- Advertisement -
Current Threats
[dos] Microsoft Edge Chakra JIT – ‘localeCompare’ Type Confusion[local] Solaris – libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)[dos] WebRTC – VP9 Processing Use-After-Free[dos] WebRTC – FEC Out-of-Bounds ReadMyBB Visual Editor 1.8.18 Cross Site ScriptingMicrosoft Windows ALPC Task Scheduler Local Privilege ElevationRSA Authentication Manager Cross Site ScriptingWordPress FV Flowplayer 7.2.0.727 Cross Site ScriptingStaubli Jacquard Industrial System JC6 ShellshockAntidote 9.5.1 Code ExecutionTelegram Desktop 1.3.14 Denial Of ServiceLinux/x86 Egghunter (0x50905090) + sigaction() ShellcodeDebian Security Advisory 4298-1ManageEngine OPManager 12.3 SQL InjectionNICO-FTP 3.0.1.19 Buffer OverflowWebRTC VP9 Processing Use-After-FreeWebRTC FEC Out-Of-Bounds ReadVuln: Microsoft Windows JET Database Engine Remote Code Execution VulnerabilityUbuntu Security Notice USN-3769-1[dos] Microsoft Windows – ‘CiSetFileCache’ WDAC Security Feature Bypass TOCTOUUbuntu Security Notice USN-3770-1Red Hat Security Advisory 2018-2729-01Vuln: Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass VulnerabilityUbuntu Security Notice USN-3770-2Red Hat Security Advisory 2018-2732-01Red Hat Security Advisory 2018-2731-01Red Hat Security Advisory 2018-2733-01Asterisk Project Security Advisory – AST-2018-009HITBSecConf2018PEK Call For CTFHylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write[dos] Microsoft Windows – Double Dereference in NtEnumerateKey Elevation of Privilegemgetty 1.2.0 Buffer Overflow / Privilege EscalationFaraday 3.1[webapps] Roundcube rcfilters plugin 2.1.6 – Cross-Site Scripting[local] NICO-FTP 3.0.1.19 – Buffer Overflow (SEH)Vuln: Ghostscript Multiple Security Bypass VulnerabilitiesRoundcube rcfilters 2.1.6 Cross Site Scripting[shellcode] Linux/x86 – Egghunter + sigaction-based Shellcode (27 bytes)WordPress Wechat Broadcast 1.2.0 Local File InclusionVuln: Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution VulnerabilityDebian Security Advisory 4297-1[webapps] WordPress Plugin Wechat Broadcast 1.2.0 – Local File InclusionVuln: Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection VulnerabilityWordPress Localize My Post 1.0 Local File InclusionVuln: Western Digital My Cloud CVE-2018-17153 Authentication Bypass VulnerabilityUbuntu Security Notice USN-3767-1[webapps] WordPress Plugin Localize My Post 1.0 – Local File InclusionVuln: Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure VulnerabilitiesLimeSurvey 3.14.7 Cross Site ScriptingManageEngine Desktop Central 10.0.271 Cross Site ScriptingLG SuperSign EZ CMS 2.5 Local File Inclusion[webapps] LG SuperSign EZ CMS 2.5 – Local File InclusionManageEngine SupportCenter Plus 8.1.0 Cross Site ScriptingUbuntu Security Notice USN-3768-1Ubuntu Security Notice USN-3767-2RICOH SP 4510SF Printer Cross Site ScriptingUbuntu Security Notice USN-3766-2RICOH MP 2001 Printer Cross Site ScriptingMicrosoft Windows CiSetFileCache TOCTOU Security Feature BypassMicrosoft Windows NtEnumerateKey Privilege EscalationLinux/ARM Jump Back Shellcode + execve(“/bin/sh”, NULL, NULL) ShellcodeAndroid Application Penetration TestingUbuntu Security Notice USN-3722-5Bulk SQL Injection Test On Burp RequestsVuln: Moodle CVE-2018-14630 Remote Code Execution VulnerabilityVuln: Google Chrome Unspecified Security Vulnerabilities[webapps] WordPress Plugin Arigato Autoresponder and Newsletter 2.5 – Blind SQL Injection / Reflected Cross-Site ScriptingVuln: Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure VulnerabilityNUUO NVRMini2 3.8 Buffer OverflowUbisoft Uplay Desktop Client 63.0.5699.0 Remote Code ExecutionVuln: Apache Camel CVE-2018-8041 Directory Traversal VulnerabilityMoodle 3.x PHP Unserialize Remote Code ExecutionCA Release Automation NiMi 6.5 Remote Command ExecutionDell EMC Unity Authorization Bypass / XSS / URL RedirectionWestern Digital My Cloud Authentication BypassOracle VirtualBox Manager 5.2.18 r124319 Denial Of ServiceNetis ADSL Router DL4322D RTK 2.1.1 Cross Site ScriptingMicrosoft Edge Chakra JIT localeCompare Type ConfusionMicrosoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion[local] Faleemi Desktop Software 1.8.2 – ‘SavePath for ScreenShots’ Buffer Overflow (SEH)QBee MultiSensor Camera 4.16.4 Cookie Reuse[local] Free MP3 CD Ripper 2.6 – ‘.mp3’ Buffer Overflow (SEH)Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery[dos] TeamViewer App 13.0.100.0 – Denial of Service (PoC)[webapps] Watchguard AP100 AP102 AP200 1.2.9.15 – Remote Code Execution (Metasploit)Vuln: Oracle WebCenter Interaction Multiple Security Vulnerabilities[dos] XAMPP Control Panel 3.2.2 – Denial of Service (PoC)[dos] Notebook Pro 2.0 – Denial Of Service (PoC)Vuln: WebKit ‘-webkit-backdrop-filter CSS’ Property Denial of Service Vulnerability[dos] Oracle VirtualBox Manager 5.2.18 r124319 – ‘Name Attribute’ Denial of Service (PoC)[shellcode] Linux/ARM – Jump Back Shellcode + execve(“/bin/sh”, NULL, NULL) Shellcode (4 Bytes)[remote] NUUO NVRMini2 3.8 – ‘cgi_system’ Buffer Overflow (Enable Telnet)Vuln: Apache SpamAssassin CVE-2017-15705 Denial of Service Vulnerability[webapps] Netis ADSL Router DL4322D RTK 2.1.1 – Cross-Site Scripting[webapps] Joomla Component JCK Editor 6.4.4 – ‘parent’ SQL InjectionWordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSSSolaris libnspr NSPR_LOG_FILE Privilege Escalation[dos] Netis ADSL Router DL4322D RTK 2.1.1 – Denial of Service (PoC)[remote] CA Release Automation NiMi 6.5 – Remote Command ExecutionVuln: F5 BIG-IP APM CVE-2018-5549 Remote Denial of Service Vulnerability

Cyber Watch

- Advertisement -

Deeper Learning