Roundcube Webmail 0.1 - CSS Expression Input Validation

Roundcube Webmail 0.1 - CSS Expression Input Validation source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the...

Roundcube Webmail 0.1 - CSS Expression Input Validation

source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can...

Buffer overflow

Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email...

CVE-2007-4222

CVE-2007-4222 describes a stack-based buffer overflow in IBM Lotus Notes’ nnotes.dll TagAttributeListCopy function. The flaw occurs when processing HTML emails that are converted to a temporary format (affecting how the recipient handles replies, forwards, or clipboard copies); a fixed-size stack...

CVE-2007-4222

Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email...

CVE-2002-2313

Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by...

CVE-2003-1440

SpamProbe 0.8a allows remote attackers to cause a denial of service crash via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions...

CVE-2003-1378

Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.

RHEL 4 / 5 : thunderbird (RHSA-2007:0723)

Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws wer...

Vista Windows Mail客户端本地文件执行漏洞（MS07-034）

Windows Mail是Windows Vista所捆绑的默认邮件客户端。 Vista Windows Mail在处理邮件中的链接时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行恶意代码。 如果文件夹中存在相同名称的可执行文件的话，则如果用户点击了邮件中恶意链接的话，Vistas Mail客户端就会执行该可执行文件。假设C:\盘下存在名为blah的文件夹，同时该盘下还存在名为blah.bat的批处理脚本，则如果用户点击了邮件中目标设置为C:\blah的URL的话，就会未经提示执行批处理脚本。 例如，发送包含有以下URL的HTML邮件消息： a...

Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability

Description Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive...

Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Visual Basic 6 TypeLib Information Library TLI ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote...

Microsoft Windows animated cursor stack buffer overflow

Overview Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Animated cursor files .ani contain animated graphics for icons and...

vista-pwn.txt

Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability Successfully Tested on Windows Vista Ultimate Greetings fly out to Alex,wtfomg,Thierry,Andi and Blackzero Description Windows Mail is the default Mail Client of Microsoft Windows Vista. Vulnerability Remote Code...

[Full-disclosure] Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability

Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability Successfully Tested on Windows Vista Ultimate Greetings fly out to Alex,wtfomg,Thierry,Andi and Blackzero Description Windows Mail is the default Mail Client of Microsoft Windows Vista. Vulnerability Remote Code...

CVE-2006-7139

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service crash via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations...

CVE-2006-7139

Removed by vendor...

spamassassin security update

CentOS Errata and Security Advisory CESA-2007:0074 Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. SpamAssassin provides a way to reduce...

Important: Red Hat Security Advisory: spamassassin security update

Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. SpamAssassin provides a way to reduce unsolicited commercial email spam from incoming...

Fedora Core 5 : thunderbird-1.5.0.7-1.fc5 (2006-977)

Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. CVE-2006-4565, CVE-2006-4566 A flaw was...