Sql injection

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

CVE-2018-14592

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

CVE-2018-14592

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

CVE-2018-14592

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php...

CVE-2018-14592

CVE-2018-14592 affects Joomla! extensions CWJoomla CW Article Attachments PRO (before 2.0.7) and CW Article Attachments FREE (before 1.0.6). The vulnerability is an SQL Injection in download.php, allowing remote attackers to execute SQL commands. Impact per sources indicates high/critical severit...

Microsoft Windows Defender AV: Configure local setting override for scanning all downloaded files and attachments

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavoverrideioavprotection.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Configure local setting override for scanning all downloaded files and attachments Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbon...

Microsoft Windows Defender AV: Scan all downloaded files and attachments

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavscandownloadedfilesattachments.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Scan all downloaded files and attachments Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Potential Hurricane Florence Phishing Scams

NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in...

Internet Explorer Memory Corruption Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...

Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...

Loki Bot: On a hunt for corporate passwords

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware's key objective is to steal passwords from browsers,...

Design/Logic Flaw

phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks...

Server side request forgery (ssrf)

phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request...

CVE-2014-6048

The CVE-2014-6048 flaw affects phpMyFAQ before version 2.8.13, where an attacker can read arbitrary attachments via a direct request due to a missing check on whether an attachment is being requested. Public references describe unauthenticated read access and verify the core issue as improper acc...

CVE-2014-6047

CVE-2014-6047 affects phpMyFAQ prior to 2.8.13. The vulnerability exists in the download attachments path (phpmyfaq/attachment.php) due to incorrect permission checks, enabling remote authenticated users with some rights (e.g., add/delete attachments) to read arbitrary attachments they should not...

CVE-2014-6048

phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request...

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

Description of the security update for Outlook 2016: August 14, 2018

Description of the security update for Outlook 2016: August 14, 2018 Summary This security update resolves vulnerabilities in Microsoft Office. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures ADV180021. Note To apply this security update, you must hav...

Phishing Campaign Steals Money From Industrial Companies

Industrial production companies are the targets in a large-scale spear-phishing email campaign aimed at installing legitimate remote administration software on victims’ systems. Researchers with Kaspersky Lab said that emails purporting to be commercial offers were the conduit to enabling attacke...

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and a...