Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses

Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing, and more. But problematically, they often lack the resources to configure those apps to prevent cyberattacks, data exfiltration, and other risks. Catastrophic and costly data breaches...

cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used,...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

Cross site scripting

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

[SECURITY] Fedora 31 Update: libetpan-1.9.3-3.fc31

The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...

[SECURITY] Fedora 32 Update: libetpan-1.9.4-4.fc32

The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...

Mail.ru: Stored XSS that allow an attacker to read victim mailboxes contacts in mail.ru and my.com application

Mail.ru Mail IOS app was vulnerable to local files access on some iOS versions due to cross-application scripting if malcrafted SVG attachment is viewed by user Write-up is here...

Directory Traversal

dovecot is vulnerable to directory traversal. A directory traversal flaw was discovered in Dovecot's zlib plug-in. An authenticated user could use this flaw to view other compressed mailboxes with the permissions of the Dovecot process...

Logic Flaw Vulnerability in Cicada Knowledge Enterprise Portal System

The underlying framework of Cicada Knowledge Enterprise Portal System is self-developed with built-in extension mechanism for easy customization and development. Cicada Knowledge Enterprise Portal System has a logic flaw vulnerability, which can be exploited by an attacker to authenticate differe...

Microsoft Exchange Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other...

Mailbox Master Keys

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon...

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...

Debian: Security Advisory (DSA-4590-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4590-1] cyrus-imapd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4590-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq -...

PT-2019-5233 · Cyrus +4 · Cyrus Imap +4

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions prior to 2.5.15 Cyrus IMAP versions 3.0.x prior to 3.0.13 Cyrus IMAP versions 3.1.x through 3.1.8 Description: The issue is related to a lack of input validation mechanism in the Cyrus IMAP server, which can be exploited b...

Fedora Update for imapfilter FEDORA-2019-90925dd5aa

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Exchange Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other...

mutt: Remote Code Execution via backquote characters

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...