25 matches found
EUVD-2015-2792
Malware in sbrugna...
EUVD-2015-2855
Malware in sbrugna...
PT-2025-34239
Name of the Vulnerable Software and Affected Versions: SpamTitan Email Security Gateway versions 8.00.0 through 8.00.100 SpamTitan Email Security Gateway versions 8.01.0 through 8.01.13 Description: The quarantine.php file within the SpamTitan interface allows unauthenticated users to trigger...
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway ESG appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and...
Chinese Hacking Group Exploits Barracuda Zero-Day
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-linked hacking group, tracked as UNC4841, has prominently directed its efforts towards infiltrating and compromising various entities in recent attacks. These offensives were particularly...
CISA Order Highlights Persistent Risk at Network Edge
The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
Its not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...
[updated] Barracuda Networks patches zero-day vulnerability in Email Security Gateway
On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway ESG appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the...
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...
A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time...
Fortinet FortiMail 安全漏洞
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail versions 7.2.0, 7.0.0 through 7.0.3, 6.4, 6.2, 6.0, and 6.0, which stems from improper...
Fortinet FortiMail 安全漏洞
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in FortiMail prior to 7.0.0, which stems from the lack of an encryption step in the Identity-Based Encryptio...
Fortinet FortiMail 数据伪造问题漏洞
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. An injection vulnerability exists in Fortinet FortiMail due to a missing encryption step in the implementation of the hash digest algorithm...
CVE-2015-2765
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
Code injection
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
CVE-2015-2765
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
CVE-2015-2765
The CVE-2015-2765 entry describes a clickjacking flaw in the Email Security Gateway component of Websense TRITON AP-EMAIL prior to version 8.0.0. The root cause is unspecified in the provided text beyond the class of vulnerability (clickjacking), and there are no concrete exploit details in the c...