Lucene search
+L

234 matches found

ThreatPost
ThreatPost
added 2016/08/11 2:10 p.m.9 views

New Gmail Alerts Warn of Unauthenticated Senders

Google is expected soon to begin a gradual rollout of new security features in Gmail that warn users if the system could not authenticate the sender of an email message. Starting this week for browser-based users of Gmail and Android users, Google will display a question mark over a sender’s...

0.2AI score
Exploits0References8
Hacker One
Hacker One
added 2016/07/30 11:21 a.m.20 views

arxius: No SPF/DKIM/DMARC Record for lfil.es

For some reason he requested to disclose a duplicate report that's n/a anyway, so why not...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/04/29 12:49 a.m.13 views

Paragon Initiative Enterprises: Email Authentication Bypass

Hi, I was able to bypass you email authentication. You have not published "DMARC Domain-based Message Authentication, Reporting, and Conformance" for the domain paragonie.com more information :- http://dmarc.org/ ---------------------------------------------------------------------- what is DMARC...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/03/23 1:34 p.m.14 views

New Relic: Too many included lookups

Your SPF record required more than 10 DNS Lookups to be performed during the test. The number of "include" mechanisms and chained "redirect' modifiers should be kept to a minimum. According to RFC 4408, 'SPF implementations MUST limit the number of mechanisms and modifiers that do DNS Lookups to ...

Exploits0
Hacker One
Hacker One
added 2016/02/21 3:12 p.m.41 views

LeaseWeb: MISSING SPF RECORDS & MISSING DKIM POLICY

Missing SPF Records and DKIM policy ----------------------------------------------------- At this moment the leaseweb.com domain is missing the appropriate SPF records and DKIM policy. We are aware of the attack scenarios and currently working on a solution. We will add the missing SPF records an...

2.8AI score
Exploits0
Hacker One
Hacker One
added 2016/02/18 3:7 p.m.13 views

Gratipay: SPF/DKIM/DMARC for aspen.io

1.aspen.io 2.grtp.co SPF record lookup and validation for: grtp.co SPF records are published in DNS as TXT records. The TXT records found for your domain are: Checking to see if there is a valid SPF record. No valid SPF record found of either type TXT or type SPF. SPF record lookup and validation...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/02/18 1:23 p.m.21 views

Gratipay: SPF/DKIM/DMARC for grtp.co

Hello Security Team, I Was Checking The SPF Record For https://grtp.co/ at http://www.kitterman.com/spf/validate.html No valid SPF record found of either type TXT or type SPF. Kindly Fix it Asap! Thanks!...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/02/07 7:47 p.m.29 views

Paragon Initiative Enterprises: Email Authentication bypass Vulnerability

Hi, I was able to bypass you email authentication. You have not published "DMARC Domain-based Message Authentication, Reporting, and Conformance" for the domain paragonie.com more information :- http://dmarc.org/ ---------------------------------------------------------------------- what is DMARC...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/01 12:0 a.m.27 views

VMWare Zimbra Mailer Release 8.6.0.GA Replay Attack

Hi@all, VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions with DKIM implementation are vulnerable to longterm Mail Replay attacks. If the expiration header is not set, the signature never expires. This means, that the e-mail, perhaps catched while performing a man in the midd...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/10/21 2:9 p.m.11 views

Google Moving Gmail to Strict DMARC Implementation

By next summer, most of the major Web-based email providers will have implemented a policy of strictly adopting the DMARC protocol. Google, in a statement published Tuesday by DMARC.org, said it will move gmail.com to a policy of rejecting any messages that don’t pass the authentication checks...

1.7AI score
Exploits0References3
Hacker One
Hacker One
added 2015/10/09 9:15 p.m.19 views

Gratipay: SPF Protection not used, I can hijack your email server

Description Companies like Twiter,Facebook and even Hackerone implemented a strict email security policy combining SPF, DKIM, and DMARC but I don't see that from gratipay You should apply strict SMPT policy to stop spoofed email sending from your domain. POC is attached. Exploit scenario: An...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2015/10/07 10:3 a.m.50 views

Coinbase: SPF records not found

There is no TXT record in DNS zone that defines Sender Policy Framework entry for domain api.coinbase.com. These are the best practices and need to be configure in DNS records to protect your mail servers. using SPF records will help in spam filtering as SPF records does helps in verifying the...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/08/24 6:1 a.m.48 views

Gratipay: DKIM records not present, Email Hijacking is possible

Your SPF record is v=spf1 include:email.freshdesk.com include:spf.mandrillapp.com include:spf.google.com -all Which very well shows that you don't want spoofed email to be sent from your domains, but you just forget one thing: DKIM DomainKeys Identified Mail is an important authentication mechani...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/04 12:0 a.m.30 views

Scientific Linux Security Update : mailman on SL6.x i386/x86_64 (20150722)

It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 It was found that mailman stored private email messages in a world- readable directory. A local use...

7.6CVSS7.7AI score0.07964EPSS
Exploits1References3
Cent OS
Cent OS
added 2015/07/26 2:12 p.m.63 views

mailman security update

CentOS Errata and Security Advisory CESA-2015:1417 Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

7.6CVSS7.2AI score0.07964EPSS
Exploits1References7
Hacker One
Hacker One
added 2015/07/25 11:29 a.m.30 views

Flox: Email spoofing configuration missing

Email spoofing in flox.io buddypress.org bbpress.org There are few email spoofing tool is available free.one them is http://emkei.cz/ when I tried to send a email from [email protected] or [email protected] or [email protected] to my email ,it was successful but when i tried to send the another fr...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.38 views

RHEL 6 : mailman (RHSA-2015:1417)

Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

7.6CVSS7.8AI score0.07964EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2015/07/20 2:6 p.m.43 views

Moderate: Red Hat Security Advisory: mailman security and bug fix update

Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

7.6CVSS7.2AI score0.07964EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/07/06 12:0 a.m.59 views

Scientific Linux Security Update : mailman on SL7.x x86_64 (20150623)

-- It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 Previously, it was impossible to configure Mailman in a way that Domain-based Message...

7.6CVSS8AI score0.07964EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2015/06/24 12:0 a.m.39 views

CentOS 7 : mailman (CESA-2015:1153)

Updated mailman packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

7.6CVSS8AI score0.07964EPSS
Exploits1References2
Rows per page
Query Builder