Debian XTERM - DECRQSScomments Code Execution

Debian XTERM - DECRQSScomments Code Execution Package: xterm Version: 222-1etch2 Severity: grave Tags: security patch Justification: user security hole DECRQSS Device Control Request Status String "DCS $ q" simply echoes responds with invalid commands. For example, perl -e 'print...

CVE-2008-5514

CVE-2008-5514 describes an off-by-one error in the RFC822BUFFER handling of the UW c-client library (used by the UW IMAP toolkit). The root cause is an off-by-one in the rfc822_output_char function, which can be triggered by a crafted email message to cause a crash (context-dependent denial of se...

Norton Internet Security Denial of Service Vulnerability

This host has Norton AntiVius in Norton Internet Security installed and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: gbnortoninternetsecdosvuln.nasl 5370 2017-02-20 15:24:26Z cfi $ Norton Internet Security Denial of Service Vulnerability Authors: Sharath S Copyrigh...

CVE-2008-3962

The fromformat function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information memory contents in opportunistic circumstances by reading a message...

Format string

The fromformat function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information memory contents in opportunistic circumstances by reading a message...

CVE-2007-6706

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP...

GNOME Evolution format string vulnerability

Overview The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code. Description Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.From Secunia Advisory SA29057: A...

Debian Security Advisory DSA 1164-1 (sendmail)

The remote host is missing an update to sendmail announced via advisory DSA 1164-1. A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

CVE-2007-5046

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

Microsoft Exchange Outlook Web Access UTF character set label script injection vulnerability

Overview Microsoft Exchange Outlook Web Access OWA fails to properly handle the UTF character set label, which can allow a remote, unauthenticated attacker to execute script within the security context of the OWA user. Description OWA allows users to access their email accounts on a Microsoft...

MS Windows Animated Cursor (.ANI) Stack Overflow Exploit

Exploit for unknown platform in category local exploits ======================================================== MS Windows Animated Cursor .ANI Stack Overflow Exploit ======================================================== / Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows .ANI LoadAniIcon...

CVE-2007-1282

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...

CVE-2006-6940

Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA pop2owa 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message...

Microsoft Outlook vulnerable to DoS via a malformed email message

Overview There is a vulnerability in the way Microsoft Outlook handles malformed email messages that may allow a remote, unauthenticated attacker to cause a denial of service. Description Microsoft Outlook contains a vulnerability in the way that it handles certain email message headers. Accordin...

DSA-1164 sendmail - programming error

Bulletin has no description...

Microsoft Exchange Server 20002003 - Outlook Web Access Script Injection

Microsoft Exchange Server 20002003 - Outlook Web Access Script Injection source: https://www.securityfocus.com/bid/18381/info Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to...

[SA18975] POPFile Email Message Handling Denial of Service

TITLE: POPFile Email Message Handling Denial of Service SECUNIA ADVISORY ID: SA18975 VERIFY ADVISORY: http://secunia.com/advisories/18975/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: POPFile 0.x http://secunia.com/product/8275/ DESCRIPTION: A vulnerability has been reported i...

Heap overflow

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type EOT web font that triggers the...

CVE-2005-4209

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting XSS...