CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

Design/Logic Flaw

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

CVE-2019-12406

CVE-2019-12406 describes a denial-of-service in Apache CXF where a message can include an excessive number of attachments. The fixed releases (CXF 3.3.4 and 3.2.11) enforce a default attachment limit of 50, configurable via the attachment-max-count property. IBM/materials reference CXF and note a...

CVE-2019-1877

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...

ACSC Releases Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre ACSC has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan—commonly spread via malicious email attachments—that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. AC...

FBI Releases Article on Defending Against E-Skimming

The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

Code injection

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

Oracle Web Services CVE-2019-2907 Remote Security Vulnerability

Description Oracle Web Services is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'SOAP with Attachments API for Java' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

Cross site scripting

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

October 1, 2019, update for Outlook 2013 (KB4484096)

October 1, 2019, update for Outlook 2013 KB4484096 This article describes update 4484096 for Microsoft Outlook 2013 that was released on October 1, 2019. This update also applies to Office Home and Student 2013 RT.Be aware that the update in the Microsoft Download Center applies to the Microsoft...

Microsoft Blacklists Dozens of New File Extensions in Outlook

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...

Outlook for Web Bans 38 More File Extensions in Email Attachments

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...