CVE-2013-6997

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

Mailbox App for iOS Automatically Executes Javascript

UPDATE – The popular Mailbox app for iOS suffers from a bit of a security nightmare. A security researcher in Italy recently discovered that the app automatically executes javascript contained in any HTML email. “It is just a bad design choice,” said researcher Michele Spagnulo, a computer...

CVE-2013-5118

Cross-site scripting XSS vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message...

Good for Enterprise 2.2.2.1611 - Cross-Site Scripting

Good for Enterprise 2.2.2.1611 - Cross-Site Scripting The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

Good For Enterprise 2.2.2.1611 Cross Site Scripting

Hello, Last month I identified a XSS vulnerability in the Good for Enterprise iOS application. The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable...

CVE-2013-0127

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

Cerb Multiple Vulnerabilities

The version of Cerb installed on the remote host is earlier than 6.2.5. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in that the application does not validate input passed via HTML email attachments, making it vulnerable to XSS. An attacker could exploit this issue to...

Design/Logic Flaw

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebK...

Microsoft Office Outlook Information Disclosure Vulnerability (2813682) - Mac OS X

This host is missing an important security update according to Microsoft Bulletin MS13-026. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS13-026: Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682) (Mac OS X)

The remote Mac OS X host is running a version of Microsoft Outlook that allows content from a remote server to be loaded without user interaction when a user previews or opens a specially crafted HTML email message. This could allow an attacker to verify that an account is actively used and that...

FreeBSD : otrs -- XSS vulnerability could lead to remote code execution (84065569-7fb4-11e2-9c5a-000d601460a4)

The OTRS Project reports : This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying t...

FreeBSD : otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution (d60199df-7fb3-11e2-9c5a-000d601460a4)

The OTRS Project reports : This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying t...

OTRS 3.1 - Persistent Cross-Site Scripting

OTRS 3.1 - Persistent Cross-Site Scripting !/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + f...

OTRS 3.1 Cross Site Scripting

!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + fix to vendor 04 Sep 2012: Vulnerability...

OTRS 3.1 Stored XSS Vulnerability

CVE: 2012-4751 This vulnerability PoC is a follow up http://1337day.com/exploit/19298 !/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751...

otrs -- XSS vulnerability

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

otrs -- XSS vulnerability could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...

Novell GroupWise WebAccess 8.x < 8.0.3 Multiple XSS Vulnerabilities

The version of Novell GroupWise installed on the remote Windows host is earlier than 8.0.3. It is, therefore, reportedly affected by multiple cross-site scripting vulnerabilities : - The application fails to sanitize user-supplied input to the 'merge' parameter of the 'Search Document' form...

OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting

!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8 and 3.1.9 Vendor Homepage: http://otrs.org CVE: 2012-4600 Timeline: 22 Aug 2012: Vulnerability reported to vendor and CERT 23 Aug 2012: Response received from...