Cross site scripting

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8911

Synology Note Station’s Attachment Preview is affected by CVE-2018-8911. The vulnerability is an XSS in Attachment Preview prior to version 2.5.1-0844 that allows remote authenticated users to inject arbitrary web script or HTML via a malicious attachment. Public sources (CNVD/NVD entries) descri...

CVE-2018-2405

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting...

Easter Holiday Phishing Scams and Malware Campaigns

As the Easter holiday approaches, NCCIC/US-CERT reminds users to be aware of potential holiday scams and cyber campaigns, which may include emails and ecards from unknown senders that may contain malicious links, fake advertisements or shipping notifications with attachments infected with malware...

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in the 'ZmMailMsgView.getAttachmentLinkHtml' function in ZCS versions prior to 8.7 Patch 1 and 8.8....

Sanny Malware Updates Delivery Method

The group behind Sanny malware attacks has made significant changes to the way it delivers their payload. According to new research by FireEye, the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and...

Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign

Introduction From January 2018 to March 2018, through FireEye’s Dynamic Threat Intelligence, we observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. We attribute this activity t...

Attachments, 3.2.5, SQL Injection

Attachments from jimcameron.net, versions 3.2.5 and previous, SQL Injection resolution: update to 3.2.6 update notice: http://jmcameron.net/attachments/...

Code injection

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...

CVE-2018-7668

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...

CVE-2018-7668

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...

CVE-2018-7668

CVE-2018-7668 affects TestLink up to version 1.9.16. The issue allows remote attackers to read arbitrary attachments by sending a modified ID to the download endpoint at /lib/attachments/attachmentdownload.php. The root cause is an insecure reference to attachment IDs in the download handler, ena...

TestLink Insecure Direct Object Reference Vulnerability

Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . TestLink 1.9.16 and previous versions of a security vulnerability . A remote attacker can send a...

SHAttered Attack

apache-james-mailbox-api is vulnerable to the SHAttered attack. Since SHA-1 is used to index attachments, the SHAttered attack could be used to overwrite the attachment of an email using a second email...

FreeBSD : phpbb3 -- multiple issues (8e89a89a-fd15-11e7-bdf6-00e04c1ea73d)

phpbb developers reports : Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL. Deleting orphaned attachments w/ large number of orphaned attachments - Orphaned attachment deletion was improved to be able to delete them...

Microsoft Office for MAC Spoofing Vulnerability

Microsoft Office 2016 for Mac is a Mac-based office software suite product developed by Microsoft Corporation USA. A spoofing vulnerability exists in Microsoft Office 2016 for Mac-based platforms that stems from the program's failure to properly handle the encryption and display of email addresse...

Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...

Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...