The vulnerability of the Thunderbird email client arises due to insufficient implementation of security measures, allowing attackers to compromise data integrity.

The vulnerability of the Thunderbird email client exists due to insufficient implementation of security measures. Exploiting this vulnerability allows a malicious actor to manipulate data integrity through a specially crafted email with MIME encoding. Such emails contain an embedded signed or...

Revisiting the NSIS-based crypter

This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...

DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell...

CVE-2021-23386

Remote memory exposure vulnerability was found in nodejs dns-packet library. The buffers created with allocUnsafe are not always filled before forming the network packets and an attacker can use this vulnerability to potentially get access to internal application memory over non encrypted network...

Phishing Attack

thunderbird is vulnerable to phishing attack. The vulnerability exists as thunderbird does noto indicate that only parts of the message are protected when a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part...

AMD Secure Encrypted Virtualization Command Injection Vulnerability

AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

AMD Secure Encrypted Virtualization 命令注入漏洞

AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

AMD Secure Encrypted Virtualization 命令注入漏洞

AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

messagelib 信息泄露漏洞

messagelib is an application program. A small C library for Linux. An information disclosure vulnerability exists in messagelib that stems from the way messagelib in KDE KMail deletes attachments to encrypted messages on remote servers e.g. IMAP servers. The following products and versions are...

PT-2021-2787 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacker to trigger a reload of an affected device,...

CVE-2021-27392

A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...

CVE-2021-29467

Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1...

Cross site scripting

Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1...

CVE-2021-29467 Self-XSS

Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1...

CVE-2021-29467

CVE-2021-29467 affects the Wrongthink encrypted peer‑to‑peer chat program. The vulnerability allows a user to check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site, indicating a cross‑site scripting issue. The description notes no workarounds, and a p...

CentOS 7 : thunderbird (RHSA-2021:1192)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1192 advisory. - If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has...

The vulnerability of the Thunderbird email client, related to insufficient checking of imported OpenPGP keys, allows a hacker to send arbitrary encrypted messages.

The vulnerability of the Thunderbird email client is related to insufficient checking of imported OpenPGP keys. Exploiting this vulnerability allows a malicious actor to send arbitrary encrypted messages remotely...

Improper Verification Of Signature

Thunderbird is doing Improper Verification of Signature. If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice...

CentOS 8 : thunderbird (CESA-2021:1193)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1193 advisory. - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 - Mozilla: A crafted OpenPGP key wi...