3543 matches found
metamail contains multiple buffer overflow vulnerabilities
Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...
CVE-2002-1575
The CVE-2002-1575 entry concerns cgiemail, a CGI form-mail utility. The vulnerability enables remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline characters in parameters (e.g., required-subject), allowing modification of CC/BCC/header fields in generated emails...
CVE-2003-0564
The CVE-2003-0564 issue affects S/MIME parsing in NSS/Mozilla stacks. The NISCC-derived notes describe bugs in NSS versions prior to 3.9 where parsing unexpected ASN.1 structures in S/MIME data could cause a crash or high memory use, potentially enabling remote denial of service and, in some case...
CVE-2003-0468
Summary of the CVE-2003-0468 family (Postfix) : The issue affects Postfix versions up to 1.1.11 (and variants discussed in 1.1.x line) and enables a remote attacker to perform bounce-scans or use the MTA as a DoS/DDoS tool by causing SMTP connections to target hosts via crafted addresses. Public ...
CVE-2003-0336
Qualcomm Eudora 5.2.1 is affected by CVE-2003-0336. A remote attacker can read arbitrary files by sending an email message that contains a carriage return (CR) in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. This represents a file-read vulnerability via craft...
Restricted Zone: the OUTLOOK EXPRESS
Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...
Phorum 3.4 - Email Subject Line Script Injection
Phorum 3.4 - Email Subject Line Script Injection source: https://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line or other fields before sending an...
Phorum 3.4 - Email Subject Line Script Injection
source: https://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line or other fields before sending an email to the target victim. "alert"Vulnerable";...
CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
Core Security Technologies Advisory http://www.coresecurity.com Multiple vulnerabilities in Ximian's Evolution Mail User Agent Date Published: 2003-03-19 Last Update: 2003-03-19 Advisory ID: CORE-20030304-01 Bugtraq IDs: 7117, 7118, 7119 CVE CAN: CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 Title:...
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize...
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass
source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...
Ipswitch IMail Web Interface URI Referer Session Token Disclosure
The remote host is running IMail web interface. In this version, the session is maintained via the URL. It will be disclosed in the Referer field if you receive an email with external links e.g. images %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: http://www.nessus.org/u?fd6d15...
Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution
Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using...
CVE-2002-1839
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message...
Pine 4.x - 'From:' Heap Corruption
source: https://www.securityfocus.com/bid/6120/info A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a core dump. Execution of arbitrary...
Command execution in perl-MailTools
Usage of mailx as a mailer allows command insertion into mail body...
KMMail 1.0 - E-Mail HTML Injection
KMMail 1.0 - E-Mail HTML Injection source: https://www.securityfocus.com/bid/6013/info kmMail does not sufficiently sanitize HTML and script code from the body of e-mail messages. As a result, an attacker may send a malicious message to a user of kmMail that includes arbitrary HTML and script cod...
Rudi Benkovic JAWMail 1.0 - Script Injection
Rudi Benkovic JAWMail 1.0 - Script Injection source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user...
Rudi Benkovic JAWMail 1.0 - Script Injection
source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicio...
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...