CVE-2017-16962

The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...

PHPMailer 5.2.21 Local File Disclosure Exploit

Exploit for php platform in category local exploits Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "email protected"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer...

PHPMailer < 5.2.21 - Local File Disclosure

Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

CVE-2017-7141

CVE-2017-7141 affects Apple macOS before 10.13 (macOS High Sierra) in the Mail component. The issue allows a remote attacker to bypass the setting “Load remote content in messages” via an HTML email message, enabling the attacker to discover the e-mail recipient’s IP address. The vulnerability st...

Description of the security update for Outlook 2016: October 10, 2017

Description of the security update for Outlook 2016: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

[SECURITY] Fedora 25 Update: php-PHPMailer-5.2.24-1.fc25

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

Code injection

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

Microsoft Outlook - HTML Email Denial of Service

Microsoft Outlook - HTML Email Denial of Service Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they...

OPENSUSE-SU-2016:2484-1 Security update for MozillaThunderbird

This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues: - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. MFSA 2016-86, boo999701 The following bugs were fixed in...

CVE-2015-7776

CVE-2015-7776 affects Cybozu Garoon 3.x and 4.x prior to 4.2.0. The vulnerability arises from improper restriction on loading IMG elements in HTML email, enabling remote attackers to track users via crafted messages. The issue is explicitly described as a different vulnerability from CVE-2016-119...

Vulnerability in Samsung SecEmailUI

Samsung SecEmailUI is a set of apk for email reader for email client from Samsung South Korea. A security vulnerability exists in Samsung SecEmailUI. The vulnerability can be exploited by an attacker to execute arbitrary JavaScript code by tricking a user into viewing an email with HTML code tags...

Samsung SecEmailUI Script Injection Exploit

Exploit for Android platform in category remote exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=494 ''' The default Samsung email client's email viewer and composer implemented in SecEmailUI.apk doesn't sanitize HTML email content for scripts before rendering...

Apple iOS Malicious Email Forgery Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability in the handling of HTML emails in Apple iOS allows an attacker to send a special email where the message can be viewed with an arbitrary WEB page to replace the message content...

iOS 8.1.2 Mail.app Injection - Load remote content without user interaction

This exploit allows an attacker to load remote website inside iOS's native Mail.app without any user interaction other than opening the HTML e-mail message containing the payload. Example: After opening the malicious message: http://i.imgur.com/GPMqdOv.jpg iPhone http://i.imgur.com/zJ7W24N.jpg iP...