3543 matches found
CVE-2002-2202
Affected software: Outlook Express 6.0. Issue: The product does not delete messages from DBX mailbox files when a user empties the Deleted Items folder, allowing local users to read other users’ email. Evidence: Descriptions in Red Hat and NVD/JST documents corroborate this behavior. Impact: Loca...
CVE-2005-1987
CVE-2005-1987 is a remote code execution vulnerability in Microsoft Collaboration Data Objects (CDO) used by CDOSYS/CDOEX on Windows and Exchange. An unchecked buffer triggered by processing a malformed SMTP/email header (e.g., oversized Content-Type) can allow an attacker to execute arbitrary co...
CVE-2005-2662
Summary (CVE-2005-2662) masqmail prior to 0.2.18 allows a remote attacker to execute arbitrary commands by sending crafted addresses in a failed delivery message. This is caused by improper sanitization during failed-delivery processing. In addition, CVE-2005-2663 involves a privilege-related iss...
CVE-2004-2482
Microsoft Outlook 2000 and 2003, when configured to use Word 2000/2003 as the e‑mail editor, is vulnerable to remote code execution via an improperly closed OBJECT tag in forwarded messages. The issue occurs because Outlook may automatically download the URI in the data property of the OBJECT tag...
CVE-2005-2450
Multiple integer overflows in the 1 TNEF, 2 CHM, or 3 FSG file format processors in libclamav for Clam AntiVirus ClamAV 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message...
CVE-2004-2147
The CVE-2004-2147 entry describes a DoS against unknown versions of Symantec Norton AntiVirus and Microsoft Outlook caused by malformed e‑mail messages that lack a body or lack a carriage return separating headers from the body. Connected documents do not add details on affected versions, root ca...
CVE-2002-1917
CRLF injection vulnerability in the User Profile: Send Email feature of Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC header. The description, sources, and connected documents confirm the affected products/...
CVE-2002-1738
CVE-2002-1738 affects Alt-N Technologies MDaemon 5.0.5.0 and earlier. The issue is that a default MDaemon mail account is created with the password “MServer,” which could allow remote attackers to send anonymous email. The available sources describe the affected product and the default credential...
CVE-2004-2137
The CVE-2004-2137 issue affects Outlook Express 6.0 when users send multipart e-mail messages with the setting to “Break apart messages larger than.” The vulnerability is that BCC recipients are leaked to To/CC addresses during this process, potentially exposing sensitive contact information. The...
Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
Description Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in...
Microsoft Windows HTML Help Remote Code Execution Vulnerability
Description Microsoft Windows HTML Help is affected by a remote code execution vulnerability. The vulnerability presents itself when the application handles malformed data through the InfoTech protocol ms-its, its, mk:@msitstore. An attacker may exploit this issue from a malicious Web page or...
CVE-2005-1682
The CVE describes a vulnerability in JavaMail API used by Solstice Internet Mail Server POP3 2.0, where the MimeMessage constructor in javax.mail.internet.InternetHeaders does not properly validate the message number, enabling remote authenticated users to read other users’ e‑mail by altering the...
CVE-2003-1133
CVE-2003-1133 affects Rit Research Labs The Bat! versions 1.0.11–2.0. The root cause is insecure ACLs used when creating new accounts, allowing local attackers to read other users’ email messages. The vulnerability is local and limited by the product’s access controls. KB/related advisories from ...
CVE-2004-2005
CVE-2004-2005 describes a buffer overflow in Eudora for Windows versions 5.2.1, 6.0.3, and 6.1. An attacker could trigger remote arbitrary code execution by sending an email containing (1) a link to a long URL to the C drive or (2) a long attachment name. The provided documents do not specify a p...
CVE-2005-0404
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email...
CVE-2005-0404
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email...
CVE-2005-0846
CVE-2005-0846 affects NetWin SurgeMail 2.2g3 and describes multiple XSS vulnerabilities in the email auto-reply message, exploitable via the (1) message subject or (2) message header field to inject arbitrary web script/HTML. Exploitation details are not provided beyond this, but a remediation is...
CVE-2005-0667
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message...
CVE-2005-0667
CVE-2005-0667 is a buffer‑overflow in Sylpheed’s header processing when replying to messages that contain non‑ASCII headers. Affected are Sylpheed before 1.0.3 and other versions before 1.9.5; successful exploitation can allow remote code execution with the user’s privileges. Several connected ad...
CVE-2005-0107
CVE-2005-0107 affects bsmtpd (versions 2.3 and earlier). The vulnerability arises from insufficient sanitization of e-mail addresses, enabling remote attackers to execute arbitrary commands during mail delivery. Debian and Red Hat advisories document remote, input‑sanitising failures with confirm...