PT-2024-40224 · Unknown · Nodemailer

Name of the Vulnerable Software and Affected Versions: nodemailer affected versions not specified Description: A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the event loop to become stuck. Another flaw was found when nodemaile...

CVE-2024-23792

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

CVE-2024-23792

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

UBUNTU-CVE-2024-23792

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

CVE-2024-23792 Insufficient access control

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

What is Mallox Ransomware

Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data...

CVE-2024-22164

In Splunk Enterprise Security ES versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service DoS to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessib...

CVE-2024-22164 Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments

In Splunk Enterprise Security ES versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service DoS to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessib...

CVE-2024-22164 Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments

In Splunk Enterprise Security ES versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service DoS to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessib...

PT-2024-19252 · Splunk · Splunk Enterprise Security

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise Security ES versions prior to 7.1.2 Description: The issue allows an attacker to perform a denial of service DoS to the Investigation by using investigation attachments. This is possible because the attachment endpoint does...

CVE-2024-21651 XWiki Denial of Service attack through attachments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...

PT-2023-32253 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue is related to the improper validation of file path parameters when attaching files to emails, leading to local file inclusion. This allows an attacker to leak the...

JetElements For Elementor < 2.6.13.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Download

Description The JetElements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to, and including, 2.6.13. This makes it possible for unauthenticated attackers to download arbitrary attachments...

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-49243

CVE-2023-49243 describes a vulnerability in the Huawei HarmonyOS email module that allows unauthorized access to email attachments, potentially affecting service confidentiality. Multiple connected sources confirm the issue stems from an email-attachment handling weakness across Huawei HarmonyOS/...

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

PT-2023-31130 · Unknown · Email Module

Name of the Vulnerable Software and Affected Versions: Email module affected versions not specified Description: The issue concerns unauthorized access to email attachments within the email module, potentially affecting service confidentiality. Recommendations: At the moment, there is no...

$19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating

I know Im a little late to the party to hit the prime SEO for Black Friday, Cyber Monday and holiday shopping. But if I know the readers of this newsletter, everyone is far from done with their holiday shopping already after a few days. I also know Im far from the only person to warn consumers...

PT-2023-30254 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions prior to 4.0.1 Description: The issue is related to an Arbitrary File Download vulnerability in the backend attachment management office. Recommendations: For versions prior to 4.0.1, update to version 4.0.1 or later to...