Duplicator Pro 1.3.14 Local Information Disclosure

Product: Duplicator Pro Vendor: SnapCreek Website: https://snapcreek.com/ Discovered by: Evolution Hosting Version vulnerable: = 1.3.14 Fixed in: 1.3.15+ Vulnerability Type: Information Disclosure, local exposure of entire webinstallation content remotely triggerable: not for itself. Needs wp adm...

This Isn't the Phishing Your First Boss Knew

Phishing has been around for nearly as long as email has, and the perception that phishing tactics have not evolved persists. Many people believe we are still in the era of the easy-to-spot "Nigerian prince" emails, shown below. Underneath that, we see a highly creative, yet not any more...

The Need for an Updated Kill Chain

“Cyber Kill Chain” The “Cyber Kill Chain”—created in 2011 by Lockheed Martin—was designed to be a model that “identifies what…adversaries must complete in order to achieve their objective.” This framework has been widely used through the cybersecurity world and informs prevention-heavy strategy. ...

TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs

The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks. Researchers with Dell’s Secureworks research team warned that they have observed the...

The vulnerability of the Evolution email program, related to the improper verification of the OpenPGP cryptographic signature, allows a hacker to compromise the integrity of the data.

The vulnerability of the Evolution email program is related to an improper verification of the OpenPGP cryptographic signature. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of data...

CVE-2019-14518

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel...

CVE-2019-14518

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel...

Cross site scripting

DISPUTED Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."...

CVE-2019-14518

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel...

CVE-2019-14518

Evolution CMS 2.0.x is affected by CVE-2019-14518, which permits cross-site scripting via the description text and a template’s new category location. The issue affects Evolution CMS versions 2.0.x and stems from how template content can be manipulated to execute XSS. Vendor notes indicate the be...

PT-2019-13728 · Evolution Cms · Evolution Cms

Name of the Vulnerable Software and Affected Versions: Evolution CMS versions 2.0.x Description: The issue allows for XSS via a description and new category location in a template. The vendor states that the behavior is consistent with the access policy in the administration panel. Recommendation...

CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

DEBIAN-CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

UBUNTU-CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

Information disclosure

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

CVE-2019-3890

CVE-2019-3890 affects evolution-ews in Evolution Data Server (before 3.31.3). The flaw: SSL certificate validity is not checked, enabling an attacker to trick users into connecting to a fake server and obtain confidential information. Multiple Nessus entries reference this CVE within various Linu...

CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...