RHEL 7 : thunderbird (RHSA-2018:2252)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2252 advisory. - Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-5188 - Mozilla: Buffer overflow using...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3714-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3714-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

USN-3714-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...

USN-3714-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...

CVE-2018-8310

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office...

Design/Logic Flaw

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office...

Microsoft Office Security Bypass Vulnerability (CNVD-2018-15892)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A security bypass vulnerability exists in Microsoft Office. The vulnerability arises because Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails...

Microsoft Word 2013 Service Pack 1 Tampering Vulnerability (KB4022224)

This host is missing an important security update according to Microsoft KB4022224 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Word 2016 Tampering Vulnerability (KB4022218)

This host is missing an important security update according to Microsoft KB4022218 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2018-8310

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office...

Microsoft Word 2010 Service Pack 2 Tampering Vulnerability (KB4022202)

This host is missing an important security update according to Microsoft KB4022202 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Security Updates for Microsoft Office Products (July 2018)

The Microsoft Office Products are missing security updates. They are, therefore, affected by a vulnerability : - A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails. An attacker could exploit the vulnerability by...

Security update for Mozilla Thunderbird (moderate)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

EFAIL Opens Up Encrypted Email to Prying Eyes

A set of vulnerabilities in the encryption technologies used to secure sensitive emails threatens to expose corporate communications as well as the messages of at-risk users such as journalists, political dissidents and whistleblowers operating in hostile environments. However, there is some deba...

Details on a New PGP Vulnerability

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote...

SecurEnvoy SecurMail Cross-Site Scripting Vulnerability (CNVD-2018-06275)

SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site scripting vulnerability exists in versions of SecurEnvoy SecurMail prior to 9.2.501. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via HTML formatted email messages...

CVE-2017-16962

The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...

PHPMailer 5.2.21 Local File Disclosure

Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...

PHPMailer 5.2.21 - Local File Disclosure

PHPMailer 5.2.21 - Local File Disclosure Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message";...

PHP-Nuke 6.0 Web Mail Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email...