Design/Logic Flaw

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

CVE-2017-2645

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

CVE-2017-2645

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

CVE-2017-2645

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

CVE-2017-2645

CVE-2017-2645 describes an XSS vulnerability in Moodle 3.x, triggerable through attachments to evidence of prior learning. The entry specifies a cross-site scripting flaw with a CVSS base score of 4.3 (NVD CVSS2) and 6.1 (CVSS3), indicating network access, no authentication, and user interaction ...

qdPM Arbitrary File Upload Vulnerability

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . An arbitrary file upload vulnerability exists in several pages in qdPM version 8.3. A remote attacker can exploit this vulnerability by sending a direct request to...

PT-2017-6703 · Qdpm · Qdpm

Name of the Vulnerable Software and Affected Versions: qdPM version 8.3 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to various pages in qdPM, including myAccount, projects, tasks, tickets, discussions, reports, and...

CVE-2017-5620

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

Cross site scripting

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

CVE-2017-5620

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

Debian DSA-3798-1 : tnef - security update

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type 'application/ms-tnef'. Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious...

[SECURITY] [DSA 3798-1] tnef security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3798-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2017 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3798-1 (tnef - security update)

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type application/ms-tnef . Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious...

tnef Integer Overflow Denial of Service Vulnerability

tnef is a set of programs for decompressing MIME attachments. An integer overflow vulnerability exists in tnef, which allows an attacker to exploit the vulnerability by submitting a special file, performing a denial of service attack, and crashing the application...

Save MMS attachments : backup - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Save MMS attachments : backup published at the 'play' market has multiple vulnerabilities...

How to Enable App Interaction Between XenMobile Secure Mail and Microsoft Office Apps

This document will help you understand how the XenMobile managed Secure Mail application will use Microsoft Office application to open the attachments in a controlled and secured manner. Environment Machine| Details ---|--- Active Directory| Win 2012 Certificate Authority| NA SQL Database| MS SQL...

DEBIAN-CVE-2016-6188

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service memory consumption via a large number of attempts to upload a large attachment, related to temporary files...

Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Researchers at Microsoft’s Malware Protection Center have spotted malicious email campaigns using .lnk attachments to spread Locky ransomware and the Kovter click-fraud Trojan, the first time criminals have simultaneously distributed both pieces of malware. According to Microsoft, the .lnk file n...

Phishers unleash simple but effective social engineering techniques using PDF attachments

The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We’re seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks...

Google to Block .js Attachments in Gmail

Spammers and cybercriminals have revived email-based attacks in the last year, giving new life to macro-based malware hidden in Word documents, and with greater intensity of late, .js files that run JavaScript on infected clients, largely to download malware from an attacker’s site. Google...