59 matches found
javamailAPI.txt
Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...
CVE-2005-1682
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE...
CVE-2005-1682
The CVE describes a vulnerability in JavaMail API used by Solstice Internet Mail Server POP3 2.0, where the MimeMessage constructor in javax.mail.internet.InternetHeaders does not properly validate the message number, enabling remote authenticated users to read other users’ e‑mail by altering the...
Unauthorized JavaMail mail server API mailbox access
It's possible to access different mailbox by mail number...
Javamail Multiple Information Disclosure Vulnerabilities
Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...
Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities
Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/13753/info Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. Th...
Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/13753/info Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported: A remote attacker may reveal the...
CVE-2005-1682
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE...
JavaMail Information Disclosure (msgno)
"The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common,...
Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure
source: https://www.securityfocus.com/bid/13683/info The MimeMessage method in the Sun JavaMail API does not perform sufficient validation on message number values that are passed to the method during requests. An attacker that can successfully authenticate to an email server implementation that ...
Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure
Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure...
CVE-2005-1105
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. dot dot in the filename in the Content-Disposition header...
CVE-2005-1105
The CVE-2005-1105 entry concerns JavaMail 1.3.2, where a directory-traversal flaw in MimeBodyPart.getFileName allows remote attackers to write arbitrary files by supplying a .. (dot dot) sequence in the Content-Disposition header. This identifies a vulnerability in the file-name handling path, en...
CVE-2005-1105
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. dot dot in the filename in the Content-Disposition header...
CVE-2005-1105
Removed by vendor...
JavaMail allows directory traversal in attachments
INTRODUCTION The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. 2. SYNOPSIS...
JavaMail directory traversal
Content-Disposition header filename is not checked...
Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal
Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This...
Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal
source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect JavaMail 1.3.2, however, earlier...