squirrelmail security and bug fix update

1.4.8-21.0.2.el5 - remove Redhat splash screen images from source 1.4.8-21.0.1.el5 - remove Redhat splash screen images - add README instead of README.RedHat 1.4.8-21 - change charset for zhCN and zhTW to utf-8 508686 1.4.8-20 - fix header encoding issue 241861 - fix code producing warnings in th...

Low: Red Hat Security Advisory: squirrelmail security and bug fix update

An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 5 : squirrelmail (RHSA-2013:0126)

An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Threat Outbreak Alert: Fake Personal Video Sharing Email Messages on October 9, 2013

Low Alert ID: 27713 First Published: 2013 January 2 15:05 GMT Last Updated: 2013 October 9 18:33 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a video attachment for the recipient. The text in the email message attempt...

Threat Outbreak Alert: Fake Product Order Email Messages on February 26, 2014

Medium Alert ID: 27710 First Published: 2012 December 21 18:20 GMT Last Updated: 2014 February 27 13:02 GMT Version: 79 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product order quote for the recipient. The text in the email...

Phony T-Mobile, Vodaphone Notifications Duping U.K. Users

Cybercriminals in the United Kingdom this week have launched two separate but similar scams intent on gaining access to users’ computers. Both scams impersonate e-mail notifications from popular British cell phone companies and both ultimately open a backdoor on the targeted computers. E-mail...

UploadAttachmentsAction XSRF

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permissio...

Holiday Season Phishing Scams and Malware Campaigns

Since the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness about phishing scams and malware campaigns. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holida...

GLSA-201211-01 : MantisBT: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201211-01 MantisBT: Multiple vulnerabilities Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities...

Design/Logic Flaw

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...

CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...

CVE-2012-4495

CVE-2012-4495 affects the Drupal Mime Mail module (6.x-1.x before 6.x-1.1). The root cause is improper restriction of access to files outside Drupal’s publish files directory, allowing remote authenticated users to send arbitrary files as attachments. Impact is that authenticated users can attach...

Malware making bomb and death threats detected

Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected. Symantec confirmed that the...

Threat Outbreak Alert: Fake Changelog Email Messages on September 11, 2014

Medium Alert ID: 27244 First Published: 2012 October 19 18:19 GMT Last Updated: 2014 September 12 13:05 GMT Version: 5 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a changelog for the recipient. The text in the email message attempt...

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

CVE-2012-3731

Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors...

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...

Code injection

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...