28 matches found
USN-8223-1 roundcube vulnerabilities
It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...
EUVD-2019-6248
Malware in sbrugna...
CVE-2023-36462
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a...
Linux Distros Unpatched Vulnerability : CVE-2019-15237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237 Note that Nessus relies on the presence of t...
SUSE CVE-2005-0238
The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible
We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that eas...
Mozilla Firefox Security Advisory (MFSA2013-61) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-3424
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges...
Design/Logic Flaw
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges...
CVE-2021-3424
CVE-2021-3424 describes an IDN homograph attack in Keycloak as shipped with Red Hat Single Sign-On 7.4, enabling a malicious user to register a name already in use and potentially trick an admin into granting extra privileges. Connected advisories confirm this vulnerability is addressed by Red Ha...
CVE-2021-3424
A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity...
Ditto - A Tool For IDN Homograph Attacks And Detection
Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/ https://clᴏudflare.com Using with Docker The image on docker hub is...
Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers
A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of...
Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers
A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of...
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...
Updated roundcubemail packages fix security vulnerability
The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...
MGASA-2019-0420 Updated roundcubemail packages fix security vulnerability
The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. CVE-2019-15237...
CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...
CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...
DEBIAN-CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks...