101 matches found
Ubuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)
Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the...
USN-201-1: SqWebmail vulnerabilities
Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the...
Debian DSA-820-1 : courier - missing input sanitising
Jakob Balle discovered that with 'Conditional Comments' in Internet Explorer it is possible to hide JavaScript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer. %NASLMINLEVEL...
[SECURITY] [DSA 820-1] New courier packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 820-1 [email protected] http://www.debian.org/security/ Martin Schulze September 24th, 2005 http://www.debian.org/security/faq -...
Courier mail server crossite scripting
Internet Explorer Conditional Comments crossite scripting with sqwebmail...
DSA-820-1 courier - missing input sanitising
Bulletin has no description...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
DEBIAN-CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
CVE-2005-2820 is an XSS vulnerability in SqWebMail courier (Conditional Comments in Internet Explorer). The root cause is missing input sanitising in the courier/sqwebmail handling of HTML in emails, allowing remote attackers to inject script via crafted messages. Affected: SqWebMail courier depl...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
[Full-disclosure] Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
====================================================================== Secunia Research 06/09/2005 - SqWebMail Conditional Comments Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...
Debian DSA-793-1 : courier - missing input sanitising
Jakob Balle discovered a vulnerability in the handling of attachments in sqwebmail, a web mail application provided by the courier mail suite, which can be exploited by an attacker to conduct script insertion attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...
CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...
CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...
DEBIAN-CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...
CVE-2005-2769
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...