6475 matches found
CVE-2001-1373
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments...
CVE-2003-0121
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients...
CVE-2003-0121
CVE-2003-0121 affects Clearswift MAILsweeper 4.x. The issue is a MIME-attachment evasion where an attachment lacking a MIME-Version header can bypass detection by some mail clients, allowing the attacker to pass the attachment unrecognized. The NVD entry notes a network-path attack with low compl...
CVE-2003-0121
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients...
Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue
!-- Step 2: Now create a text file that will be used to hold the MIME encoded attachment. Start notepad or another text editor, and paste in: MIME-Version: 1.0 Content-Location:file:///executable.exe Content-Transfer-Encoding: base64 TVp0AQIAAAAgAAgA//8YAIAAAAAQAAIAHgAAAAEAAAAAA...
Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue
-- Corsaire Security Advisory -- Title: Clearswift MAILsweeper MIME attachment evasion issue Date: 03.03.03 Application: Clearswift MAILsweeper 4.x Environment: Windows NT 4.0, Windows 2000, Author: Martin O'Neal [email protected] Audience: General distribution -- Scope -- The aim of this...
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass
source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize...
Qualcomm Eudora 5.0/5.1/6.0 - Long Attachment Filename Denial of Service (1)
source: https://www.securityfocus.com/bid/7026/info Eudora may crash when handling messages which contain attachments with excessively long filenames. This condition reportedly occurs when messages with malformed attachment filenames are stored in the user's mailbox, which could result in a...
Qualcomm Eudora 5.05.16.0 - Long Attachment Filename Denial of Service (1)
Qualcomm Eudora 5.05.16.0 - Long Attachment Filename Denial of Service 1 source: https://www.securityfocus.com/bid/7026/info Eudora may crash when handling messages which contain attachments with excessively long filenames. This condition reportedly occurs when messages with malformed attachment...
WihPhoto 0.86 dev - 'sendphoto.php' File Disclosure
source: https://www.securityfocus.com/bid/6929/info A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers. The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file. An attacker can explo...
CVE-2003-0057
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code 1 via a long attachment filename that is not properly handled by the hypermail executable, or 2 by connecting to the mail CGI program from an IP address...
CVE-2003-0057
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code 1 via a long attachment filename that is not properly handled by the hypermail executable, or 2 by connecting to the mail CGI program from an IP address...
CVE-2002-1710
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file...
CVE-2002-1711
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments...
CVE-2002-2228
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with 1 extra leading spaces, 2 extra trailing spaces, or 3 alternate character encodings that cannot be processed by MailScanner...
CVE-2002-1210
Vulnerability summary (CVE-2002-1210) : Qualcomm Eudora 5.1.1, 5.2 (and possibly other versions) stores email attachments in a predictable location. This enables remote attackers to read arbitrary files by sending a link that loads an attachment containing malicious script into a frame, where the...
CVE-2002-1210
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...
Microsoft Internet Explorer 6 - File Attachment Script Execution
Microsoft Internet Explorer 6 - File Attachment Script Execution source: https://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are...
Qualcomm Eudora 56 - File Attachment Spoofing (1)
Qualcomm Eudora 56 - File Attachment Spoofing 1 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...