Threat Outbreak Alert RuleID32552: Email Messages Distributing Malicious Software on April 24, 2018

Medium Alert ID: 57565 First Published: 2018 April 24 18:07 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32552 may contain the following files: Name | Si...

Design/Logic Flaw

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of servi...

Denial of Service Vulnerability in MXProgrammer Software

MXProgrammer software is a windows desktop software of Weihai Mack Electric Technology Co., Ltd. which is used to communicate with its MX series PLC products and complete the functions of program writing and downloading. A denial of service vulnerability exists in the MXProgrammer software. The...

Threat Outbreak Alert RuleID32466: Email Messages Distributing Malicious Software on April 16, 2018

Medium Alert ID: 57492 First Published: 2018 April 16 15:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32466 may contain the following files: Name | Si...

krb5 security, bug fix, and enhancement update

1.15.1-18 - Expose context errors in pkinitserverplugininit - Resolves: 1460089 1.15.1-17 - Drop certauth test changes that prevented runnig it - Resolves: 1498767 1.15.1-16 - Drop irrelevant DIR trigger logic - Resolves: 1431198 1.15.1-15 - Fix CVE-2017-7562 certauth eku bypass - Resolves: 14987...

Adobe ColdFusion Multiple Vulnerabilities (APSB18-14)

Adobe ColdFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:coldfusion";...

The vulnerability of the Parallel Crypto Engine encryption subsystem in the Linux operating system, which allows a hacker to cause a service failure or exert other effects.

The vulnerability of the Parallel Crypto Engine encryption subsystem crypto/pcrypt.c in the Linux operating system, which has resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure or exert other effects through a specially crafted sequence of...

Shopify: Potential to abuse pricing errors in saved carts

If someone abandons a shopping cart and the price changes between that time and when the abandoned cart recovery email is sent, the saved cart will always show the old price. If saved carts do not expire, this can create a situation where bad actors can fill and save shopping carts with sale pric...

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure Vulnerability

WordPress Rating-Widget: Star Review System plugin version 2.8.9 suffers from an information disclosure vulnerability. Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report:...

Wireshark Multiple Denial of Service Vulnerabilities (Apr 2018) - Windows

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2018-3841 · Cisco · Cisco Ios

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software versions 15.42T through 15.43M Cisco IOS Software version 15.42CG and later Description: The issue is related to resource management errors in the Login Enhancements Login Block feature of Cisco IOS Software. It may allow a...

Stellar.org: Exploitable vulnerability in SDEX

Hi, Last Thursday I discovered the exploitable vulnerability in SDEX. I immediately reported the bug directly to Jed by email and he confirmed it. It's all about rounding during trades. You see, I found that orders are always executed if the price matches market, even if the amount is as small as...

Debian: Security Advisory (DLA-1308-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Update rollup 8.0.11049.0 for Microsoft Monitoring Agent (KB4015075)

Update rollup 8.0.11049.0 for Microsoft Monitoring Agent KB4015075 Summary This article describes the issues that are fixed in update rollup 8.0.11049.0 for the Microsoft Monitoring Agent. It also contains installation instructions for the update rollup. Fixes that are included in this update...

Coinbase: ETH contract handling errors

A business logic error in the ETH contract handling code allowed for a nested revert call in contract execution to improperly credit a user account though funds had not been transferred. In addition, the code did not appropriately handle delegatecall within a contract. Sample contract for the fir...

Users unable to launch the published desktops and applications - XML errors on StoreFront servers

Event ID 0, Task Category 12346: No available resource found for user [email protected] when accessing desktop group "Remote Desktop - ABCXYZ". This message was reported from the Citrix XML Service at address http://xxx.yyy.zzz/scripts/wpnbr.dll NFuseProtocol.TRequestAddress. Event ID 28, Task Category...

Debian DLA-1308-1 : firefox-esr security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service. For Debian 7 'Wheezy', these problems have been fixed in version 52.7.1esr-1deb7u1. We...

[SECURITY] [DSA 4139-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4139-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 15, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1308-1] firefox-esr security update

Package : firefox-esr Version : 52.7.1esr-1deb7u1 CVE ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors ma...

Dealing with Nessus logs

Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results. Let's see how we can troubleshoot Nessus scans without sending Nessus DB files to...