CVE-2020-2566

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

CVE-2020-2566

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

Design/Logic Flaw

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

CVE-2020-2566

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Preferences', 'Message Hooks', 'Attachments / File Upload' components are affected. These vulnerabilities affect the following supported versions:...

Oracle E-Business Suite CVE-2020-2666 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Applications Framework' product. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Attachments / File Upload' component is affected. This vulnerability affects the following supported...

Drake Lyrics Used as Calling Card in Malware Attack

A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...

All in the (Ransomware) Family: 10 Ways to Take Action

In a world where everything is an “as-a-service,” it’s no surprise that ransomware-as-a-service RaaS is a hot ticket on the Dark Web. FortiGuard Labs has observed at least two significant ransomware families – Sodinokibi and Nemty – now being deployed as RaaS solutions. Meanwhile, cybercriminals...

Microsoft Access CVE-2019-1400 Information Disclosure Vulnerability

Description Microsoft Access is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 32-bit edition SP2 Microsoft Office 2010 64-bit edition SP2 Microsoft...

Microsoft PowerPoint CVE-2019-1462 Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

DEBIAN-CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...

[SECURITY] Fedora 30 Update: tnef-1.4.18-1.fc30

This application provides a way to unpack Microsoft MS-TNEF MIME attachment s. It operates like tar in order to unpack files of type "application/ms-tnef", which may have been placed into the MS-TNEF attachment instead of being attached separately. Such files may have attachment names similar to...

Input validation

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...

Unspecified Vulnerability in Drupal

Drupal is an open source content management system developed by the Drupal community using the PHP language. A security vulnerability exists in version 7.x prior to Drupal 7.5, which can be exploited by attackers to download files attached to comments...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...

Open-Xchange: SSRF - URL Attachments - 725307 bypass

This is about incomplete fix for my recent bug 725307. In short, the /ajax/attachment?action=attach endpoint allows to create URL based attachments. Content of specified URL is fetched and used as attachment body. For more details please see 725307. With the fix applied, the URL is validated befo...

Apache CXF Hypermessage Attachment Denial of Service Vulnerability

Apache CXF is an open source Web services framework . Apache CXF handles the number of message attachments with a security vulnerability that allows remote attackers to exploit the vulnerability by submitting a special large number of requests for message attachments, which can be used for...

Potential DOS attack due to unrestricted attachment count in messages

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

GHSA-58P8-9G59-Q2HR Potential DOS attack due to unrestricted attachment count in messages

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

Denial Of Service (DoS)

Apache CXF-Core is susceptible to denial of service DoS attack. The attack exists because it fails to limit the maximum number of message attachments in a given message, allowing an attacker to provide a message with a huge number of attachment and trigger DoS attack...