Search Results for: csrf

Results 1 - 10 of 320 Page 1 of 32
Results per-page: 10 | 20 | 50 | 100

[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15

Posted on: 2017-05-04

Full Disclosure mailing list archives [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 From: Sysdream Labs <labs () sysdream com> Date: Wed, 3 May 2017 16:01:24 +0200 # [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 ## Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL license version 3. The official web site can be found at http://www.vimbadmin.net and the source code of the application is available on github https://github.com/opensolutions. ## Details **CVE ID**: CVE-2017-6086 **Access…

[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15

Posted on: 2017-05-04

Full Disclosure mailing list archives [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 From: Sysdream Labs <labs () sysdream com> Date: Wed, 3 May 2017 16:01:24 +0200 # [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 ## Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL license version 3. The official web site can be found at http://www.vimbadmin.net and the source code of the application is available on github https://github.com/opensolutions. ## Details **CVE ID**: CVE-2017-6086 **Access…

OWASP Top Ten – Boring security that pays off

Posted on: 2017-05-04

There’s a lot of very unique, creative, and devastating cyber threats out there. The first inclination of a defender is to collect news of the new and terrifying and concentrate on network security defenses accordingly. This is completely understandable and mostly wrong. The majority of actual attacks, rather than proofs of concept, use simple and common vulnerabilities that in some cases are decades old. As an example, Facebook and Google recently fell victim to business email compromise. We’ve discussed on the blog previously that this is not much more complicated than standing on a street corner and politely (or impolitely, depending…

OWASP Top Ten – Boring security that pays off

Posted on: 2017-05-04

There’s a lot of very unique, creative, and devastating cyber threats out there. The first inclination of a defender is to collect news of the new and terrifying and concentrate on network security defenses accordingly. This is completely understandable and mostly wrong. The majority of actual attacks, rather than proofs of concept, use simple and common vulnerabilities that in some cases are decades old. As an example, Facebook and Google recently fell victim to business email compromise. We’ve discussed on the blog previously that this is not much more complicated than standing on a street corner and politely (or impolitely, depending…

SB17-121: Vulnerability Summary for the Week of April 24, 2017

Posted on: 2017-05-01

Original release date: May 01, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System…

SB17-121: Vulnerability Summary for the Week of April 24, 2017

Posted on: 2017-05-01

Original release date: May 01, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System…

Email Security Device quot;nomxquot; Has Serious Flaws: Researchers (SecurityWeek)

Posted on: 2017-05-01

Researchers claim to have found some serious vulnerabilities in “nomx,” a product designed for securing email communications. The vendor has disputed the findings and assured customers that its devices cannot be hacked remotely. Nomx is a protocol and device that allegedly “ensures absolute privacy for personal and commercial email and messaging.” British researchers Scott Helme and Professor Alan Woodward have been asked by the BBC to analyze the nomx personal email server appliance, which costs between $199 and $399, depending on its storage capacity. Their analysis revealed the existence of several security issues, including flaws that can be exploited remotely…

Nomx, the quot;most securequot; email service, can be easily hacked, say researchers (ZDNet)

Posted on: 2017-04-28

Editor's note: This post was originally published on Scott Helme's blog, and was reprinted to ZDNet with permission. I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. Down the rabbit hole we go!Nomx You can find the official nomx site at https://www.nomx.com and right away you will see how secure this device is. "Everything…

Nomx, the quot;most securequot; email service, can be easily hacked, say researchers (ZDNet)

Posted on: 2017-04-28

Editor's note: This post was originally published on Scott Helme's blog, and was reprinted to ZDNet with permission. I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. Down the rabbit hole we go!Nomx You can find the official nomx site at https://www.nomx.com and right away you will see how secure this device is. "Everything…

Nomx, the quot;most securequot; email service, can be easily hacked, say researchers (ZDNet)

Posted on: 2017-04-28

Editor's note: This post was originally published on Scott Helme's blog, and was reprinted to ZDNet with permission. I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. Down the rabbit hole we go!Nomx You can find the official nomx site at https://www.nomx.com and right away you will see how secure this device is. "Everything…