3721 matches found
Google Attackers Used Internet Explorer Zero Day
Several of the companies victimized in the attack that hit Google and dozens of other companies recently were compromised through the use of a new, unpatched vulnerability in Internet Explorer, experts say. The flaw was used in a sophisticated attack that included victims receiving targeted email...
Unfixed XSS vulnerability at www.eastangliaemails.com
Security researcher wildc4rd, has submitted on 24/12/2009 a cross-site-scripting XSS vulnerability affecting www.eastangliaemails.com, which at the time of submission ranked 6423413 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/12/2011. It...
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...
Ez Cart Cross Site Request Forgery
----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...
Ez Cart v1.0 Multiple XSRF Vulnerabilities
No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...
CVE-2009-4077
Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...
CVE-2009-4077
Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076...
New MySpace Attack Launches Zeus Spyware
The latest MySpace attack tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama,...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...
SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...
Code injection
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...
IBM Lotus Notes Cross Site Scripting (CVE-2005-2175)
IBM Lotus Domino/Notes is a software suite that provides enterprise-class messaging, calendaring, and scheduling capabilities for collaborative applications. There exists a security flaw in IBM Lotus Domino Web Access DWA and Lotus Notes. Embedded JavaScript in HTML formatted Emails will...
Outlook Web Access Attack Using Pushdo Botnet
Here are some technical details on the Outlook Web Access phishing scheme. 1. The Spam According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These...
Dazzle Blast - Remote File Inclusion
Dazzle Blast - Remote File Inclusion o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Author : NoGe Contact : nogedotcodeatgmaildotcom Blog : http://evilc0de.blogspot.com/ Home : http://antisecurity.org/ o Vulnerable...
openSUSE 10 Security Update : clamav (clamav-6309)
Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-6309. The text description of this plugin is C SUSE LL...
SuSE 11 Security Update : ClamAV (SAT Patch Number 1009)
Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...
SuSE9 Security Update : ClamAV (YOU Patch Number 12442)
Multiple issues in clamav regarding malformed archives and emails have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41307; scriptversion"1.7";...
CVE-2009-2207
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages...