Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim’s account.
Monthly Archives: September 2016
CVE-2016-7123 (mailman)
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
Mr. Robot Review: eps2.7_init_5.fve
Apple Patches Trident Vulnerabilities in OS X, Safari
Apple has patched the Trident vulnerabilities in OS X and Safari. The flaws were originally disclosed in iOS and used to spy on a UAE human rights activist.
Kaspersky Company Account – FileManager Vulnerability
Posted by Vulnerability Lab on Sep 02
Document Title:
===============
Kaspersky Company Account – FileManager Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1924
Release Date:
=============
2016-08-30
Vulnerability Laboratory ID (VL-ID):
====================================
1924
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Kaspersky Company Account – Response XSS Vulnerability
Posted by Vulnerability Lab on Sep 02
Document Title:
===============
Kaspersky Company Account – Response XSS Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1934
Release Date:
=============
2016-08-29
Vulnerability Laboratory ID (VL-ID):
====================================
1934
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
FormatFactory 3.9.0 – (.task) Stack Overflow Vulnerability
Posted by Vulnerability Lab on Sep 02
Document Title:
===============
FormatFactory 3.9.0 – (.task) Stack Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1935
Release Date:
=============
2016-09-01
Vulnerability Laboratory ID (VL-ID):
====================================
1935
Common Vulnerability Scoring System:
====================================
6.1
Product & Service Introduction:…
CEO fraud: How to stay protected against this modern day deception
Be wary of CEO fraud, a modern take on deception specifically designed to trick you into doing something that you think you have permission to do.
The post CEO fraud: How to stay protected against this modern day deception appeared first on WeLiveSecurity.
Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords
Another Day, Another Data Breach!
If you love to listen to music online and have an account on Last.fm website, your account details may have compromised in a data breach that leaked more than 43 Million user personal data online.
Last.fm was hacked in March of 2012 and three months after the breach, London-based music streaming service admitted to the incident and issued a warning,
Threatpost News Wrap, September 2, 2016
Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler EK was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware.