Ximian Evolution 1.x UUEncoding Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7118/info A vulnerability has been discovered in the Ximian Evolution Mail User Agent MUA. The problem occurs when the mailer attempts to process a maliciously encoded e-mail message. When attempting to decode the message...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This ca...

PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability

Document Title: =============== PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1274 http://www.vulnerability-lab.com/getcontent.php?id=940 Video: https://www.youtube.com/watch?v=IXhwfZV6x0M Release Date:...

PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability

Document Title: =============== PayPal GoToMaxx PDFMailer - Local Overflow Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1274 http://www.vulnerability-lab.com/getcontent.php?id=940 Video: https://www.youtube.com/watch?v=IXhwfZV6x0M Release Date:...

Important Update to AjaxSearch Exploit in Evo 1.0.13 (and prior)

Last week we announced an exploit found in AjaxSearch that could allow a Remote Code Execution in MODX Evolution. We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct...

MODX Evolution 1.0.13 (and prior) AjaxSearch Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.0.13 Vulnerabilty Type: Remote Code Execution Report Date: 2014-May-29 Fixed Date: 2014-June-5 Description The AjaxSearch component distributed with all versions of MODX Evolution and 0.9.x contains a vulnerability that allow...

CVE-2010-5109

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow...

Ubuntu Update for indicator-datetime USN-2186-1

Check for the Version of indicator-datetime OpenVAS Vulnerability Test $Id: gbubuntuUSN21861.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for indicator-datetime USN-2186-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This...

CVE-2014-1223 - Cross-site Scripting in Telligent Evolution

Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...

Ubuntu: Security Advisory (USN-2186-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-2186-1] Date and Time Indicator vulnerability

========================================================================== Ubuntu Security Notice USN-2186-1 April 30, 2014 indicator-datetime vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Sql injection

The Ubuntu Date and Time Indicator aka indicator-datetime 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date...

CVE-2013-7374

The Ubuntu Date and Time Indicator aka indicator-datetime 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date...

Ubuntu 13.10 : indicator-datetime vulnerability (USN-2186-1)

It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user. Note that Tenable Network Security ha...

USN-2186-1: Date and Time Indicator vulnerability

It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user...

CVE-2013-7374

The Ubuntu Date and Time Indicator aka indicator-datetime 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date...

UBUNTU-CVE-2013-7374

The Ubuntu Date and Time Indicator aka indicator-datetime 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date...

Interview Benjamin Kunz Mejri - HITB Amsterdam 2013Q4

Document Title: =============== Interview Benjamin Kunz Mejri - HITB Amsterdam 2013Q4 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1220 View: http://www.youtube.com/watch?v=QnfWpuVk-jo Release Date: ============= 2014-03-04 Vulnerability Laboratory ID VL-ID:...

Interview Benjamin Kunz Mejri - HITB Amsterdam 2013Q4

Document Title: =============== Interview Benjamin Kunz Mejri - HITB Amsterdam 2013Q4 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1220 View: http://www.youtube.com/watch?v=QnfWpuVk-jo Release Date: ============= 2014-03-04 Vulnerability Laboratory ID VL-ID:...

CVE-2014-1223

Cross-site scripting XSS vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtain...