Oracle Application Object Library Remote Vulnerability (CNVD-2017-27315)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Oracle Application Object Library AOL, Application Object Library is one of the system management components. A security vulnerability exists in the...

Code injection

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299...

CVE-2017-1176

CVE-2017-1176 affects IBM Maximo Asset Management 7.1, 7.5, and 7.6. It is a local information-disclosure vulnerability caused by inappropriate retention of attachments, allowing a local user to obtain sensitive information. The NVD notes partial confidentiality impact (C) with low overall severi...

UBUNTU-CVE-2016-6127

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...

DEBIAN-CVE-2016-6127

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...

CVE-2015-9103

Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...

Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.3-266. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when handling email attachments involving malformed o...

Nigerian BEC Scams Hit 500 Companies in 50 Countries

Nigerian cybercriminals targeting industrial firms have stolen a slew of sensitive technical drawings, network diagrams, cost estimates, and project plans already this year. The data, exfiltrated by a cocktail of different spyware programs, wasn’t stolen from just executives, but also operators,...

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research...

Updated libytnef packages fix security vulnerabilities

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat fi...

Country micro CMS government website system list of attachments exist SQL injection vulnerability

No description provided by source...

[SECURITY] [DSA 3869-1] tnef security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3869-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stored XSS Cross-Site Scripting Vulnerability in Coremail Mail System of Intex

Coremail mail system is a large-scale enterprise mail system independently developed by the company. There is a stored XSS cross-site scripting vulnerability in the surplus world Coremail mail system, due to the fact that coremail does not effectively filter the content of attachments, which It...

CVE-2015-4704

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the File parameter to download.php...

Directory traversal

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the File parameter to download.php...

CVE-2015-4704

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the File parameter to download.php...

CVE-2015-4704

CVE-2015-4704 is a directory traversal vulnerability in the WordPress plugin Download Zip Attachments 1.0. It allows remote attackers to read arbitrary files by supplying a .. in the File parameter to download.php, due to insufficient input/path validation. Affected software: WordPress Download Z...

Trello: api flaw

Hope you guys are doing great. While going through your api documentation on https://developers.trello.com/advanced-reference/cardpost-1-cards-card-id-or-shortlink-actions-comments , an api endpoint POST /1/cards/card id or shortlink/attachments supposed to be rate-limited after 100 attachment bu...