CVE-2017-17707

Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely...

Highly Sophisticated Parasite RAT Emerges on the Dark Web

Researchers are tracking a remote access trojan RAT on underground markets that, so far, has only been attributed to one small malicious email campaign. However, the RAT, dubbed Parasite HTTP by the Proofpoint researchers that discovered it, has an impressive list of sophisticated features –...

CVE-2018-2934

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments / File Upload. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2018-2934

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments / File Upload. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-24113)

Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on a variety of management software collection, is a seamless integration of a management suite. An...

PT-2018-15920 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite version 12.1.3 Description: The issue affects the Oracle Application Object Library component, specifically the Attachments / File Upload subcomponent. It allows an unauthenticated attacker with network access via HTTP...

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2018-13083)

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the review attachment resource in Atlassia...

CVE-2018-8310

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office...

CVE-2018-13388

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in attached files...

ok.ru: Privacy violation для аттачей в сообщениях.

The vulnerability allowed unauthorized access to other users' file attachments with no ability to identify senders or recipients. Уязвимость позволяла получить несанкционированный доступ к приаттаченным файлам без возможности определить отправителя и получателя. Vulnerability allowed downloading...

Microsoft Windows: Notify antivirus programs when opening attachments

This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer...

Microsoft Windows: Do not preserve zone information in file attachments

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winzoneinfoattachments.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Do not preserve zone information in file attachments users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...

DEBIAN-CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

Security Bulletin: Information disclosure in IBM Business Process Manager (BPM) V8.5 document attachments search (CVE-2014-4759)

Summary IBM BPM document attachment queries can return document properties that contain sensitive information. Vulnerability Details CVE ID: CVE-2014-4759 DESCRIPTION: An Ajax service that is shipped with the Content Management toolkit allows users to search for IBM BPM document attachments from...

Microsoft Outlook 2010 Service Pack 2 Elevation of Privilege Vulnerability (KB4022205)

This host is missing an important security update according to Microsoft KB4022205 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Outlook 2016 Elevation of Privilege Vulnerability (KB4022160)

This host is missing an important security update according to Microsoft KB4022160 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Outlook 2013 Service Pack 1 Elevation of Privilege Vulnerability (KB4022169)

This host is missing an important security update according to Microsoft KB4022169 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018

Description of the security update for SharePoint Enterprise Server 2016: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Description of the security update for Outlook 2016: June 12, 2018

Description of the security update for Outlook 2016: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Security Updates for Outlook (June 2018)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who...