CVE-2020-10418

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-attachments.php by adding a question mark ? followed by the payload...

CVE-2020-10414

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index-attachments.php by adding a question mark ? followed by the payload...

phpBB Cross-Site Request Forgery Vulnerability (CNVD-2020-19555)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB 3.2.7, which can be exploited by attackers to delete post attachments...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

Cross site request forgery (csrf)

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

Spear-Phishing Attack Lures Victims With 'HIV Results'

Recently discovered spear-phishing emails are using a unique “scare-factor” lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. Researchers are warning of a recent campaign involving emails claiming to come from Vanderbilt University Medical...

Local file disclosure in PHPMailer

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

CVE-2020-3181

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

CVE-2020-9364

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactformupload parameter. An attacker could exploit this...

Dangerzone Lets You Open Email Attachments Safely

Dangerzone takes potentially malicious files and safely sanitizes them for you...

XSS Vulnerability in Cicada Knowledge Enterprise Portal System

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. Cicada Knowledge Enterprise Portal System EPS 8.0 has an XSS vulnerability, users can use the front posting and reply function to upload malicious attachments, which leads to the administrator in the...

Gmail Is Catching More Malicious Attachments With Deep Learning

Users of Gmail get 300 billion attachments each week. To separate legitimate documents from harmful ones, Google turned to AI—and it’s working...

Cisco Email Security Appliance AsyncOS Input Validation Error Vulnerability

Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. An input validation error vulnerability exists in the email filtering feature in Cisco AsyncOS Software versions 12.1.0-085 and 11.1.0-131, which stem...

Small Tax-Preparation Firms at Higher Risk this Tax Season, Report

This tax season crooks are targeting users with a new crop of scams that include leveraging remote desktop software and compromising small tax-prep company websites. “If you have the word ‘tax’ in your domain name; you’re a target this year,” warns Sherrod DeGrippo, senior director of threat...

Iranian Hackers Target U.S. Gov. Vendor With Malware

Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to...

[SECURITY] Fedora 30 Update: elog-3.1.4-1.20190113git283534d97d5a.fc30

ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...

Increased Emotet Malware Activity

The Cybersecurity and Infrastructure Security Agency CISA is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts t...

CVE-2020-2666

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...