K8Y81ZS4141

Sales

6th March 2016

RE:RE: INVOICE.

PAY-PAY-TEAM

6th March 2016

your account has been limited

Support-Team

5th March 2016

Warning: Your account status
change

Vulnerebility

 

SANS News

OSX Ransomware Spread via a Rogue BitTorrent Client Installer

Another Malicious Document, Another Way to Deliver Malicious Code

Paypal Phishing landing pages hosted at HostGator

Novel method for slowing down Locky on Samba server using fail2ban

Threatpost

 

Exploit

 

6.3.2016

Bugtraq

McAfee VirusScan Enterprise security restrictions bypass 2016-03-04
Agazzini Maurizio (inode mediaservice net)

[SECURITY] [DSA 3504-1] bsh security update 2016-03-04
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3505-1] wireshark security update 2016-03-04
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3506-1] libav security update 2016-03-04
Moritz Muehlenhoff (jmm debian org)

Malware

Win32/Bayrob.BK

Phishing

Support-Team

5th March 2016

Warning: Your account status
change

PayPal Ins

4th March 2016

ACCOUNT NOTIFICATION

Apple

4th March 2016

ACCOUNT SUSPENSION
NOTIFICATION (#REF A96 238
631)

Vulnerebility

 

SANS News

Angler EK campaign targeting several .co domains deploying teslacrypt 3.0 malware

Threatpost

 

Exploit

 

4.3.2016

Bugtraq

[SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

[SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED) 2016-03-04
erlijn vangenuchten syss de

[SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

[SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service 2016-03-04
disclosure syss de

[security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information 2016-03-03
HP Security Alert (hp-security-alert hp com)

[security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service 2016-03-03
HP Security Alert (hp-security-alert hp com)

[security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information 2016-03-03
security-alert hpe com

[SECURITY] [DSA 3503-1] linux security update 2016-03-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3426-2] ctdb regression update 2016-03-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3502-1] roundup security update 2016-03-03
Yves-Alexis Perez (corsac debian org)

[slackware-security] mailx (SSA:2016-062-01) 2016-03-03
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-062-02) 2016-03-03
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-062-03) 2016-03-03
Slackware Security Team (security slackware com)

Malware

Trojan.Silentbrute.B

PHP.Cryptolocker.G

Phishing

PayPal Ins

4th March 2016

ACCOUNT NOTIFICATION

Apple

4th March 2016

ACCOUNT SUSPENSION
NOTIFICATION (#REF A96 238
631)

NatWest

3rd March 2016

Your account has been closed

Nationwide.

3rd March 2016

ACCOUNT REVIEWED NOTIFICATION.

Notice

2nd March 2016

UPDATE

PayPal

2nd March 2016

IMPORTANT : YOUR ACCOUNT
STATUS CHANGE (CASE ID
#PL-003-603-205-892)

PayPal

1st March 2016

[Team Paypal] :
Update-Your-Paypal-Account

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

Schneider Electric SBO / AS - Multiple Vulnerabilities

WordPress Bulk Delete Plugin 5.5.3 - Privilege Escalation

AppLocker Execution Prevention Bypass

3.3.2016

Bugtraq

[SECURITY] [DSA 3426-2] ctdb regression update 2016-03-03
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3502-1] roundup security update 2016-03-03
Yves-Alexis Perez (corsac debian org)

[slackware-security] mailx (SSA:2016-062-01) 2016-03-03
Slackware Security Team (security slackware com)

[slackware-security] openssl (SSA:2016-062-02) 2016-03-03
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2016-062-03) 2016-03-03
Slackware Security Team (security slackware com)

WordPress Bulk Delete Plugin [Privilege Escalation] 2016-03-03
Panagiotis Vagenas (pan vagenas gmail com)

[security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges 2016-03-03
HP Security Alert (hp-security-alert hp com)

Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability 2016-03-03
David Coomber (davidcoomber infosec gmail com)

Open-Xchange Security Advisory 2016-03-02 2016-03-02
Martin Heiland (martin heiland lists open-xchange com)

Malware

TrojanDownloader:MSIL/Banablid.A 

Java.Bozmub

Linux.Bifrose

Trojan.Ransomcrypt.AE

PHP.Cryptolocker.G

Phishing

Nationwide.

