GLSA-201110-03 : Bugzilla: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201110-03 Bugzilla: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting...

Researchers Analyzing Attack Patterns With Cloud-Based Malware Data

BARCELONA–Successful targeted attacks against companies such as RSA, Google and others have made huge splashes in the news in the last year or two and drawn a lot of attention to the phenomenon. But it’s not just the successful attacks that are interesting, security researchers say. In many cases...

WordPress Plugin timthumb.php Shell Upload

Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...

Multiple WordPress Plugins - 'timthumb.php' File Upload

Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...

Threat Outbreak Alert: Malicious Attachment Email Messages on August 21, 2013

Medium Alert ID: 24111 First Published: 2011 September 12 13:30 GMT Last Updated: 2013 August 22 14:21 GMT Version: 95 Summary Cisco Security has detected significant activity related to spam email messages that contain malicious attachments. The text in the email message attempts to convince the...

Malicious Spam Spikes to 'Epic' Level

There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall. Research...

CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...

CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...

DEBIAN-CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...

CVE-2011-3128

CVE-2011-3128 affects WordPress: versions 3.1 before 3.1.3 and 3.2 before Beta 2 may treat unattached attachments as published, enabling potential data exposure via wp-includes/post.php. The issue has been acknowledged in Debian/DSA-2670-1 and OSV entries; remediation is to upgrade WordPress to a...

CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...

CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...

Code injection

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3...

Design/Logic Flaw

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977...

CVE-2011-2977

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3...

CVE-2008-7292

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977...

Meta: iPhone app XSS in Facebook Mail

From Alex Rice: Hi Jobert, Michiel - I run the Product Security team over at Facebook. ██████ just sent along a note mentioning that you're attempting to contact us with information on a XSS in Facebook's mail site. Can you share any additional details? Thanks! Our response: During a recent...

Threat Outbreak Alert: Malicious Tax Return Notification Email Messages on March 19, 2014

Low Alert ID: 23586 First Published: 2011 July 6 14:36 GMT Last Updated: 2014 May 20 12:57 GMT Version: 4 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a tax return notification for the recipient. The text in the email message attemp...

Gmail Implements New Features to Help Curb Phishing

Google has implemented new security features into their popular Gmail Web-based email service that will help prevent Gmail users from becoming victims of phishing scams. The company introduced three new features late Tuesday that it claims will inform users of the origins of certain emails so the...

Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1)

It was discovered that a heap overflow in the AWT FileDialog.show method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. CVE-2011-0815 It was dicovered that integer overflows in the JPEGImageReader readImage function and the...