EUVD-2017-9953

Malware in sbrugna...

CVE-2017-18670

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. android.intent.action.SIOPLEVELCHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 May 2017...

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

CVE-2017-18673

An issue was discovered on Samsung mobile devices with N7.x software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 May 2017...

Code injection

An issue was discovered on Samsung mobile devices with N7.0 software. The time service aka Timaservice allows a kernel panic. The Samsung ID is SVE-2017-8593 May 2017...

CVE-2017-18673

An issue was discovered on Samsung mobile devices with N7.x software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 May 2017...

BACKSWING - Pulling a BADRABBIT Out of a Hat

Executive Summary On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye appliances detected the download attempts and blocked our user base from infection. During our investigation into the activity, FireEye identified a...

May 2017 Preview of the Quality Rollups for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 for Windows 7 and Windows Server 2008 R2 (KB4019288): May 16, 2017

May 2017 Preview of the Quality Rollups for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 for Windows 7 and Windows Server 2008 R2 KB4019288: May 16, 2017 Notice This release has been removed from Windows Update because of the issues that are described in the following .NET Blog article:...

May 2017 Preview of the Quality Rollup for the .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2 (KB4019290): May 16, 2017

May 2017 Preview of the Quality Rollup for the .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2 KB4019290: May 16, 2017 Notice This release has been removed from Windows Update because of the issues that are described in the following .NET Blog...

May 2017 Preview of the Quality Rollups for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 for Windows Server 2008 Service Pack 2 (KB4019291): May 16, 2017

May 2017 Preview of the Quality Rollups for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 for Windows Server 2008 Service Pack 2 KB4019291: May 16, 2017 Notice This release has been removed from Windows Update because of the issues that are described in the following .NET Blog article: .N...

CompuLab Intense PC and MintBox 2 BIOS Privilege Vulnerability

The CompuLab Intense PC and MintBox 2 are both mini-PC devices from CompuLab Israel. the BIOS is a ROM on-chip application. A BIOS privilege vulnerability exists in CompuLab Intense PC and MintBox 2 using versions of BIOS prior to 2017-05-21, which stems from the program's failure to apply write...

CVE-2017-8541

creationtimestamp| type| source ---|---|--- 2017-05-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42092...

facebook.com Open Redirect vulnerability

Vulnerable URL:...

CVE-2017-8535

creationtimestamp| type| source ---|---|--- 2017-05-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42081...

chardandilminsternews.co.uk XSS vulnerability

Vulnerable URL: http://www.chardandilminsternews.co.uk/search//"--!" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1716615 VIP website status:| No Check chardandilminsternews.co.u...

durell.co.uk XSS vulnerability

Vulnerable URL: http://durell.co.uk/programservices/onlinesystemmanual/files/page-viewer.asp?pagetitle=Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser=1288%22--!%3E%3CSvg/Onload=confirmOPENBUGBOUNTY%3E%22=files/Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser.htm...

affcc.uk XSS vulnerability

Vulnerable URL: http://www.affcc.uk/results/afcc.php?=photographer=digit=Sally%20Protheroe Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

mybeans.co.kr XSS vulnerability

Vulnerable URL: http://www.mybeans.co.kr/front/board/boardWrite.jsp?bbsId=%22%3E%3Cscript%3E%20alert%27XSSPOSED%27%20%3C/script%3E=/front/content/content12.jsp?prdID=501=3 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability...

Joomla! 3.7.0 - 'com_fields' SQL Injection

Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...

tuinterfazdenegocios.com XSS vulnerability

Vulnerable URL: http://www.tuinterfazdenegocios.com/buscar.php?buscar="'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...