CVE-2005-1987

Buffer overflow in Collaboration Data Objects CDO, as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string...

security flaw

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in 1 the URL or 2 an e-mail message...

CVE-2001-1504

Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message...

CVE-2005-1769

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in 1 the URL or 2 an e-mail message...

CVE-2005-0563

Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...

CVE-2005-0563

Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...

Microsoft Windows help viewer vulnerable to heap overflow

Overview A vulnerability exists in the Microsoft Windows help viewer application that could allow a remote attacker to execute code of their choosing on a vulnerable system. Description The Microsoft Windows help viewer winhlp32.exe provides application assistance to users through a special type ...

CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message...

CVE-2004-1443

Cross-site scripting XSS vulnerability in the inline MIME viewer in Horde-IMP Internet Messaging Program 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message...

CVE-2004-1272

Buffer overflow in the saveembeddedaddress function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message...

CVE-2004-1272

Buffer overflow in the saveembeddedaddress function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message...

CVE-2004-1443

Cross-site scripting XSS vulnerability in the inline MIME viewer in Horde-IMP Internet Messaging Program 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message...

CVE-2002-1307

Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...

Horde-IMP: Input validation vulnerability for Internet Explorer users

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...

CVE-2004-0668

Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service server crash via a large e-mail message, as demonstrated using a large image attachment...

Fetchmail DoS

a specially crafted email message can cause fetchmail to crash...

fetchmail -- denial-of-service vulnerability

Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c. Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was...

CVE-2002-0411

Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line...

CVE-2001-0996

POP3Lite before 0.2.4 does not properly quote a . dot in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to...

CVE-2001-0945

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line...