Threat Outbreak Alert RuleID21040: Email Messages Distributing Malicious Software on February 14, 2016

Medium Alert ID: 43556 First Published: 2016 February 15 13:48 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21040 may contain the following files: Name |...

Threat Outbreak Alert RuleID20961: Email Messages Distributing Malicious Software on February 5, 2016

Medium Alert ID: 43439 First Published: 2016 February 5 20:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20961 and RuleID20961KVR may contain the...

Threat Outbreak Alert RuleID20377: Email Messages Distributing Malicious Software on January 11, 2016

Medium Alert ID: 42970 First Published: 2016 January 11 14:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20377 may contain the following files: Name |...

Gratipay: protect against tabnabbing in statement

Hello, when we include a link on statement in our profile, it just create an html tag like this: http://google.com ^ That's vulnerable. How? Once the owner of the profile added a malicious url it is possible that the link has a referral link thingy that will open a tab that has a phishping page o...

IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements...

churchdb.com XSS vulnerability

Vulnerable URL: https://www.churchdb.com/ChurchDB/PrivacyStmnt.asp?EMAIL=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1396867 Google...

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server was reported as being vulnerable to the following issues:CWE-89: Improper Neutralization of Special Elements...

Threat Outbreak Alert RuleID19414: Email Messages Distributing Malicious Software on November 16, 2015

Medium Alert ID: 42105 First Published: 2015 November 16 16:17 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19414 may contain the following files: Name |...

Threat Outbreak Alert RuleID18785: Email Messages Distributing Malicious Software on October 18, 2015

Medium Alert ID: 41593 First Published: 2015 October 19 13:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18785 may contain the following files: Name |...

lemon, sqlite security update

CentOS Errata and Security Advisory CESA-2015:1634 An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

sqlite: stack buffer overflow in src/printf.c

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts...

sqlite: invalid free() in src/vdbe.c

It was found that SQLite's sqlite3VdbeExec function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts...

sqlite: stack buffer overflow in src/printf.c

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts...

BizIdea Design CMS 2015Q3 SQL Injection Vulnerability

BizIdea Design CMS 2015Q3 suffers from a remote SQL injection vulnerability. Document Title: =============== bizidea Design CMS 2015Q3 - SQL Injection Vulnerability Product & Service Introduction: =============================== http://www.bizidea.co.th Technical Details & Description:...

Threat Outbreak Alert RuleID17312: Email Messages Distributing Malicious Software on August 12, 2015

Medium Alert ID: 40418 First Published: 2015 August 12 14:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17312 may contain the following files: Name |...

Threat Outbreak Alert RuleID17195: Email Messages Distributing Malicious Software on August 10, 2015

Medium Alert ID: 40388 First Published: 2015 August 10 15:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17195 may contain the following files: Name |...

Threat Outbreak Alert RuleID16937: Email Messages Distributing Malicious Software on July 24, 2015

Medium Alert ID: 40145 First Published: 2015 July 27 21:06 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16937 may contain the following files: Name | Siz...

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 1555...

Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...

CVE-2015-0157

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash by leveraging an unspecified scalar function in a SQL statement...