[SECURITY] Fedora 20 Update: libssh2-1.5.0-1.fc20

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

[SECURITY] Fedora 22 Update: libssh2-1.5.0-1.fc22

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)

SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...

TorBirdy - Torbutton for Thunderbird

TorBirdy is Torbutton for Thunderbird, Icedove and related Mozilla mail clients. It may also work with other non-web browser Mozilla programs such as Sunbird. This extension configures Thunderbird to make connections over the Tor anonymity network. Notable changes in this release include: 0.1.3, ...

Draft retrieval in the editor doesn't respect page or space permissions

Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...

DEBIAN-CVE-2012-6635

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft...

New Dead drop techniques used by Security Agencies

Paul F Renda give an overview that, What and how new long distance and short distance Dead drop techniques are used by National Security Agency for secure communications. What is a dead drop? It is methods that spies use or have used to communicate with associates who have information for them. T...

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

Code injection

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

CVE-2011-4542

Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the 1 rs or 2 rsargs parameter in a mailbox Drafts action to the default URI...

CVE-2011-4542

Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the 1 rs or 2 rsargs parameter in a mailbox Drafts action to the default URI...

CVE-2011-4541

Cross-site scripting XSS vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action...

CVE-2011-4541

Cross-site scripting XSS vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action...

CVE-2011-4541

The CVE-2011-4541 entry concerns Hastymail2 (version 2.1.1 prior to RC2) and is caused by a cross-site scripting (XSS) vulnerability in index.php where an attacker can inject script/HTML via the rs parameter in the mailbox Drafts action. Public references in NVD and CVE listings confirm the impac...

Hastymail 'rs' and 'rsargs[]' Parameters Remote Code Injection Vulnerabilities

The host is running Hastymail2 and is prone to remote code injection vulnerabilities. OpenVAS Vulnerability Test $Id: secpodhastymail2rsparamremotecodeinjvuln.nasl 7006 2017-08-25 11:51:20Z teissa $ Hastymail 'rs' and 'rsargs' Parameters Remote Code Injection Vulnerabilities Authors: Sooraj KS...

CVE-2008-4491

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail...

MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities

No description provided by source. Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I found multiple bugs in MailEnable Enterprise Edition ASP Version = 2.0 that I listed them below: 1 - Any user can login to web administration site. 2 - Authenticated normal user can gain ADMIN or SYSADMI...

Security update 1970-01-01

...