openSUSE Security Update : roundcubemail (openSUSE-SU-2015:0116-1)

roundcubemail was updated to 1.0.4 fixing bugs and security issues. Changes : - Disable TinyMCE contextmenu plugin as there are more cons than pros in using it 1490118 - Fix bug where showrealfoldernames setting wasn't honored on compose page 1490153 - Fix issue where Archive folder wasn't...

Threat Outbreak Alert RuleID13171: Email Messages Distributing Malicious Software on January 20, 2015

Medium Alert ID: 37065 First Published: 2015 January 21 14:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13171 may contain the following files: Name |...

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

Cross site scripting

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

Dridex Banking Trojan Spreading Via Office Macros

The left-for-dead Office macro has apparently made a comeback with cybercriminals who have found them to be a good hiding place for banking malware. Recently, Microsoft reported a spike in the use of macros in hacking campaigns, peaking in mid-December. This has been corroborated by researchers a...

Threat Outbreak Alert RuleID4961KVR: Email Messages Distributing Malicious Software on July 8, 2016

Medium Alert ID: 36917 First Published: 2015 January 6 13:54 GMT Last Updated: 2016 July 8 20:47 GMT Version: 63 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID4961 and...

Microsoft Reports Massive Increase in Macros Enabled Threats

The Microsoft Malware Protection Center says there has been a dramatic increase in threats using macros to spread malware via spam and social engineering over the last month. Macros are used for automating frequently used tasks in Office. Macro-related infections were constant and near zero daily...

SuSE 11.3 Security Update : clamav (SAT Patch Number 10016)

clamav was updated to version 0.98.5 to fix three security issues and several non-security issues. These security issues have been fixed : - Crash when scanning maliciously crafted yoda's crypter files. CVE-2013-6497 - Heap-based buffer overflow when scanning crypted PE files. CVE-2014-9050 - Cra...

[SECURITY] Fedora 20 Update: geary-0.6.3-1.fc20

Geary is a new email reader for GNOME designed to let you read your email quickly and effortlessly. Its interface is based on conversations, so you can easily read an entire discussion without having to click from message to message. Geary is still in early development and has limited features...

CVE-2014-8736

The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...

CVE-2014-8736

The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...

CVE-2014-8736

The Open Atrium Core module for Drupal (OA Core) in the 7.x-2.x line is affected by CVE-2014-8736, prior to 7.x-2.22. The vulnerability lets remote attackers bypass access controls and read file attachments that were removed from a node by leveraging a previous revision of that node. The risk is ...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

US-CERT Warns of Dyre Banking Trojan

The Department of Homeland Security formally sounded the alarm Monday on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late. The warning came in the form of an alert from the United States Computer...

Threat Outbreak Alert RuleID12122: Email Messages Distributing Malicious Software on October 27, 2014

Medium Alert ID: 36198 First Published: 2014 October 27 15:50 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12122 may contain the following files: Name |...

Ebola Phishing Scams and Malware Campaigns

US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease EVD as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a...

SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass

The oacore module contains the base access control mechanism for the Open Atrium distribution OA2. In OA2, file attachments are given the same access permission as the node they are attached to. The vulnerability is when an attachment is removed from a node that has Revisions enabled. It allows...

Threat Outbreak Alert RuleID11305: Email Messages Distributing Malicious Software on February 9, 2015

Medium Alert ID: 35462 First Published: 2014 August 28 13:03 GMT Last Updated: 2015 February 10 14:33 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11305...