Lucene search
+L

3721 matches found

ThreatPost
ThreatPost
added 2010/01/14 9:9 p.m.18 views

Google Attackers Used Internet Explorer Zero Day

Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say. The flaw was used in a sophisticated attack that included victims receiving targeted email...

0.4AI score
Exploits0References3
xssed
xssed
added 2009/12/24 12:0 a.m.11 views

Unfixed XSS vulnerability at www.eastangliaemails.com

Security researcher wildc4rd, has submitted on 24/12/2009 a cross-site-scripting XSS vulnerability affecting www.eastangliaemails.com, which at the time of submission ranked 6423413 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/12/2011. It...

6.6AI score
Exploits0References1
exploitpack
exploitpack
added 2009/12/15 12:0 a.m.18 views

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/15 12:0 a.m.21 views

Ez Cart Cross Site Request Forgery

----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2009/12/15 12:0 a.m.26 views

Ez Cart v1.0 Multiple XSRF Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2009/11/25 10:0 p.m.20 views

CVE-2009-4077

Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...

6.8CVSS6AI score0.01342EPSS
Exploits0References1
Prion
Prion
added 2009/11/25 10:0 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...

6.8CVSS7.3AI score0.01342EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2009/11/25 9:22 p.m.54 views

CVE-2009-4077

Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...

6.8CVSS6.7AI score0.01342EPSS
Exploits0
ThreatPost
ThreatPost
added 2009/11/09 10:10 p.m.9 views

New MySpace Attack Launches Zeus Spyware

The latest MySpace attack tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama,...

3.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/04 6:27 a.m.5 views

Roundcube Webmail vulnerable to cross-site request forgery

Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...

6.8CVSS6.9AI score0.01342EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/04 12:0 a.m.31 views

JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...

6.8CVSS6AI score0.01342EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2009/10/27 11:35 p.m.4 views

SeaMonkey scriptable plugin execution in mail (mfsa2010-06)

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

7.1CVSS6.1AI score0.0277EPSS
Exploits0References4
Prion
Prion
added 2009/10/27 4:30 p.m.19 views

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

6.5CVSS8AI score0.01068EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2009/10/22 12:0 a.m.10 views

IBM Lotus Notes Cross Site Scripting (CVE-2005-2175)

IBM Lotus Domino/Notes is a software suite that provides enterprise-class messaging, calendaring, and scheduling capabilities for collaborative applications. There exists a security flaw in IBM Lotus Domino Web Access DWA and Lotus Notes. Embedded JavaScript in HTML formatted Emails will...

5CVSS6.3AI score0.05209EPSS
Exploits0
ThreatPost
ThreatPost
added 2009/10/16 2:29 p.m.13 views

Outlook Web Access Attack Using Pushdo Botnet

Here are some technical details on the Outlook Web Access phishing scheme. 1. The Spam According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These...

2.1AI score
Exploits0References2
exploitpack
exploitpack
added 2009/10/12 12:0 a.m.13 views

Dazzle Blast - Remote File Inclusion

Dazzle Blast - Remote File Inclusion o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Author : NoGe Contact : nogedotcodeatgmaildotcom Blog : http://evilc0de.blogspot.com/ Home : http://antisecurity.org/ o Vulnerable...

Exploits0
Tenable Nessus
Tenable Nessus
added 2009/10/06 12:0 a.m.19 views

openSUSE 10 Security Update : clamav (clamav-6309)

Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-6309. The text description of this plugin is C SUSE LL...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.13 views

SuSE 11 Security Update : ClamAV (SAT Patch Number 1009)

Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...

5.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.10 views

SuSE9 Security Update : ClamAV (YOU Patch Number 12442)

Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41307; scriptversion"1.7";...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2009/09/10 9:30 p.m.5 views

CVE-2009-2207

The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages...

2.1CVSS5.5AI score0.00345EPSS
Exploits0References6
Rows per page
Query Builder