Microsoft Outlook Information Disclosure Vulnerability (CNVD-2018-23751)

Microsoft Outlook is an e-mail client software bundled with the Office suite from Microsoft USA. The software manages e-mail, contacts, calendars, and more. An information disclosure vulnerability exists in Microsoft Outlook. A remote attacker could exploit the vulnerability to obtain shared...

CVE-2018-8579

An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558...

DEBIAN-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

CVE-2018-18461

The Arigato Autoresponder and Newsletter aka bft-autoresponder v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments data to models/attachment.php...

CVE-2018-18461

The Arigato Autoresponder and Newsletter aka bft-autoresponder v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments data to models/attachment.php...

Oracle E-Business Multiple Vulnerabilities (Oct 2018 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2018 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory : - An unspecified vulnerability in the Oracle Trade...

CVE-2018-3244

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments / File Upload. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2018-3138

CVE-2018-3138 affects Oracle E-Business Suite’s Oracle Application Object Library (AOL), specifically the Attachments / File Upload subcomponent. Affected versions include 12.1.3 and 12.2.x (12.2.3–12.2.7). The vulnerability allows unauthenticated, network-based access via HTTP to AOL, with explo...

CVE-2018-3138

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments / File Upload. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

Unspecified Vulnerability in Oracle Application Object Library (CNVD-2018-24262)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Application Object Library AOL, Application Object Library is one of the system management components. A security vulnerability exists in the...

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

CW Article Attachments (Free Version), SQL Injection

CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

CW Article Attachments (Pro Version), SQL Injection

CW Article Attachments Pro Version from cwjoomla.com, versions 2.1.0 and previous, SQL Injection resolution: update to 2.1.2 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

Innovative Phishing Tactic Makes Inroads Using Azure Blob

A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, video or tex...

Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability

Description Microsoft PowerPoint is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code in the context of the affected application; this may aid in launching further attacks. Technologies Affected Microso...

Joomla! CWJoomla CW Article Attachments SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.CWJoomla CW Article Attachments is used in which an attachment to add management plug-ins. A SQL injection vulnerability exists...

Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection

Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE :...

Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection

Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...

Joomla CW Article Attachments 1.0.6 SQL Injection

Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...

Joomla CW Article Attachments 1.0.6 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...