ALPINE-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

DEBIAN-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

UBUNTU-CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

UBUNTU-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

Take these steps to stay safe from counterfeit software and fraudulent subscriptions

This post is authored by Matt Lundy, Assistant General Counsel, Microsoft. Software piracy and fraudulent subscriptions are serious, industry-wide problems affecting consumers and organizations around the world. In 2016, 39 percent of all software installed on computers was not properly licensed,...

Zomato: IDOR in treat subscriptions

The treat subscriptions tab in my profile has an IDOR. The corresponding api: POST /php/filterusertabcontent.php HTTP/1.1 userid=██████&tab=treatsubscription&orderhistoryoffset=0&orderhistorylimit=20 You can give any user id and you will be able to see the treat subscriptions of that user. Impact...

Joomla! JE PayperVideo SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . JE PayperVideo component is used in one of the multimedia playback components . A SQL injection vulnerability exists in Jooml...

subscriptions.cbc.ca XSS vulnerability

Open Bug Bounty ID: OBB-554191 Description| Value ---|--- Affected Website:| subscriptions.cbc.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosur...

Important: Red Hat Security Advisory: Red Hat Satellite 6 security, bug fix, and enhancement update

An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2018-6577

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usrplan parameter in a view=myplans&task=myplans.usersubscriptions request...

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

Filter Subscription emails should not be sent to deactivated users.

h3. Summary Email Filter Subscriptions are still sent after an user is marked as deactivated. h3. Steps to Reproduce Create a user belonging to jira-users group Deactivate the user Create a filter and subscribed to jira-users group Filter used: issuekey in issueHistory ORDER BY lastViewed DESC...

Authorization Bypass

Moodle is vulnerable to authorization bypass. The calendar/managesubscriptions.php does not enforce the correct permissions on users, allowing a malicious user with access to a student account to edit the calendar subscriptions...

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone. But has all this money gone to the legitimate app developers? Probably not, as app developer Johnny...

Zenbership CMS 1.0.8 SQL Injection

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 Release Date: ============= 2017-06-09 Vulnerability Laboratory ID VL-ID:...

Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9759 CVE-ID: ======= CVE-2017-9759 Release Date:...

New vulnersBot for Telegram with advanced searches and subscriptions

Vulners.com team have recently presented a new version of vulnerability intelligence bot for Telegram messenger. Now you can search for vulnerabilities and other security content by talking with bot. Searches For example, I've heard about new critical vulnerability in Samba called SambaCry by...

Vulnerability subscriptions in terms of business

The question is: do we really need an employee in organization that deals with vulnerabilities in infrastructure on a full-time basis? Since this is similar to what I do for living, I would naturally say that yes, it is necessary. But as person, who makes security automation, I can say that there...

Update Rollup 9 for System Center 2012 R2 Orchestrator - Service Provider Foundation

Update Rollup 9 for System Center 2012 R2 Orchestrator - Service Provider Foundation Introduction This article describes the issues that are fixed and the features that are added in Update Rollup 9 for Microsoft System Center 2012 R2 Orchestrator - Service Provider Foundation. Additionally, this...

PowerLurk - Malicious WMI Events using PowerShell

PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information:...