PHP-Nuke 6.0 Web Mail Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email...

IBM Notes Accepts JavaScript Tags Inside HTML Emails

The IBM Notes application installed on the remote Windows host accepts Java applet tags and JavaScript tags inside HTML emails, making it possible to load Java applets and scripts from a remote location. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66637;...

OTRS contains a cross-site scripting vulnerability

Overview Open Technology Real Services OTRS contains a cross-site scripting XSS CWE-79 vulnerability in the body of HTML emails viewed within the OTRS application. Description OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.OTRS Security Advisory 2012-03...

DEBIAN-CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...

roundcube -- cross-site scripting in HTML email messages

RoundCube branch 0.8.x prior to the version 0.8.1 is prone to the cross-scripting attack XSS originating from incoming HTML e-mails: due to the lack of proper sanitization of JavaScript code inside the "href" attribute, sender could launch XSS attack when recipient opens the message in RoundCube...

ACC PHP eMail v1.1 - Multiple Web Vulnerabilities

Document Title: =============== ACC PHP eMail v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=505 Release Date: ============= 2012-04-12 Vulnerability Laboratory ID VL-ID: ==================================== 505 Produ...

Debian DSA-2246-1 : mahara - several vulnerabilities

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before...

[SECURITY] [DSA 2246-1] mahara security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...

DSA-2246-1 mahara - several vulnerabilities

Bulletin has no description...

DEBIAN-CVE-2010-4766

The AgentTicketForward feature in Open Ticket Request System OTRS before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a...

DEBIAN-CVE-2010-3476

Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service CPU consumption via a large message, a different vulnerability than...

OTRS -- Multiple XSS and denial of service vulnerabilities

OTRS Security Advisory reports: Multiple Cross Site Scripting issues: Missing HTML quoting allows authenticated agents or customers to inject HTML tags. This vulnerability allows an attacker to inject script code into the OTRS web-interface which will be loaded and executed in the browsers of...

Omnistar Mailer SQL Injection & XSS Vulnerability

Exploit for php platform in category web applications ================================================= Omnistar Mailer SQL Injection & XSS Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

Debian Security Advisory DSA 1802-1 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory DSA 1802-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Mandriva Update for spamassassin MDKSA-2007:049 (spamassassin)

Check for the Version of spamassassin OpenVAS Vulnerability Test Mandriva Update for spamassassin MDKSA-2007:049 spamassassin Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

FreeBSD : roundcube -- webmail script insertion and php code injection (35c0b572-125a-11de-a964-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML 'background' attribute within e.g...

DEBIAN-CVE-2009-0413

Cross-site scripting XSS vulnerability in RoundCube Webmail roundcubemail 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message...

roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

desknet's buffer overflow vulnerability

Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...

desknet's cross-site scripting vulnerability

Overview If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVNF88C2C13 additional information to JVN89DE2014. Impact lf a login ID, password, or session information is leaked, an...