6475 matches found
Qualcomm Eudora 5/6 - File Attachment Spoofing (2)
source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...
Qualcomm Eudora 5/6 - File Attachment Spoofing (1)
source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...
Qualcomm Eudora 56 - File Attachment Spoofing (2)
Qualcomm Eudora 56 - File Attachment Spoofing 2 source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing...
Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution
source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code execution could occur when the file attachment is opened, without further...
Microsoft Outlook Express 56 - Spoofable File Extensions
Microsoft Outlook Express 56 - Spoofable File Extensions source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe fi...
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice...
CVE-2002-0456
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames...
CVE-2002-0455
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames...
QNX
Shouts Zen-parse, lockdown, sloth, ^ChAoS, elfan, Albert E., S. Hawking, Ali G, Jenna Jameson flur, FreeBSD Security Officers, the guy that used to clean our desks every morning and still cleans jaguars desk., QNX developers, Jon Lasser col/67, merlions girlfriend, ourselves and Jenna again. Issu...
MIME::Tools Perl module and virus scanners
Background ---------- MIME::Tools is a very nice Perl module for parsing and constructing MIME-encoded mail messages. The latest stable version is 5.411a. MIME::Tools works very well on valid MIME messages. However, there are a number of problems if you use it to implement server-based mail...
CVE-2001-1282
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information...
CVE-2002-0338
The CVE-2002-0338 issue affects The Bat! mail client, specifically version 1.53d and 1.54beta (and possibly others). A remote attacker can trigger a denial of service (crash) by sending an attachment whose filename includes an MS-DOS device name. The available references confirm the consequence a...
CVE-2002-0338
The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service crash via an attachment whose name includes an MS-DOS device name...
Bypassing content filtering
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...
Automatically opening IE + Executing attachments
GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...
CVE-1999-1263
CVE-1999-1263 affects Metamail prior to 2.7-7.2. A remote attacker can overwrite arbitrary files via an e-mail with a uuencoded attachment that specifies a full pathname, processed by Metamail scripts such as sun-audio-file. Root cause is the handling of uuencode in Metamail scripts, enabling arb...
CVE-1999-1263
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file...
CVE-2001-0677
Eudora 5.0.2 is affected. A remote attacker can read arbitrary files by crafting an email whose Attachment Converted MIME header contains the path to a target file; when the user forwards the message, the file is sent to the attacker. Root cause involves improper handling of the Attachment Conver...
CVE-2001-0692
SMTP proxy in WatchGuard Firebox 2500 and 4500 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes...
SECURITY.NNOV: Bypassing content filtering software
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...