HTML Email Creator & Sender 2.3 Local Buffer Overflow PoC (SEH)

Exploit for unknown platform in category dos / poc =============================================================== HTML Email Creator & Sender 2.3 Local Buffer Overflow PoC SEH =============================================================== /0day HTML Email Creator & Sender v2.3 Local Buffer...

HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)

/0day HTML Email Creator & Sender v2.3 Local Buffer OverflowSeh Poc Debugging info Seh handler is overwriten , the offset is at 60 bytes in our buffer so you have to build your buffer as follows: PONTER TO NEXT SEH-------SEH HANDLER----NOP------SHELLCODE | | | | JMP 4 bytes POP POP RET 500x90...

CVE-2009-0960

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an...

Design/Logic Flaw

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an...

CVE-2009-0960

CVE-2009-0960 affects Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1, specifically the Mail component. The underlying issue is that there is no option to disable remote image loading in HTML email, which allows a remote attacker to determine the device’s address and when an emai...

CVE-2009-0960

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an...

DSA-1802-2 squirrelmail - incomplete fix

Bulletin has no description...

Debian DSA-1802-2 : squirrelmail - several vulnerabilities

Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive...

Fedora 10 : roundcubemail-0.2-7.stable.fc10 (2009-1204)

Security fix for: Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0413 to the following vulnerability: Cross-site scripting XSS vulnerability in RoundCube Webmail roundcubemail 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background...

HTML Email Creator 2.1b668 Overwrite

/ :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered and Exploited by dun HTML Email Creator or or 520 | | NOPs jmp 11 pop-pop-ret NOPs shellcode NOPs 56 4 4 40 343 73 Greetz: suN8Hclf, str0ke...

HTML Email Creator <= 2.1b668 (html) Local SEH Overwrite Exploit

No description provided by source. / :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered and Exploited by dun HTML Email Creator = 2.1 build 668 html Local SEH Overwrite Exploit Vendor:...

HTML Email Creator <= 2.1b668 (html) Local SEH Overwrite Exploit

Exploit for unknown platform in category local exploits ================================================================ HTML Email Creator or or 520 | | NOPs jmp 11 pop-pop-ret NOPs shellcode NOPs 56 4 4 40 343 73 Greetz: suN8Hclf, str0ke dun'at'strcpy.pl / 2009 / include include / Tested on: WI...

HTML Email Creator 2.1b668 - html Local Overwrite (SEH)

/ :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered and Exploited by dun HTML Email Creator or or 520 | | NOPs jmp 11 pop-pop-ret NOPs shellcode NOPs 56 4 4 40 343 73 Greetz: suN8Hclf, str0ke...

CVE-2009-0413

Cross-site scripting XSS vulnerability in RoundCube Webmail roundcubemail 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message...

squirrelmail: XSS issue caused by an insufficient html mail sanitation

Cross-site scripting XSS vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message...

Debian DSA-1682-1 : squirrelmail - insufficient input sanitising

Ivan Markovic discovered that SquirrelMail, a webmail application, did not sufficiently sanitise incoming HTML email, allowing an attacker to perform cross site scripting through sending a malicious HTML email. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DSA-1682-1 squirrelmail - cross site scripting

Bulletin has no description...

GNOME Evolution 2.22.2 - html_engine_get_view_width() Denial of Service

GNOME Evolution 2.22.2 - htmlenginegetviewwidth Denial of Service source: https://www.securityfocus.com/bid/29961/info GNOME Evolution is prone to a denial-of-service vulnerability when handling email messages that contain specially crafted HTML. Successful attacks will crash the application...

SquirrelMail cross-site scripting vulnerability

Overview SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email. Impact A malicious script may be executed on the user's web browser. Solution None...

Microsoft Office mailto URI remote code execution

Overview A vulnerability in the way that Microsoft Outlook handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages, schedules,...