Encrypted Email Service 'Lavabit' abruptly shut down under U.S. Government Pressure

Texas-based Encrypted Email Service 'Lavabit' abruptly shut down for reasons linked to National Security Agency whistleblower Edward Snowden. The Feds want to Lavabit demanding access to Ed Snowden's email. Lavabit refused! Snowden was using the Lavabit service while holed-up in the Moscow airpor...

Ubuntu: Security Advisory (USN-1922-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1922-1: Evolution Data Server vulnerability

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient...

Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

UBUNTU-CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

Barracuda LB / SVF / WAF / WEF Cross Site Scripting

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

Threat Outbreak Alert: Fake Secure Message Notification Email Messages on June 27, 2013

Medium Alert ID: 29820 First Published: 2013 June 27 16:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a secure message notification for the recipient. The text in the email message attempts to convince the recipient...

Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities

Title: ====== Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: ===== 2013-01-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=701 VL-ID: ===== 701 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...

Symantec Messaging Gateway 9.5 default SSH password Exploit-vulnerability warning-the black bar safety net

Symantec Messaging Gateway by Brightmail, previously known as Brightmail Gateway provides support, provides inbound and outbound Messaging Security, with effective and accurate real-time antispam and antivirus protection, advanced content filtering, data loss prevention, and optional email...

PGP Website - Multiple Cross Site Scripting Vulnerabilities

Document Title: =============== PGP Website - Multiple Cross Site Scripting Vulnerabilities Release Date: ============= 2011-07-16 Vulnerability Laboratory ID VL-ID: ==================================== 95 Product & Service Introduction: =============================== PGP Corporation is a global...

CVE-2008-7278

Summary: The CVE-2008-7278 entry concerns the S/MIME feature in Open Ticket Request System (OTRS) prior to 2.2.5 and prior to 2.3.0-beta1 for 2.3.x, where the RANDFILE environment variable for OpenSSL is not configured correctly, potentially reducing entropy and making it easier for remote attack...

CVE-2008-7278

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

CVE-2009-5032

The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Week in Security: Further Flaws in Mobile Security and the AppSec Rundown

The storm clouds over mobile security continued to gather this week with news of a new browser exploits for Android and a URL attack for iPhones, while OWASP’s AppSec conference in D.C. provided an update on Uncle Sam’s security priorities. Read on for Threatpost’s security Week in Review. The...

Design/Logic Flaw

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:226)

A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to...

Obscure email addresses in Confluence Mail

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-2677. panel Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email...

Obscure email addresses in Confluence Mail

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-2677. panel Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email...