CVE-2018-16637

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI...

CVE-2018-16638

Evolution CMS 1.4.x allows XSS via the manager/ search parameter...

CVE-2018-16637

Evolution CMS 1.4.x is affected by a stored cross-site scripting (XSS) vulnerability that can be triggered via the page weblink title parameter to the manager/ URI. The issue is documented as XSS (including advisories noting versions prior to 1.4.6 are affected). Remediation per the linked adviso...

CVE-2018-16638

Evolution CMS 1.4.x is affected by a Cross‑Site Scripting (XSS) vulnerability in the manager/ search parameter. The CVE-2018-16638 entry documents an XSS flaw that can be triggered via the manager/ URL parameter, with the affected product specified as Evolution CMS 1.4.x. The provided connected d...

CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

Xxe

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

Logisim Evolution XML External Entity Injection Vulnerability

Logisim Evolution is a tool for designing and simulating data logic circuits. An XML external entity injection vulnerability exists in the Circuit file loading feature in Logisim Evolution 2.14.3 and earlier versions, which can be exploited by an attacker to disclose information and potentially...

CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

CVE-2018-1000889

CVE-2018-1000889 affects Logisim Evolution versions 2.14.3 and earlier, due to an XML External Entity (XXE) vulnerability in the circuit file loading path (loadXmlFrom in XmlReader.java). The issue can lead to information disclosure and, depending on system configuration, potential remote code ex...

Quiz Phishing: One Scam, 78 Variations

Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as "Three Questions Quiz". The "Quiz" toolkit is not new to the threat landscape, as its been used in many phishing...

The Rotexy mobile Trojan – banker and ransomware

On the back of a surge in Trojan activity, we decided to carry out an in-depth analysis and track the evolution of some other popular malware families besides Asacub. One of the most interesting and active specimens to date was a mobile Trojan from the Rotexy family. In a three-month period from...

PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update

CentOS Errata and Security Advisory CESA-2018:3140 An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

GNOME security, bug fix, and enhancement update

PackageKit 1.1.10-1.0.1 - remove PackageKit-0.3.8-Fedora-Vendor.conf.patch 1.1.10-1 - New upstream release - Resolves: 1576494 accountsservice 0.6.50-2 - Fix user switching Resolves: 1597350 0.6.50-1 - Update to 0.6.50 Related: 1576538 Related: 1596735 Related: 1602918 0.6.49-1 - Update to 0.6.49...

Adaptable, All-in-One Android Trojan Shows the Future of Malware

A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

Ubuntu 14.04 LTS / 16.04 LTS : Evolution Data Server vulnerability (USN-3724-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3724-1 advisory. Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support...

Ubuntu: Security Advisory (USN-3724-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3724-1: Evolution Data Server vulnerability

Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...

USN-3724-1 evolution-data-server vulnerability

Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...