3543 matches found
Know thyself commonly used to hack Email accounts of three methods-vulnerability warning-the black bar safety net
E-mail is not secure, in the mail sending, transmitting and receiving the whole process of each link is there may be a weak link, a malicious user if the use of their vulnerability, it is possible to easily hack the account to get mail content. One, the use of the mail serveroperating...
QK SMTP远程栈溢出漏洞
QK SMTP Server是一款SMTP(简单邮件传输协议)服务器软件。 QK SMTP Server在处理用户命令参数时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 QK SMTP Server在处理传送给“RCPT TO:”命令的参数时存在栈溢出漏洞,远程攻击者可以通过向服务器发送超长参数导致执行任意指令。 QKSoft QK SMTP 3.1.0 Beta QKSoft QK SMTP 3.0.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.qksoft.com/ /...
Microsoft Word Mac Remote Code Execution Vulnerability
Description Microsoft Word for Mac is prone to a remote code-execution vulnerability when parsing Word files. Exploiting this vulnerability may allow an attacker to execute arbitrary machine code in the context of the user who opened the file. An attacker could leverage this issue to gain the...
Microsoft Outlook Express 6.00.2800.1409
INFIGO IS Security Advisory ADV-2006-08-04 http://www.infigo.hr/ Title: MDaemon POP3 server remote buffer overflow preauth Advisory ID: INFIGO-2006-08-04 Date: 2006-08-21 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2006-08-04 Impact: Remote code execution preauth Risk Level:...
CVE-2006-3901
The CVE-2006-3901 issue affects Tumbleweed Email Firewall (EMF). Multiple stack-based buffer overflows in EMF’s handling of LHA archives allow remote attackers to execute arbitrary code via an email attachment containing an LHA archive with (1) a long extended header for a file, (2) a long extend...
Teach you powerful crack E-mail passwords of three methods-vulnerability warning-the black bar safety net
E-mail is not secure, in the mail sending, transmitting and receiving the whole process of each link is there may be a weak link, a malicious user if the use of their vulnerability, it is possible to easily hack the account to get mail content. First, the use of the mail serveroperating...
Yahoo! Mail script injection vulnerability
Overview A script injection vulnerability exists in Yahoo! Mail. Description Yahoo! Mail is vulnerable to script injection. Specifically, Yahoo! Mail fails to properly filter the body of email messages for script code. If a remote attacker can persuade a user to open a specially crafted email...
Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
Description The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer...
The Bat! 2.x message headers spoofing
Title: The Bat! 2.x message headers spoofing Author: 3APA3A Vendor: RitLabs Vendor's page http://thebat.net/ Application: The Bat 2.x 2.12.04 tested Not vulnerable: The Bat! 3.5 Remote: Yes, against client Category: Information spoofing Intro: The Bat! is very convenient, powerful and secure...
CVE-2005-1753
CVE-2005-1753 affects JavaMail API versions 1.1.3 through 1.3, used by Apache Tomcat 5.0.16. The ReadMessage.jsp component allows remote attackers to view other users’ email attachments via direct requests to /mailboxesdir/username@domainname. Sun and Apache dispute the issue, stating published r...
CVE-2006-0027
CVE-2006-0027 describes a remote code execution vulnerability in Microsoft Exchange Server triggered by specially crafted vCal/iCal properties in email messages. Public sources (MS06-019) document a heap overflow in MODPROP handling within VCAL requests as the underlying root cause. Affected prod...
Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
Description Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. Technologies Affect...
CVE-2006-0040
CVE-2006-0040 affects GNOME Evolution 2.4.2.1 and earlier. A remote attacker can trigger a denial of service by sending a text email containing a very large number of URLs, leading to increased CPU and memory usage. The root cause is noted as potentially related to gtkhtml, but the exact flaw is ...
CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...
CVE-2006-0876
POPFile (a Bayesian mail classifier) is affected by CVE-2006-0876: versions before 0.22.4 can be forced to crash (denial of service) via unspecified vectors involving character sets in email messages. The Debian advisory notes fixes in 0.22.2-2sarge1 (stable update) and 0.22.4-1 (unstable), and r...
CVE-2006-0709
CVE-2006-0709 targets Metamail, reporting a buffer overflow when processing MIME boundaries that could lead to DoS or arbitrary code execution. Connected advisories confirm remote exploitation and provide fixes: Debian DSA-995-1 and 0F4EA (metamail upgrades to patched revisions), Gentoo GLSA-2006...
CVE-2006-0663
CVE-2006-0663 affects Lotus Domino iNotes Client 6.5.4 and 7.0. The issue consists of multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via: (1) an email subject, (2) an encoded javascript URI (e.g., java script:), and (3) when ...
CVE-2005-4445
CVE-2005-4445 affects Pegasus Mail client versions 4.21a–4.21c and 4.30PB1. An off-by-one error in email header processing causes a one-byte buffer overflow , enabling remote attackers to execute arbitrary code by sending a crafted long header. Exploitation is remote; no authentication is indicat...
CVE-2005-3351
CVE-2005-3351 affects SpamAssassin 3.0.4, where an e-mail with an extremely large number of recipients causes a bus error in Perl, bypassing spam detection and potentially impacting mail processing. Public advisories (RH/CentOS/SUSE) describe a denial-of-service risk and direct upgrade to SpamAss...
CVE-2005-3351
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients "To" addresses, which triggers a bus error in Perl...