vulnerability headlines
- VU#693036: Datalex airline booking software allowed authorization bypass for arbitrary users
- MS15-099 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) - Version: 3.0
- MS15-097 - Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) - Version: 2.0
- MS15-092 - Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) - Version: 1.2
- MS15-101 - Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) - Version: 1.1
- VU#804060: Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information
- MS15-098 - Critical: Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) - Version: 1.1
- VU#374092: Web Reference Database (refbase) contains multiple vulnerabilities
- Vuln: Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
- Vuln: Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
- Vuln: Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
- Vuln: Adobe FlashPlayer and AIR APSB15-19 Type Confusion Multiple Remote Code Execution Vulnerabilities
- MS15-104 - Important: Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952) - Version: 1.1
- VU#906576: Securifi Almond routers contains multiple vulnerabilities
- VU#549807: Impero Education Pro classroom management software vulnerable to remote code execution
- MS15-103 - Important: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250) - Version: 1.0
- MS15-105 - Important: Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287) - Version: 1.0
- MS15-096 - Important: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) - Version: 1.0
- MS15-094 - Critical: Cumulative Security Update for Internet Explorer (3089548) - Version: 1.0
- MS15-102 - Important: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) - Version: 1.0
- MS15-083 - Important: Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) - Version: 2.0
- MS15-100 - Important: Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918) - Version: 1.0
- MS15-080 - Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) - Version: 2.1
- MS15-095 - Critical: Cumulative Security Update for Microsoft Edge (3089665) - Version: 1.0
- VU#845332: OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
- VU#630872: Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities
- MS15-081 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) - Version: 2.0
- VU#903500: Seagate and LaCie wireless storage products contain multiple vulnerabilities
- VU#361684: Router devices do not implement sufficient UPnP authentication and security
- VU#525276: Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
- VU#201168: Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities
- TA15-240A: Controlling Outbound DNS Access
- VU#950576: DSL routers contain hard-coded "XXXXairocon" credentials
- MS15-067 - Critical: Vulnerability in RDP Could Allow Remote Code Execution (3073094) - Version: 1.1
- VU#276148: Dedicated Micros DVR products use plaintext protocols and require no password by default
- MS15-093 - Critical: Security Update for Internet Explorer (3088903) - Version: 1.1
- VU#248692: Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
- VU#300820: Cisco Prime Infrastructure contains SUID root binaries
- MS15-086 - Important: Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158) - Version: 1.0
- MS15-089 - Important: Vulnerability in WebDAV Could Allow Information Disclosure (3076949) - Version: 1.0
- MS15-090 - Important: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) - Version: 1.0
- MS15-091 - Critical: Cumulative Security Update for Microsoft Edge (3084525) - Version: 1.0
- 85 - None: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) - Version: 1.0
- MS15-084 - Important: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) - Version: 1.0
- MS15-085 - Important: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) - Version: 1.0
- MS15-082 - Important: Vulnerabilities in RDP Could Allow Remote Code Execution (3080348) - Version: 1.0
- MS15-088 - Important: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) - Version: 1.0
- MS15-079 - Critical: Cumulative Security Update for Internet Explorer (3082442) - Version: 1.0
- MS15-087 - Important: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) - Version: 1.0
- TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
- MS15-074 - Important: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630) - Version: 2.0
- MS15-078 - Critical: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) - Version: 2.0
- MS15-069 - Important: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) - Version: 1.1
- MS15-065 - Critical: Security Update for Internet Explorer (3076321) - Version: 1.1
- MS15-006 - Important: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) - Version: 2.0
- MS15-058 - Important: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) - Version: 1.1
- TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
- MS15-072 - Important: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) - Version: 1.0
- MS15-066 - Critical: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604) - Version: 1.0
- MS15-070 - Important: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620) - Version: 1.0
- MS15-077 - Important: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) - Version: 1.0
- MS15-076 - Important: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) - Version: 1.0
- MS15-068 - Critical: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000) - Version: 1.0
- MS15-071 - Important: Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457) - Version: 1.0
- MS15-075 - Important: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) - Version: 1.0
- MS15-073 - Important: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) - Version: 1.0
- MS15-049 - Important: Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985) - Version: 1.1
- MS15-044 - Critical: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110) - Version: 2.1
- MS14-051 - Critical: Cumulative Security Update for Internet Explorer (2976627) - Version: 1.4
- MS15-048 - Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134) - Version: 1.1
- MS15-060 - Important: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) - Version: 1.0
- MS15-062 - Important: Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577) - Version: 1.0
- TA15-120A: Securing End-to-End Communications
- TA15-119A: Top 30 Targeted High Risk Vulnerabilities
- TA15-105A: Simda Botnet
- TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information
- TA15-098A: AAEH
- TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing
- TA14-353A: Targeted Destructive Malware
- Cisco Nexus 3000 Series NX-OS Lets Remote Authenticated Users Cause the Target SNMP Service to Temporarily Stop Responding
- Cisco Email Security Appliance File Descriptor Bug Lets Remote Authenticated Users Cause the Target System to Reload
- Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges
- Apple Safari Extensions and Plug-ins Flaws Let Remote Users Replace Extensions and Redirect Plugin Requests
- Apple iOS Lock Screen Flaw Lets Physically Local Users Access Photos and Contacts on the Target System
- Bugtraq: [security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities
- Bugtraq: [security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass
- Bugtraq: [SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass
- Bugtraq: [SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt
- More rss feeds from SecurityFocus
exploit archives
- Packet Storm New Exploits For September, 2015
- Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Unsalted Hash
- Kaspersky Anti-Virus 15.0.1.415 Unsalted Hash
- Kaspersky Internet Security 15.0.2.361 Unsalted Hash
- Kaspersky Total Security 15.0.1.415 Unsalted Hash
- Kaspersky Small Office Security 13.0.4.233 Unsalted Hash
- MakeSFX.exe 1.44 Stack Buffer Overflow
- ElasticSearch Path Traversal Arbitrary File Download
- Dropbox FinderLoadBundle OS X Local Root Exploit
- WinRAR Expired Notification Command Execution
- [local] - Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
- [remote] - PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities
- [webapps] - Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection
- Kaseya Virtual System Administrator Code Execution / Privilege Escalation
- Mitsubishi Melsec FX3G-24M Denial Of Service
- Western Digital My Cloud Command Injection
- WordPress mTheme-Unus Local File Inclusion
- [local] - MakeSFX.exe 1.44 - Stack Buffer Overflow
- [local] - Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit
- Centreon 2.6.1 Persistent Cross Site Scripting
- PCMan FTP Server 2.0.7 Directory Traversal
- Vtiger CRM 6.3 Remote Code Execution
- [local] - Ubuntu Apport - Local Privilege Escalation
- [remote] - ManageEngine EventLog Analyzer Remote Code Execution
- [webapps] - Kaseya Virtual System Administrator - Multiple Vulnerabilities
- [webapps] - Western Digital My Cloud 04.01.03-421, 04.01.04-422 - Command Injection
- [local] - IconLover 5.42 - Local Buffer Overflow Exploit
- Centreon 2.6.1 Command Injection
- IconLover 5.4.5 Stack Buffer Overflow
- Photos In Wifi 1.0.1 File Upload
- Centreon 2.6.1 Add Administrator Cross Site Request Forgery
- Flash Failing Checks On uint Capacity Field
- BisonWare BisonFTP 3.5 Directory Traversal
- ManageEngine EventLog Analyzer Remote Code Execution
- Rowhammer Linux Kernel Privilege Escalation Proof Of Concept
Mirko Iodice
mirko -at- notageek (.dot) it
