Threat Outbreak Alert RuleID18792: Email Messages Distributing Malicious Software on October 18, 2015

Medium Alert ID: 41591 First Published: 2015 October 19 13:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18792 may contain the following files: Name |...

Lexmark Printer config.html Administrator Authentication Bypass (FREAK)

According to its firmware version, the remote Lexmark printer is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may b...

Trello: CSV Injection

Hello, We can inject commands in the name field of a board =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim downloaded the CSV file...

Ninja Forms <= 2.9.27 - Malicious File Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...

Zaption: CSV Excel Macro Injection in Export Response

Scenario: An attacker creates a response like =AND21 in a tour that allows open response or discussion. Then when a user who created this tour clicks analytic and clicks to export responses as csv, he will see TRUE instead of =AND12 Meaning that cell is now active, and an attacker could make a...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.4.14.1-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.4.14.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 23 Update: drupal6-ctools-1.14-1.fc23

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

WordPress All-in-One Migration Plugin Export

An unauthenticated download vulnerability has been reported in WordPress All-in-One Migration Plugin. Successful exploitation of this vulnerability would allow a remote attacker to receive the affected system's database...

Citing Wassenaar, HP Pulls out of Mobile Pwn2Own

More evidence of the potential chilling effect the Wassenaar Arrangement could have on security research surfaced this week when it was revealed HP has decided not to take part in November’s Mobile Pwn2Own hacking contest in Japan. Dragos Ruiu, who organizes the CanSecWest and PacSecWest...

cessi.org.ar XSS vulnerability

Vulnerable URL: http://www.cessi.org.ar/ver-noticias-information-technology-exportar-conocimiento-la-clave-para-crecer-1864 Details: Description| Value ---|--- Patched:| Yes, at 22.11.2017 Latest check for patch:| 22.11.2017 14:19 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Calendar export: Authorization Bypass Through User-Controlled Key - ownCloud

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server 8.1.1 CVE-2015-6670 ownCloud Server 8.0.6 CVE-2015-6670 ownCloud Serve...

The vulnerability of the OpenSSL library, which allows attackers to carry out attacks aimed at reducing the security of encryption algorithms

The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor, operating remotely and having access to the data transmission channel, to carry out attacks aimed at reducing the resilience of encryption...

Server: Calendar export: Authorization Bypass Through User-Controlled Key

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Multiple EMC RSA products vulnerable

EMC RSA BSAFE Micro Edition Suite MES and others are products of EMC Corporation.EMC RSA BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a wide...

Design/Logic Flaw

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968...

CVE-2015-4308

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968...

Cisco Edge 340 Series Digital Media Player File Viewing Vulnerability

The Cisco Edge 340 Series Digital Media Player is a digital media playback application device. A security vulnerability exists in the Cisco Edge 340 Series Digital Media Player that allows a remote, authenticated user to configure the export function using the WEB graphical user interface to view...

WP Ultimate Csv Importer < 3.8.1 - XSS

The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a XSS security vulnerability...

WordPress WP Attachment Export plugin <= 0.2.3 - Unauthenticated Posts Download vulnerability

Unauthenticated Posts Download vulnerability discovered by Nitin Venkatesh in WordPress WP Attachment Export plugin versions = 0.2.3. Solution Update the WordPress WP Attachment Export plugin to the latest available version at least 0.2.4...