3rd March 2016

ACCOUNT REVIEWED NOTIFICATION.

Notice

2nd March 2016

UPDATE

Vulnerebility

 

SANS News

 

Threatpost

 

Exploit

Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation

Quick Tftp Server Pro 2.3 - Read Mode Denial of Service

Freeproxy Internet Suite 4.10 - Denial of Service

PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash PoC

x86 Windows Null-Free Download & Run via WebDAV Shellcode (96 bytes)

2.3.2016

Bugtraq

[security bulletin] HPSBHF03545 rev. 1 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities 2016-03-02
HP Security Alert (hp-security-alert hp com)

[security bulletin] HPSBGN03442 rev.1 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-02
security-alert hpe com

Vivint Sky Control Panel Unauthenticated Access Vulnerability 2016-03-01
jeremyscott solutionary com

[SECURITY] [DSA 3501-1] perl security update 2016-03-01
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3500-1] openssl security update 2016-03-01
Alessandro Ghedini (ghedo debian org)

Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege 2016-03-01
Stefan Kanthak (stefan kanthak nexgo de)

Malware

SoftwareBundler:VBS/Mizenota 
TrojanDownloader:MSIL/Genmaldow.P 
TrojanDownloader:Win32/Farfli.E 
TrojanSpy:MSIL/Hoetou.B 
TrojanDownloader:Win32/Lidared 

Linux/Tsunami.NGJ

MSIL/Lardosy.A

Win32/Rioselx.B

Linux/Gafgyt

Linux/Tsunami

Phishing

PayPal

2nd March 2016

IMPORTANT : YOUR ACCOUNT
STATUS CHANGE (CASE ID
#PL-003-603-205-892)

PayPal

1st March 2016

[Team Paypal] :
Update-Your-Paypal-Account

Service

1st March 2016

Your account has been Iimited
untiI we hear from you

Nationwide.

1st March 2016

NATIONWIDE - IMPORTANT ALERT!

SECURITY

1st March 2016

EMAIL ACCOUNT UPDATE

PayPal

1st March 2016

IMPORTANT : YOUR ACCOUNT
STATUS CHANGE (CASE ID
#PL-003-603-205-892)

Vulnerebility

 

SANS News

Exploit o' the day: DROWN

Threatpost

 

Exploit

 

1.3.2016

Bugtraq

[SECURITY] [DSA 3500-1] openssl security update 2016-03-01
Alessandro Ghedini (ghedo debian org)

Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege 2016-03-01
Stefan Kanthak (stefan kanthak nexgo de)

[SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in 2016-03-01
adrian vollmer syss de

WordPress plugin GravityForms Cross-site Scripting vulnerability 2016-03-01
Henri Salo (henri salo nixu com)

Microsoft PowerPointViewer Code Execution 2016-03-01
hyp3rlinx lycos com

[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS) 2016-02-29
security-alert hpe com

[SYSS-2015-069] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-067] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-066] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de

[SYSS-2015-070] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de

[SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery 2016-02-29
matthias deeg syss de

[SYSS-2015-072] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site 2016-02-29
matthias deeg syss de

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability 2016-02-29
Vulnerability Lab (research vulnerability-lab com)

Malware

Infostealer.Banprox.C

Backdoor.Elpman

Phishing

Service

1st March 2016

Your account has been Iimited
untiI we hear from you

Nationwide.

1st March 2016

NATIONWIDE - IMPORTANT ALERT!

