181 matches found
PT-2019-15210 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.2 Description: The issue is related to a security problem where an attacker can inject malicious code. This is possible through the 'outgoing email setup' feature, specifically in the admin/mails.php?action=edit URI, by...
Debian DLA-1868-1 : squirrelmail security update
A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails can be executed within the application context via crafted use of for example a NOEMBED...
68% of Overwhelmed IT Managers Say They Can't Keep Up with Cyberattacks
IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm. That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers...
Ubiquiti Inc.: Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server
A malicious actor setting up an SMTP proxy server between the UniFi Controller and their actual SMTP server can record their SMTP credentials for malicious use...
mails-news.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-680920 Description| Value ---|--- Affected Website:| mails-news.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
ThreatList: Attacks on Industrial Control Systems on the Rise
The systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors are increasingly in the crosshairs of cyber-attackers: A full 41.2 percent of industrial control system ICS were attacked by malicious software at least once in the first half of 201...
openSUSE Security Update : enigmail (openSUSE-2018-535)
This update for enigmail to version 2.0.6 fixes the following issues : Security issues fixed : - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data boo1094781 - Signature could be spoofed via...
Security update for enigmail (moderate)
This update for enigmail to version 2.0.6 fixes the following issues: Security issues fixed: - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data boo1094781 - Signature could be spoofed via...
Security update for enigmail (moderate)
This update for enigmail to version 2.0.6 fixes the following issues: Security issues fixed: - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data boo1094781 - Signature could be spoofed via...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number: CVE-2018-7701,...
Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...
CVE-2017-16962
Summary: CVE-2017-16962 affects CommuniGate Pro WebMail Crystal, pronto, and pronto4 components before version 6.2.1. The issue is a stored cross-site scripting (XSS) vulnerability. An attacker can craft calendar invitations or items that trigger scripts when rendered by WebMail, via vectors incl...
Domain Analyzer
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresse...
Spread banking Trojan the Office 0day vulnerabilities-vulnerability warning-the black bar safety net
Micro-step online Threat Intelligence briefing Number: TB-2017-0003 Report confidence: 90 TAG: Microsoft, Office, 0day, vulnerabilities, phishing mails, Dridex TLP: yellow only accept the report of the Organization for internal use Date: 2017-04-11 Update Micro-step online to GMT 4 May 11, to the...
Suspicious Metadata Mail Phishing Redirection
Mail attachment containing a malicious html file was observed as part of recent campaigns. A remote attacker could send spam e-mails including those html and redirects users to manually download malicious files...
CVE-2016-9411
The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails...
CVE-2016-9411
The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails...
Suspicious Metadata Mail Phishing Containing Archive Attachment
Suspicious Mail containing archive attachment was observed as part of phishing campaigns. A remote attacker could send spam e-mails including those files. This would allow the malicious code to run and infect the target system...
CVE-2016-6845
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...
Design/Logic Flaw
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...