Search cyberveille.decio.ch

Found 47 bookmarks

Custom sorting

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

Sonar’s Vulnerability Research Team recently discovered a critical Cross-Site Scripting (XSS) vulnerability in Roundcube, a popular open-source webmail software. When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's browser. Attackers can abuse the vulnerability to steal emails, contacts, and the victim's email password as well as send emails from the victim's account. In October 2023, ESET Research reported that a similar vulnerability was actively used by the APT group Winter Vivern to attack European government entities. Roundcube administrators should update to the patched version 1.6.8 or 1.5.8 as soon as possible. * All discovered issues are tracked as CVE-2024-42008, CVE-2024-42009, CVE-2024-42010.

#sonarsource #EN #2024 #Roundcube #Webmail #CVE-2024-42008 #CVE-2024-42009 #CVE-2024-42010

·sonarsource.com·Sep 3, 2024

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

Sonar

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

#sonarsource #EN #2024 #Gogs #vulnerabilities #developers #Supply-Chain

·sonarsource.com·Jul 4, 2024

Sonar

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.

#sonarsource #EN #2024 #Joomla #PHP #Bug #CVE-2024-21726

·sonarsource.com·Feb 27, 2024

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

pfSense Security: Sensing Code Vulnerabilities with SonarCloud

Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.

#sonarsource #EN #2023 #pfsense #CVE-2023-42325 #CVE-2023-42327 #CVE-2023-42326

·sonarsource.com·Dec 12, 2023

pfSense Security: Sensing Code Vulnerabilities with SonarCloud

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

#sonarsource #EN #2022 #Zimbra #memcache #Vulnerability #email #steal #credentials

·blog.sonarsource.com·Jun 15, 2022

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

#Horde #Webmail #Takeover #openoffice #preview #EN #2022 #sonarsource

·blog.sonarsource.com·Feb 22, 2022

Horde Webmail 5.2.22 - Account Takeover via Email

Code Vulnerabilities Put Proton Mails at Risk

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

#sonarsource #EN #2023 #Code #Vulnerabilities #ProtonMail #XSS #Tutanota

·sonarsource.com·Sep 7, 2023

Code Vulnerabilities Put Proton Mails at Risk

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

#sonarsource #Pathtraversal #EN #2022 #Zimbra #flaw #unrar #CVE-2022-30333

·blog.sonarsource.com·Jun 29, 2022

Unrar Path Traversal Vulnerability affects Zimbra Mail