30 matches found
CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
DEBIAN-CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
Information disclosure
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
UBUNTU-CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
GNOME Gmail Security Vulnerability
GNOME Gmail is a Linux desktop mailer by the individual developer David Steele. A security vulnerability exists in GNOME Gmail version 2.5.4, which stems from a problem found in the attach parameter that allows remote attackers to obtain sensitive information via a crafted mailto link...
CVE-2020-24904
CVE-2020-24904 relates to GNOME Gmail 2.5.4 where an issue in the attach parameter allows remote attackers to glean sensitive information through crafted "mailto" links. The connected documents specify the affected software and the underlying cause (attach parameter mishandling in GNOME Gmail) wi...
CVE-2020-24904
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...
Mozilla: Fullscreen notification obscured
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks...
SUSE CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90...
AZL-25603 CVE-2023-27986 affecting package emacs for versions less than 28.2-4
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90...
AZL-25581 CVE-2023-27985 affecting package emacs for versions less than 28.2-4
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
SUSE CVE-2003-0508
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader acroread 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link...
SUSE CVE-2010-1990
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRA...
CVE-2022-39376
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...
Microsoft Outlook VCF cards - Denial of Service (PoC)
Microsoft Outlook VCF cards - Denial of Service PoC Exploit Title: Microsoft Outlook VCF cards - Denial of Service PoC Date: 2020-01-04 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Microsoft Outlook VCF cards - Denial of Service (PoC)
Exploit Title: Microsoft Outlook VCF cards - Denial of Service PoC Date: 2020-01-04 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Microsoft Windows VCF Denial Of Service Exploit
Microsoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code. + Credits...