Threat Outbreak Alert RuleID20460: Email Messages Distributing Malicious Software on January 15, 2016

Medium Alert ID: 43043 First Published: 2016 January 15 20:04 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20460 may contain the following files: Name |...

WordPress Zip Attachments Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports in PHP and MySQL server set up a personal blog site. Zip Attachments is one of the plug-ins used to add in the post or page to download download before the file is...

CVE-2015-4694

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the zafile parameter...

Directory traversal

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the zafile parameter...

Threat Outbreak Alert RuleID20375: Email Messages Distributing Malicious Software on January 8, 2016

Medium Alert ID: 42958 First Published: 2016 January 8 20:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20375 may contain the following files: Name |...

CVE-2015-4694

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the zafile parameter...

CVE-2015-4694

CVE-2015-4694 affects the WordPress Zip Attachments plugin (versions before 1.5.1). A directory traversal flaw in download.php (za_file parameter) allows an attacker to read arbitrary files. Public references describe this as an arbitrary file retrieval/vulnerability in the plugin. Remediation: u...

libreport: Possible private data leak in Bugzilla bugs opened by ABRT

It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not...

libreport: Possible private data leak in Bugzilla bugs opened by ABRT

It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not...

Threat Outbreak Alert RuleID19516: Email Messages Distributing Malicious Software on November 20, 2015

Medium Alert ID: 42195 First Published: 2015 November 20 15:33 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19516 may contain the following files: Name |...

Threat Outbreak Alert RuleID4961: Email Messages Distributing Malicious Software on July 6, 2016

Medium Alert ID: 41886 First Published: 2015 November 2 13:41 GMT Last Updated: 2016 July 6 19:09 GMT Version: 50 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID4961 and...

Threat Outbreak Alert RuleID19081: Email Messages Distributing Malicious Software on October 30, 2015

Medium Alert ID: 41816 First Published: 2015 October 30 14:38 GMT Last Updated: 2015 November 2 13:20 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19081...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

Threat Outbreak Alert RuleID18835: Email Messages Distributing Malicious Software on November 17, 2015

Medium Alert ID: 41616 First Published: 2015 October 20 20:23 GMT Last Updated: 2015 November 18 14:00 GMT Version: 10 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID1883...

CVE-2015-5884

The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment...

Threat Outbreak Alert RuleID18523: Email Messages Distributing Malicious Software on October 7, 2015

Medium Alert ID: 41422 First Published: 2015 October 7 19:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18523 may contain the following files: Name |...

Apple OS X Mail Attachment Message Acquisition Vulnerability

Apple OS X is an operating system developed by Apple Inc. An issue with Apple OS X's handling of encryption parameters for very large email attachments sent via Mail Drop allows an attacker to exploit a vulnerability that could be exploited to intercept the contents of S/MIME encrypted attachment...

Threat Outbreak Alert RuleID18415: Email Messages Distributing Malicious Software on October 01, 2015

Medium Alert ID: 41325 First Published: 2015 October 1 15:06 GMT Last Updated: 2015 October 2 13:30 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18415 an...

How to Detect IE Zero-day Exploit Used to Deploy Korplug Malware

Recently, Microsoft issued an Emergency patch for a zero-day vulnerability in Internet Explorer that is being exploited to deploy Korplug malware on vulnerable PCs. Korplug, a known variant of PlugX, is a Trojan that creates a backdoor used for information stealing on infected computers. In one o...

Spam Campaign Continuing to Serve Up Malicious .js Files

A malicious spam campaign that’s been doling out zipped Javascript .js files remains an issue, the SANS Internet Storm Center warns. The campaign was spotted earlier this year, but Brad Duncan, a handler for the site and researcher with Rackspace’s information security operations center, claims...