Lucene search
+L

3543 matches found

CERT
CERT
added 2004/02/24 12:0 a.m.28 views

metamail contains multiple buffer overflow vulnerabilities

Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...

7.5CVSS7.5AI score0.08227EPSS
Exploits0References1
CVE
CVE
added 2004/02/11 5:0 a.m.62 views

CVE-2002-1575

The CVE-2002-1575 entry concerns cgiemail, a CGI form-mail utility. The vulnerability enables remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline characters in parameters (e.g., required-subject), allowing modification of CC/BCC/header fields in generated emails...

5CVSS6.7AI score0.01387EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2003/11/06 5:0 a.m.55 views

CVE-2003-0564

The CVE-2003-0564 issue affects S/MIME parsing in NSS/Mozilla stacks. The NISCC-derived notes describe bugs in NSS versions prior to 3.9 where parsing unexpected ASN.1 structures in S/MIME data could cause a crash or high memory use, potentially enabling remote denial of service and, in some case...

5CVSS9.8AI score0.07643EPSS
Exploits0References13Affected Software2
CVE
CVE
added 2003/08/05 4:0 a.m.121 views

CVE-2003-0468

Summary of the CVE-2003-0468 family (Postfix) : The issue affects Postfix versions up to 1.1.11 (and variants discussed in 1.1.x line) and enables a remote attacker to perform bounce-scans or use the MTA as a DoS/DDoS tool by causing SMTP connections to target hosts via crafted addresses. Public ...

5CVSS6.2AI score0.02382EPSS
Exploits4References9Affected Software2
CVE
CVE
added 2003/05/23 4:0 a.m.48 views

CVE-2003-0336

Qualcomm Eudora 5.2.1 is affected by CVE-2003-0336. A remote attacker can read arbitrary files by sending an email message that contains a carriage return (CR) in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. This represents a file-read vulnerability via craft...

5CVSS7.1AI score0.0161EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/05/22 12:0 a.m.31 views

Restricted Zone: the OUTLOOK EXPRESS

Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2003/04/02 12:0 a.m.10 views

Phorum 3.4 - Email Subject Line Script Injection

Phorum 3.4 - Email Subject Line Script Injection source: https://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line or other fields before sending an...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/02 12:0 a.m.27 views

Phorum 3.4 - Email Subject Line Script Injection

source: https://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line or other fields before sending an email to the target victim. "alert"Vulnerable";...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/03/20 12:0 a.m.38 views

CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent

Core Security Technologies Advisory http://www.coresecurity.com Multiple vulnerabilities in Ximian's Evolution Mail User Agent Date Published: 2003-03-19 Last Update: 2003-03-19 Advisory ID: CORE-20030304-01 Bugtraq IDs: 7117, 7118, 7119 CVE CAN: CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 Title:...

5CVSS7.1AI score0.16522EPSS
Exploits3
exploitpack
exploitpack
added 2003/03/07 12:0 a.m.17 views

Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass

Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/07 12:0 a.m.42 views

Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass

source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/02/25 12:0 a.m.37 views

Ipswitch IMail Web Interface URI Referer Session Token Disclosure

The remote host is running IMail web interface. In this version, the session is maintained via the URL. It will be disclosed in the Referer field if you receive an email with external links e.g. images %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: http://www.nessus.org/u?fd6d15...

7.5CVSS5.5AI score0.03495EPSS
Exploits0References6
exploitpack
exploitpack
added 2003/02/24 12:0 a.m.15 views

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using...

0.6AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.16 views

CVE-2002-1839

Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message...

5CVSS6.7AI score0.02062EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2002/11/07 12:0 a.m.20 views

Pine 4.x - 'From:' Heap Corruption

source: https://www.securityfocus.com/bid/6120/info A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a core dump. Execution of arbitrary...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/11/06 12:0 a.m.41 views

Command execution in perl-MailTools

Usage of mailx as a mailer allows command insertion into mail body...

3.2AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2002/10/21 12:0 a.m.20 views

KMMail 1.0 - E-Mail HTML Injection

KMMail 1.0 - E-Mail HTML Injection source: https://www.securityfocus.com/bid/6013/info kmMail does not sufficiently sanitize HTML and script code from the body of e-mail messages. As a result, an attacker may send a malicious message to a user of kmMail that includes arbitrary HTML and script cod...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2002/09/23 12:0 a.m.19 views

Rudi Benkovic JAWMail 1.0 - Script Injection

Rudi Benkovic JAWMail 1.0 - Script Injection source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user...

7.8AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/23 12:0 a.m.29 views

Rudi Benkovic JAWMail 1.0 - Script Injection

source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicio...

7.4AI score
Exploits0
CERT
CERT
added 2002/09/13 12:0 a.m.22 views

Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities

Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...

7.5CVSS6.5AI score0.06667EPSS
Exploits0References4
Rows per page
Query Builder