EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability

Remote PGP Outlook Encryption Plug-in Vulnerability Release Date: July 10, 2002 Severity: High Remote Code Execution Systems Affected: NAI PGP Desktop Security 7.0.4 NAI PGP Personal Security 7.0.3 NAI PGP Freeware 7.0.3 Description: The beer is still cold, the days are still long, the exploits...

Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution

source: https://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in the content-type and...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

CVE-2001-0365

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags...

Microsoft Outlook 9798200045 - Address Book Spoofing

Microsoft Outlook 9798200045 - Address Book Spoofing source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that...

sunhome.txt

[email protected] Georgi Guninski security advisory 46, 2001 $HOME buffer overflow in SunOS 5.8 x86 Systems affected: SunOS 5.8 x86 have not tested on other OSes Risk: Medium Date: 4 June 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it unmodified. Y...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...

feeble.you!dora.exploit

Sunday, March 18, 2001 Silent delivery and installation of an executable on a target computer. No client input other than opening an email using Eudora 5.02 - Sponsored Mode provided 'use Microsoft viewer' and 'allow executables in HTML content' are enabled. One wonders why they are there in the...

Lotus Notes Stored Form Vulnerability

Security Advisory: Lotus Notes Stored Form Vulnerability Date: 8th February 2001 Author: Chris Jones aka dp [email protected] Versions Affected: At present only Lotus Notes v4.6 has been tested ---- Exploit Introduction ------------------------------------------ Due to the design flaws of Lotus Not...

UtilMind Mail List 1.7 - Users Can Execute Commands

UtilMind Mail List 1.7 - Users Can Execute Commands !/usr/bin/perl -w Mailing List & News Version 1.7 / PoC Exploit. UtilMind Solutions / http://www.utilmind.com/ Actually a pretty amusing exploit to write! The 'openMAIL, "|$mailprog $address"' ... code sends e-mail to those who are on the mailin...

Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow

Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow source: https://www.securityfocus.com/bid/1286/info Sending an email to a Concatus IMate Web Mail Server 2.5 with a server name consisting of over 1119 characters will cause the application to crash. Restarting the program is required in...

Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/1286/info Sending an email to a Concatus IMate Web Mail Server 2.5 with a server name consisting of over 1119 characters will cause the application to crash. Restarting the program is required in order to regain normal functionality. Telnet target 25 HELO...

Qpopper EUIDL Arbitrary Command Execution

The remote version of the Qpopper POP server contains a bug that could allow authenticated users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10423;...

Microsoft IIS 4.0 - Pickup Directory Denial of Service

Microsoft IIS 4.0 - Pickup Directory Denial of Service source: https://www.securityfocus.com/bid/1819/info An email with a filename consisting of over 86 characters and an extension of .txt.eml will cause Microsoft IIS to crash if placed in the \mailroot\pickup directory. The process inetinfo.exe...

ie5.file.txt

Microsoft Internet Explorer 4/5 overflows when the handling of "file://" specification. This overflow occurs when we are logging on to the Microsft Network, this overflow can be verified if the long name is specfied to the "file://". For example, file://test/AAAAAAAAAAAA.... long 'A' This is most...

ie.50.redirection.txt

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this...

Microsoft Internet Explorer 5 / Netscape Communicator 4.0/4.5/4.6 - JavaScript STYLE

Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability source: https://www.securityfocus.com/bid/630/info The HTML STYLE command can be used to embed Javascript into Hotmail email messages. The STYLE tag...

TFS Gateway 4.0 - Denial of Service

TFS Gateway 4.0 - Denial of Service source: https://www.securityfocus.com/bid/613/info TFS Gateway 4.0, when configured in a specific non-default manner, is vulnerable to a remotely exploitable denial of service attack. If 'return entire message to sender' is enabled for failed send attempts, and...

hotmail-attack-082698.txt

Date: Wed, 26 Aug 1998 18:21:40 +0200 From: Jonathan James Subject: SV: Serious Security Hole in Hotmail Dear all. I've got some e-mail-requests concerning my "second" version of the "hotmail flaw", so I've decided to post the code. This has been tested on IE 4.0 and Netscape 3.0 . The code...