EUVD-2015-4301

Malware in sbrugna...

Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350

The attack surface of the United Kingdom's 350 largest publicly traded companies has—drum roll, please—improved. But it could be better. Those are the high level findings of the latest in Rapid7's looks at the cybersecurity health of companies tied to some of the globe's largest stock indices. Th...

Nextcloud: Email Spoofing

An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...

Khan Academy: EMAIL SPOOFING

Hey KHANACADEMY, I have found Email Spoofing type of Vulnerability in your Website. Attacker can use your E-Mail to send emails to others. Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, ...

Weblate: Email spoofing at weblate.org

Good day. I found security bug at weblate.org. Now anybody may send email from weblate.org domain. Now you have SPF policy and DMARC policy, that does not protect anything because exists insecure domain policy: "p=none" and "sp=none". Anybody may send email from weblate.org or subdomain, that are...

Design/Logic Flaw

Cisco Email Security Appliance ESA devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service per-domain e-mail reception outage by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806...