USN-6073-1: Cinder vulnerability

Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see th...

A user with read permissions to a Confluence page is able to upload attachments - CVE-2023-22504

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. The affected versions are before version 7.13.17, fro...

CVE-2023-21959

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful...

Design/Logic Flaw

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful...

CVE-2023-21959

CVE-2023-21959 affects Oracle E-Business Suite, specifically the iReceivables component (Attachments). Affected versions are 12.2.3–12.2.12. The vulnerability allows a low-privileged, network-accessing attacker over HTTP to obtain unauthorized read access to a subset of Oracle iReceivables data. ...

OoohBoi Steroids for Elementor < 2.1.5 - Arbitrary File Upload

The plugin does not properly protect its fileuploadercallback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site...

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...

The Bitter Group Targets Chinese Agencies with CHM Malware via Email Attachments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Bitter group targets South Asian government agencies with Office documents and has recently distributed CHM malware to specific Chinese organizations via email attachments. To receive real-time threa...

OpenMRS 安全漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. A security vulnerability exists in OpenMRS versions 2.4.2 and 2.12.2, which can be exploited to launch an attack via the "attachments" page in patient...

Fedora: Security Advisory for rubygem-actionmailer (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: rubygem-actionmailer-7.0.4.3-1.fc37

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

[SECURITY] Fedora 38 Update: rubygem-actionmailer-7.0.4.3-1.fc38

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments...

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering...

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to eva...

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to eva...

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...