McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder

ARCHIVED STORY McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder By John Fokker · July 16, 2019 Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

Privilege escalation

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

DHS Email Phishing Scam

The Cybersecurity and Infrastructure Security Agency CISA is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security DHS notifications. The email campaign uses a spoofed email address to appear like a...

mybb -- vulnerabilities

mybb Team reports: High risk: Theme import stylesheet name RCE High risk: Nested video MyCode persistent XSS Medium risk: Find Orphaned Attachments reflected XSS Medium risk: Post edit reflected XSS Medium risk: Private Messaging folders SQL injection Low risk: Potential phar deserialization...

Joomla Attachments 3.x File Upload

Exploit Title : Joomla ComAttachments Components 3.x Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/05/2019 Vendor Homepage : jmcameron.net Software Download Links : jmcameron.net/attachments/...

Staying Cyber Safe During Memorial Day

As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency CISA reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks...

[SECURITY] Fedora 30 Update: ytnef-1.9.3-1.fc30

Yerase's TNEF Stream Reader. Can take a TNEF Stream winmail.dat sent from Microsoft Outlook or similar products and extract the attachments, includ ing construction of Contact Cards & Calendar entries...

Microsoft Dynamics On-Premise Security Feature Bypass

A security feature bypass vulnerability exists in Dynamics On Premise. An attacker who exploited the vulnerability could send attachment types that are blocked by the email attachment system. To exploit the vulnerability, an attacker would need to capture and edit the POST request to include a...

[SECURITY] Fedora 30 Update: rubygem-actionmailer-5.2.3-1.fc30

Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

Hardcoded credentials

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 is affected by a hardcoded secret key vulnerability that enables an unauthenticated actor to access other users’ emails and file attachments and to interact with mailing lists. Root cause: hardcoded credentials in the product. Affected component: Sm...