Lucene search
+L

3543 matches found

CVE
CVE
added 2005/11/16 9:17 p.m.48 views

CVE-2002-2202

Affected software: Outlook Express 6.0. Issue: The product does not delete messages from DBX mailbox files when a user empties the Deleted Items folder, allowing local users to read other users’ email. Evidence: Descriptions in Red Hat and NVD/JST documents corroborate this behavior. Impact: Loca...

3.8CVSS6.5AI score0.01295EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2005/10/13 4:0 a.m.70 views

CVE-2005-1987

CVE-2005-1987 is a remote code execution vulnerability in Microsoft Collaboration Data Objects (CDO) used by CDOSYS/CDOEX on Windows and Exchange. An unchecked buffer triggered by processing a malformed SMTP/email header (e.g., oversized Content-Type) can allow an attacker to execute arbitrary co...

7.5CVSS7.7AI score0.43446EPSS
Exploits0References19Affected Software1
CVE
CVE
added 2005/09/21 4:0 a.m.57 views

CVE-2005-2662

Summary (CVE-2005-2662) masqmail prior to 0.2.18 allows a remote attacker to execute arbitrary commands by sending crafted addresses in a failed delivery message. This is caused by improper sanitization during failed-delivery processing. In addition, CVE-2005-2663 involves a privilege-related iss...

7.5CVSS7.3AI score0.02391EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2005/08/21 4:0 a.m.77 views

CVE-2004-2482

Microsoft Outlook 2000 and 2003, when configured to use Word 2000/2003 as the e‑mail editor, is vulnerable to remote code execution via an improperly closed OBJECT tag in forwarded messages. The issue occurs because Outlook may automatically download the URI in the data property of the OBJECT tag...

5CVSS7.7AI score0.12761EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2005/08/03 4:0 a.m.7 views

CVE-2005-2450

Multiple integer overflows in the 1 TNEF, 2 CHM, or 3 FSG file format processors in libclamav for Clam AntiVirus ClamAV 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message...

6.6AI score
Exploits0References15
CVE
CVE
added 2005/07/01 4:0 a.m.51 views

CVE-2004-2147

The CVE-2004-2147 entry describes a DoS against unknown versions of Symantec Norton AntiVirus and Microsoft Outlook caused by malformed e‑mail messages that lack a body or lack a carriage return separating headers from the body. Connected documents do not add details on affected versions, root ca...

5CVSS6.9AI score0.01439EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2005/06/28 4:0 a.m.50 views

CVE-2002-1917

CRLF injection vulnerability in the User Profile: Send Email feature of Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC header. The description, sources, and connected documents confirm the affected products/...

5CVSS7.2AI score0.01409EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/06/21 4:0 a.m.53 views

CVE-2002-1738

CVE-2002-1738 affects Alt-N Technologies MDaemon 5.0.5.0 and earlier. The issue is that a default MDaemon mail account is created with the password “MServer,” which could allow remote attackers to send anonymous email. The available sources describe the affected product and the default credential...

5CVSS7.3AI score0.01336EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/06/14 4:0 a.m.43 views

CVE-2004-2137

The CVE-2004-2137 issue affects Outlook Express 6.0 when users send multipart e-mail messages with the setting to “Break apart messages larger than.” The vulnerability is that BCC recipients are leaked to To/CC addresses during this process, potentially exposing sensitive contact information. The...

5CVSS6.9AI score0.26142EPSS
Exploits0References7Affected Software1
Symantec
Symantec
added 2005/06/14 12:0 a.m.14 views

Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability

Description Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in...

0.1AI score
Exploits0References2Affected Software2
Symantec
Symantec
added 2005/06/14 12:0 a.m.17 views

Microsoft Windows HTML Help Remote Code Execution Vulnerability

Description Microsoft Windows HTML Help is affected by a remote code execution vulnerability. The vulnerability presents itself when the application handles malformed data through the InfoTech protocol ms-its, its, mk:@msitstore. An attacker may exploit this issue from a malicious Web page or...

8.3AI score
Exploits0References2Affected Software3
CVE
CVE
added 2005/05/25 4:0 a.m.48 views

CVE-2005-1682

The CVE describes a vulnerability in JavaMail API used by Solstice Internet Mail Server POP3 2.0, where the MimeMessage constructor in javax.mail.internet.InternetHeaders does not properly validate the message number, enabling remote authenticated users to read other users’ e‑mail by altering the...

2.1CVSS6.8AI score0.00686EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2005/05/10 4:0 a.m.44 views

CVE-2003-1133

CVE-2003-1133 affects Rit Research Labs The Bat! versions 1.0.11–2.0. The root cause is insecure ACLs used when creating new accounts, allowing local attackers to read other users’ email messages. The vulnerability is local and limited by the product’s access controls. KB/related advisories from ...

2.1CVSS6.2AI score0.00442EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2005/05/10 4:0 a.m.47 views

CVE-2004-2005

CVE-2004-2005 describes a buffer overflow in Eudora for Windows versions 5.2.1, 6.0.3, and 6.1. An attacker could trigger remote arbitrary code execution by sending an email containing (1) a link to a long URL to the C drive or (2) a long attachment name. The provided documents do not specify a p...

5.1CVSS8.4AI score0.0349EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0404

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email...

5CVSS5.9AI score0.0298EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/04/13 4:0 a.m.26 views

CVE-2005-0404

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email...

6.5AI score0.0298EPSS
Exploits1References4
CVE
CVE
added 2005/03/24 5:0 a.m.45 views

CVE-2005-0846

CVE-2005-0846 affects NetWin SurgeMail 2.2g3 and describes multiple XSS vulnerabilities in the email auto-reply message, exploitable via the (1) message subject or (2) message header field to inject arbitrary web script/HTML. Exploitation details are not provided beyond this, but a remediation is...

4.3CVSS5.8AI score0.01833EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2005/03/07 5:0 a.m.21 views

CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message...

5.1CVSS7.7AI score0.03246EPSS
Exploits0References6
CVE
CVE
added 2005/03/07 5:0 a.m.71 views

CVE-2005-0667

CVE-2005-0667 is a buffer‑overflow in Sylpheed’s header processing when replying to messages that contain non‑ASCII headers. Affected are Sylpheed before 1.0.3 and other versions before 1.9.5; successful exploitation can allow remote code execution with the user’s privileges. Several connected ad...

5.1CVSS7.6AI score0.03246EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2005/02/25 5:0 a.m.49 views

CVE-2005-0107

CVE-2005-0107 affects bsmtpd (versions 2.3 and earlier). The vulnerability arises from insufficient sanitization of e-mail addresses, enabling remote attackers to execute arbitrary commands during mail delivery. Debian and Red Hat advisories document remote, input‑sanitising failures with confirm...

7.5CVSS7.2AI score0.01924EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder