Cross site scripting

Cross-site scripting XSS vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtain...

CVE-2014-1223

Cross-site scripting XSS vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtain...

CVE-2014-1223

Telligent Evolution (controlpanel/loading.aspx) is affected by an XSS vulnerability due to improper filtering of the msg parameter. Versions affected include before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651. An attacker can inject arbitrary script/HTML via the msg...

Telligent Evolution 'loading.aspx'跨站脚本漏洞

Bugtraq ID:65739 CVE ID:CVE-2014-1223 Telligent Evolution是一款基于WEB的应用系统。 Telligent Evolution 'loading.aspx'不正确过滤用户提交给'msg'参数的数据，允许远程攻击者利用漏洞提交特殊的URI，诱使用户解析，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 Telligent Evolution 目前没有详细解决方案提供： http://telligent.com/support/telligentevolutionplatform/...

Telligent Evolution 7.5.0.32466 Cross Site Scripting

Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...

Scientific Linux Security Update : evolution on SL6.x i386/x86_64 (20131121)

A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. CVE-2013-4166 The Evolution packages have been upgraded to upstream version 2.32.3, which...

Oracle Linux 6 : evolution (ELSA-2013-1540)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1540 advisory. - Add patch for RH bug 990380 CVE-2013-4166 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

cheese, control, ekiga, evolution, finch, gnome, gtkhtml3, libgdata, libpurple, nautilus, openchange, pidgin, planner, totem security update

CentOS Errata and Security Advisory CESA-2013:1540 Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

evolution security, bug fix, and enhancement update

cheese 2.28.1-8 - Rebuild against newer evolution-data-server. Resolves: 973276 control-center 2.28.1-39 - Rebuild against newer evolution-data-server. Resolves: 973279 ekiga 3.2.6-4 - Rebuild against newer evolution-data-server. - Add patch to build break include where needed Resolves: 973281...

RedHat Update for evolution RHSA-2013:1540-02

Check for the Version of evolution OpenVAS Vulnerability Test RedHat Update for evolution RHSA-2013:1540-02 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for evolution RHSA-2013:1540-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : evolution (RHSA-2013:1540)

Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

evolution: incorrect selection of recipient gpg public key for encrypted mail

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

Low: Red Hat Security Advisory: evolution security, bug fix, and enhancement update

Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

DDoS Attacks : A Serious unstoppable menace for IT security communities

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service DDoS attack. By now, everyone who uses the Interne...

[USN-1922-1] Evolution Data Server vulnerability

========================================================================== Ubuntu Security Notice USN-1922-1 July 31, 2013 evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4th Cybersecurity Framework Workshop: Good News and Bad News

I had a chance to visit a number of industrial events this year and can see the evolution of cybersecurity in the industrial field. One of these was the 4th National Institute of Standards and Technology’s NIST Cybersecurity Framework Workshop CFW. Kaspersky was in attendance at the previous...

New Attack Leverages Mobile Ad Network to Deliver Android Malware

Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, and researchers at Palo Alto Networ...

Updated evolution-data-server package fixes security vulnerability.

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient CVE-2013-4166...

PT-2020-7479 · Gnome +3 · Gnome Evolution +4

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.8.4 and earlier Evolution Data Server versions 3.9.5 and earlier Description: The issue is related to the gpg ctx add recipient function, which does not properly select the GPG key for email encryption. This might...