CVE-2004-1616

Links allows remote attackers to cause a denial of service memory consumption via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme...

CVE-2004-2226

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets CSS document on the attacker's server...

CVE-2004-0203

Cross-site scripting XSS vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query...

CVE-2004-1617

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service infinite loop via a web page or HTML email that contains invalid HTML including 1 a TEXTAREA tag with a large COLS value and 2 a large tag name in an element that is not terminated, as demonstrated ...

CVE-2004-1616

Links allows remote attackers to cause a denial of service memory consumption via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme...

Webmin 1.x - HTML Email Command Execution

Webmin 1.x - HTML Email Command Execution source: https://www.securityfocus.com/bid/11122/info Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker...

Webmin 1.x - HTML Email Command Execution

source: https://www.securityfocus.com/bid/11122/info Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker to execute arbitrary commands on a...

CVE-2004-0501

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language VML entity whose src parameter points to the remote site, which could allow remote attackers to know whe...

Outblaze Webmail - HTML Injection

source: https://www.securityfocus.com/bid/10756/info Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content. An attacker may be able to inject HTML and script code into the application through HTML...

CVE-2004-0501

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language VML entity whose src parameter points to the remote site, which could allow remote attackers to know whe...

CVE-2004-0501

Affected software : Outlook 2003. What is vulnerable : HTML e-mails containing a Vector Markup Language (VML) entity whose src points to a remote site can cause Outlook to request that remote URL, potentially revealing read status and other information. Cause : Bypass of intended access restricti...

Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution

Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution source: https://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself...

Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution

source: https://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself due to the 'help:' protocol implemented by the Mac OS X hel...

Qualcomm Eudora 5.2.16.x - Embedded Hyperlink Buffer Overrun

Qualcomm Eudora 5.2.16.x - Embedded Hyperlink Buffer Overrun source: https://www.securityfocus.com/bid/10298/info Qualcomm Eudora is reported to be prone to a remotely exploitable buffer overrun vulnerability. The issue is exposed when an excessively long hyperlink to a file resource is embedded ...

CVE-2004-0383

Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."...

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer t...

Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass

source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This is...

CVE-2003-1505

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service crash by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved...

CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077...

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation

Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation source: https://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted fro...