EUVD-2009-4993

Malware in sbrugna...

FreeBSD : keycloak -- Missing server identity checks when sending mails via SMTPS (fd538d14-5778-4764-b321-2ddd61a8a58f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd538d14-5778-4764-b321-2ddd61a8a58f advisory. Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which...

CVE-2021-44549

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...

GHSA-F8CM-364F-Q9QH Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls

Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Workarounds In your project directory create a decorator file...

CS Money: Отправка писем с произвольным текстом/кликабельными ссылками любому зарегистрированному пользователю с указанной почтой, зная только steamid

Using a third-party service GetResponse used on the project and the 2FA deactivation functionality combined, a hacker found a way to send arbitrary text to any user, knowing only the victim's SteamID. The vulnerability relied on: 1. Invalid cookie management in request; 1. No additional validatio...

Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw

“Can you have a look at this email I got, please?" my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider ISP. Shortly after, he informed me that despite its suspicious aura, he found...

OilRig APT Drills into Malware Innovation with Unique Backdoor

A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the...

Cybercriminals Adding Sophistication to BEC Threats

Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...

OLX: Cross-site Scripting (XSS) - Reflected

Dear Security OLX team, I want to report the findings of the security gap on the olx.co.id website, the detailed findings are as follows: impact:https://www.olx.co.id/adminpanel/login/ Payload : ope8i"alert1grpo8 POC: paramter = userpassword POST /adminpanel/login/?ref0action=index&ref0method=ind...

How attackers are abusing high-profile users and executives

Email is the prime communication channel for businesses and their employees worldwide. In fact, last year saw more than 269 billion emails sent per day, and Radicati Group researchers predict that by 2021, this number will rise to more than 319 billion. With so much critical and sensitive...

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry

Watch out, readers! It is ransomware, another WannaCry, another wide-spread attack. The WannaCry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France,...

Macromedia ColdFusion MX 6.0 - Remote Development Service File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8109/info A vulnerability has been reported for the RDS service that may allow an attacker to obtain unauthorized access to a data residing on a ColdFusion MX server. The vulnerability is due to the way that authenticatio...

CVE-2010-3887

The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address...

Booking System for Planyo Multiple VUlnerabilty

Exploit for php platform in category web applications =============================================== Booking System for Planyo Multiple VUlnerabilty =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...

Ez Cart v1.0 Multiple XSRF Vulnerabilities

Exploit for unknown platform in category web applications ========================================== Ez Cart v1.0 Multiple XSRF Vulnerabilities ========================================== ----------------------------------------------------------------------------------------------- Application: E...

Meridian Prolog Manager Username and Plain Text Password Disclosure

+Note: This is being released without Meridian or CERT approval. Meridian has been dragging their feet and has shown no good intent since I first tried to contact them. My guess is that they will be following all of my releases claiming I was uncooperative. The only information Meridian ever soug...

Exchange Server 2007

Exchange Server 2007...