3543 matches found
CVE-2004-1443
CVE-2004-1443 is a documented XSS vulnerability in the Horde-IMP inline MIME viewer affecting Horde-IMP versions 3.2.4 and earlier when accessed with Internet Explorer. The vulnerability allows an attacker to inject arbitrary script/HTML via a crafted e‑mail message. Public assessment sources con...
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...
CVE-2005-0127
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine...
CVE-2004-2137
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information...
CVE-2004-1098
CVE-2004-1098 affects MIME-tools (v5.414) used by MIMEDefang. The vulnerability arises from an empty boundary string in the Content-Type header, which lets a virus-infected attachment bypass some antivirus scanning. Impact is bypass of virus detection; published advisories reference MIME-tools an...
GLSA-200411-25 : SquirrelMail: Encoded text XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200411-25 SquirrelMail: Encoded text XSS vulnerability SquirrelMail fails to properly sanitize certain strings when decoding specially crafted headers. Impact : By enticing a user to read a specially crafted e-mail, an attacker ca...
Microsoft Outlook 2003 - Security Policy Bypass
source: https://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient manner, it is then possible to reference this base64...
Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass
source: https://www.securityfocus.com/bid/11447/info Microsoft Outlook Express is reported prone to a security policy bypass vulnerability. The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI. This will result in a policy bypass because the...
Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability
Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...
Eudora 6.2.0.7 Attachment Spoofer Exploit
Exploit for unknown platform in category remote exploits ========================================= Eudora 6.2.0.7 Attachment Spoofer Exploit ========================================= !/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.2.0.7 on Windo...
CVE-2002-1307
Summary: CVE-2002-1307 is a cross-site scripting (XSS) vulnerability in MHonArc versions 2.5.12 and earlier, exploitable when an email message contains a script embedded in a MIME header name. The issue allows remote attackers to inject script/HTML via headers, with the impact of partial confiden...
CVE-2002-1198
This CVE (CVE-2002-1198) affects Bugzilla 2.16.x prior to 2.16.1. The issue is an SQL injection vulnerability during account creation caused by improper filtering of apostrophes in the email address, enabling remote attackers to execute arbitrary SQL. Affected component: Bugzilla account creation...
GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users
The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...
Lotus Notes R5 S/MIME Message Modification Warning Failure
Binary data 1304.prm...
CVE-2004-0502
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shel...
Symantec Brightmail Anti-Spam 6.0 - Unauthorized Message Disclosure
source: https://www.securityfocus.com/bid/10657/info Symantec Brightmail anti-spam is reported prone to an unauthorized message disclosure vulnerability. This issue exists in the Brightmail anti-spam control center. Due to improper access validation a remote attacker can read users' filtered emai...
CVE-2004-0182
Mailman before 2.0.13 allows remote attackers to cause a denial of service crash via an email message with an empty subject field...
Exim verify=header_syntax buffer overflow
Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description When the option "verify = headersyntax" is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...
CVE-2004-0152
The CVE-2004-0152 issue affects Emil (mail filter) with multiple stack-based buffer overflows in encode_mime, encode_uuencode, and decode_uuencode functions for Emil 2.1.0 and earlier. Attackers can send email attachments with filenames that trigger arbitrary code execution. Public references inc...
Eudora 6.0.3 (Windows) - Attachment Spoofing
!/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "\n"; print "This is a multi-part message in MIME format.\n";...