SECURITY

1st March 2016

EMAIL ACCOUNT UPDATE

PayPal

1st March 2016

IMPORTANT : YOUR ACCOUNT
STATUS CHANGE (CASE ID
#PL-003-603-205-892)

Santander

1st March 2016

GET EXTRA PROTECTION ON
SANTANDER CLICKSAFE

Tesco PLC

29th February 2016

TESCO ONLINE NOTIFICATION

Lloyds Bsnk

29th February 2016

CUSTOMER SERVICE MESSAGE

Vulnerebility

 

SANS News

OpenSSL Update Released

Threatpost

 

Exploit

ATutor 2.2.1 SQL Injection / Remote Code Execution

NETGEAR ProSafe Network Management System 300 Arbitrary File Upload

WordPress CP Polls Plugin 1.0.8 - Multiple Vulnerabilities

WordPress More Fields <= 2.1 Plugin - CSRF Vulnerability

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions

Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero

Viscomsoft Calendar Active-X 2.0 - Multiple Crash PoCs

29.2.2016

Bugtraq

[SYSS-2015-069] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-067] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-066] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de

[SYSS-2015-070] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de

[SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery 2016-02-29
matthias deeg syss de

[SYSS-2015-072] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de

[SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site 2016-02-29
matthias deeg syss de

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability 2016-02-29
Vulnerability Lab (research vulnerability-lab com)

WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability 2016-02-29
Vulnerability Lab (research vulnerability-lab com)

[SECURITY] [DSA 3495-1] xymon security update 2016-02-29
Sebastien Delafond (seb debian org)

[SECURITY] [DSA 3498-1] drupal7 security advisory 2016-02-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3499-1] pillow security update 2016-02-28
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3496-1] php-horde-core security update 2016-02-28
Salvatore Bonaccorso (carnil debian org)

Call For Papers - CISTI 2016 Workshops - Deadline March 15 2016-02-28
Maria Lemos (marialemos72 gmail com)

[SECURITY] [DSA 3497-1] php-horde security update 2016-02-28
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3494-1] cacti security update 2016-02-27
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanSpy:Win32/Nivdort.DJ 
TrojanSpy:Win32/Nivdort.CX

Infostealer.Banprox.C

Phishing

Lloyds Bsnk

29th February 2016

CUSTOMER SERVICE MESSAGE

Service Inc

28th February 2016

WE'VE IIMITED ACCESS TO YOUR
ACCOUNT œ

Amazon

28th February 2016

IMPORTANT MESSAGE ABOUT YOUR
AMAZON ACCOUNT

Bank Of America

27th February 2016

Bank Of America Alert: Sign-In
To Your Online Banking

PAYPAL

27th February 2016

Your Account Has Been Blocked
, Until We Here From You

Vulnerebility

 

SANS News

Quick Analysis of a Recent MySQL Exploit

RFC 6598 - Carrier Grade NAT

Threatpost

 

Exploit

WordPress More Fields <= 2.1 Plugin - CSRF Vulnerability

Comodo Anti-Virus SHFolder.DLL - Local Privilege Elevation Exploit

28.2.2016

Bugtraq

 

Malware

BKDR_MISDAT.AC

W97M.Downloader.F

Phishing

Bank Of America

27th February 2016

Bank Of America Alert: Sign-In
To Your Online Banking

PAYPAL

27th February 2016

Your Account Has Been Blocked
, Until We Here From You

Service Apple

27th February 2016

YOU HAVE A PROBLEM WITH YOUR
APPLE ACCOUNT

Vulnerebility

 

SANS News

OpenSSL Security Update Planned for 1 March Release

Wireshark Fixes Several Bugs and Vulnerabilities

Threatpost

 

Exploit

Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

WordPress Ocim MP3 Plugin - SQL Injection Vulnerability

Zimbra 8.0.9 GA - CSRF Vulnerability

Centreon <= 2.5.3 - Remote Command Execution

JSN PowerAdmin Joomla! Extension 2.3.0 - Multiple Vulnerabilities

GpicView 0.2.5 - Crash PoC

Wireshark - print_hex_data_buffer / print_packet Use-After-Free

Qualcomm Adreno GPU MSM Driver perfcounter Query Heap Overflow

Linux io_submit L2TP sendmsg - Integer Overflow

Linux/ARM - Connect back to {ip:port} with /bin/sh - 95 bytes

26.2.2016

Bugtraq

Zimbra Cross-Site Scripting vulnerabilities 2016-02-25
pxli fortinet com

WordPress plugin wp-ultimate-exporter SQL injection vulnerability 2016-02-25
Henri Salo (henri nerv fi)

APPLE-SA-2016-02-25-1 Apple TV 7.2.1 2016-02-25
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 3492-1] gajim security update 2016-02-25
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3493-1] xerces-c security update 2016-02-25
Salvatore Bonaccorso (carnil debian org)

CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input 2016-02-25
Cantor, Scott (cantor 2 osu edu) (1 replies)

RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input 2016-02-26
Shivaprasad Sadashivappa (Shivaprasad S trianz com)

[SECURITY] [DSA 3491-1] icedove security update 2016-02-24
Moritz Muehlenhoff (jmm debian org)

JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities 2016-02-24
Ratio Sec (ratiosec gmail com)

WordPress User Submitted Posts Plugin [Persistent XSS] 2016-02-24
Panagiotis Vagenas (pan vagenas gmail com)

[SECURITY] [DSA 3490-1] websvn security update 2016-02-24
Sebastien Delafond (seb debian org)

Malware

 

Phishing

Support 1570894506 =

26th February 2016

YOUR ACCOUNT HAS BEEN LIMITED
UNTIL WE HEAR FROM YOU

Santander Bank

26th February 2016

VIOLATION NOTICE

Capital One

26th February 2016

CAPITALONE360 BANK ACCOUNT
VERIFICATION.

Vulnerebility

 

SANS News

Quick Audit of *NIX Systems

Threatpost

Nissan Car Hack Allowed Remote Access

Apple Must Forever Threat Model Against Itself

Exploit

IBM Lotus Domino <= R8 Password Hash Extraction Exploit

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Linux/ARM - Connect back to {ip:port} with /bin/sh - 95 bytes

25.2.2016

Bugtraq

[SECURITY] [DSA 3491-1] icedove security update 2016-02-24
Moritz Muehlenhoff (jmm debian org)

JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities 2016-02-24
Ratio Sec (ratiosec gmail com)

WordPress User Submitted Posts Plugin [Persistent XSS] 2016-02-24
Panagiotis Vagenas (pan vagenas gmail com)

[SECURITY] [DSA 3490-1] websvn security update 2016-02-24
Sebastien Delafond (seb debian org)

Belkin N150 Router Multiple XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

Import Woocommerce XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

WP Ultimate Exporter XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

WP Advanced Importer XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

CSV Import XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

eFront 3.6.15.6 CMS ?? (Message Attachment) Persistent Cross Site Scripting Vulnerability 2016-02-24
Vulnerability Lab (research vulnerability-lab com)

Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege 2016-02-24
Stefan Kanthak (stefan kanthak nexgo de)

Malware

MSIL/PSW.Steam.PZ

VBA/TrojanDownloader.Agent.ASL

Win32/Filecoder.Locky.A

Backdoor.Rifelku

OSX.Salgorea

Phishing

Capital One

24th February 2016

CAPITALONE360 ACCOUNT
REACTIVATION.

Amazon.com

24th February 2016

Important Review on Your
Account

Vulnerebility

 

SANS News

Critical Vulnerabilities in Palo Alto Networks PAN-OS

Analyzis of a Malicious .lnk File with an Embedded Payload

Threatpost

 

Exploit

Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow

libxml2 - xmlDictAddString Heap-Based Buffer Overread

libxml2 - xmlParseEndTag2 Heap-Based Buffer Overread

libxml2 - xmlParserPrintFileContextInternal Heap-Based Buffer Overread

libxml2 - htmlCurrentChar Heap-Based Buffer Overread

24.2.2016

Bugtraq

Import Woocommerce XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

WP Ultimate Exporter XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

WP Advanced Importer XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

CSV Import XSS Vulnerability 2016-02-24
Rahul Pratap Singh (techno rps gmail com)

eFront 3.6.15.6 CMS ?? (Message Attachment) Persistent Cross Site Scripting Vulnerability 2016-02-24
Vulnerability Lab (research vulnerability-lab com)

Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege 2016-02-24
Stefan Kanthak (stefan kanthak nexgo de)

Extra User Details [Privilege Escalation] 2016-02-24
Panagiotis Vagenas (pan vagenas gmail com)

[KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability 2016-02-24
Egidio Romano (research karmainsecurity com)

[slackware-security] ntp (SSA:2016-054-04) 2016-02-23
Slackware Security Team (security slackware com)

[slackware-security] libgcrypt (SSA:2016-054-03) 2016-02-23
Slackware Security Team (security slackware com)

Malware

Ransom:Win32/Locky.A 
TrojanDownloader:BAT/Locky.A 
TrojanDownloader:JS/Locky.A 
TrojanDownloader:MSIL/Crydap.A 

Phishing

PayPal

24th February 2016

[PAYPAL SUPPORT] YOUR ACCOUNT
HAS BEEN LIMITED ! PLEASE
UPDATE YOUR INFORMATION !

Chase Admin

24th February 2016

NEW CHASE MESSAGE

PayPal

24th February 2016

Update your account ! œ
24/02/2016 05:21:28

Apple Security

23rd February 2016

VERIFY YOUR ACCOUNT
INFORMATION

Vulnerebility

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
2016-02-24
http://www.securityfocus.com/bid/83265

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77207

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77211

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77154

OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69077

Dojo Toolkit CVE-2015-5654 Unspecified Cross Site Scripting Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77026

OpenSSL 'ssl/s3_srvr.c' Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/73238

Todd Miller Sudo CVE-2014-9680 Local Security Bypass Vulnerability
2016-02-24
http://www.securityfocus.com/bid/72649

OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/73231

Mozilla Network Security Services CVE-2016-1938 Weak Encryption Multiple Security Weaknesses
2016-02-24
http://www.securityfocus.com/bid/81955

IBM MQ Appliance CVE-2015-7420 Information Disclosure Vulnerability
2016-02-24
http://www.securityfocus.com/bid/82301

IBM MQ Appliance CVE-2015-7421 Information Disclosure Vulnerability
2016-02-24
http://www.securityfocus.com/bid/82303

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77194

IBM Java SDK CVE-2015-5006 Local Information Disclosure Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77645

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77209

Oracle Java SE CVE-2015-4883 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77161

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77162

Oracle Java SE CVE-2015-4805 Remote Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77163

Oracle Java SE CVE-2015-4810 Local Security Vulnerability
2016-02-24
http://www.securityfocus.com/bid/77229

OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69083

OpenSSL CVE-2014-3509 Remote Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69084

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69075

OpenSSL DTLS CVE-2014-3510 Remote Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69082

OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69079

OpenSSL DTLS CVE-2014-3505 Remote Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69081

OpenSSL DTLS CVE-2014-3506 Remote Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/69076

Node.js CVE-2016-2216 HTTP Response Splitting Vulnerability
2016-02-24
http://www.securityfocus.com/bid/83141

OpenSSL CVE-2015-1788 Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/75158

OpenSSL CVE-2015-0293 Denial of Service Vulnerability
2016-02-24
http://www.securityfocus.com/bid/73232

OpenSSL 'tasn_dec.c' Remote Memory Corruption Vulnerability
2016-02-24
http://www.securityfocus.com/bid/73227

SANS News

Analyzis of a Malicious .lnk File with an Embedded Payload

Threatpost

IRS Warns Tax-Related Phishing, Malware Surging

New Silverlight Attacks Appear in Angler Exploit Kit

Santiago Pontiroli and Roberto Martinez on ATM Jackpotting

Rogue iOS App Gets Boot After Slipping into App Store

Exploit

WordPress Extra User Details Plugin 0.4.2 - Privilege Escalation

Ubiquiti Networks UniFi 3.2.10 - CSRF Vulnerability

libquicktime 1.2.4 - Integer Overflow