UBUNTU-CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

Five Year Old Phishing Campaign Unveiled

UPDATE: A previous version of this story reported that Cyphort found 300,000 stolen credentials on a Gmail server. This figure was incorrectly reported by the firm and has been corrected to the adjusted number, 2,500 stolen credentials, in this story. Details have been disclosed on a five-year-ol...

Yahoo! Mail Cross Site Scripting

Document Title: =============== Yahoo! Bug Bounty 30 YM - Application-Side Mail Encoding File Attachment Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID:...

Yahoo! Bug Bounty #30 YM - Persistent Mail Vulnerability

Document Title: =============== Yahoo! Bug Bounty 30 YM - Persistent Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID: ==================================== 11...

CVE-2014-1348

Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition...

Information disclosure

Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition...

CVE-2014-1348

Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition...

CVE-2014-1348

CVE-2014-1348 concerns Apple iOS

Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15730/info Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

Sun JavaMail 1.x Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13753/info Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported: ...

Outlook Express 6 Attachment Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML frame in an...

Apple Mac OS X 10.5.x Mail Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26510/info Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments. Attackers can exploit this issue to execute arbitrary co...

Qualcomm Eudora 5.2.1/6.0 File Attachment Spoofing Variant Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7653/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious conten...

Sun JavaMail 1.3.2 MimeBodyPart.getFileName Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect...

Yet Another NOCC <= 0.1.0 - Local File Inclusion Vulnerability

No description provided by source. Yet Another NOCC 0.1.0 = Local File Inclusion Vulnerabilities YANOCC is a simple and fast webmail client which can handle POP3, SMTP, and IMAP servers. YANOCC is based on NOCC's code and is written with PHP4. It features multi-language support, MIME attachments,...

Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are associated with Internet...

novaboard 1.0.0 - Multiple Vulnerabilities

No description provided by source. =============================================================================================== Found : brainpillow Dork : Powered by NovaBoard v1.0.0 Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

Multiple File Attachments Mail Form Pro 2.0 - WebShell upload

No description provided by source. Exploit Title: Multiple File Attachments Mail Form Pro v2 - WebShell upload Date: 16/02/2010 Author: EgoPL Mail: [email protected]:[email protected] Software Link: http://activeden.net/item/multiple-file-attachments-mail-form-prov2/31262 17$ but It's now on ...

Threat Outbreak Alert RuleID7930: Email Messages Distributing Malicious Software on February 17, 2015

Medium Alert ID: 34789 First Published: 2014 June 30 14:15 GMT Last Updated: 2015 February 17 20:26 GMT Version: 103 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID7930KV...

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: 1. Information discovery 2. Exploit useful information 3. Report the...