933 matches found
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
flatpak bug fix and enhancement update
An update is available for mozilla-filesystem, sbc, dbus-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list These packages will be released only via the firef...
flatpak bug fix and enhancement update
An update is available for mozilla-filesystem, sbc, dbus-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list These packages will be released only via the...
UBUNTU-CVE-2022-3033
If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...
This Week in Spring - August 16th, 2022
Hi, Spring fans! Welcome to another wonder-filled installment of This Week in Spring! Its been a week! Sometimes I can scarcely believe it myself. And can you believe its August 16th already?? My daughters starting school this week! Were in the northern hemisphere, and Summer break is already ove...
Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform
Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming,Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to...
flatpak bug fix and enhancement update
An update is available for mozilla-filesystem, sbc, dbus-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list These packages will be released only via the...
flatpak bug fix and enhancement update
An update is available for mozilla-filesystem, sbc, dbus-glib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list These packages will be released only via the firef...
Fedora: Security Advisory for kompose (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 35 Update: kompose-1.17.0-9.fc35
Tool to move from 'docker-compose' to Kubernetes...
[SECURITY] Fedora 36 Update: kompose-1.17.0-9.fc36
Tool to move from 'docker-compose' to Kubernetes...
CVE-2017-20106
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument uploadurl leads to server-side request forgery. The attack needs to be approached...
Server side request forgery (ssrf)
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument uploadurl leads to server-side request forgery. The attack needs to be approached...
CVE-2017-20106 Lithium Forum Compose Message server-side request forgery
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument uploadurl leads to server-side request forgery. The attack needs to be approached...
CVE-2017-20106
The CVE-2017-20106 entry concerns Lithium Forum 2017 Q1. A server-side request forgery (SSRF) vulnerability arises from manipulating the upload_url argument in the Compose Message Handler component. The attack requires local access, and public exploits have been disclosed. Documented impact indic...
VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing
The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...
Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place
Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...
The vulnerability of the Fax Compose Form component in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Fax Compose Form component in Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...