CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-27443

CVE-2024-27443 affects Zimbra Collaboration (ZCS) 9.0 and 10.0, with a cross-site scripting flaw in the CalendarInvite feature caused by improper input validation of the calendar header. An attacker can embed a payload in a crafted calendar header sent via email; when a recipient views the messag...

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...

Fedora 40 : thunderbird (2024-d8a0e599e2)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d8a0e599e2 advisory. Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects...

Rocky Linux 8 : thunderbird (RLSA-2024:1494)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1494 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

RHEL 8 : thunderbird (RHSA-2024:1500)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1500 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

CentOS 7 : thunderbird (RHSA-2024:1498)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1498 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

RHEL 9 : thunderbird (RHSA-2024:1493)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1493 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

RHEL 8 : thunderbird (RHSA-2024:1494)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1494 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

RHEL 8 : thunderbird (RHSA-2024:1496)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1496 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

Debian dsa-5644 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5644 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...

Mozilla Thunderbird Security Update (MFSA2024-11) - Windows

Mozilla Thunderbird is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache James MIME4J Input Validation Error Vulnerability

Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...

Server side request forgery (ssrf)

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

CVE-2024-0601 ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

CVE-2024-0601

CVE-2024-0601 affects ZhongFuCheng3y Austin 1.0, specifically the getRemoteUrl2File function in AustinFileUtils.java (Email Message Template Handler). Multiple connected sources (NVD, Red Hat, PRION, PT-SEC) corroborate a server-side request forgery (SSRF) condition triggered by insufficient vali...

Austin security breach

Austin is a message push platform. A security vulnerability exists in Austin version 1.0, which stems from a Server Request Forgery SSRF vulnerability in the component Email Message Template Handler...

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies

Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...

CVE-2024-0286

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.phpcontactus of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possibl...

PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. A cross-site scripting vulnerability exists in PHPGurukul Hospital Management System version 1.0, which originates in the component Contact Form, index.phpcontactus, which contains an unknown section that...