455 matches found
HTML Email Creator <= 2.1b668 (html) Local SEH Overwrite Exploit
No description provided by source. / :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered and Exploited by dun HTML Email Creator = 2.1 build 668 html Local SEH Overwrite Exploit Vendor: http://www.html-email.net/...
Cryptomathic ActiveX Control Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17852/info Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory...
Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold Skinfile Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/5217/info Real Software has announced a vulnerability in RealJukebox2 and Real Player Gold. A buffer overflow condition exists due to insufficient bounds checking of fields in skinfiles. There is an unchecked buffer for t...
otrs 3.1 - Stored XSS vulnerability
No description provided by source. !/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + fix to...
[ MDVSA-2014:054 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:054 http://www.mandriva.com/en/support/security/ Package : otrs Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: An attacker could...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)
Updated otrs package fixes security vulnerability : An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695. %NASLMINLEVEL 70300 C Tenable Network Security,...
Updated otrs package fixes security vulnerability
An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...
MGASA-2014-0114 Updated otrs package fixes security vulnerability
An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
DEBIAN-CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
Cross site scripting
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
CVE-2013-6997
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...
CVE-2013-6997
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...
Mailbox App for iOS Automatically Executes Javascript
UPDATE – The popular Mailbox app for iOS suffers from a bit of a security nightmare. A security researcher in Italy recently discovered that the app automatically executes javascript contained in any HTML email. “It is just a bad design choice,” said researcher Michele Spagnulo, a computer...