Code injection

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

CVE-2012-1160

CVE-2012-1160 affects Moodle prior to 2.2.2, with a permission flaw in Forum Subscriptions allowing unenrolled users to subscribe/unsubscribe via mod/forum/index.php. Public data confirms affected versions include Moodle 2.1.x up to 2.1.4+, and 2.2.x up to 2.2.1+. Root cause described as a permis...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

katello: stored XSS in subscriptions and repositories pages

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru

CSRF in https://allods.mail.ru allows to manage user's subscriptions. allods.mail.ru belongs to extended scope...

cockpit security update

173.2-1.0.1 - turn off display of subscriptions menu item in GUI - Drop subscription-manager requirement since we do not ship it [email protected] - Remove Red Hat references. 173.2-1 - ws: Fix bug parsing invalid base64 headers rhbz1672296...

Katello Cross-Site Scripting Vulnerability

Katello is a system management engine that provides workflows for configuration management, subscription management and content management. A cross-site scripting vulnerability exists in Katello version 3.9.0, which can be exploited by remote attackers with the help of Subscriptions or Red Hat...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-19814

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter...

Slack: Bypass of the SSRF protection in Event Subscriptions parameter.

The vulnerability is present in the "Event Subscriptions" parameter where: "Your app can subscribe to be notified of events in Slack for example, when a user adds a reaction or creates a file at a URL you choose. ". URL: https://api.slack.com/apps/YOUAPPCODE/event-subscriptions? When we add a sit...

DEBIAN-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

ALPINE-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

UBUNTU-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

UBUNTU-CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

Take these steps to stay safe from counterfeit software and fraudulent subscriptions

This post is authored by Matt Lundy, Assistant General Counsel, Microsoft. Software piracy and fraudulent subscriptions are serious, industry-wide problems affecting consumers and organizations around the world. In 2016, 39 percent of all software installed on computers was not properly licensed,...

Zomato: IDOR in treat subscriptions

The treat subscriptions tab in my profile has an IDOR. The corresponding api: POST /php/filterusertabcontent.php HTTP/1.1 userid=██████&tab=treatsubscription&orderhistoryoffset=0&orderhistorylimit=20 You can give any user id and you will be able to see the treat subscriptions of that user. Impact...