WordPress GD bbPress Attachments 2.1 Local File Inclusion

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/ CV...

WordPress GD bbPress Attachments Plugin <= 2.2 - XSS

This vulnerability is in forms/panels.php. It allows an attacker to inject arbitrary web script or HTML via the "tab" parameter that is in the gdbbpressattachments page to wp-admin/edit.php. Solution Update the plugin...

WordPress GD bbPress Attachments Plugin <= 2.2 - Directory Traversal

This vulnerability allows a remote administrator to include and execute arbitrary local files in the "tab" parameter in the gdbbpressattachments page to wp-admin/edit.php. Solution Update the plugin...

WordPress Download Zip Attachments 'download.php' Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Download Zip Attachments 'download.php' plugin due to the program failing to adequately filter...

Threat Outbreak Alert RuleID16419: Email Messages Distributing Malicious Software on July 22, 2015

Medium Alert ID: 39654 First Published: 2015 July 6 13:01 GMT Last Updated: 2015 July 23 12:37 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16419 and...

Download Zip Attachments 1.0 File Download

Title: Remote file download vulnerability in download-zip-attachments v1.0 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-10 Download Site: https://wordpress.org/plugins/download-zip-attachments/ Vendor: rivenvirus Vendor Notified: 2015-06-15 Vendor Contact:...

WordPress Zip Attachments Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Zip Attachments plugin, which allows remote attackers to exploit the vulnerability by submitting a...

WordPress Zip Attachments Plugin <= 1.5.0 - Directory Traversal

This vulnerability allows an attacker to read arbitrary files in the "zafile" parameter. Solution Update the plugin...

Zip Attachments <= 1.1.4 - Arbitrary File Download

The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwd&zafilename=passwd...

Zip Attachments <= 1.1.4 - Arbitrary File Download

The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. PoC http://www.example.com/wp-content/plugins/zip-attachments/download.php?zafile=../../../../../etc/passwdfilename=passwd...

Download Zip Attachments <= 1.0 - Arbitrary File Download

The download-zip-attachments WordPress plugin was affected by an Arbitrary File Download security vulnerability...

Phishers Going the Long Way Round to Avoid Filtering Systems

Any human with an email address likely has gotten thousands of spam messages that look like delivery notifications, invoices, or other alleged communications from shipping companies such as UPS or DHL. They typically contain malicious attachments with exploits for a browser or plug-in...

Udemy: xss profile

some fields in the profile are vulnerable for static cross site scriptings. see attachments...

Nepal Earthquake Disaster Email Scams

US-CERT warns users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear...

Macro-Enabled Malware Making a Comeback

Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of...

Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

JVN#93318392: AL-Mail32 vulnerable to buffer overflow

AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a buffer overflow vulnerability due to a flaw in processing attachments. Impact When an attachment with specially crafted file name is processed, arbitrary code may be executed. Solution Update the Software...

Threat Outbreak Alert RuleID13305: Email Messages Distributing Malicious Software on February 9, 2015

Medium Alert ID: 37206 First Published: 2015 January 28 19:13 GMT Last Updated: 2015 February 10 14:33 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13305...

Threat Outbreak Alert RuleID13260: Email Messages Distributing Malicious Software on January 25, 2015

Medium Alert ID: 37153 First Published: 2015 January 26 16:25 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13260 may contain the following files: Name |...