260 matches found
CVE-2017-13860
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption...
Microsoft Office Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails. The attacker would have to u...
Apple macOS High Sierra and iOS Mail Drafts Credential Encryption Vulnerability
Apple macOS High Sierra and iOS are both products of Apple Inc. Apple macOS High Sierra is a dedicated operating system for Mac computers. iOS is an operating system for mobile devices. Mail Drafts is one of the email drafts components. A security vulnerability exists in the Mail Drafts component...
CVE-2017-7078
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions...
Design/Logic Flaw
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions...
CVE-2017-7078
CVE-2017-7078 affects Apple iOS (pre-11) and macOS (pre-10.13) in the Mail Drafts component. The issue allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions. The linked Apple documentation notes that the Mail Drafts issue involved an encryption hand...
CVE-2017-7078
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions...
I can Haz TLS 1.3 ?
Everybody wants to be able to use TLS 1.3. Among the reasons are: It's faster - being able to reconnect to a server you've previously used, and saving a full round-trip latency is impressive. It's more reliable - the protocol has been cleaned up and simplified. For example, the related concepts o...
Apple macOS High Sierra and iOS Mail Drafts Email Interception Vulnerability
Apple macOS High Sierra and iOS are both products of Apple Inc. Apple macOS High Sierra is a dedicated operating system for Mac computers. iOS is an operating system for mobile devices. Mail Drafts is one of the email drafts components. A security vulnerability exists in the Mail Drafts component...
WordPress Share Drafts Publicly Plugin <= 1.1.4 - Authenticated Information Disclosure Vulnerability
Because of this vulnerability, a user would now need to have access to a valid nonce to be able to make a draft public. WordPress Share Drafts Publicly users don’t have access to a draft could use the functionality to view it since the AJAX request was accessible to anyone logged in to WordPress...
CVE-2017-7415
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource...
Authentication flaw
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource...
CVE-2017-7415
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource...
openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1195)
This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues : - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. MFSA 2016-86, boo999701 The following bugs were fixed in...
openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1166)
This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues : - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. MFSA 2016-86, boo999701 The following bugs were fixed in...
Apple iOS Sandbox Profiles Component Information Disclosure Vulnerability
Apple iOS is an operating system developed by Apple Inc. for mobile devices, of which Sandbox Profiles is a Sandbox component. An information disclosure vulnerability exists in the Sandbox Profiles component in versions of Apple iOS prior to 10, which stems from a program that fails to properly...
PHPList 3.2.4 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: PHPList v3.2.4 CSRF/XSS Date: 01/06/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: https://www.phplist.com/ Version: 3.2.4 Category: CSRF/XSS PHPList description : ====================================================================== phpList is an open source...
[SECURITY] Fedora 22 Update: libssh2-1.5.0-2.fc22
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...
[SECURITY] Fedora 23 Update: libssh2-1.6.0-4.fc23
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...
Shopify: XSS in Draft Orders in Timeline i SHOPIFY Admin Site!
Create an Draft with a product named "img src=x onerror=prompt'XSSP' 2. Send the Draft to someone and complete the order. Order is shown as Completed Drafts as order.png 3. Create a timeline and reference this Draft. As soon as you click POST you will be XSSEd xss.png Thanks...