mailcow: dockerized 访问控制错误漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained an access control vulnerability. This vulnerability stemmed from the lack of administrator verification when deleting forwarding hosts, allowing any authenticated user...

Open5GS 安全漏洞

Open5GS is an Open5GS open source C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.7.5 and earlier, which stems from a misbehavior of the function ogspfcppdrfindoradd in the QER/FAR/URR/PDR component, whi...

EUVD-2009-0277

Malware in sbrugna...

CVE-2024-35400

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules...

CVE-2023-41155

A Stored Cross-Site Scripting XSS vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule...

PT-2021-3894

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description The issue is related to an information disclosure vulnerability in Microsoft Exchange Server, associated with weaknesses in the authentication procedure. This vulnerability...

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency CISA issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture...

Synology DiskStation Manager (DSM) Denial of Service Vulnerability

DiskStation Manager DSM is an intuitive web-based operating system for every Synology NAS designed to help you manage digital assets in your home and office. A security vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation Manager DSM allows remote authenticated attackers to...

CVE-2017-12076

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation DSM before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack...

PT-2017-12339 · Synology · Synology Disk Station

Name of the Vulnerable Software and Affected Versions: Synology DiskStation DSM versions prior to 6.1.1-15088 Description: The issue allows a remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack due to an Uncontrolled Resource Consumptio...

Linksys E4200 Vulnerability Enables Authentication Bypass

The Lynksys E4200 V2 dual band router contains a vulnerability that an attacker could exploit, bypassing the Web panel authentication mechanism and gaining administrative privileges on affected devices. Linksys has provided a firmware update that resolves the vulnerability. However, as is nearly...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors...

CVE-2009-0272

Cross-site request forgery CSRF vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors...

CVE-2009-0272

Cross-site request forgery CSRF vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors...

DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit

No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...

Выполнение команд в exim (code execution)

При использовании правил перенаправляющих почту без проверки локальной части не контролируются специальные символы, что может привести к перенаправлению песьма во внешнее приложение...