489 matches found
doremovespacemail action can be called by non-admins
The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...
Plugx RAT targeting government organizations in Japan using spear phishing
Roland Dela Paz Threat Researcher at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool RAT called Plugx also known as Korplug. This new custom made version comes for less recognition...
CVE-2006-7219
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft...
unalz archiver buffer overflow
Buffer overflow on oversized archived file name...
CVE-2005-2595
Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...
CVE-2005-2595
Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...
wu-ftpd shell characters problem
During tar execution for archived files receiving '-' sign is not commented...
CVE-2002-0738
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...
DEBIAN-CVE-2002-0738
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...